Win32.Agent.gvu - how to remove/delete?

31s · 2008/03/24

hi
I ran Spybot S&D thorugh HitmanPro and found the trojan "Win32.Agent.gvu ".
However, its Fix did not seem to help and the Trojan is still running the show - can anyone please help me solve this problem?

Regards
31s
------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:28, on 24.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM04Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ig/dell?hl=en&client=dell-row&channel=no&ibd=0080129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Media Player Classic - {D2A8552D-4340-413E-B94E-245827FBC269} - C:\Windows\ausctv32a.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe "
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe "
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Google\Google Desktop Search\Plugins\gdSkype\skype4com.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Fjernkommando i iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\Windows\CWBRXD.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

noahdfear · 2008/03/24

Welcome to WindowsBBS 31s

Please either check the Spybot scan log or run S&D again, then give me the exact details of what was(is) found, eg; registry path, file.

Then, download Deckard's System Scanner (dss.exe) and save it to your desktop.

Close all applications and windows.

Double click on dss.exe to run it and follow the prompts.

When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

31s · 2008/03/25

Noahdfear, first of all thanks for your quick reply!
Here's the problem description from Spybot S&D.

Regards
31s

--- Search result list ---
Win32.Agent.gvu: [SBI $CF6AD9E9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-644732911-2408473260-234231893-1000\Software\Microsoft\Bind

31s · 2008/03/25

As you suggested I ran Deckard's System Scanner.
Split in 2 due to size..
Regards
31s

PART 1
Deckard's System Scanner v20071014.68
Run by 31 on 2008-03-25 17:40:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
21: 2008-03-24 16:31:21 UTC - RP51 - Removed Ad-Aware 2007
20: 2008-03-24 11:32:17 UTC - RP50 - Installed Ad-Aware 2007
19: 2008-03-23 21:43:13 UTC - RP49 - Removed Ad-Aware 2007
18: 2008-03-23 21:39:05 UTC - RP48 - Spyware Doctor: Cleaning Threats
17: 2008-03-23 20:48:08 UTC - RP46 - Installed Ad-Aware 2007

-- First Restore Point --
1: 2008-02-21 20:31:28 UTC - RP30 - Scheduled Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as 31.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:42:35, on 25.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM04Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Users\31\Desktop\dss.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\31.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ig/dell?hl=en&client=dell-row&channel=no&ibd=0080129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Media Player Classic - {D2A8552D-4340-413E-B94E-245827FBC269} - C:\Windows\ausctv32a.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe "
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe "
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Google\Google Desktop Search\Plugins\gdSkype\skype4com.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0231481206458339) (0231481206458339mcinstcleanup) - Unknown owner - C:\Windows\TEMP\023148~1.EXE (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Fjernkommando i iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\Windows\CWBRXD.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 14871 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (Bonjour-tjeneste) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S2 0231481206458339mcinstcleanup (McAfee Application Installer Cleanup (0231481206458339)) - c:\windows\temp\023148~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S3 Cwbrxd (Fjernkommando i iSeries Access for Windows) - c:\windows\cwbrxd.exe <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

-- Scheduled Tasks -------------------------------------------------------------

2008-01-29 17:09:20 348 --a------ C:\Windows\Tasks\McQcTask.job
2008-01-29 17:09:20 356 --a------ C:\Windows\Tasks\McDefragTask.job

-- Files created between 2008-02-25 and 2008-03-25 -----------------------------

2008-03-24 19:24:28 0 d-------- C:\Program Files\Spyware Doctor
2008-03-24 10:39:18 0 d-------- C:\Program Files\Lavasoft
2008-03-23 23:07:25 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-23 23:05:00 0 d-------- C:\Users\All Users\Prevx
2008-03-23 23:04:44 0 d-------- C:\Temp
2008-03-23 23:01:57 0 d-------- C:\Program Files\Hitman Pro
2008-03-23 21:48:50 0 d-------- C:\Users\All Users\Lavasoft
2008-03-23 21:34:55 0 d-------- C:\Program Files\Trend Micro
2008-03-23 21:11:35 0 d-a------ C:\Users\All Users\TEMP
2008-03-23 19:50:07 219648 --a------ C:\Windows\ausctv32a.dll
2008-03-23 19:50:05 49 --a------ C:\xmp.bat
2008-03-17 15:35:43 0 d-------- C:\Program Files\JLC's Software
2008-03-13 14:57:03 1036339 --a------ C:\Windows\system32\cwbzzodb.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:57:02 507954 --a------ C:\Windows\system32\cwbodbc.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:57:01 663603 --a------ C:\Windows\system32\cwbtfutl.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:57:01 221235 --a------ C:\Windows\system32\cwbtfdlg.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:57:01 360499 --a------ C:\Windows\system32\cwbtfcrt.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:56:53 40960 --a------ C:\Windows\system32\pcmfcenu.dll <Not Verified; IBM Corporation; Personal Communications>
2008-03-13 14:54:27 94259 --a------ C:\Windows\system32\cwbunvba.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:27 110643 --a------ C:\Windows\system32\cwbuncob.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:27 94259 --a------ C:\Windows\system32\cwbunapi.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:27 159795 --a------ C:\Windows\system32\cwbsogld.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:18 65585 --a------ C:\Windows\cwbrxd.exe <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 65587 --a------ C:\Windows\system32\cwbunssl.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 45110 --a------ C:\Windows\system32\cwbunpls.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 20534 --a------ C:\Windows\system32\cwbunplp.exe
2008-03-13 14:54:07 258099 --a------ C:\Windows\system32\cwbunpla.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 81971 --a------ C:\Windows\system32\cwbuncon.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 151603 --a------ C:\Windows\system32\cwbuncmn.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 553011 --a------ C:\Windows\system32\cwbuna4d.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 41011 --a------ C:\Windows\system32\cwbsotif.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 36915 --a------ C:\Windows\system32\cwbsotca.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 61491 --a------ C:\Windows\system32\cwbsoswp.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 41011 --a------ C:\Windows\system32\cwbsosmp.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 36915 --a------ C:\Windows\system32\cwbsorte.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 184371 --a------ C:\Windows\system32\cwbsoprf.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 73779 --a------ C:\Windows\system32\cwbsoltr.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 69683 --a------ C:\Windows\system32\cwbsolet.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 188467 --a------ C:\Windows\system32\cwbsohwr.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 525339 --a------ C:\Windows\system32\cwbsofui.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 279113 --a------ C:\Windows\system32\cwbsof.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 190342 --a------ C:\Windows\system32\cwbsocmn.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 32819 --a------ C:\Windows\system32\cwbsoapi.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:07 20531 --a------ C:\Windows\cwbunrse.exe <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:06 159793 --a------ C:\Windows\system32\cwbsfl.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:06 98353 --a------ C:\Windows\system32\cwbprt.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:06 65586 --a------ C:\Windows\system32\cwbmsgl.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:06 196657 --a------ C:\Windows\system32\cwbjob.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:06 53297 --a------ C:\Windows\system32\cwbjbl.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:02 114960 --a------ C:\Windows\system32\qxdaedrs.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:02 41010 --a------ C:\Windows\cwbping.exe <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:00 163888 --a------ C:\Windows\system32\cwbdc.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:54:00 995378 --a------ C:\Windows\system32\cwbcore.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:59 20529 --a------ C:\Windows\system32\cwbwiz.dll
2008-03-13 14:53:59 69680 --a------ C:\Windows\system32\cwbup.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:59 28723 --a------ C:\Windows\system32\cwbuiutl.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:59 24627 --a------ C:\Windows\system32\cwbuierr.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:59 20480 --a------ C:\Windows\system32\cwbsy.dll
2008-03-13 14:53:59 24576 --a------ C:\Windows\system32\cwbsv.dll
2008-03-13 14:53:59 172032 --a------ C:\Windows\system32\cwbrw.dll
2008-03-13 14:53:59 65584 --a------ C:\Windows\system32\cwbrc.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:59 254001 --a------ C:\Windows\system32\cwbobj.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:59 16384 --a------ C:\Windows\system32\cwbnldlg.dll
2008-03-13 14:53:59 20480 --a------ C:\Windows\system32\cwbnl.dll
2008-03-13 14:53:59 41008 --a------ C:\Windows\system32\cwblm.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:59 32816 --a------ C:\Windows\system32\cwbdt.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:59 139312 --a------ C:\Windows\system32\cwbdq.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:59 28723 --a------ C:\Windows\system32\cwbdbfmt.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:59 208944 --a------ C:\Windows\system32\cwbdb.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:59 20480 --a------ C:\Windows\system32\cwbco.dll
2008-03-13 14:53:59 69683 --a------ C:\Windows\system32\cwbbsspi.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:59 81970 --a------ C:\Windows\system32\cwbbspc.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:59 28720 --a------ C:\Windows\system32\cwbar.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:59 32817 --a------ C:\Windows\system32\cwbad1.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:59 16384 --a------ C:\Windows\system32\cwbad.dll
2008-03-13 14:53:59 90163 --a------ C:\Windows\system32\bidiserv.dll <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:59 126976 --a------ C:\Windows\cwbzip.exe
2008-03-13 14:53:58 24625 --a------ C:\Windows\rmtcmd.exe <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:58 32819 --a------ C:\Windows\cwbviewr.exe <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:58 57394 --a------ C:\Windows\cwbrest.exe <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:58 49202 --a------ C:\Windows\cwbback.exe <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
2008-03-13 14:53:32 0 d-------- C:\Program Files\IBM
2008-03-13 14:38:42 306688 --a------ C:\Windows\IsUn0414.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-03-13 14:05:48 0 d-------- C:\Windows\871DF2BE41D24334AC33839AF16FC8FE.TMP
2008-03-11 19:34:59 0 d-------- C:\Program Files\Common Files\Deterministic Networks
2008-03-11 19:34:55 0 d-------- C:\Program Files\Cisco Systems
2008-02-26 19:10:32 0 d-------- C:\Program Files\iPod
2008-02-26 19:10:18 0 d-------- C:\Program Files\iTunes
2008-02-26 19:08:46 0 d-------- C:\Program Files\QuickTime
2008-02-25 20:08:18 0 d-------- C:\Program Files\Common Files\Adobe

-- Find3M Report ---------------------------------------------------------------

2008-03-25 17:13:46 0 d-------- C:\Users\31\AppData\Roaming\Skype
2008-03-25 16:18:55 0 d-------- C:\Program Files\McAfee
2008-03-25 16:14:13 0 d-------- C:\Users\31\AppData\Roaming\skypePM
2008-03-25 16:13:32 53578 --a------ C:\Users\31\AppData\Roaming\nvModes.001
2008-03-24 21:04:24 12 --a------ C:\Windows\bthservsdp.dat
2008-03-24 19:24:28 0 d-------- C:\Users\31\AppData\Roaming\PC Tools
2008-03-24 17:32:03 0 d-------- C:\Program Files\Common Files
2008-03-24 12:33:20 0 d-------- C:\Users\31\AppData\Roaming\Lavasoft
2008-03-23 21:01:25 0 d-------- C:\Users\31\AppData\Roaming\McAfee
2008-03-19 15:17:10 53578 --a------ C:\Users\31\AppData\Roaming\nvModes.dat
2008-03-17 15:36:20 0 d-------- C:\Users\31\AppData\Roaming\JLC's Software
2008-03-14 18:15:54 0 d-------- C:\Program Files\Windows Mail
2008-03-04 19:19:44 0 d-------- C:\Users\31\AppData\Roaming\CyberLink
2008-02-25 20:03:58 0 d-------- C:\Users\31\AppData\Roaming\Adobe
2008-02-24 19:52:40 0 d-------- C:\Users\31\AppData\Roaming\Google
2008-02-24 19:52:03 0 d-------- C:\Program Files\Google
2008-02-18 20:39:26 0 d-------- C:\Users\31\AppData\Roaming\Mozilla
2008-02-18 20:39:26 0 d-------- C:\Users\31\AppData\Roaming\Flickr
2008-02-18 19:29:48 0 d-------- C:\Program Files\Flickr Uploadr
2008-02-07 21:16:55 0 d-------- C:\Program Files\Skype
2008-02-07 21:16:53 0 d-------- C:\Program Files\Common Files\Skype
2008-02-06 20:58:40 0 d-------- C:\Users\31\AppData\Roaming\Roxio
2008-02-06 20:54:53 0 d-------- C:\Users\31\AppData\Roaming\Apple Computer
2008-02-06 20:53:44 0 d-------- C:\Program Files\Bonjour
2008-02-06 20:52:42 0 d-------- C:\Program Files\Apple Software Update
2008-02-06 20:51:59 0 d-------- C:\Program Files\Common Files\Apple
2008-02-06 20:16:54 0 d-------- C:\Program Files\Windows Sidebar
2008-02-06 20:06:08 0 d-------- C:\Program Files\MSXML 4.0
2008-02-05 19:20:27 0 d-------- C:\Users\31\AppData\Roaming\Creative
2008-02-05 18:09:45 0 d-------- C:\Users\31\AppData\Roaming\Macromedia
2008-02-05 17:35:24 0 d-------- C:\Users\31\AppData\Roaming\Identities
2008-01-30 00:26:58 0 d-------- C:\Program Files\Synaptics
2008-01-30 00:22:17 0 d-------- C:\Program Files\Windows Calendar
2008-01-30 00:19:07 0 d-------- C:\Program Files\Windows Defender
2008-01-29 17:07:46 0 d-------- C:\Program Files\Dell
2008-01-29 17:06:17 0 d-------- C:\Program Files\CyberLink
2008-01-29 17:05:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-29 17:04:32 0 d-------- C:\Program Files\Dell Support Center
2008-01-29 17:04:24 0 d-------- C:\Program Files\Common Files\supportsoft
2008-01-29 17:01:35 0 d-------- C:\Program Files\Common Files\McAfee
2008-01-29 17:01:24 0 d-------- C:\Program Files\McAfee.com
2008-01-29 16:59:19 0 d-------- C:\Program Files\Microsoft Works
2008-01-29 16:58:58 0 d-------- C:\Program Files\Microsoft.NET
2008-01-29 16:55:41 0 d-------- C:\Program Files\Roxio
2008-01-29 16:55:30 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-01-29 16:54:09 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-29 16:53:20 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-01-29 16:53:01 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-01-29 16:51:12 0 d-------- C:\Program Files\WIDCOMM
2008-01-29 16:51:05 0 d-------- C:\Program Files\Fingerprint Reader Suite
2008-01-29 16:49:44 0 d-------- C:\Program Files\Broadcom
2008-01-29 16:47:39 76 -r-hs---- C:\Windows\CT4CET.bin
2008-01-29 16:47:26 0 d-------- C:\Program Files\Creative
2008-01-29 16:47:15 0 d-------- C:\Program Files\Common Files\Reallusion
2008-01-29 16:46:56 0 d-------- C:\Program Files\Common Files\Creative
2008-01-29 16:46:37 0 d-------- C:\Program Files\Creative Live! Cam
2008-01-29 16:45:39 0 d-------- C:\Program Files\Java
2008-01-29 16:45:38 0 d-------- C:\Program Files\Common Files\Java
2008-01-29 16:34:25 174 --ahs---- C:\Program Files\desktop.ini
2008-01-29 16:32:29 0 d-------- C:\Program Files\Sigmatel

31s · 2008/03/25

PART 2

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
19.09.2007 06:15 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2A8552D-4340-413E-B94E-245827FBC269}]
23.03.2008 19:50 219648 --a------ C:\Windows\ausctv32a.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [30.01.2008 00:19]
"ECenter "= "C:\Dell\E-Center\EULALauncher.exe" [25.05.2007 07:03]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10.05.2007 08:00]
"OEM04Mon.exe "= "C:\Windows\OEM04Mon.exe" [03.12.2007 07:05]
"SigmatelSysTrayApp "= "C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [07.09.2007 19:23]
"Windows Mobile Device Center "= "%windir%\WindowsMobile\wmdc.exe" []
"SunJavaUpdateSched "= "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [29.01.2008 16:45]
"DELL Webcam Manager "= "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [27.07.2007 17:43]
"PSQLLauncher "= "C:\Program Files\Fingerprint Reader Suite\launcher.exe" [16.04.2007 23:50]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03.10.2006 12:37]
"@ "=" " []
"RoxWatchTray "= "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05.11.2006 12:22]
"Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [29.01.2008 17:01]
"mcagent_exe "= "C:\Program Files\McAfee.com\Agent\mcagent.exe" [03.08.2007 22:33]
"dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15.11.2007 10:24]
"PCMService "= "C:\Program Files\Dell\MediaDirect\PCMService.exe" [01.11.2007 16:39]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [04.10.2007 21:24]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [04.10.2007 21:24]
"NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [04.10.2007 21:24]
"NVHotkey "= "C:\Windows\system32\nvHotkey.dll" [04.10.2007 21:24]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [31.01.2008 23:13]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [19.02.2008 13:10]
"Client Access Service "= "C:\Program Files\IBM\Client Access\cwbsvstr.exe" [19.10.2005 05:40]
"ISTray "= "C:\Program Files\Spyware Doctor\pctsTray.exe" [01.02.2008 12:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15.11.2007 10:23]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [01.02.2008 17:22]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [02.11.2006 13:35]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28.01.2008 11:43]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [03.11.2006 18:55:50]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [29.01.2008 16:49:39]
VPN Client.lnk - C:\Windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [11.03.2008 19:36:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "=2 (0x2)
"DisableCAD "=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 17.04.2007 00:04 86528 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8032 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-03-25 17:43:46 ------------

noahdfear · 2008/03/26

Please download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select 'Perform Quick Scan', then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Post the entire report in your next reply along with a fresh dss log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Log in or Sign up

Win32.Agent.gvu - how to remove/delete?

31s Inactive Thread Starter

noahdfear Inactive

31s Inactive Thread Starter

31s Inactive Thread Starter

31s Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Win32.Agent.gvu - how to remove/delete?

31s Inactive Thread Starter

noahdfear Inactive

31s Inactive Thread Starter

31s Inactive Thread Starter

31s Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches