1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spyware has gotten ahold of me

Discussion in 'Virus & Other Malware Removal' started by mrjester, Jul 12, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. mrjester

    mrjester Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    7
    Hi everyone,

    I've been trying to solve this problem for a few days but I can't seem to figure it out.

    My Internet browser will open by itself and try to go to the following URL:

    CENSURED.

    It will do this multiple times. I can only think that there is some type of spyware taking over my computer.

    I have done the following:
    -Looked at task manager. I don't see anything out of the ordinary here. Although this is a Vista machine so I could be missing something and I'm not an expert.

    - Ran Ad-aware but this mainly finds tracking cookies

    - Ran Super Anti-spyware professional and nothing too deadly was found. I also ran this in safe mode.

    - Downloaded Hijack this but have NO IDEA what I'm even looking at.

    - Downloaded Killbox but was too afraid to do anything with this program.

    Any suggestions?

    MrJester.
     
  2. mrjester

    mrjester Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    7
    Ohh yeah, here is my hijack this logfile:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:57:42 PM, on 7/12/2007
    Platform: Unknown Windows (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\sttray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\McAfee\MSK\mskagent.exe
    C:\Windows\services.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
    C:\Users\Brandon\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F3 - REG:win.ini: load=C:\Windows\UNISTVZ32.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
     
  3. jwbirdsong

    jwbirdsong

    Joined:
    Nov 6, 2002
    Messages:
    710
    You need to print this out or save a copy to Notepad for reading because you can NOT have IE/FF or any browser open while doing the fix.

    Open HijackThis and click on Do a system scan only. Place a check mark next to the following:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    F3 - REG:win.ini: load=C:\Windows\UNISTVZ32.exe


    Close ALL other open windows and programs and click Fix checked.

    REBOOT

    Download
    Deckard's System Scanner (DSS)
    to your Desktop. Note: You must be logged onto an account with administrator privileges.

    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
     
  4. mrjester

    mrjester Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    7
    Thanks so much for the help!

    Deckard's System Scanner v20070711.54
    Run by Brandon on 2007-07-13 at 09:29:07
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- Last 5 Restore Point(s) --
    24: 2007-07-12 07:00:29 UTC - RP186 - Windows Update
    23: 2007-07-11 07:00:33 UTC - RP185 - Windows Update
    22: 2007-07-10 12:50:14 UTC - RP184 - Installed SUPERAntiSpyware Professional
    21: 2007-07-10 07:00:44 UTC - RP183 - Windows Update
    20: 2007-07-09 12:29:51 UTC - RP182 - Installed Ad-Aware 2007


    -- First Restore Point --
    1: 2007-06-23 04:00:07 UTC - RP160 - Scheduled Checkpoint


    Backed up registry hives.

    Performed disk cleanup.


    -- HijackThis (run as Brandon.exe) ---------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:40:14 AM, on 7/13/2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\sttray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\McAfee\MSK\mskagent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Brandon\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Brandon.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9118 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
    R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys
    R2 dsunidrv - \??\c:\program files\dellsupport\drivers\dsunidrv.sys
    R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys
    R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
    R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

    S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
    S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


    -- Scheduled Tasks -------------------------------------------------------------

    2007-07-13 05:49:18 422 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{3EC24C93-B6EA-4E2F-92DE-520FDBE65B14}.job
    2007-07-11 07:35:02 284 --a------ C:\Windows\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2007-06-13 and 2007-07-13 -----------------------------

