No idea what's wrong, but something simply doesn't feel right.

LordBlunkey · 05-14-2007, 05:16 AM

Hey all.

I don't really know enough about computers, but am pretty sure that something isn't right.

I'm working on Windows Vista (i know, i know, the folly's of being an early adopter), and my computer is slow, and is crashing far too often for comfort. Below is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 14:39:29, on 06/05/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.sussex.ac.uk/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.sussex.ac.uk:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...11/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Any help would be greatly appreciated.

LordBlunkey · 05-14-2007, 05:19 AM

I feel it's worth adding as well that when running the HijackThis, i got an error message.

The first one was something about running system32\drivers\etc\hosts
The second which followed on was:

An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #75 - Path/File access error

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 6.00.1904
MSIE version: 7.0.6000.16386
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

LordBlunkey · 05-14-2007, 05:36 AM

Ok. I just realised i should have posted the DSS file thing.

Deckard's System Scanner v20070426.43
Run by Scott on 2007-05-14 at 13:27:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 1 Restore Point(s) --
1: 2007-05-14 02:04:42 UTC - RP229 - Windows Defender Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Scott.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:30:37, on 14/05/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\Windows\system32\wbem\unsecapp.exe
c:\program files\mcafee\msc\mcuimgr.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Users\Scott\Desktop\dss(2).exe
C:\PROGRA~1\HIJACK~1\Scott.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.sussex.ac.uk/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.sussec.ac.uk:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...11/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 dsunidrv - \??\c:\program files\dellsupport\drivers\dsunidrv.sys
R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>

-- Scheduled Tasks -------------------------------------------------------------

2007-05-13 17:35:25 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{C830B666-BF4B-4681-8994-8FFE464C2F8D}.job

-- Files created between 2007-04-14 and 2007-05-14 -----------------------------

2007-05-03 22:15:56 0 d-------- C:\Program Files\XMoto
2007-05-01 18:58:02 0 d-------- C:\Program Files\DVD Decrypter
2007-04-24 14:49:38 0 d-------- C:\Program Files\Lavasoft
2007-04-24 14:48:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-23 21:03:33 40960 -----n--- C:\Windows\system32\AC3API.DLL <Not Verified; Creative Technology Ltd; AC3 API Library>
2007-04-23 21:03:33 53552 -----n--- C:\Windows\CTCCW.DLL <Not Verified; Creative® Technology Ltd.; Custom Control for Windows>
2007-04-23 21:03:31 1048576 -----n--- C:\Windows\system32\SFMAN.DAT
2007-04-23 21:03:31 54784 -----n--- C:\Windows\system32\INETWH32.DLL <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2007-04-23 16:51:31 0 d-------- C:\Program Files\SpaceMonger
2007-04-22 14:45:02 0 d-------- C:\Program Files\iPod
2007-04-22 14:44:25 0 d-------- C:\Program Files\iTunes
2007-04-20 15:48:13 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-04-20 15:48:13 0 d-------- C:\Program Files\OpenAL
2007-04-20 11:24:01 41984 -----n--- C:\Windows\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2007-04-20 11

00 0 d-------- C:\Windows\system32\Data
2007-04-20 11:05:53 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2007-04-20 10:59:01 0 d-------- C:\Program Files\Creative
2007-04-18 12:36:36 0 d-------- C:\Windows\McAfee.com
2007-04-18 11:41:01 0 d--h----- C:\Windows\PIF
2007-04-17 11:27:43 40183 ---hs---- C:\Program Files\Common Files\Yazzle1654OinUninstaller.exe
2007-04-16 17:10:33 0 d-------- C:\Program Files\Combined Community Codec Pack
2007-04-16 02:16:16 0 d-------- C:\Program Files\VideoLAN
2007-04-15 20:40:32 0 d-------- C:\Program Files\IrfanView
2007-04-15 15:08:48 0 d-------- C:\c2b83dd9a66ed036cf8f62

-- Find3M Report ---------------------------------------------------------------

2007-05-10 13:50:29 0 d-------- C:\Users\Scott\AppData\Roaming\Corel
2007-05-06 15:35:32 0 d-------- C:\Program Files\Roxio
2007-05-05 17:25:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-24 14:50:34 0 d-------- C:\Users\Scott\AppData\Roaming\Lavasoft
2007-04-24 10:39:39 0 d-------- C:\Users\Scott\AppData\Roaming\Creative
2007-04-23 16:51:32 0 d-------- C:\Users\Scott\AppData\Roaming\SpaceMonger
2007-04-23 14:46:18 0 d-------- C:\Program Files\McAfee
2007-04-22 19:48:39 0 d-------- C:\Program Files\Google
2007-04-21 12:15:21 0 d-------- C:\Program Files\Windows Mail
2007-04-21 12:15:21 0 d-------- C:\Program Files\Windows Defender
2007-04-15 20:43:07 0 d-------- C:\Users\Scott\AppData\Roaming\McAfee
2007-04-11 20:02:46 0 d-------- C:\Program Files\Sony
2007-04-11 20:02:45 0 d-------- C:\Program Files\Common Files\Sony Shared
2007-04-11 19:37:02 192 --a------ C:\setuplog
2007-04-11 19:07:21 0 d-------- C:\Users\Scott\AppData\Roaming\Sony Corporation
2007-03-19 15:05:42 0 d-------- C:\Users\Scott\AppData\Roaming\Real
2007-03-19 14:45:24 0 -rahs---- C:\MSDOS.SYS
2007-03-19 14:45:24 0 -rahs---- C:\IO.SYS
2007-03-18 04:01:44 0 d-------- C:\Program Files\MSXML 4.0
2007-03-17 18:14:10 0 d-------- C:\Program Files\Microsoft Games
2007-03-17 18:04:06 616 --a------ C:\Windows\eReg.dat
2007-03-17 17:54:31 0 d-------- C:\Program Files\EA Games
2007-03-17 17:41:03 0 d-------- C:\Program Files\namco
2007-03-17 17:36:15 0 d-------- C:\Program Files\BBC Worldwide
2007-03-17 16:13:37 24206 --a------ C:\Users\Scott\AppData\Roaming\UserTile.png
2007-03-17 16:13:36 0 d-------- C:\Users\Scott\AppData\Roaming\PeerNetworking
2007-03-17 01:11:06 0 d-------- C:\Users\Scott\AppData\Roaming\Roxio

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} c:\Program Files\Java\jre1.6.0\bin\ssv.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} c:\program files\mcafee\virusscan\scriptcl.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} C:\Program Files\BAE\BAE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IgfxTray"="C:\\Windows\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\Windows\\system32\\hkcmd.exe"
"Persistence"="C:\\Windows\\system32\\igfxpers.exe"
"SunJavaUpdateSched"="\"c:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"SigmatelSysTrayApp"="sttray.exe"
"Broadcom Wireless Manager UI"="C:\\Windows\\system32\\WLTRAY.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Snapfire Plus\\PhotoDownloader.exe"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ECenter"="c:\\dell\\E-Center\\EULALauncher.exe"
"PCMService"="\"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SbUsb AudCtrl"="RunDll32 sbusbdll.dll,RCMonitor"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBLive 24-Bit External\\Surround Mixer\\CTSysVol.exe /r"
"UpdReg"="C:\\Windows\\UpdReg.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"SetDefaultMIDI"="MIDIDef.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"Creative MediaSource Go"="C:\\Program Files\\Creative\\MediaSource\\Go\\CTCMSGo.exe /SCB"
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Notification Packages REG_MULTI_SZ scecli\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0\0
Authentication Packages REG_MULTI_SZ msv1_0\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0Mcx2Svc\0WebClient\0\0
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0EMDMgmt\0TabletInputService\0wlansvc\0WPDBusEnum\0\0
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0
LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0ehstart\0\0
NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WerSvcGroup REG_MULTI_SZ wersvc\0\0
swprv REG_MULTI_SZ swprv\0\0
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
regsvc REG_MULTI_SZ RemoteRegistry\0\0
wcssvc REG_MULTI_SZ WcsPlugInService\0\0
DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0
wdisvc REG_MULTI_SZ WdiServiceHost\0\0
sdrsvc REG_MULTI_SZ sdrsvc\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
secsvcs REG_MULTI_SZ WinDefend\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AeLookupSvc
wercplsupport
CertPropSvc
SCPolicySvc
gpsvc
IKEEXT
LogonHours
PCAudit
iphlpsvc
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
SessionEnv
hkmsvc

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38b2995-c604-11db-8412-806e6f6e6963}]
shell\AutoRun\command E:\autorun.exe

-- End of Deckard's System Scanner: finished at 2007-05-14 at 13:31:20 ---------

LordBlunkey · 05-14-2007, 05:41 AM

Crap, i forgot to attach the extra text. So here's that.

Ried · 05-16-2007, 10:25 PM

Hello LordBlunkey,

As you're no doubt aware, few tools are Vista compatible--we'll do our best to clean this but you may want to consider performing a system restore to just before Windows Defender began detecting Clickspring.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs)

Outerinfo

--------------------------------------------------------------------

Navigate to and delete this file:

C:\Program Files\Common Files\Yazzle1654OinUninstaller.exe

**If any of the above resist deletion, boot into Safe Mode to delete.

--------------------------------------------------------------------

Please run an online scan at TrendMicro --is compatible with Vista.

Post the results here along with a new main.txt from dss.exe

LordBlunkey · 05-17-2007, 05:30 AM

It wasn't possible to uninstall Outerinfo. I get an error message saying:

"Download of uninstaller failed: HTTP/1.0 407 Proxy Authentication Required. Please download and run the uninstaller from http://www.outerinfo.com/OiUninstaller.exe"

I am unable to locate the Yazzle1654 file.

The TrendMicro appeared to find nothing, but it didn't provide me with a proper results screen. I don't know what it's meant to do though.

As nothing has changed i can't see any benefit in providing a new DSS scan.

LordBlunkey · 05-17-2007, 05:32 AM

And the system restore only seems to go back a few days, maybe a week, and the ClickSpring has been on the system for a lot longer than that.

Ried · 05-17-2007, 05:47 AM

Then we have no choice but to use their uninstaller.

Download and run the Oiuninstaller
There is a tutorial for the uninstaller available
**When the uninstaller is done, reboot and delete the Oiuninstaller.

-------------------------------------------------------------------

Please ensure Hidden files and folders are viewable:

Click Start>Computer->Organize->Folder and Search Options->View tab:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

-------------------------------------------------------------------

Now please check once again and delete this folder:

C:\Program Files\Common Files\Yazzle1654OinUninstaller.exe

-------------------------------------------------------------------

Check your Add/Remove programs--is Outerinfo still listed?

Reboot and run a new scan with dss.exe. Please post the main.txt and let me know if there is any improvement in your system.

LordBlunkey · 05-17-2007, 06:48 AM

When i go to the uninstaller, WIndows Defender comes up with a warning that it contains spyware:Win32/MediaTicketsCDT (severe). Do i still install it?

Ried · 05-17-2007, 07:35 AM

Yes--we have no choice as the tool that we normally use to take care of this is not Vista compatible. After you've installed it and run the uninstaller, delete that uninstaller. Then allow Windows Defender or AdAware to scan and delete anything they find.

Run another online scan at TrendMicro to search for remnants if neither Windows Defender nor AdAware find anything.

LordBlunkey · 05-17-2007, 08:09 AM

I used their uninstaller, and my McAfee thing claims to have taken care of the MediaTickets thing.

I've found and deleted the two yazzle1654 files, one that said it was an uninstaller, the other that said it was admin.

The OuterInfo is now gone from my program list. I'll reboot and scan now.

05-14-2007, 05:16 AM	#1 (permalink)
LordBlunkey Registered User Join Date: May 2007 Posts: 15 OS: Windows Vista	No idea what's wrong, but something simply doesn't feel right. Hey all. I don't really know enough about computers, but am pretty sure that something isn't right. I'm working on Windows Vista (i know, i know, the folly's of being an early adopter), and my computer is slow, and is crashing far too often for comfort. Below is my HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 14:39:29, on 06/05/2007 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\McAfee\MPS\mpsevh.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Windows\sttray.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\McAfee\MSK\mskagent.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Windows Sidebar\sidebar.exe c:\program files\mcafee\msc\mcuimgr.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.sussex.ac.uk/proxy.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.sussex.ac.uk:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...11/mcfscan.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe Any help would be greatly appreciated.

05-14-2007, 05:19 AM	#2 (permalink)
LordBlunkey Registered User Join Date: May 2007 Posts: 15 OS: Windows Vista	Re: No idea what's wrong, but something simply doesn't feel right. I feel it's worth adding as well that when running the HijackThis, i got an error message. The first one was something about running system32\drivers\etc\hosts The second which followed on was: An unexpected error has occurred at procedure: modMain_CheckOther1Item() Error #75 - Path/File access error Please email me at merijn@spywareinfo.com, reporting the following: * What you were trying to fix when the error occurred, if applicable * How you can reproduce the error * A complete HijackThis scan log, if possible Windows version: Windows NT 6.00.1904 MSIE version: 7.0.6000.16386 HijackThis version: 1.99.1 This message has been copied to your clipboard. Click OK to continue the rest of the scan.

05-14-2007, 05:36 AM	#3 (permalink)
LordBlunkey Registered User Join Date: May 2007 Posts: 15 OS: Windows Vista	Re: No idea what's wrong, but something simply doesn't feel right. Ok. I just realised i should have posted the DSS file thing. Deckard's System Scanner v20070426.43 Run by Scott on 2007-05-14 at 13:27:41 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 1 Restore Point(s) -- 1: 2007-05-14 02:04:42 UTC - RP229 - Windows Defender Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Scott.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 13:30:37, on 14/05/2007 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Windows\sttray.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\McAfee\MSK\mskagent.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Windows Mail\WinMail.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\Windows\System32\mobsync.exe C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE C:\Windows\system32\wbem\unsecapp.exe c:\program files\mcafee\msc\mcuimgr.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Users\Scott\Desktop\dss(2).exe C:\PROGRA~1\HIJACK~1\Scott.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.sussex.ac.uk/proxy.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.sussec.ac.uk:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...11/mcfscan.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 dsunidrv - \??\c:\program files\dellsupport\drivers\dsunidrv.sys R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio> S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application> S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler> -- Scheduled Tasks ------------------------------------------------------------- 2007-05-13 17:35:25 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{C830B666-BF4B-4681-8994-8FFE464C2F8D}.job -- Files created between 2007-04-14 and 2007-05-14 ----------------------------- 2007-05-03 22:15:56 0 d-------- C:\Program Files\XMoto 2007-05-01 18:58:02 0 d-------- C:\Program Files\DVD Decrypter 2007-04-24 14:49:38 0 d-------- C:\Program Files\Lavasoft 2007-04-24 14:48:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-04-23 21:03:33 40960 -----n--- C:\Windows\system32\AC3API.DLL <Not Verified; Creative Technology Ltd; AC3 API Library> 2007-04-23 21:03:33 53552 -----n--- C:\Windows\CTCCW.DLL <Not Verified; Creative® Technology Ltd.; Custom Control for Windows> 2007-04-23 21:03:31 1048576 -----n--- C:\Windows\system32\SFMAN.DAT 2007-04-23 21:03:31 54784 -----n--- C:\Windows\system32\INETWH32.DLL <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32> 2007-04-23 16:51:31 0 d-------- C:\Program Files\SpaceMonger 2007-04-22 14:45:02 0 d-------- C:\Program Files\iPod 2007-04-22 14:44:25 0 d-------- C:\Program Files\iTunes 2007-04-20 15:48:13 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32> 2007-04-20 15:48:13 0 d-------- C:\Program Files\OpenAL 2007-04-20 11:24:01 41984 -----n--- C:\Windows\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System> 2007-04-20 1100 0 d-------- C:\Windows\system32\Data 2007-04-20 11:05:53 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library> 2007-04-20 10:59:01 0 d-------- C:\Program Files\Creative 2007-04-18 12:36:36 0 d-------- C:\Windows\McAfee.com 2007-04-18 11:41:01 0 d--h----- C:\Windows\PIF 2007-04-17 11:27:43 40183 ---hs---- C:\Program Files\Common Files\Yazzle1654OinUninstaller.exe 2007-04-16 17:10:33 0 d-------- C:\Program Files\Combined Community Codec Pack 2007-04-16 02:16:16 0 d-------- C:\Program Files\VideoLAN 2007-04-15 20:40:32 0 d-------- C:\Program Files\IrfanView 2007-04-15 15:08:48 0 d-------- C:\c2b83dd9a66ed036cf8f62 -- Find3M Report --------------------------------------------------------------- 2007-05-10 13:50:29 0 d-------- C:\Users\Scott\AppData\Roaming\Corel 2007-05-06 15:35:32 0 d-------- C:\Program Files\Roxio 2007-05-05 17:25:00 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-04-24 14:50:34 0 d-------- C:\Users\Scott\AppData\Roaming\Lavasoft 2007-04-24 10:39:39 0 d-------- C:\Users\Scott\AppData\Roaming\Creative 2007-04-23 16:51:32 0 d-------- C:\Users\Scott\AppData\Roaming\SpaceMonger 2007-04-23 14:46:18 0 d-------- C:\Program Files\McAfee 2007-04-22 19:48:39 0 d-------- C:\Program Files\Google 2007-04-21 12:15:21 0 d-------- C:\Program Files\Windows Mail 2007-04-21 12:15:21 0 d-------- C:\Program Files\Windows Defender 2007-04-15 20:43:07 0 d-------- C:\Users\Scott\AppData\Roaming\McAfee 2007-04-11 20:02:46 0 d-------- C:\Program Files\Sony 2007-04-11 20:02:45 0 d-------- C:\Program Files\Common Files\Sony Shared 2007-04-11 19:37:02 192 --a------ C:\setuplog 2007-04-11 19:07:21 0 d-------- C:\Users\Scott\AppData\Roaming\Sony Corporation 2007-03-19 15:05:42 0 d-------- C:\Users\Scott\AppData\Roaming\Real 2007-03-19 14:45:24 0 -rahs---- C:\MSDOS.SYS 2007-03-19 14:45:24 0 -rahs---- C:\IO.SYS 2007-03-18 04:01:44 0 d-------- C:\Program Files\MSXML 4.0 2007-03-17 18:14:10 0 d-------- C:\Program Files\Microsoft Games 2007-03-17 18:04:06 616 --a------ C:\Windows\eReg.dat 2007-03-17 17:54:31 0 d-------- C:\Program Files\EA Games 2007-03-17 17:41:03 0 d-------- C:\Program Files\namco 2007-03-17 17:36:15 0 d-------- C:\Program Files\BBC Worldwide 2007-03-17 16:13:37 24206 --a------ C:\Users\Scott\AppData\Roaming\UserTile.png 2007-03-17 16:13:36 0 d-------- C:\Users\Scott\AppData\Roaming\PeerNetworking 2007-03-17 01:11:06 0 d-------- C:\Users\Scott\AppData\Roaming\Roxio -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} c:\Program Files\Java\jre1.6.0\bin\ssv.dll {7DB2D5A0-7241-4E79-B68D-6309F01C5231} c:\program files\mcafee\virusscan\scriptcl.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} C:\Program Files\BAE\BAE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\ "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "IgfxTray"="C:\\Windows\\system32\\igfxtray.exe" "HotKeysCmds"="C:\\Windows\\system32\\hkcmd.exe" "Persistence"="C:\\Windows\\system32\\igfxpers.exe" "SunJavaUpdateSched"="\"c:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\"" "SigmatelSysTrayApp"="sttray.exe" "Broadcom Wireless Manager UI"="C:\\Windows\\system32\\WLTRAY.exe" "Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Snapfire Plus\\PhotoDownloader.exe" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "ECenter"="c:\\dell\\E-Center\\EULALauncher.exe" "PCMService"="\"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "SbUsb AudCtrl"="RunDll32 sbusbdll.dll,RCMonitor" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "CTSysVol"="C:\\Program Files\\Creative\\SBLive 24-Bit External\\Surround Mixer\\CTSysVol.exe /r" "UpdReg"="C:\\Windows\\UpdReg.EXE" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" "DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup" "ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe" "SetDefaultMIDI"="MIDIDef.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe" "Creative MediaSource Go"="C:\\Program Files\\Creative\\MediaSource\\Go\\CTCMSGo.exe /SCB" "RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=dword:00000002 "ConsentPromptBehaviorUser"=dword:00000001 "EnableInstallerDetection"=dword:00000001 "EnableLUA"=dword:00000001 "EnableSecureUIAPaths"=dword:00000001 "EnableVirtualization"=dword:00000001 "PromptOnSecureDesktop"=dword:00000001 "ValidateAdminCodeSignatures"=dword:00000000 "scforceoption"=dword:00000000 "FilterAdministratorToken"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats] "CF_TEXT"=dword:00000001 "CF_BITMAP"=dword:00000002 "CF_OEMTEXT"=dword:00000007 "CF_DIB"=dword:00000008 "CF_PALETTE"=dword:00000009 "CF_UNICODETEXT"=dword:0000000d "CF_DIBV5"=dword:00000011 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="credssp.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Notification Packages REG_MULTI_SZ scecli\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0\0 Authentication Packages REG_MULTI_SZ msv1_0\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7} HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0Mcx2Svc\0WebClient\0\0 LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0EMDMgmt\0TabletInputService\0wlansvc\0WPDBusEnum\0\0 NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0 LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0ehstart\0\0 NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WerSvcGroup REG_MULTI_SZ wersvc\0\0 swprv REG_MULTI_SZ swprv\0\0 LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 regsvc REG_MULTI_SZ RemoteRegistry\0\0 wcssvc REG_MULTI_SZ WcsPlugInService\0\0 DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0 wdisvc REG_MULTI_SZ WdiServiceHost\0\0 sdrsvc REG_MULTI_SZ sdrsvc\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 secsvcs REG_MULTI_SZ WinDefend\0\0 hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost netsvcs AeLookupSvc wercplsupport CertPropSvc SCPolicySvc gpsvc IKEEXT LogonHours PCAudit iphlpsvc AppInfo msiscsi MMCSS ProfSvc EapHost SessionEnv hkmsvc [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38b2995-c604-11db-8412-806e6f6e6963}] shell\AutoRun\command E:\autorun.exe -- End of Deckard's System Scanner: finished at 2007-05-14 at 13:31:20 ---------

05-16-2007, 10:25 PM	#5 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 19,020 OS: WinXP and Vista	Re: No idea what's wrong, but something simply doesn't feel right. Hello LordBlunkey, As you're no doubt aware, few tools are Vista compatible--we'll do our best to clean this but you may want to consider performing a system restore to just before Windows Defender began detecting Clickspring. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. Also be sure to carry out the instructions in the sequence listed below. ************************************************* Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) Outerinfo -------------------------------------------------------------------- Navigate to and delete this file: C:\Program Files\Common Files\Yazzle1654OinUninstaller.exe If any of the above resist deletion, boot into Safe Mode to delete. -------------------------------------------------------------------- Please run an online scan at TrendMicro --is compatible with Vista. Post the results here along with a new main.txt from dss.exe __________________ Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Keep this site free for all. Please consider, donating "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

05-17-2007, 05:30 AM	#6 (permalink)
LordBlunkey Registered User Join Date: May 2007 Posts: 15 OS: Windows Vista	Re: No idea what's wrong, but something simply doesn't feel right. It wasn't possible to uninstall Outerinfo. I get an error message saying: "Download of uninstaller failed: HTTP/1.0 407 Proxy Authentication Required. Please download and run the uninstaller from http://www.outerinfo.com/OiUninstaller.exe" I am unable to locate the Yazzle1654 file. The TrendMicro appeared to find nothing, but it didn't provide me with a proper results screen. I don't know what it's meant to do though. As nothing has changed i can't see any benefit in providing a new DSS scan.

05-17-2007, 05:32 AM	#7 (permalink)
LordBlunkey Registered User Join Date: May 2007 Posts: 15 OS: Windows Vista	Re: No idea what's wrong, but something simply doesn't feel right. And the system restore only seems to go back a few days, maybe a week, and the ClickSpring has been on the system for a lot longer than that.

05-17-2007, 05:47 AM	#8 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 19,020 OS: WinXP and Vista	Re: No idea what's wrong, but something simply doesn't feel right. Then we have no choice but to use their uninstaller. Download and run the Oiuninstaller There is a tutorial for the uninstaller available When the uninstaller is done, reboot and delete the Oiuninstaller. ------------------------------------------------------------------- Please ensure Hidden files and folders are viewable: Click Start>Computer->Organize->Folder and Search Options->View** tab: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. Also, make sure there is no checkmark beside Hide file extensions for known file types. Click OK. ------------------------------------------------------------------- Now please check once again and delete this folder: C:\Program Files\Common Files\Yazzle1654OinUninstaller.exe ------------------------------------------------------------------- Check your Add/Remove programs--is Outerinfo still listed? Reboot and run a new scan with dss.exe. Please post the main.txt and let me know if there is any improvement in your system. __________________ Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Keep this site free for all. Please consider, donating "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

05-17-2007, 06:48 AM	#9 (permalink)
LordBlunkey Registered User Join Date: May 2007 Posts: 15 OS: Windows Vista	Re: No idea what's wrong, but something simply doesn't feel right. When i go to the uninstaller, WIndows Defender comes up with a warning that it contains spyware:Win32/MediaTicketsCDT (severe). Do i still install it?

05-17-2007, 07:35 AM	#10 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 19,020 OS: WinXP and Vista	Re: No idea what's wrong, but something simply doesn't feel right. Yes--we have no choice as the tool that we normally use to take care of this is not Vista compatible. After you've installed it and run the uninstaller, delete that uninstaller. Then allow Windows Defender or AdAware to scan and delete anything they find. Run another online scan at TrendMicro to search for remnants if neither Windows Defender nor AdAware find anything. __________________ Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Keep this site free for all. Please consider, donating "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

05-17-2007, 08:09 AM	#11 (permalink)
LordBlunkey Registered User Join Date: May 2007 Posts: 15 OS: Windows Vista	Re: No idea what's wrong, but something simply doesn't feel right. I used their uninstaller, and my McAfee thing claims to have taken care of the MediaTickets thing. I've found and deleted the two yazzle1654 files, one that said it was an uninstaller, the other that said it was admin. The OuterInfo is now gone from my program list. I'll reboot and scan now.