wonderfulz

9 Posts

December 30th, 2009 02:00

Trojanspm lx problem, only able to access safe mode

I recently got a popup saying that my computer had been infected with Trojanspm lx and that it needed to be fixed. I also had an icon appear in the bottom right of my computer stating that I was infected and needed to download an antivirus software. I didn't click on the box and quickly tried to do a McAfee virus scan to no avail. It wasn't functioning properly. I hopped over to my other computer to reasearch this menace and found that some people found malwarebytes worked. I downloaded it onto my laptop and ran the program. It found around 13 infected files and I told it to delete them. The computer was promted to restart for it to take affect. As soon as the restart happened, my computer got the blue screen of death. I started my computer in Safe Mode and ran the scan again. The scan found nothing. I tried once again to restart my computer and found that I could put in my login info. As soon as my computer got to the desktop, many error messages popped up saying that iexplorer quit working, mcaffee couldnt start properly and all I could see was a black screen. I cannot access the internet for the HijackThis software because I can only access safe mode. Any assistance you could give me to solve this problem would be greatly appreciated!

Responses(15)

bamajim

10.4K Posts

December 30th, 2009 09:00

wonderfulz

Did you try to get into SafeMode with Networking?

If you can it will allow you to access the internet

wonderfulz

9 Posts

December 30th, 2009 11:00

I got a connection to the internet and was able to download HiJackThis. I updated Malwarebytes, would you like me to run another scan with it?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:33 PM, on 12/30/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Chase\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufl.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\Users\Chase\AppData\Local\Temp\ss36ifxjc.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://wps.prenhall.com/wps/media/objects/5794/5933651/wl_heining_anda_1-0131182102/ch3.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\Windows\system32\kbdsock.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11462 bytes

wonderfulz

9 Posts

December 31st, 2009 12:00

I went ahead and scanned with the updated version of Malwarebytes and it found 7 more infected files. I have updated the HiJackThis file. I am still unable to access my computer normally. I also have a question about McAfee. It hasn't been operating properly at all. Is this virus interrupting the program or has the virus corrupted it where I need to reinstall it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:10 PM, on 12/31/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Users\Chase\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufl.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://wps.prenhall.com/wps/media/objects/5794/5933651/wl_heining_anda_1-0131182102/ch3.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11383 bytes

wolf23fan

13 Posts

January 4th, 2010 07:00

I recommend you run this online virus http://security.symantec.com/sscv6/WelcomePage.asp reboot in safe mode with network support. If you have McAfee anti-virus can do this also: Solution Download and extract the SDAT In your Web browser, go to: http://www.mcafee.com/apps/downloads/security_updates/superdat.asp?region=us&segment=enterprise. Click Accept (if necessary). Click sdatxxxx.exe (where xxxx is the current version number SDAT). Select Save Target As and select Computer from the right side of the dialog box. Select New Folder from the menu, type SDAT and then press ENTER. Wait until the download is complete before moving on to the next step. Click Start, Find, type Cmd and press Enter. Double-click CMD. Type CD \ and press Enter. Type CD SDAT and then press ENTER. Write SDATXXXX.EXE / E and press ENTER. Note: The XXXX should be replaced with corresponding numbers of the file you downloaded earlier. Windows Vista supports the replacement of tabulation; therefore, if you type SDAT and then press the tab key, Vista will move through all files with similar name. Close the command window

bamajim

10.4K Posts

January 4th, 2010 07:00

wonderfulz

1. Go HERE and download File Lister.

Save it to your Desktop
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Note: Leave the FileLister.vbe file in the folder and run it from there.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.

wonderfulz

9 Posts

January 4th, 2010 16:00

Hi bamajim! I ran the requested program. Here is the log, it is rather lengthy. I have not done the steps that wolf23fan has requested though. Please reply soon and thanks for your assistance!!

++++++++++++++++++++++++++++++++++
+ File Lister Version 1.1.2 +
+ +
+ By bamajim / SpywareHammer.com +
++++++++++++++++++++++++++++++++++

Report ran on --->>> 1/4/2010 7:20:39 PM

====== Running Processes ======

C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\WScript.exe
C:\Windows\system32\wbem\wmiprvse.exe

====== BHO's ======
BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

BHO: (NO NAME) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

BHO: (NO NAME) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: (NO NAME) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[Windows Defender] = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
[SynTPEnh] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[ISUSScheduler] = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[PCMService] = "C:\Program Files\Dell\MediaDirect\PCMService.exe"
[ECenter] = c:\dell\E-Center\EULALauncher.exe
[Google Desktop Search] = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[mcagent_exe] = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
[lxctmon.exe] = "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
[Lexmark 5400 Series Fax Server] = "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
[EzPrint] = "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
[LXCTCATS] = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
[dscactivate] = "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
[DellSupportCenter] = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
[IntelliPoint] = "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
[UnlockerAssistant] = "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
[TkBellExe] = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[NvCplDaemon] = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
[NVHotkey] = rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
[QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
[Adobe ARM] = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[VirtualCloneDrive] = "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
[iTunesHelper] = "F:\iTunesHelper.exe"
[SigmatelSysTrayApp] = C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
[ISUSPM Startup] = c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

====== HKCU\~\Run Keys ======

[DellSupport] = "C:\Program Files\DellSupport\DSAgnt.exe" /startup
[ehTray.exe] = C:\Windows\ehome\ehTray.exe
[Steam] = "c:\program files\steam\steam.exe" -silent
[Aim6] = "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
[swg] = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[EA Core] = "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
[DellSupportCenter] = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
[CurseClient] = C:\Program Files\Curse\CurseClient.exe -silent
[igndlm.exe] = C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
[BitTorrent DNA] = "C:\Program Files\DNA\btdna.exe"
[DAEMON Tools Lite] = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
[rnuttgbs] = C:\Users\Chase\AppData\Local\ttcklb\ychhsysguard.exe

====== DNS Info (List may be empty) ======

HKEY_LOCAL_MACHINE\CCS\~\{6802638E-9EC4-4837-A98F-95271782FEE8}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{DD09F636-D03F-44F0-AC6C-28BB3660FED5}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{FD57E366-2E11-4926-AC43-6AA66851D148}\ NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{6802638E-9EC4-4837-A98F-95271782FEE8}\ NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{DD09F636-D03F-44F0-AC6C-28BB3660FED5}\ NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{FD57E366-2E11-4926-AC43-6AA66851D148}\ NameServer=

HKEY_LOCAL_MACHINE\CS003\~\{6802638E-9EC4-4837-A98F-95271782FEE8}\ NameServer=

HKEY_LOCAL_MACHINE\CS003\~\{DD09F636-D03F-44F0-AC6C-28BB3660FED5}\ NameServer=

HKEY_LOCAL_MACHINE\CS003\~\{FD57E366-2E11-4926-AC43-6AA66851D148}\ NameServer=

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

1/4/2010 7:20:39 PM    0    32    C:\Files.txt
12/30/2009 1:14:33 AM    1    32    C:\s
11/18/2009 8:36:29 PM    4650    32    C:\Windows\DPINST.LOG
11/25/2009 3:01:39 AM    294428    32    C:\Windows\msxml4-KB973688-enu.LOG
1/4/2010 7:13:49 PM    65068    32    C:\Windows\ntbtlog.txt
11/19/2009 2:23:05 AM    94208    C:\Windows\System32\ca-ES
11/19/2009 2:23:05 AM    94208    C:\Windows\System32\eu-ES
11/19/2009 1:56:34 AM    42496    C:\Windows\System32\EventProviders
11/19/2009 1:56:35 AM    6144    C:\Windows\System32\EventProviders\de-de
11/19/2009 1:56:35 AM    5632    C:\Windows\System32\EventProviders\en-us
11/19/2009 1:56:35 AM    6144    C:\Windows\System32\EventProviders\es-es
11/19/2009 1:56:35 AM    6144    C:\Windows\System32\EventProviders\fr-fr
11/19/2009 1:56:35 AM    5120    C:\Windows\System32\EventProviders\ja-jp
11/19/2009 2:23:03 AM    94208    C:\Windows\System32\vi-VN
11/19/2009 11:15:53 PM    31232    32    C:\Windows\System32\BthMtpContextHandler.dll
11/19/2009 11:16:40 PM    37888    32    C:\Windows\System32\cdd.dll
11/19/2009 11:16:38 PM    828928    32    C:\Windows\System32\d2d1.dll
11/19/2009 11:16:37 PM    1030144    32    C:\Windows\System32\d3d10.dll
11/19/2009 11:16:37 PM    190464    32    C:\Windows\System32\d3d10core.dll
11/19/2009 11:16:37 PM    486912    32    C:\Windows\System32\d3d10level9.dll
11/19/2009 11:16:39 PM    829440    32    C:\Windows\System32\d3d10warp.dll
11/19/2009 11:16:37 PM    161280    32    C:\Windows\System32\d3d10_1.dll
11/19/2009 11:16:37 PM    218112    32    C:\Windows\System32\d3d10_1core.dll
11/19/2009 11:16:37 PM    519680    32    C:\Windows\System32\d3d11.dll
11/19/2009 11:16:37 PM    1064448    32    C:\Windows\System32\DWrite.dll
11/19/2009 11:16:38 PM    252928    32    C:\Windows\System32\dxdiag.exe
11/19/2009 11:16:38 PM    195584    32    C:\Windows\System32\dxdiagn.dll
11/19/2009 11:16:37 PM    481792    32    C:\Windows\System32\dxgi.dll
11/19/2009 11:16:37 PM    793088    32    C:\Windows\System32\FntCache.dll
12/9/2009 3:09:27 AM    30720    32    C:\Windows\System32\httpapi.dll
12/8/2009 3:47:39 PM    173056    32    C:\Windows\System32\ie4uinit.exe
12/8/2009 3:47:43 PM    387584    32    C:\Windows\System32\iedkcs32.dll
12/8/2009 3:47:47 PM    11069952    32    C:\Windows\System32\ieframe.dll
12/8/2009 3:47:40 PM    184320    32    C:\Windows\System32\iepeers.dll
12/8/2009 3:47:39 PM    55808    32    C:\Windows\System32\iernonce.dll
12/8/2009 3:47:44 PM    1985536    32    C:\Windows\System32\iertutil.dll
12/8/2009 3:47:39 PM    71680    32    C:\Windows\System32\iesetup.dll
12/8/2009 3:47:40 PM    109056    32    C:\Windows\System32\iesysprep.dll
12/8/2009 3:47:41 PM    164352    32    C:\Windows\System32\ieui.dll
12/8/2009 3:47:40 PM    133632    32    C:\Windows\System32\ieUnatt.exe
12/8/2009 3:47:42 PM    1469440    32    C:\Windows\System32\inetcpl.cpl
12/8/2009 3:47:40 PM    25600    32    C:\Windows\System32\jsproxy.dll
12/8/2009 3:47:43 PM    594432    32    C:\Windows\System32\msfeeds.dll
12/8/2009 3:47:40 PM    55296    32    C:\Windows\System32\msfeedsbs.dll
12/8/2009 3:47:39 PM    13312    32    C:\Windows\System32\msfeedssync.exe
12/8/2009 3:47:52 PM    5940736    32    C:\Windows\System32\mshtml.dll
12/8/2009 3:47:38 PM    1638912    32    C:\Windows\System32\mshtml.tlb
11/24/2009 2:36:40 PM    1248768    32    C:\Windows\System32\msxml3.dll
11/24/2009 2:36:41 PM    1401856    32    C:\Windows\System32\msxml6.dll
12/9/2009 3:09:32 AM    24064    32    C:\Windows\System32\nshhttp.dll
12/8/2009 3:47:43 PM    206848    32    C:\Windows\System32\occache.dll
11/19/2009 11:13:53 PM    234496    32    C:\Windows\System32\oleacc.dll
11/19/2009 11:13:54 PM    4096    32    C:\Windows\System32\oleaccrc.dll
11/19/2009 11:16:38 PM    847360    32    C:\Windows\System32\OpcServices.dll
11/19/2009 11:16:38 PM    321024    32    C:\Windows\System32\PhotoMetadataHandler.dll
11/19/2009 11:15:46 PM    334848    32    C:\Windows\System32\PortableDeviceApi.dll
11/19/2009 11:15:46 PM    100864    32    C:\Windows\System32\PortableDeviceClassExtension.dll
11/19/2009 11:15:49 PM    60928    32    C:\Windows\System32\PortableDeviceConnectApi.dll
11/19/2009 11:15:46 PM    160256    32    C:\Windows\System32\PortableDeviceTypes.dll
11/19/2009 11:15:46 PM    196608    32    C:\Windows\System32\PortableDeviceWMDRM.dll
11/19/2009 11:16:39 PM    26112    32    C:\Windows\System32\printfilterpipelineprxy.dll
11/19/2009 11:16:38 PM    667648    32    C:\Windows\System32\printfilterpipelinesvc.exe
12/8/2009 3:45:39 PM    243712    32    C:\Windows\System32\rastls.dll
11/24/2009 2:36:35 PM    714240    32    C:\Windows\System32\timedate.cpl
11/25/2009 3:03:17 AM    2048    32    C:\Windows\System32\tzres.dll
11/19/2009 11:17:21 PM    92672    32    C:\Windows\System32\UIAnimation.dll
11/19/2009 11:13:53 PM    555520    32    C:\Windows\System32\UIAutomationCore.dll
11/19/2009 11:17:20 PM    3023360    32    C:\Windows\System32\UIRibbon.dll
11/19/2009 11:17:20 PM    1164800    32    C:\Windows\System32\UIRibbonRes.dll
12/8/2009 3:47:44 PM    1208832    32    C:\Windows\System32\urlmon.dll
11/11/2009 3:35:40 PM    2036736    32    C:\Windows\System32\win32k.sys
11/19/2009 11:16:38 PM    974848    32    C:\Windows\System32\WindowsCodecs.dll
11/19/2009 11:16:38 PM    189440    32    C:\Windows\System32\WindowsCodecsExt.dll
12/8/2009 3:48:27 PM    377344    32    C:\Windows\System32\winhttp.dll
12/8/2009 3:47:43 PM    916480    32    C:\Windows\System32\wininet.dll
11/19/2009 11:16:41 PM    258048    32    C:\Windows\System32\winspool.drv
11/19/2009 11:16:41 PM    369664    32    C:\Windows\System32\WMPhoto.dll
11/19/2009 11:15:53 PM    81920    32    C:\Windows\System32\wpdbusenum.dll
11/19/2009 11:15:47 PM    33280    32    C:\Windows\System32\WpdConns.dll
11/19/2009 11:15:46 PM    226816    32    C:\Windows\System32\WpdMtp.dll
11/19/2009 11:15:47 PM    61952    32    C:\Windows\System32\WpdMtpUS.dll
11/19/2009 11:15:46 PM    2537472    32    C:\Windows\System32\wpdshext.dll
11/19/2009 11:15:53 PM    30208    32    C:\Windows\System32\WPDShextAutoplay.exe
11/19/2009 11:15:46 PM    87552    32    C:\Windows\System32\WPDShServiceObj.dll
11/19/2009 11:15:46 PM    350208    32    C:\Windows\System32\WPDSp.dll
11/19/2009 11:15:46 PM    546816    32    C:\Windows\System32\wpd_ci.dll
11/11/2009 3:35:29 PM    355328    32    C:\Windows\System32\WSDApi.dll
11/19/2009 11:16:38 PM    280064    32    C:\Windows\System32\XpsGdiConverter.dll
11/19/2009 11:16:38 PM    351232    32    C:\Windows\System32\XpsPrint.dll
11/19/2009 11:16:38 PM    135680    32    C:\Windows\System32\XpsRasterService.dll
11/19/2009 11:16:37 PM    1554432    32    C:\Windows\System32\xpsservices.dll

====== "\Administrator\Startup" Last 60 Days======

====== "\All Users\Startup" Last 60 Days======

====== "\Program Files" Last 60 Days======

12/19/2009 12:07:06 PM    22812510    C:\Program Files\Citrix
12/7/2009 10:09:09 PM    10382532    C:\Program Files\DAEMON Tools Lite
12/30/2009 3:57:03 AM    552051    C:\Program Files\Malwarebytes' Anti-Malware
11/21/2009 6:48:58 PM    74655050    C:\Program Files\VideoLAN
11/19/2009 11:36:35 PM    134144    C:\Program Files\Windows Portable Devices

======"Drivers" Modified Last 60 Days======

12/9/2009 3:09:28 AM    411648    32    C:\Windows\System32\drivers\http.sys
11/19/2009 11:25:35 PM    0    34    C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
11/19/2009 11:26:17 PM    0    34    C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
12/7/2009 10:11:24 PM    691696    32    C:\Windows\System32\drivers\sptd.sys

====== Files Deleted under "%Temp%" ======

12 Files deleted

======"All Users\Application Data" Last 60 Days======

====== HKLM\~\ShellServiceObjectDelayLoad======

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll

====== HKLM\~\SharedTaskScheduler======

Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

======HKLM\~\msconfig\startupreg======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\

====== Services ( Services that are Whitelisted are not shown) ======

adp94xx (adp94xx)- C:\Windows\system32\drivers\adp94xx.sys - Disabled/Stopped
adpahci (adpahci)- C:\Windows\system32\drivers\adpahci.sys - Disabled/Stopped
amdide (amdide)- C:\Windows\system32\drivers\amdide.sys - Disabled/Stopped
arcsas (arcsas)- C:\Windows\system32\drivers\arcsas.sys - Disabled/Stopped
bcm4sbxp (Broadcom 440x 10/100 Integrated Controller XP Driver)- C:\Windows\system32\DRIVERS\bcm4sbxp.sys - Manual/Running
bowser (Bowser)- C:\Windows\system32\DRIVERS\bowser.sys - Manual/Running
BrFiltLo (Brother USB Mass-Storage Lower Filter Driver)- C:\Windows\system32\drivers\brfiltlo.sys - Manual/Stopped
BrFiltUp (Brother USB Mass-Storage Upper Filter Driver)- C:\Windows\system32\drivers\brfiltup.sys - Manual/Stopped
Brserid (Brother MFC Serial Port Interface Driver (WDM))- C:\Windows\system32\drivers\brserid.sys - Disabled/Stopped
BrSerWdm (Brother WDM Serial driver)- C:\Windows\system32\drivers\brserwdm.sys - Disabled/Stopped
BrUsbMdm (Brother MFC USB Fax Only Modem)- C:\Windows\system32\drivers\brusbmdm.sys - Disabled/Stopped
BrUsbSer (Brother MFC USB Serial WDM Driver)- C:\Windows\system32\drivers\brusbser.sys - Manual/Stopped
circlass (Consumer IR Devices)- C:\Windows\system32\drivers\circlass.sys - Disabled/Stopped
CLFS (Common Log (CLFS))- C:\Windows\system32\CLFS.sys - Boot/Running
Crusoe (Transmeta Crusoe Processor Driver)- C:\Windows\system32\drivers\crusoe.sys - Disabled/Stopped
DfsC (DFS Namespace Client Driver)- C:\Windows\system32\Drivers\dfsc.sys - System/Running
DLABMFSM (DLABMFSM)- C:\Windows\system32\DLA\DLABMFSM.SYS - Auto/Stopped
DLABOIOM (DLABOIOM)- C:\Windows\system32\DLA\DLABOIOM.SYS - Auto/Stopped
DLACDBHM (DLACDBHM)- C:\Windows\system32\Drivers\DLACDBHM.SYS - System/Running
DLADResM (DLADResM)- C:\Windows\system32\DLA\DLADResM.SYS - Auto/Stopped
DLAIFS_M (DLAIFS_M)- C:\Windows\system32\DLA\DLAIFS_M.SYS - Auto/Stopped
DLAOPIOM (DLAOPIOM)- C:\Windows\system32\DLA\DLAOPIOM.SYS - Auto/Stopped
DLAPoolM (DLAPoolM)- C:\Windows\system32\DLA\DLAPoolM.SYS - Auto/Stopped
DLARTL_M (DLARTL_M)- C:\Windows\system32\Drivers\DLARTL_M.SYS - System/Running
DLAUDFAM (DLAUDFAM)- C:\Windows\system32\DLA\DLAUDFAM.SYS - Auto/Stopped
DLAUDF_M (DLAUDF_M)- C:\Windows\system32\DLA\DLAUDF_M.SYS - Auto/Stopped
DRVMCDB (DRVMCDB)- C:\Windows\system32\Drivers\DRVMCDB.SYS - Boot/Running
DRVNDDM (DRVNDDM)- C:\Windows\system32\Drivers\DRVNDDM.SYS - Auto/Stopped
DSproct (DSproct)- \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys - Manual/Stopped
dsunidrv (DellSupport UniDriver)- C:\Windows\system32\DRIVERS\dsunidrv.sys - Auto/Stopped
DXGKrnl (LDDM Graphics Subsystem)- C:\Windows\system32\drivers\dxgkrnl.sys - Manual/Stopped
e1express (Intel(R) PRO/1000 PCI Express Network Connection Driver)- C:\Windows\system32\DRIVERS\e1e6032.sys - Manual/Stopped
E1G60 (Intel(R) PRO/1000 NDIS 6 Adapter Driver)- C:\Windows\system32\DRIVERS\E1G60I32.sys - Manual/Stopped
Ecache (ReadyBoost Caching Driver)- C:\Windows\system32\drivers\ecache.sys - Boot/Running
ElbyCDIO (ElbyCDIO Driver)- C:\Windows\system32\Drivers\ElbyCDIO.sys - System/Stopped
elxstor (elxstor)- C:\Windows\system32\drivers\elxstor.sys - Disabled/Stopped
FileInfo (File Information FS MiniFilter)- C:\Windows\system32\drivers\fileinfo.sys - Boot/Running
Filetrace (FileTrace)- C:\Windows\system32\drivers\filetrace.sys - Manual/Stopped
gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms)- C:\Windows\system32\drivers\gagp30kx.sys - Manual/Stopped
HidBth (Microsoft Bluetooth HID Miniport)- C:\Windows\system32\drivers\hidbth.sys - Disabled/Stopped
HidIr (Microsoft Infrared HID Driver)- C:\Windows\system32\drivers\hidir.sys - Disabled/Stopped
HpCISSs (HpCISSs)- C:\Windows\system32\drivers\hpcisss.sys - Disabled/Stopped
HSF_DPV (HSF_DPV)- C:\Windows\system32\DRIVERS\HSX_DPV.sys - Manual/Stopped
HSXHWAZL (HSXHWAZL)- C:\Windows\system32\DRIVERS\HSXHWAZL.sys - Manual/Stopped
iaStor (Intel AHCI Controller)- C:\Windows\system32\drivers\iastor.sys - Boot/Running
iaStorV (Intel RAID Controller Vista)- C:\Windows\system32\drivers\iastorv.sys - Boot/Running
IPMIDRV (IPMIDRV)- C:\Windows\system32\drivers\ipmidrv.sys - Disabled/Stopped
iScsiPrt (iScsiPort Driver)- C:\Windows\system32\DRIVERS\msiscsi.sys - Manual/Running
iteatapi (ITEATAPI_Service_Install)- C:\Windows\system32\drivers\iteatapi.sys - Disabled/Stopped
iteraid (ITERAID_Service_Install)- C:\Windows\system32\drivers\iteraid.sys - Disabled/Stopped
lltdio (Link-Layer Topology Discovery Mapper I/O Driver)- C:\Windows\system32\DRIVERS\lltdio.sys - Auto/Stopped
LSI_FC (LSI_FC)- C:\Windows\system32\drivers\lsi_fc.sys - Disabled/Stopped
LSI_SAS (LSI_SAS)- C:\Windows\system32\drivers\lsi_sas.sys - Disabled/Stopped
LSI_SCSI (LSI_SCSI)- C:\Windows\system32\drivers\lsi_scsi.sys - Disabled/Stopped
LTXMD_VAC (Litex Media Virtual Audio Cable (WDM))- C:\Windows\system32\drivers\lmvac.sys - Manual/Stopped
luafv (UAC File Virtualization)- C:\Windows\system32\drivers\luafv.sys - Auto/Stopped
megasas (megasas)- C:\Windows\system32\drivers\megasas.sys - Disabled/Stopped
mpio (Microsoft Multi-Path Bus Driver)- C:\Windows\system32\drivers\mpio.sys - Disabled/Stopped
mpsdrv (Windows Firewall Authorization Driver)- C:\Windows\system32\drivers\mpsdrv.sys - Manual/Running
mrxsmb10 (SMB 1.x MiniRedirector)- C:\Windows\system32\DRIVERS\mrxsmb10.sys - Manual/Running
mrxsmb20 (SMB 2.0 MiniRedirector)- C:\Windows\system32\DRIVERS\mrxsmb20.sys - Manual/Running
msahci (msahci)- C:\Windows\system32\drivers\msahci.sys - Disabled/Stopped
msdsm (Microsoft Multi-Path Device Specific Module)- C:\Windows\system32\drivers\msdsm.sys - Disabled/Stopped
msisadrv (ISA/EISA Class Driver)- C:\Windows\system32\drivers\msisadrv.sys - Boot/Running
MsRPC (MsRPC)- C:\Windows\system32\drivers\MsRPC.sys - Manual/Stopped
NativeWifiP (NativeWiFi Filter)- C:\Windows\system32\DRIVERS\nwifi.sys - Manual/Running
NETw4v32 (Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit)- C:\Windows\system32\DRIVERS\NETw4v32.sys - Manual/Stopped
NETw5v32 (Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit)- C:\Windows\system32\DRIVERS\NETw5v32.sys - Manual/Running
nfrd960 (nfrd960)- C:\Windows\system32\drivers\nfrd960.sys - Disabled/Stopped
nsiproxy (NSI proxy service)- C:\Windows\system32\drivers\nsiproxy.sys - System/Running
ntrigdigi (N-trig HID Tablet Driver)- C:\Windows\system32\drivers\ntrigdigi.sys - Disabled/Stopped
NuidFltr (NUID filter driver)- C:\Windows\system32\DRIVERS\NuidFltr.sys - Manual/Stopped
nvlddmkm (nvlddmkm)- C:\Windows\system32\DRIVERS\nvlddmkm.sys - Manual/Stopped
nvstor (nvstor)- C:\Windows\system32\drivers\nvstor.sys - Disabled/Stopped
PEAUTH (PEAUTH)- C:\Windows\system32\drivers\peauth.sys - Auto/Stopped
ql2300 (QLogic Fibre Channel Miniport Driver)- C:\Windows\system32\drivers\ql2300.sys - Disabled/Stopped
ql40xx (QLogic iSCSI Miniport Driver)- C:\Windows\system32\drivers\ql40xx.sys - Disabled/Stopped
QWAVEdrv (QWAVE driver)- C:\Windows\system32\drivers\qwavedrv.sys - Manual/Stopped
R300 (R300)- C:\Windows\system32\DRIVERS\atikmdag.sys - Manual/Stopped
RDPENCDD (RDP Encoder Mirror Driver)- C:\Windows\system32\drivers\rdpencdd.sys - System/Running
rimmptsk (rimmptsk)- C:\Windows\system32\DRIVERS\rimmptsk.sys - Auto/Running
rimsptsk (rimsptsk)- C:\Windows\system32\DRIVERS\rimsptsk.sys - Auto/Running
rismxdp (Ricoh xD-Picture Card Driver)- C:\Windows\system32\DRIVERS\rixdptsk.sys - Auto/Running
rspndr (Link-Layer Topology Discovery Responder)- C:\Windows\system32\DRIVERS\rspndr.sys - Auto/Stopped
sbp2port (SBP-2 Transport/Protocol Bus Driver)- C:\Windows\system32\drivers\sbp2port.sys - Disabled/Stopped
sdbus (sdbus)- C:\Windows\system32\DRIVERS\sdbus.sys - Manual/Stopped
sermouse (Serial Mouse Driver)- C:\Windows\system32\drivers\sermouse.sys - Disabled/Stopped
sffdisk (SFF Storage Class Driver)- C:\Windows\system32\DRIVERS\sffdisk.sys - Manual/Stopped
sffp_mmc (SFF Storage Protocol Driver for MMC)- C:\Windows\system32\drivers\sffp_mmc.sys - Manual/Stopped
sffp_sd (SFF Storage Protocol Driver for SDBus)- C:\Windows\system32\DRIVERS\sffp_sd.sys - Manual/Stopped
SiSRaid2 (SiSRaid2)- C:\Windows\system32\drivers\sisraid2.sys - Disabled/Stopped
SiSRaid4 (SiSRaid4)- C:\Windows\system32\drivers\sisraid4.sys - Disabled/Stopped
spldr (Security Processor Loader Driver)- C:\Windows\system32\drivers\spldr.sys - Boot/Stopped
srv2 (srv2)- C:\Windows\system32\DRIVERS\srv2.sys - Manual/Stopped
srvnet (srvnet)- C:\Windows\system32\DRIVERS\srvnet.sys - Manual/Stopped
STHDA (SigmaTel High Definition Audio CODEC)- C:\Windows\system32\drivers\stwrt.sys - Manual/Stopped
SynTP (Synaptics TouchPad Driver)- C:\Windows\system32\DRIVERS\SynTP.sys - Manual/Running
Tcpip6 (Microsoft IPv6 Protocol Driver)- C:\Windows\system32\DRIVERS\tcpip.sys - Manual/Stopped
tcpipreg (TCP/IP Registry Compatibility)- C:\Windows\system32\drivers\tcpipreg.sys - Auto/Stopped
tdx (NetIO Legacy TDI Support Driver)- C:\Windows\system32\DRIVERS\tdx.sys - System/Running
tssecsrv (Terminal Services Security Filter Driver)- C:\Windows\system32\DRIVERS\tssecsrv.sys - Manual/Stopped
tunmp (Microsoft Tun Miniport Adapter Driver)- C:\Windows\system32\DRIVERS\tunmp.sys - Manual/Running
tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver)- C:\Windows\system32\DRIVERS\tunnel.sys - Manual/Running
uagp35 (Microsoft AGPv3.5 Filter)- C:\Windows\system32\drivers\uagp35.sys - Manual/Stopped
uliagpkx (Uli AGP Bus Filter)- C:\Windows\system32\drivers\uliagpkx.sys - Manual/Stopped
uliahci (uliahci)- C:\Windows\system32\drivers\uliahci.sys - Disabled/Stopped
UlSata (UlSata)- C:\Windows\system32\drivers\ulsata.sys - Disabled/Stopped
ulsata2 (ulsata2)- C:\Windows\system32\drivers\ulsata2.sys - Disabled/Stopped
umbus (UMBus Enumerator Driver)- C:\Windows\system32\DRIVERS\umbus.sys - Manual/Running
UMPass (Microsoft UMPass Driver)- C:\Windows\system32\DRIVERS\umpass.sys - Manual/Stopped
USBAAPL (Apple Mobile USB Driver)- C:\Windows\system32\Drivers\usbaapl.sys - Manual/Stopped
usbcir (eHome Infrared Receiver (USBCIR))- C:\Windows\system32\drivers\usbcir.sys - Disabled/Stopped
VClone (VClone)- C:\Windows\system32\DRIVERS\VClone.sys - Manual/Running
ViaC7 (VIA C7 Processor Driver)- C:\Windows\system32\drivers\viac7.sys - Disabled/Stopped
volmgr (Volume Manager Driver)- C:\Windows\system32\drivers\volmgr.sys - Boot/Running
volmgrx (Dynamic Volume Manager)- C:\Windows\system32\drivers\volmgrx.sys - Boot/Running
vsmraid (vsmraid)- C:\Windows\system32\drivers\vsmraid.sys - Disabled/Stopped
WacomPen (Wacom Serial Pen HID Driver)- C:\Windows\system32\drivers\wacompen.sys - Disabled/Stopped
Wanarpv6 (Remote Access IPv6 ARP Driver)- C:\Windows\system32\DRIVERS\wanarp.sys - System/Stopped
Wdf01000 (Kernel Mode Driver Frameworks service)- C:\Windows\system32\drivers\Wdf01000.sys - Boot/Running
WmiAcpi (Microsoft Windows Management Interface for ACPI)- C:\Windows\system32\DRIVERS\wmiacpi.sys - Manual/Running
WpdUsb (WpdUsb)- C:\Windows\system32\DRIVERS\wpdusb.sys - Manual/Stopped
XAudio (XAudio)- C:\Windows\system32\DRIVERS\xaudio.sys - Auto/Stopped

====== Uninstall List ======

AC3Filter (remove only)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11
AIM 6
Conexant HDA D330 MDC V.92 Modem
Acrobat.com
Curse Client
dBpoweramp FLAC Codec
dBpoweramp Music Converter
DivX Plus DirectShow Filters
Download Manager 2.3.7
EA Download Manager
FrostWire 4.18.4
Google Desktop
Microsoft Office Home and Student 2007
Security Update for CAPICOM (KB931906)
Lexmark 5400 Series
Microsoft .NET Framework 3.5 SP1
McAfee SecurityCenter
NVIDIA Drivers
PunkBuster Services
RealPlayer
Rise of Nations
Garry's Mod
Left 4 Dead
Dell Touchpad
System Requirements Lab
The Rosetta Stone
Unlocker 1.8.7
Viewpoint Media Player
VirtualCloneDrive
VLC media player 1.0.3
Warcraft III
Winamp
WinRAR archiver
World of Warcraft
Adobe AIR
MSXML4 Parser
Roxio Creator Tools
Steam
Bonjour
Roxio Creator Data
Security Update for CAPICOM (KB931906)
QualxServ Service Agreement
Dell System Customization Wizard
Sibelius Scorch (ActiveX Only)
OpenCASE Media Agent
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
AOL Install
Dell DataSafe Online
AudioEdit Deluxe
Roxio Drag-to-Disc
Roxio Update Manager
Java(TM) SE Runtime Environment 6
NetZeroInstallers
Sonic Activation Module
MSXML 4.0 SP2 (KB927978)
Games, Music, & Photos Launcher
URL Assistant
NetWaiting
Bonjour Core for Windows
Bonjour Core for Windows
User's Guides
EarthLink Setup Files
Roxio Creator Copy
Roxio Express Labeler
Apple Software Update
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
VC80CRTRedist - 8.0.50727.762
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Acrobat.com
Ventrilo Client
DivX Codec
DellSupport
QuickSet
Roxio Creator Audio
MSXML 4.0 SP2 (KB954430)
Roxio Creator BDAV Plugin
Product Documentation Launcher
Microsoft Silverlight
DivX Player
Microsoft Office Excel MUI (English) 2007
Update for Microsoft Office Excel 2007 Help (KB963678)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Microsoft Office Word MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Update for Microsoft Office Word 2007 Help (KB963665)
Microsoft Office Proof (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proof (French) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Script Editor Help (KB963671)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office OneNote MUI (English) 2007
Update for Microsoft Office OneNote 2007 Help (KB963670)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Home and Student 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Update for Microsoft Office Word 2007 (KB974561)
Security Update for Microsoft Office system 2007 (972581)
Update for Microsoft Office InfoPath 2007 (KB976416)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Excel 2007 (KB973593)
Update for 2007 Microsoft Office System (KB967642)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office system 2007 (KB974234)
OutlookAddinSetup
MediaDirect
SPORE™
QuickTime
Apple Mobile Device Support
Adobe Reader 9.2
ABBYY FineReader 6.0 Sprint
DivX Converter
OGA Notifier 2.0.0048.0
Apple Application Support
DivX Web Player
NVIDIA PhysX
Netflix Movie Viewer
MSXML 4.0 SP2 (KB936181)
Microsoft VC9 runtime libraries
MSXML 4.0 SP2 (KB941833)
Roxio Creator DE
Broadcom Management Programs
Internet Service Offers Launcher
Microsoft .NET Framework 3.5 SP1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
iTunes
Roxio MyDVD DE
Dell Support Center (Support Software)
Digital Line Detect
*** Partner COM Server
Citrix XenApp Web Plugin
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB973688)
Netflix in Windows Media Center

======== Other Info ========

TOTAL PHYSICAL RAM: 2145 MB

Boot Info

OS Type: Microsoft® Windows Vista™ Home Premium
Build: 6.0.6002
Service Pack: 2.0

====== Files with Hidden Attributes======
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Boot\bootstat.dat

==End of Report==

wolf23fan

13 Posts

January 4th, 2010 18:00

Good friend!

The truth is I do not understand very well the results of analysis as this are also the results of maintenance actions that made the program on your file system and registry (cleanup, repair registry etc.), even that more likely it is not removed all infected files, but many file extension. exe files have been corrupted so that you start each virus also runs in the background, beyond that the virus stopped DISABLED or multiple controllers and that's why not start your Windows normally, Safe Mode starts because it does not use many drivers.

Do you wonder? On-line analysis did I said, look, this analyzer is much more sensitive Symantec, it takes about 5 to 8 minutes to load even in safe mode it takes about 10, but the team analyzes deeply and quickly, you remember the link if you require it again

http://security.symantec.com/sscv6/WelcomePage.asp

Another thing, seeing the McAfee registry is likely that the file system, registry and system files of Windows is altered, so you'll likely need to restore or format the disk rather, I install everything again, beyond that have too many applications installed, some of which I have seen can be risks to your systems and unloaders, which you should turn off when you're not using as these are started automatically with Windows and remain so until you sign out, something else I recommend is to uninstall applications that take more than a month without use or games that has already finished, for example I've installed versions of Silent Hill and Resident Evil, and every time I finish one the uninstall, however, is also unlikely to are so altered your files, so you must run the Symantec anti-virus on-line, after you have detected and removed all infected files, it is likely that Windows does not restart normally, if so then I recommend you insert the installation disk Windows and give him the boot repair option of the system, this should boot normally.

He tells me as I was!

bamajim

10.4K Posts

January 4th, 2010 18:00

wonderfulz

1. Please download The Avenger by Swandog46 to your Desktop.

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop(How to extract (decompress) zipped or compressed files, help in the link here: )

2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\Users\Chase\AppData\Local\ttcklb

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Select Load Script
Select Paste from Clipboard
The information should now appear in the Open window
Select Execute
Answer Yes When prompted "Are you sure you want to execute the current script?"

4. The Avenger will automatically do the following:

It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log

wonderfulz

9 Posts

January 4th, 2010 21:00

Bamajim, I ran the Avenger program and I believe it worked. I was actually able to reboot windows normally, but switched back over to safe mode to run the HiJackThis because it was running very slowly. Here are the results! Wolf23fan, thank you for your insight. I will most likely follow those steps in the event the diagnostics ran at the request of Bamajim do not fix my problems.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Users\Chase\AppData\Local\ttcklb" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:00 AM, on 1/5/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Chase\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufl.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [rnuttgbs] C:\Users\Chase\AppData\Local\ttcklb\ychhsysguard.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://wps.prenhall.com/wps/media/objects/5794/5933651/wl_heining_anda_1-0131182102/ch3.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11499 bytes

wonderfulz

9 Posts

January 6th, 2010 00:00

I have been doing more online research of other users that had this malware. I came across this program called SmitFraudFix http://www.bleepingcomputer.com/files/smitfraudfix.php Would this possibly help us rid my computer of this malicious malware? I also discovered an interesting forum post on McAfee's Website that pertains to this malware. http://community.mcafee.com/message/100315#100315 Although my system isn't showing some of the same symptoms, these posts may help in determining how this particular malware runs. Hope this information is helpful in some way! Thanks again for your assistance.

bamajim

10.4K Posts

January 6th, 2010 07:00

wonderfulz

Smitfraudfix is designed to attack a different kind of infection than the one you had.

Rerun Hijackthis in Normal windows mode and let's see whats there.

wonderfulz

9 Posts

January 6th, 2010 12:00

Alirighty. I did the scan, here are the results.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:05 PM, on 1/6/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Users\Chase\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [rnuttgbs] C:\Users\Chase\AppData\Local\ttcklb\ychhsysguard.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://wps.prenhall.com/wps/media/objects/5794/5933651/wl_heining_anda_1-0131182102/ch3.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12510 bytes

bamajim

10.4K Posts

January 7th, 2010 10:00

wonderfulz

1. *NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here to clean temp files from your computer.

Double click on the file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location. Click Install then finish to complete installation.
Double click the CCleaner shortcut on the desktop to start the program.
On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
Click on the "Options" icon at the left side of the window, then click on "Advanced." deselect "Only delete files in Windows Temp folders older than 48 hours."
Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
After CCleaner has completed its process, click Exit.

2. Rerun Hijackthis (scan only) and place checks beside the following entries

O4 - HKCU\..\Run: [rnuttgbs] C:\Users\Chase\AppData\Local\ttcklb\ychhsysguard.exe

Close all other open windows except Hijackthis and Select " Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log

And in your reply tell me how your PC is running now

wonderfulz

9 Posts

January 7th, 2010 14:00

Wow, I think my computer is fixed now. I can access all my programs and McAfee is running again! Thank you, thank you, thank you!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:44 PM, on 1/7/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Curse\CurseClient.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Users\Chase\Program Files\DNA\btdna.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Chase\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Chase\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://wps.prenhall.com/wps/media/objects/5794/5933651/wl_heining_anda_1-0131182102/ch3.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5853/mcfscan.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12802 bytes

bamajim

10.4K Posts

January 8th, 2010 07:00

wonderfulz

You are most welcome

You may now remove/delete/uninstall the tools we used to clean your PC

Now that your log is clean

There are some final notes:

Lets create a clean System Restore point:
To create a Clean System Restore Point in Vista

Click Start (the Vista icon) ->> All Programs ->> Accessories ->> System Tools ->> System Restore
The System restore Window will open. Select Open System Protection
Another window will open, Hilite The C:\ Drive in the window
Then Select Create. Yet another window will open type in todays date 05262008 (or what ever you would like to remind you of this Restore Point) in the Create a restore point window.
Then Select Create. Windows will then create a restore point.
Once done you will receive notification that a System Restore point has been Created.
Close all the open widows and you are done.

Update your Anti Virus Software

Use and maintain a Firewall

Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basis

To a disc or a USB key, not your Hardrive

You may want to read this article" So how did I get infected in the first place" by Tony Klein

surf safe

View All

No Events found!

Virus & Spyware

Trojanspm lx problem, only able to access safe mode