    2007-07-13 09:32:48 0 d-------- C:\Program Files\Trend Micro
    2007-07-10 08:50:33 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
    2007-07-10 08:50:25 0 d-------- C:\Program Files\SUPERAntiSpyware
    2007-07-09 08:30:06 0 d-------- C:\Program Files\Lavasoft
    2007-07-09 08:30:04 0 d-------- C:\Users\All Users\Lavasoft
    2007-07-05 19:42:33 0 d-------- C:\Program Files\rememberthis.exe
    2007-06-28 08:15:54 28672 --a------ C:\Windows\UNISTVZ32.exe <Not Verified; Microsoft Corporation; UNISTVZ32>
    2007-06-28 08:15:11 81920 --a------ C:\Windows\services.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-06-22 23:06:11 0 d-------- C:\Users\Default\Roaming
    2007-06-22 23:06:11 0 d-------- C:\Users\Brandon\Roaming
    2007-06-22 23:06:08 0 d-------- C:\Program Files\MySpace
    2007-06-18 09:44:25 0 d-------- C:\Windows\PCHEALTH
    2007-06-18 09:44:25 0 d-------- C:\Program Files\Microsoft.NET
    2007-06-18 09:44:25 0 d-------- C:\Program Files\Common Files\ODBC
    2007-06-18 09:42:22 0 d-------- C:\Program Files\Microsoft Visual Studio 8
    2007-06-18 09:41:12 0 d-------- C:\Users\All Users\Microsoft Help
    2007-06-18 09:40:48 0 dr-h----- C:\MSOCache


    -- Find3M Report ---------------------------------------------------------------

    2007-07-13 09:27:35 0 d-------- C:\Program Files\McAfee
    2007-07-12 03:10:38 0 d-------- C:\Program Files\Windows Mail
    2007-07-10 19:47:27 0 d-------- C:\Program Files\World of Warcraft
    2007-07-10 08:50:25 0 d-------- C:\Users\Brandon\AppData\Roaming\SUPERAntiSpyware.com
    2007-07-10 08:50:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-07 17:23:50 0 d-------- C:\Program Files\Microsoft Games
    2007-06-24 12:41:41 0 d-------- C:\Users\Brandon\AppData\Roaming\WildTangent
    2007-06-24 12:07:42 0 d-------- C:\Users\Brandon\AppData\Roaming\Corel
    2007-06-22 23:06:11 0 d-------- C:\Users\Brandon\AppData\Roaming\MySpace
    2007-06-18 09:46:22 0 d-------- C:\Program Files\Microsoft Works
    2007-06-18 09:45:48 0 d-------- C:\Program Files\MSBuild
    2007-05-25 09:27:43 0 d-------- C:\Program Files\HiddenExpeditionTitanic_at
    2007-05-14 09:37:28 0 d-------- C:\Program Files\Roxio
    2007-05-14 09:36:31 0 d-------- C:\Program Files\Yahoo!
    2007-05-14 09:36:18 0 d-------- C:\Program Files\Common Files\SureThing Shared
    2007-04-20 14:39:14 0 --a------ C:\Users\Brandon\AppData\Roaming\wklnhst.dat
    2007-04-13 15:19:52 7680 --a------ C:\Windows\system32\lsdelete.exe


    -- Registry Dump ---------------------------------------------------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    {7DB2D5A0-7241-4E79-B68D-6309F01C5231} c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
    {CA6319C0-31B7-401E-A518-A07C3DB8F777} C:\Program Files\BAE\BAE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\
    "NvSvc"="RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart"
    "NvCplDaemon"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup"
    "NvMediaCenter"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit"
    "SigmatelSysTrayApp"="sttray.exe"
    "IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\""
    "Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Snapfire Plus\\PhotoDownloader.exe"
    "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
    @=""
    "MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"
    "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
    "ECenter"="c:\\dell\\E-Center\\EULALauncher.exe"
    "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "Windows Mobile-based device management"=hex(2):25,77,69,6e,64,69,72,25,5c,57,\

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
    "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
    "DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
    "Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
    "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
    "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
    "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=dword:00000002
    "ConsentPromptBehaviorUser"=dword:00000001
    "EnableInstallerDetection"=dword:00000001
    "EnableLUA"=dword:00000001
    "EnableSecureUIAPaths"=dword:00000001
    "EnableVirtualization"=dword:00000001
    "PromptOnSecureDesktop"=dword:00000001
    "ValidateAdminCodeSignatures"=dword:00000000
    "scforceoption"=dword:00000000
    "FilterAdministratorToken"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
    "CF_TEXT"=dword:00000001
    "CF_BITMAP"=dword:00000002
    "CF_OEMTEXT"=dword:00000007
    "CF_DIB"=dword:00000008
    "CF_PALETTE"=dword:00000009
    "CF_UNICODETEXT"=dword:0000000d
    "CF_DIBV5"=dword:00000011

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="credssp.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Notification Packages REG_MULTI_SZ scecli\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0\0
    Authentication Packages REG_MULTI_SZ msv1_0\0\0

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0Mcx2Svc\0WebClient\0\0
    LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0EMDMgmt\0TabletInputService\0wlansvc\0WPDBusEnum\0\0
    NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0
    LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0ehstart\0\0
    NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WerSvcGroup REG_MULTI_SZ wersvc\0\0
    swprv REG_MULTI_SZ swprv\0\0
    LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    regsvc REG_MULTI_SZ RemoteRegistry\0\0
    wcssvc REG_MULTI_SZ WcsPlugInService\0\0
    DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0
    wdisvc REG_MULTI_SZ WdiServiceHost\0\0
    sdrsvc REG_MULTI_SZ sdrsvc\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    secsvcs REG_MULTI_SZ WinDefend\0\0
    WindowsMobile REG_MULTI_SZ wcescomm\0rapimgr\0\0
    LocalServiceRestricted REG_MULTI_SZ WcesComm\0RapiMgr\0\0

    hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
    AeLookupSvc
    wercplsupport
    CertPropSvc
    SCPolicySvc
    gpsvc
    IKEEXT
    LogonHours
    PCAudit
    iphlpsvc
    AppInfo
    msiscsi
    MMCSS
    ProfSvc
    EapHost
    SessionEnv
    hkmsvc


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b0ecb02-1d9d-11dc-a6a0-0019d137c998}]
    shell\AutoRun\command G:\LAUNCH.exe


    -- End of Deckard's System Scanner: finished at 2007-07-13 at 09:40:51 ---------
     
  5. mrjester

    mrjester Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    7
    extra.txt

    Deckard's System Scanner v20070711.54
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft® Windows Vista™ Home Premium (build 6000)
    Architecture: X86; Language: English

    CPU 0: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
    Percentage of Memory in Use: 30%
    Physical Memory (total/avail): 2045.32 MiB / 1425.28 MiB
    Pagefile Memory (total/avail): 4309.66 MiB / 3440.66 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1929.03 MiB

    C: is Fixed (NTFS) - 222.78 GiB total, 160.8 GiB free.
    D: is Fixed (NTFS) - 10 GiB total, 5.57 GiB free.
    E: is CDROM (CDFS)
    F: is Removable (No Media)


    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is disabled.

    FW: McAfee Personal Firewall v (McAfee)
    AV: McAfee VirusScan v (McAfee)
    AS: McAfee VirusScan v (McAfee)
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\Brandon\AppData\Roaming
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=OFFICE-PC
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\Brandon
    LOCALAPPDATA=C:\Users\Brandon\AppData\Local
    LOGONSERVER=\\OFFICE-PC
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f02
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
    RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\Brandon\AppData\Local\Temp
    TMP=C:\Users\Brandon\AppData\Local\Temp
    USERDOMAIN=Office-PC
    USERNAME=Brandon
    USERPROFILE=C:\Users\Brandon
    windir=C:\Windows


    -- User Profiles ---------------------------------------------------------------

    Brandon


    -- Add/Remove Programs ---------------------------------------------------------

    --> "C:\Program Files\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe"
    --> "C:\Program Files\Dell Games\Blackhawk Striker 2\Uninstall.exe"
    --> "C:\Program Files\Dell Games\Blasterball 3\Uninstall.exe"
    --> "C:\Program Files\Dell Games\Chuzzle Deluxe\Uninstall.exe"
    --> "C:\Program Files\Dell Games\Dell Game Console\Uninstall.exe"
    --> "C:\Program Files\Dell Games\Dell Media Center Game Console\Uninstall.exe"
    --> "C:\Program Files\Dell Games\FATE\Uninstall.exe"
    --> "C:\Program Files\Dell Games\JEOPARDY\Uninstall.exe"
    --> "C:\Program Files\Dell Games\Penguins!\Uninstall.exe"
    --> "C:\Program Files\Dell Games\Polar Bowler\Uninstall.exe"
    --> "C:\Program Files\Dell Games\Polar Golfer\Uninstall.exe"
    --> "C:\Program Files\Dell Games\SCRABBLE\Uninstall.exe"
    Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
    Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
    Age of Mythology --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
    AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
    Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
    Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
    Conexant D850 PCI V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
    Corel Paint Shop Pro Photo XI --> MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}
    Corel Snapfire Plus --> MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
    Dell Games --> "C:\Program Files\Dell Games\Uninstall.exe"
    Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
    DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
    Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe -runfromtemp -l0x0009 -removeonly
    Documentation & Support Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
    Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
    Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    Intel(R) Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
    Internet Service Offers Launcher --> MsiExec.exe /I{CCFF1E13-77A2-4032-8B12-7566982A27DF}
    iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
    Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
    McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
    Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{91120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
    Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
    MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
    NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
    NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
    Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
    QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
    Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
    Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
    Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
    Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
    Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
    Security Update for Excel 2007 (KB936509) --> msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
    Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
    Security Update for Office 2007 (KB936514) --> msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
    Security Update for Publisher 2007 (KB936646) --> msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
    SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
    Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    Update for Office 2007 (KB932080) --> msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
    Update for Office 2007 (KB934391) --> msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
    Update for Office 2007 (KB934393) --> msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
    Update for Outlook 2007 (KB937608) --> msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
    Update for Outlook 2007 Junk Email Filter (kb936558) --> msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {B6B2802B-6631-4EBE-A062-44AE0C1F0BED}
    Update for Word 2007 (KB934173) --> msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
    URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
    User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
    Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
    Windows Mobile Device Center --> MsiExec.exe /I{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}
    World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
    Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


    -- End of Deckard's System Scanner: finished at 2007-07-13 at 09:40:51 ---------
     
  6. mrjester

    mrjester Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    7
    It seems to be working after removing those items from Hijackthis.

    Thank you!

    How did you know what this was?
     
  7. jwbirdsong

    jwbirdsong

    Joined:
    Nov 6, 2002
    Messages:
    710
    a LOT of it is just experience, knowing what is and what ISN'T supposed to be where.

    Let's see if anything else is hiding out; just to be safe.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a fresh HijackThis log.
     
  8. mrjester

    mrjester Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    7
    I tried to do this but it said it wasn't yet available for Vista.
     
  9. jwbirdsong

    jwbirdsong

    Joined:
    Nov 6, 2002
    Messages:
    710
    My fault....Panda does have a scan for Vista but, obviously, that was not it.

    Please go HERE and click on Full scan (Approx: 1 hour) then Click Scan Now. After it is done; if you have infections; there will be a DISENFECT button at the bottom..Click it then once it's done click SAVE to save a report..Please post it.
     
  10. mrjester

    mrjester Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    7
    Same thing here. Says it won't run on vista but I still haven't had any problems since the hijack this.
     
  11. jwbirdsong

    jwbirdsong

    Joined:
    Nov 6, 2002
    Messages:
    710
    Well everything else does look good. I knew the 1st link I gave you wouldn't work on Vista, it was just an oversight...Just not that used to getting Vista logs yet; but lest you think me a complete idiot the following is part of an Email I got from Panda.

    As long as your McAfee is up to date and you do a full scan with it and SUPERAntiSpyware Professiona you should be fine.

    Spend a couple of days to make sure you are happy then post a final HijackThis log please.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Spyware gotten ahold
  1. jennys95
    Replies:
    1
    Views:
    661
  2. rjay13
    Replies:
    0
    Views:
    290
  3. dano_61
    Replies:
    14
    Views:
    921
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/595024

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice