W32.myzor.Fk@yf on Vista

[Duke Dukay]

I've just bought my first computer for home use so I'm a bit of a novice. I've picked up a virus which has hijacked my IE and keeps trying to sell me protection software. The messages flashed up so far are that I've got the myzor, and various spyworms.
I've spent the best part of 2 days trying to self help from the various websites but none of them have a Vista options, which makes the instructions difficult to follow! Vista doesn't seem to have a 'My Computer' and I've given up trying to find out how to disable the system restore.
On the VirusScan tab I've got Build 11.1.126, DAT version 4968.000, Engine version 5100.0194.
Any help would be gratefully received before I repack the computer in it's box and sling it through the window!

I've been on the McAfee site and paullotion has advised the following:

"SmitFraudFix does not work with Vista as yet.

You can try AVG in safe mode it might remove the infection,if not download Hijackthis >>Here<< run a scan and create a log,post that log in this forum >>Here<< they`ll be able to help you,be aware as you have Vista very few tools will work with it at this time,so its a trial and error approach. "

I can't get AVG to work (I'm getting an "avgos.exe application error 0 the application failed to initialise properly") I've downloaded, installed and uninstalled all sorts of things that have been recommended but either they are not compatible with Vista or don't seem to cure the problem.

I'm fairly cheesed off now - I didn't get an option with Dell for another operating system with tthe kit I bought. Hope this is not a sign of things to come.

The scan produced the following. Any help would be gratefully received.

Steve

Logfile of HijackThis v1.99.1
Scan saved at 13:52:21, on 23/02/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Video Access ActiveX Object\isamntr.exe
C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
C:\Program Files\Video Access ActiveX Object\pmmnt.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Steve\AppData\Local\Temp\Temp1_hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=6070216
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=6070216
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - C:\Windows\system32\higehsg.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[Duke Dukay]

I've been watching the other problems posted being actioned which really worries me - does this mean that my problem is not going to be easy to solve? This is a brand new setup - if I restore it back to the condition that it came out of the box will this solve the issue? Is this virus particularly dangerous?

[Duke Dukay]

Stange things happening here. I logged on to the Internet yesterday and Windows defender picked up Zlob, which it removed. The messages warning about virus infections now seem to have stopped. Is this connected or could the virus still be sitting somewhere on my machine? Steve

[Duke Dukay]

Any news on a solution? I've restored my computer back to the state just after I loaded the Netgear wireless driver but I would appreciate someone checking just to make sure that the virus is not sitting somewhere on my computer.

[Ried]

Hello Duke Dukay and welcome to TSF,

Our apologies for the delay but we're quite swamped here and there are only so many of us...

What you've been told is true--there aren't many tools that are compatible with Vista yet so cleaning infections can be difficult. Restoring your system was the easiest solution until such time that tools are made compatible.

Zlob is an alias for the Smitfraud infection. I'd like you do the following and we'll see if anything is still lurking about.

--------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Download ComboScan to your Desktop.Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on comboscan.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - ComboScan.txt <- this one will be maximized and Supplementary.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread in the HijackThis Log Help Forum.
5. Please attach Supplementary.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\ComboScanSupplementary.txt
   

3. Click Upload.

[Duke Dukay]

Ried - please don't apologise for the delay. I have been watching the site for 4 days and I cannot believe the number of queries posted. Whatever happens I will be making a donation but until I'm sure that some malfeasant won't steal my financial details, I'm hanging on! You're obviously doing a worthwhile job.
In trying to follow your instructions, I unfortunately fell at the first hurdle - Panda does not support Vista. Directions to another site, or a cosy asylum would be welcomed!

Steve

[Ried]

Hi Steve,

Hmmm..I was hoping the online scanner would work since the Panda Anti Virus 2007 is compatible with Vista.

Sorry to put you through this, but you seem to be a 'guinea pig' here--terribly frustrating for you, I'm sure.

Let's try Kaspersky's online scanner. If it won't run either, then just proceed with ComobScan.exe and post those resultant logs.

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

[Duke Dukay]

Had a bit of a problem downloading Kaspersky but it's in progress now. Definitely need to be put in the 'IT-challenged' class! Will post log as soon as it's finished.

Kaspersky failed to finish update - error message 'some components damaged or not present. Please reinstall application'. Update failed.

running Comboscan but when it tried to download HijackThis' my computer wouldn't allow the download.

Scans following immediately.

[Duke Dukay]

Sorry - posted this on the quick reply and it didn't seem to get through. apparently there are too many 'images' on the message so sending it in as two attachments.

[Duke Dukay]

Having problems with uploading the supplementary text. It keeps telling me that I have already attached this to the thread?

[Duke Dukay]

I've split the text into two halves.

ComboScan v20070226.18 run by Steve on 2007-02-28 at 21:32:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis Clone -------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-02-28 21:33:45
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.0.6000.16386)

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Steve\Desktop\comboscan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=6070216
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=6070216
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: DSBrokerService - "C:\Program Files\DellSupport\brkrsvc.exe"
O23 - Service: McAfee E-mail Proxy (Emproxy) - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - "C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe"
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
O23 - Service: McAfee HackerWatch Service - "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"
O23 - Service: McAfee Update Manager (mcmispupdmgr) - C:\Program Files\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - "c:\program files\common files\mcafee\mna\mcnasvc.exe"
O23 - Service: McAfee Scanner (McODS) - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - C:\Program Files\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - "C:\Program Files\McAfee\MPF\MPFSrv.exe"
O23 - Service: McAfee Privacy Service (MPS9) - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - "C:\Program Files\McAfee\MSK\MskSrver.exe"
O23 - Service: ProtexisLicensing - C:\Windows\System32\PSIService.exe
O23 - Service: RoxMediaDB9 - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
O23 - Service: SigmaTel Audio Service (STacSV) - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
O23 - Service: stllssvr - "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "%SystemRoot%\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\winhlp32.exe %1
.inf - inffile - %SystemRoot%\system32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\system32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - "%SystemRoot%\System32\WScript.exe" "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - C:\Windows\System32\drivers\AegisP.sys
2R DLABMFSM - C:\Windows\System32\DLA\DLABMFSM.SYS
2R DLABOIOM - C:\Windows\System32\DLA\DLABOIOM.SYS
1S DLACDBHM - C:\Windows\System32\drivers\DLACDBHM.SYS
2R DLADResM - C:\Windows\System32\DLA\DLADResM.SYS
2R DLAIFS_M - C:\Windows\System32\DLA\DLAIFS_M.SYS
2R DLAOPIOM - C:\Windows\System32\DLA\DLAOPIOM.SYS
2R DLAPoolM - C:\Windows\System32\DLA\DLAPoolM.SYS
1R DLARTL_M - C:\Windows\System32\drivers\DLARTL_M.SYS
2R DLAUDFAM - C:\Windows\System32\DLA\DLAUDFAM.SYS
2R DLAUDF_M - C:\Windows\System32\DLA\DLAUDF_M.SYS
0R DRVMCDB - C:\Windows\System32\drivers\DRVMCDB.SYS
2R DRVNDDM - C:\Windows\System32\drivers\DRVNDDM.SYS
3R DSproct - \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2R dsunidrv - \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys
3R e1express (Intel(R) PRO/1000 PCI Express Network Connection Driver) - C:\Windows\System32\drivers\e1e6032.sys
3S HdAudAddService (Microsoft 1.1 UAA Function Driver for High Definition Audio Service) - C:\Windows\System32\drivers\HdAudio.sys
0R iaStor (Intel RAID Controller) - C:\Windows\System32\drivers\iaStor.sys
3R mfeavfk (McAfee Inc.) - C:\Windows\System32\drivers\mfeavfk.sys
3R mfebopk (McAfee Inc.) - C:\Windows\System32\drivers\mfebopk.sys
3R mfehidk (McAfee Inc.) - C:\Windows\System32\drivers\mfehidk.sys
3S mferkdk (McAfee Inc.) - C:\Windows\System32\drivers\mferkdk.sys
3S mfesmfk (McAfee Inc.) - C:\Windows\System32\drivers\mfesmfk.sys
1R MPFP - C:\Windows\System32\drivers\Mpfp.sys
3R nvlddmkm - C:\Windows\System32\drivers\nvlddmkm.sys
3S R300 - C:\Windows\System32\drivers\atikmdag.sys
3R RTLWUSB (NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver) - C:\Windows\System32\drivers\wg111v2.sys
3R STHDA (SigmaTel High Definition Audio CODEC) - C:\Windows\System32\drivers\stwrt.sys
3R USBSTOR (USB Mass Storage Driver) - C:\Windows\System32\drivers\USBSTOR.SYS
3R WUDFRd - C:\Windows\System32\drivers\WUDFRd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S DSBrokerService - "C:\Program Files\DellSupport\brkrsvc.exe"
3S Emproxy (McAfee E-mail Proxy) - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
3S GoogleDesktopManager - "C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe"
2R IAANTMON (Intel(R) Matrix Storage Event Monitor) - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
2R McAfee HackerWatch Service - "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"
3S mcmispupdmgr (McAfee Update Manager) - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
2R mcmscsvc (McAfee Services) - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
2R McNASvc (McAfee Network Agent) - "c:\program files\common files\mcafee\mna\mcnasvc.exe"
2R McODS (McAfee Scanner) - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
2R mcpromgr (McAfee Protection Manager) - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
2R McProxy (McAfee Proxy Service) - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
2R McRedirector (McAfee Redirector Service) - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
2R McShield (McAfee Real-time Scanner) - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
3S McSysmon (McAfee SystemGuards) - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
2R MpfService (McAfee Personal Firewall Service) - "C:\Program Files\McAfee\MPF\MPFSrv.exe"
2R MPS9 (McAfee Privacy Service) - C:\PROGRA~1\McAfee\MPS\mps.exe
2R MSK80Service (McAfee SpamKiller Service) - "C:\Program Files\McAfee\MSK\MskSrver.exe"
2R ProtexisLicensing - C:\Windows\system32\PSIService.exe
3R RoxMediaDB9 - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
2R RoxWatch9 (Roxio Hard Drive Watcher 9) - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
2R STacSV (SigmaTel Audio Service) - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
3S stllssvr - "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"

[Duke Dukay]

Second half.

Sorry didn't like that either - I'll try three lots.

Didn't like that either - I'll try splitting it further

-- Scheduled Tasks --------------------------------------------------------------

2007-02-27 21:05:24 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{30A71660-D30C-499A-9ABE-60F9922FD1FE}.job<USER_F~1.JOB>


-- Files created between 2007-01-28 and 2007-02-28 ------------------------------



-- Find3M Report ----------------------------------------------------------------

2007-02-28 20:09:11 0 d-------- C:\Program Files\McAfee
2007-02-26 00:00:14 4388 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2007-02-25 23:59:56 0 d-------- C:\Users\Steve\AppData\Roaming\Corel
2007-02-25 23:59:44 88 -r-hs---- C:\Windows\system32\8261342861.sys<826134~1.SYS>
2007-02-25 23:58:03 0 d-------- C:\Program Files\SpywareBot<SPYWAR~1>
2007-02-25 23:54:18 0 d-------- C:\Users\Steve\AppData\Roaming\SpywareBot<SPYWAR~1>
2007-02-25 18:17:17 0 d-------- C:\Program Files\Windows Mail<WINDOW~1>
2007-02-25 18:16:09 104448 --a------ C:\Windows\system32\DWWIN.EXE
2007-02-25 18:15:14 383488 --a------ C:\Windows\system32\ieapfltr.dll
2007-02-25 18:15:07 4153344 --a------ C:\Windows\system32\GameUXLegacyGDFs.dll
2007-02-25 18:15:06 1686016 --a------ C:\Windows\system32\gameux.dll
2007-02-25 18:15:00 974336 --a------ C:\Windows\system32\crypt32.dll
2007-02-25 16:10:39 0 d-------- C:\Users\Steve\AppData\Roaming\Media Center Programs<MEDIAC~1>
2007-02-24 20:10:14 0 d---s---- C:\Users\Steve\AppData\Roaming\Microsoft<MICROS~1>
2007-02-23 20:58:30 0 d-------- C:\Users\Steve\AppData\Roaming\Roxio
2007-02-23 13:27:54 0 d-------- C:\Program Files\Grisoft
2007-02-22 16:49:44 0 d-------- C:\Users\Steve\AppData\Roaming\McAfee
2007-02-20 22:25:09 0 d-------- C:\Users\Steve\AppData\Roaming\Macromedia<MACROM~1>
2007-02-20 22:24:54 0 d-------- C:\Users\Steve\AppData\Roaming\Google
2007-02-20 22:08:30 0 d-------- C:\Users\Steve\AppData\Roaming\InstallShield<INSTAL~1>
2007-02-20 20:54:37 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-02-20 20:52:40 0 d-------- C:\Users\Steve\AppData\Roaming\GTek
2007-02-20 20:45:00 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-20 20:44:20 0 d-------- C:\Program Files\NETGEAR
2007-02-20 17:42:05 0 d-------- C:\Program Files\directx
2007-02-20 17:10:05 0 d-------- C:\Users\Steve\AppData\Roaming\Adobe
2007-02-20 13:23:03 0 d-------- C:\Users\Steve\AppData\Roaming\Identities<IDENTI~1>
2007-02-16 06:02:47 160872 --a------ C:\Windows\system32\halmacpi.dll
2007-02-16 06:02:47 134760 --a------ C:\Windows\system32\halacpi.dll
2007-02-16 06:02:37 287744 --a------ C:\Windows\system32\SearchIndexer.exe
2007-02-16 06:02:37 52224 --a------ C:\Windows\system32\msstrc.dll
2007-02-16 06:02:37 32256 --a------ C:\Windows\system32\mssprxy.dll
2007-02-16 06:02:37 98304 --a------ C:\Windows\system32\mssitlb.dll
2007-02-16 06:02:36 1499648 --a------ C:\Windows\system32\tquery.dll
2007-02-16 06:02:35 76288 --a------ C:\Windows\system32\SearchFilterHost.exe

[Duke Dukay]

2007-02-16 06:02:35 331264 --a------ C:\Windows\system32\mssph.dll
2007-02-16 06:02:35 51200 --a------ C:\Windows\system32\msscntrs.dll
2007-02-16 06:02:35 23552 --a------ C:\Windows\system32\msscb.dll
2007-02-16 06:02:34 204288 --a------ C:\Windows\system32\SearchProtocolHost.exe
2007-02-16 06:02:34 65536 --a------ C:\Windows\system32\propdefs.dll
2007-02-16 06:02:34 1695232 --a------ C:\Windows\system32\mssvp.dll
2007-02-16 06:02:34 1397248 --a------ C:\Windows\system32\mssrch.dll
2007-02-16 06:02:34 158720 --a------ C:\Windows\system32\mssphtb.dll
2007-02-16 06:02:29 8704 --a------ C:\Windows\system32\hccoin.dll
2007-02-16 06:02:26 22632 --a------ C:\Windows\system32\streamci.dll
2007-02-15 22:25:01 0 d-------- C:\Program Files\Dell
2007-02-15 22:24:53 0 d-------- C:\Program Files\Tiscali
2007-02-15 22:24:52 0 d-------- C:\Program Files\MAKEMSI Package Documentation<MAKEMS~1>
2007-02-15 22:24:36 0 d-------- C:\Program Files\Orange
2007-02-15 22:23:31 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-15 22:23:21 0 d-------- C:\Program Files\Microsoft Works<MICROS~2>
2007-02-15 22:22:57 0 d-------- C:\Program Files\Google
2007-02-15 22:22:06 0 d-------- C:\Program Files\BAE
2007-02-15 22:21:38 0 d-------- C:\Program Files\Common Files\McAfee
2007-02-15 22:21:08 0 d-------- C:\Program Files\McAfee.com
2007-02-15 22:20:58 0 d-------- C:\Program Files\DellSupport<DELLSU~1>
2007-02-15 22:20:45 0 d-------- C:\Program Files\Roxio
2007-02-15 22:19:56 0 d-------- C:\Program Files\Common Files\Sonic Shared<SONICS~1>
2007-02-15 22:19:11 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-15 22:18:22 0 d-------- C:\Program Files\Common Files\SureThing Shared<SURETH~1>
2007-02-15 22:18:07 0 d-------- C:\Program Files\Common Files\Roxio Shared<ROXIOS~1>
2007-02-15 22:17:31 0 d-------- C:\Program Files\Common Files\Corel
2007-02-15 22:17:26 0 d-------- C:\Program Files\Corel
2007-02-15 22:14:50 0 d-------- C:\Program Files\Intel
2007-02-15 22:14:12 0 d-------- C:\Program Files\SigmaTel
2007-02-15 22:14:01 0 d-------- C:\Program Files\Java
2007-02-15 22:14:01 0 d-------- C:\Program Files\Common Files\Java
2006-12-19 22:06:32 2371584 --a------ C:\Windows\system32\nvwssr.dll
2006-12-19 22:06:32 2048000 --a------ C:\Windows\system32\nvwss.dll
2006-12-19 22:06:32 3338240 --a------ C:\Windows\system32\nvvitvsr.dll
2006-12-19 22:06:32 3321856 --a------ C:\Windows\system32\nvvitvs.dll

[Duke Dukay]

2006-12-19 2230 356352 --a------ C:\Windows\system32\nvuninst.exe
2006-12-19 2230 356352 --a------ C:\Windows\system32\nvudisp.exe
2006-12-19 2230 90191 --a------ C:\Windows\system32\nvsvc.dll
2006-12-19 2230 5685248 --a------ C:\Windows\system32\nvoglv32.dll
2006-12-19 2228 2854912 --a------ C:\Windows\system32\nvmoblsr.dll
2006-12-19 2226 888832 --a------ C:\Windows\system32\nvmobls.dll
2006-12-19 2222 81920 --a------ C:\Windows\system32\nvmctray.dll
2006-12-19 2222 458752 --a------ C:\Windows\system32\nvmccssr.dll
2006-12-19 2222 188416 --a------ C:\Windows\system32\nvmccss.dll
2006-12-19 2222 45056 --a------ C:\Windows\system32\nvmccsrs.dll
2006-12-19 2222 229376 --a------ C:\Windows\system32\nvmccs.dll
2006-12-19 2220 3207168 --a------ C:\Windows\system32\nvgamesr.dll
2006-12-19 2220 3063808 --a------ C:\Windows\system32\nvgames.dll
2006-12-19 2220 307200 --a------ C:\Windows\system32\nvexpbar.dll
2006-12-19 2214 5230592 --a------ C:\Windows\system32\nvdispsr.dll
2006-12-19 2214 5619712 --a------ C:\Windows\system32\nvdisps.dll
2006-12-19 2212 3055616 --a------ C:\Windows\system32\nvd3dum.dll
2006-12-19 2212 1019904 --a------ C:\Windows\system32\nvcpluir.dll
2006-12-19 2212 806912 --a------ C:\Windows\system32\nvcplui.exe
2006-12-19 2206 7766016 --a------ C:\Windows\system32\nvcpl.dll
2006-12-19 2204 147456 --a------ C:\Windows\system32\nvcolor.exe
2006-12-19 2204 303104 --a------ C:\Windows\system32\nvapi.dll
2006-12-19 22:05:56 521128 --a------ C:\Windows\system32\dpinst.exe


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\
6e,64,6f,77,73,20,44,65,66,65,6e,64,65,72,5c,4d,53,41,53,43,75,69,2e,65,78,\
65,20,2d,68,69,64,65,00
"NvSvc"="RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart"
"NvCplDaemon"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"c:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"SigmatelSysTrayApp"="sttray.exe"
"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\""
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Snapfire Plus\\PhotoDownloader.exe"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"RoxWatchTray"="\"C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe\""
"MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ECenter"="c:\\dell\\E-Center\\EULALauncher.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0Mcx2Svc\0WebClient\0\0
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0EMDMgmt\0TabletInputService\0wlansvc\0WPDBusEnum\0\0
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0
LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0ehstart\0\0
NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WerSvcGroup REG_MULTI_SZ wersvc\0\0
swprv REG_MULTI_SZ swprv\0\0
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
regsvc REG_MULTI_SZ RemoteRegistry\0\0
wcssvc REG_MULTI_SZ WcsPlugInService\0\0
DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0
wdisvc REG_MULTI_SZ WdiServiceHost\0\0
sdrsvc REG_MULTI_SZ sdrsvc\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
secsvcs REG_MULTI_SZ WinDefend\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AeLookupSvc
wercplsupport
CertPropSvc
SCPolicySvc
gpsvc
IKEEXT
LogonHours
PCAudit
iphlpsvc
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
SessionEnv
hkmsvc


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9226e268-bd40-11db-b9ff-806e6f6e6963}]
shell\AutoRun\command E:\autorun.exe


-- End of ComboScan: finished at 2007-02-28 at 21:34:04 -------------------------

[Duke Dukay]

Ried - it's past 11 here so going to hit the sack (problem with being old!). I'll be back online tomorrow to pick anything up. Steve

[Ried]

Hi Steve,

The site hosting HijackThis is having difficulties today. The 'emulated' HijackThis will only scan and report what it sees. The 'fix' functionality of it will not work. Please download HijackThis.exe from here so you will have a working copy of the tool.

-----------------------------------------------------------------

Well, the good news is that I do not see any malware files in the ComboScan.

Has Windows Defender mentioned Zlob since you've Restored?

-----------------------------------------------------------------

Since malware removal procedures and tools are limited when it comes to Vista, I think it best you load up with some additional programs to help protect the system.

Of the usual programs we recommend for protection, the following programs are supposed to be Vista compatible, and are free. (If you don't already have them installed)

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spybot - Search & Destroy 1.4
Run Spybot and click on the 'Search for Updates' button. Install any updates that are available.

• Now click Mode menu and choose 'Advanced Mode'.
• Click on Immunize to your left.
• Next, click the Immunize button on top to Immunize your computer - you need to do this each time there is an update.
• Click 'Check for Problems' and fix all the entries, which are indicated in RED.

Adaware SE
Make sure it's the newest version and check for any updates before running it. Go to this Site to get the plug-in for fixing VX2 variants. Also make sure to Customize the settings in Adaware for better scan results. Run the scan and fix everything that it finds.

-----------------------------------------------------------------

It would be comforting to find an online scanner that will work with Vista as it's always a good idea to get second opinion and a look at the system from the 'outside, in'. Would you mind trying another online scanner and see if it will work?

Go here and do the BitDefender online virus scan.

• Click "I Agree" to agree to the EULA.
• Allow the ActiveX control to install when prompted.
• Leave the scanning options at default and press "Click here to scan" to begin the scan.
• Please refrain from using the computer until the scan is finished.
• When the scan is finished, click on "Click here to export the scan results"
• Save the report to your desktop then come back here and post it in your next reply.

[Duke Dukay]

Hi Ried - thanks for the good news.

I've downloaded the copy of HiJack This but had a few interesting error messages.

The first told me that for some reason my system denied write access to the Hosts file and pointed me to a manual edit of the Hosts file. I haven't done that yet but did manage to get a HiJack This scan and log file, which I have included below.

Thanks for the info on the malware protection - I'll load those on today. The McAfee protection came preloaded on my system for a 30 day trial, so I've got to make a decision about firewall and virus protection. What do you guys normally recommend?

Windows Defender reports that the system has been clear since the restore - the info provided with Vista isn't that clear on what I should do with Defender but that could be a problem with me not knowing where to find things on Vista. I use XP at work and this new version doesn't seem quite as intuitive. It took me ages to find the 'Run' command - it's in Accessories.

I'll try the Bitdefender and get back to you asap.


Logfile of HijackThis v1.99.1
Scan saved at 09:21:21, on 01/03/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QW7Z69V1\HijackThis1991[1].exe
C:\Program Files\Windows NT\Accessories\wordpad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=6070216
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=6070216
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0142531172740163) (0142531172740163mcinstcleanup) - Unknown owner - C:\Windows\TEMP\014253~1.EXE (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[Duke Dukay]

Hmm - more problems. The Bit Defender website doesn't show that Vista is supported but I went for the download anyway. The first effort looked promising as I was told that the scanner was downloading. However, after an hours and 10 minutes watching red blocks file across the screen, I decided to abort the process and have another go. Although on the first attempt it appeared to let me install the ActiveX control on trying for a second time I'm now getting an error "This website is not authorized to host this ActiveX control. Please contact the webmaster or report to BitDefender at the e-mail address: scanonline@bitdefender.com" - which I have now done.

I'll have another go to see if anything changes. Broadband signal is very good so don't think that it's a connection problem.

[Duke Dukay]

Ried

Ran the SpyBot scan and got the following attached report. I have not used the program to fix the entries. Your advice would be appreciated.

[Duke Dukay]

Last bit done Ried. I've ran an Adware scan and identified 21 MURs that I'm informed don't pose a threat and 21 cookies which I have quarantined. The only other message I got when I scanned was McAfee automatically blocking a potentially unwanted programme called 'PrcViewer'.

The VX2 scan showed that it was all clear.