1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Virus Problem

Discussion in 'Malware and Virus Removal Archive' started by champ, 2008/05/01.

  1. 2008/05/01
    champ

    champ Inactive Thread Starter

    Joined:
    2008/05/01
    Messages:
    4
    Likes Received:
    0
    Hi.

    I am having a lot of trouble getting rid, from what ive read it sounds as if its spyware. I have Windows Vista.

    I get loads and loads of popups, some selling laptops, ringtones and others tryng to give me anti spyware gear that is obviously more virus's.

    I have searchd teh web looking for solutions. I've used Adaware and Spybot S&D with limited success as the popups continue.

    Here is my HiJackThis Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:33:23 PM, on 2/05/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\sttray.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deakin.edu.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe "
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe "
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Matty\AppData\Local\Temp\tuvUOGvw.dll,#1
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Matty\AppData\Local\Temp\jkkLCutu.dll,c
    O4 - HKCU\..\Run: [90621a2b] rundll32.exe "C:\Users\Matty\AppData\Local\Temp\ghdqsnkm.dll ",b
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BM935129b7] Rundll32.exe "C:\Users\Matty\AppData\Local\Temp\lolccgbb.dll ",s
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games "“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://origin.www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11847 bytes



    I saw in another tread with the same kind of situation instructions to use SDFix to get another log. I followed these instructions but was unsucessful. When in Safe mode the RunThis.bat file would not stay open,whether i ran it as admin or not.

    I hope you can help me, thanks in advance.
     
    champ,
    #1
  2. 2008/05/03
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi champ
    Welcome to Windowsbbs. :)

    Please delete SDFix, it won't run with Vista yet.

    Please do the following. making sure to follow the Vista instructions.


    Download ComboFix from [color= "Red"]Here[/color] to your Desktop.

    It's best to disable realtime protection applications as they sometimes interfere with the tool.
    Check this link for any applicable programs you may have.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2008/05/04
    champ

    champ Inactive Thread Starter

    Joined:
    2008/05/01
    Messages:
    4
    Likes Received:
    0
    Thanks Geri.

    Here is my HiJackThis log...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:33:23 PM, on 2/05/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\sttray.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deakin.edu.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe "
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe "
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Matty\AppData\Local\Temp\tuvUOGvw.dll,#1
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Matty\AppData\Local\Temp\jkkLCutu.dll,c
    O4 - HKCU\..\Run: [90621a2b] rundll32.exe "C:\Users\Matty\AppData\Local\Temp\ghdqsnkm.dll ",b
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BM935129b7] Rundll32.exe "C:\Users\Matty\AppData\Local\Temp\lolccgbb.dll ",s
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games "“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://origin.www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11847 bytes





    And here is my ComboFix file

    ComboFix 08-05-01.3 - Matty 2008-05-04 18:01:59.1 - NTFSx86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.1116 [GMT 10:00]
    Running from: C:\Users\Matty\Desktop\ComboFix.exe
    * Resident AV is active

    .

    ((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-04 07:29 13,025 ----a-w C:\Users\Matty\AppData\Roaming\nvModes.dat
    2008-05-02 03:29 3,097 --sha-w C:\Windows\System32\mmf.sys
    2008-05-02 01:41 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-05-02 01:41 --------- d-----w C:\Program Files\DAEMON Tools SearchBar
    2008-05-02 01:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-05-01 05:50 --------- d-----w C:\Program Files\DAEMON Tools
    2008-05-01 02:47 --------- d-----w C:\ProgramData\Lavasoft
    2008-05-01 02:44 --------- d-----w C:\Program Files\Lavasoft
    2008-05-01 02:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-30 06:29 --------- d-----w C:\Program Files\Trend Micro
    2008-04-27 03:35 --------- d-----w C:\Program Files\McAfee
    2008-04-27 03:32 --------- d-----w C:\Program Files\Windows Mail
    2008-04-26 23:42 --------- d-----w C:\ProgramData\Microsoft Help
    2008-04-15 10:07 10,570 ----a-w C:\Users\Matty\AppData\Roaming\wklnhst.dat
    2008-04-12 12:11 92,208 ----a-w C:\Windows\System32\WING.DLL
    2008-04-12 12:11 6,736 ----a-w C:\Windows\System32\WINGDIB.DRV
    2008-04-12 12:11 27,136 ----a-w C:\Windows\System32\WAVMIX16.DLL
    2008-04-12 12:11 188,960 ----a-w C:\Windows\System32\WINGDE.DLL
    2008-04-12 12:11 12,800 ----a-w C:\Windows\System32\WING32.DLL
    2008-04-10 14:27 --------- d-----w C:\Users\Matty\AppData\Roaming\DivX
    2008-04-10 14:25 --------- d-----w C:\Program Files\DivX
    2008-04-10 14:25 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
    2008-04-09 07:26 --------- d-----w C:\Program Files\MSN Messenger
    2008-04-02 09:10 --------- d-----w C:\Program Files\Microsoft Works
    2008-04-02 09:05 --------- d-----w C:\Program Files\Microsoft.NET
    2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
    2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
    2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
    2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
    2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
    2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
    2008-03-30 12:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-30 12:44 --------- d-----w C:\Program Files\EACOM
    2008-03-30 12:41 --------- d-----w C:\Program Files\EA SPORTS
    2008-03-24 01:42 --------- d-----w C:\ProgramData\MSN Messenger 6.0.0602
    2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
    2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
    2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
    2008-03-21 20:30 129,784 ------w C:\Windows\System32\PxAFS.DLL
    2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
    2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
    2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
    2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
    2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
    2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
    2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
    2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
    2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
    2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
    2008-03-09 10:57 --------- d-----w C:\Program Files\Microsoft Games
    2008-03-09 07:43 --------- d--h--w C:\ProgramData\CanonBJ
    2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
    2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-16 16:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-16 16:06 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-16 16:06 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-16 16:06 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-16 16:06 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-16 16:06 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-16 16:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-16 16:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-16 16:05 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-16 16:05 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-02-16 16:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-16 16:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-16 16:05 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-02-16 16:02 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2007-08-31 22:29 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter "= "oobefldr.dll" [2006-11-02 22:34 2159104 C:\Windows\System32\oobefldr.dll]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [2006-11-12 04:19 446976]
    "ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2006-11-02 22:35 125440]
    "DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 08:29 165784]
    "MSServer "= "C:\Users\Matty\AppData\Local\Temp\tuvUOGvw.dll" [ ]
    "AdobeUpdater "= "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
    "cmds "= "C:\Users\Matty\AppData\Local\Temp\jkkLCutu.dll" [2008-04-24 23:42 272384]
    "90621a2b "= "C:\Users\Matty\AppData\Local\Temp\ghdqsnkm.dll" [2008-04-27 13:40 95808]
    "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "BM935129b7 "= "C:\Users\Matty\AppData\Local\Temp\lolccgbb.dll" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-31 18:54 1006264]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-18 09:52 815104]
    "NvSvc "= "C:\Windows\system32\nvsvc.dll" [2006-12-14 09:16 90191]
    "NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [2006-12-14 09:16 7766016]
    "NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [2006-12-14 09:16 81920]
    "SunJavaUpdateSched "= "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-05-26 11:14 77824]
    "SigmatelSysTrayApp "= "sttray.exe" [2007-02-08 15:11 303104 C:\Windows\sttray.exe]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
    "@ "=" " []
    "RoxWatchTray "= "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 13:22 221184]
    "Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-26 11:27 1862144]
    "ECenter "= "c:\dell\E-Center\EULALauncher.exe" [2006-11-18 07:08 17920]
    "PCMService "= "C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-10-13 13:31 184320]
    "RoxioDragToDisc "= "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 09:00 1116920]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18 270648]
    "mcagent_exe "= "C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 21:33 582992]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-05-26 11:20:10 50688]
    QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-05-26 11:16:52 45056]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    "LoadAppInit_DLLs "=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.IV41 "= ir41_32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{771FF0DA-1F9C-46A4-BBC6-290B0DF61ECF} "= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "{A0DA3556-BE87-4F8D-B8B4-E3BA33920AF3} "= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "{0097B62E-7FDE-4A78-BBC3-E99BF2CE85B4} "= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{02A0A530-E112-4E55-AE0A-1571F9FB8A09} "= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{50849064-9E6F-4F78-BD87-552497F13B4B} "= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{6DA7075B-81E6-4CFF-97C2-D2C6B5B38081} "= UDP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
    "{BFB0BCF8-D0D3-4CB1-A71B-F93815C3A2B6} "= TCP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
    "{87BCC231-3C49-4B67-8483-ABC2FACC6780} "= UDP:C:\Program Files\qvsoftware\Sport Of Kings 2\HR.exe:Horse Racing Manager 2
    "{F17CB81C-6D74-4993-9C82-C4630BB24597} "= TCP:C:\Program Files\qvsoftware\Sport Of Kings 2\HR.exe:Horse Racing Manager 2
    "{B8DECDC1-3DE3-49CE-B0A7-87CCFC67FAC8} "= UDP:C:\Program Files\qvsoftware\Sport Of Kings 2\AutoRun.exe:Horse Racing Manager 2 - AutoRun
    "{C24AE424-7418-4642-AB2B-2D6EBD5A98D0} "= TCP:C:\Program Files\qvsoftware\Sport Of Kings 2\AutoRun.exe:Horse Racing Manager 2 - AutoRun
    "{2CEFE748-E7AA-440C-AE01-9C4CFC95536B} "= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{AF028B90-8C02-4962-AB6C-595DB7B49DA7} "= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{0CDBE137-C239-47AE-A842-578F8CF0BBAA} "= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{6717D15B-944F-49E6-BC9F-0AD03EAD09B7} "= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{E0FFDB8F-A3E9-4EC5-825D-5AA8C2E67C05} "= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1 "= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall "= 0 (0x0)

    R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2006-08-11 10:35]
    R2 LicCtrlService;LicCtrl Service;C:\Windows\runservice.exe [2007-07-03 21:26]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-12 09:10]
    S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 17:36]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75ac0c5b-8145-11dc-80ce-0019b965e5ba}]
    \shell\AutoRun\command - G:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8da29b59-ee2b-11dc-a9d6-0019b965e5ba}]
    \shell\Auto\command - infrom.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd9a14d2-20a4-11dc-819b-0019b965e5ba}]
    \shell\AutoRun\command - F:\autorun.exe

    *Newly Created Service* - CATCHME
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-01-14 14:00:02 C:\Windows\Tasks\McDefragTask.job "
    - c:\program files\mcafee\mqc\QcConsol.exe'
    "2008-04-30 15:00:00 C:\Windows\Tasks\McQcTask.job "
    - c:\program files\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-04 18:13:45
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\Windows\explorer.exe
    -> C:\Users\Matty\AppData\Local\Temp\ghdqsnkm.dll
    -> C:\Users\Matty\AppData\Local\Temp\jkkLCutu.dll
    .
    Completion time: 2008-05-04 18:27:34
    ComboFix-quarantined-files.txt 2008-05-04 08:26:24

    The system cannot find message text for message number 0x2379 in the message file for Application.
    The system cannot find message text for message number 0x2379 in the message file for Application.

    196 --- E O F --- 2008-04-26 23:42:51





    Thanks again Geri,Hopefully you can figure out how I can remove this.
     
    champ,
    #3
  5. 2008/05/04
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi champ

    Please do the following.

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    File::
C:\Users\Matty\AppData\Local\Temp\tuvUOGvw.dll
C:\Users\Matty\AppData\Local\Temp\jkkLCutu.dll
C:\Users\Matty\AppData\Local\Temp\ghdqsnkm.dll
C:\Users\Matty\AppData\Local\Temp\lolccgbb.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "MSServer "=-
 "cmds "=-
 "90621a2b "=-
 "BM935129b7 "=-
    Please post the CFScript log and a New HJT log.

    Let me know if the pop ups have stopped.

    Thanks
    Geri
     
    Geri,
    #4
  6. 2008/05/05
    champ

    champ Inactive Thread Starter

    Joined:
    2008/05/01
    Messages:
    4
    Likes Received:
    0
    Hey Geri. The popups have stopped, the internet still seems a little slow at times though.

    I cant seem to find the CFScript log anywhere..
     
    champ,
    #5
  7. 2008/05/05
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi

    It should be located here.
    C:\ComboFix.txt

    Geri
     
    Geri,
    #6
  8. 2008/05/06
    champ

    champ Inactive Thread Starter

    Joined:
    2008/05/01
    Messages:
    4
    Likes Received:
    0
    Sorry Geri got a little confused.

    Combo Fix

    ComboFix 08-05-01.3 - Matty 2008-05-05 18:45:23.2 - NTFSx86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.1084 [GMT 10:00]
    Running from: C:\Users\Matty\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Matty\Desktop\CFScript.txt
    * Created a new restore point
    * Resident AV is active


    FILE ::
    C:\Users\Matty\AppData\Local\Temp\ghdqsnkm.dll
    C:\Users\Matty\AppData\Local\Temp\jkkLCutu.dll
    C:\Users\Matty\AppData\Local\Temp\lolccgbb.dll
    C:\Users\Matty\AppData\Local\Temp\tuvUOGvw.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Users\Matty\AppData\Local\Temp\ghdqsnkm.dll
    C:\Users\Matty\AppData\Local\Temp\jkkLCutu.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-05 08:52 3,097 --sha-w C:\Windows\System32\mmf.sys
    2008-05-05 08:36 13,025 ----a-w C:\Users\Matty\AppData\Roaming\nvModes.dat
    2008-05-02 01:41 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-05-02 01:41 --------- d-----w C:\Program Files\DAEMON Tools SearchBar
    2008-05-02 01:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-05-01 05:50 --------- d-----w C:\Program Files\DAEMON Tools
    2008-05-01 02:47 --------- d-----w C:\ProgramData\Lavasoft
    2008-05-01 02:44 --------- d-----w C:\Program Files\Lavasoft
    2008-05-01 02:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-30 06:29 --------- d-----w C:\Program Files\Trend Micro
    2008-04-27 03:35 --------- d-----w C:\Program Files\McAfee
    2008-04-27 03:32 --------- d-----w C:\Program Files\Windows Mail
    2008-04-26 23:42 --------- d-----w C:\ProgramData\Microsoft Help
    2008-04-15 10:07 10,570 ----a-w C:\Users\Matty\AppData\Roaming\wklnhst.dat
    2008-04-12 12:11 92,208 ----a-w C:\Windows\System32\WING.DLL
    2008-04-12 12:11 6,736 ----a-w C:\Windows\System32\WINGDIB.DRV
    2008-04-12 12:11 27,136 ----a-w C:\Windows\System32\WAVMIX16.DLL
    2008-04-12 12:11 188,960 ----a-w C:\Windows\System32\WINGDE.DLL
    2008-04-12 12:11 12,800 ----a-w C:\Windows\System32\WING32.DLL
    2008-04-10 14:27 --------- d-----w C:\Users\Matty\AppData\Roaming\DivX
    2008-04-10 14:25 --------- d-----w C:\Program Files\DivX
    2008-04-10 14:25 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
    2008-04-09 07:26 --------- d-----w C:\Program Files\MSN Messenger
    2008-04-02 09:10 --------- d-----w C:\Program Files\Microsoft Works
    2008-04-02 09:05 --------- d-----w C:\Program Files\Microsoft.NET
    2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
    2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
    2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
    2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
    2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
    2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
    2008-03-30 12:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-30 12:44 --------- d-----w C:\Program Files\EACOM
    2008-03-30 12:41 --------- d-----w C:\Program Files\EA SPORTS
    2008-03-24 01:42 --------- d-----w C:\ProgramData\MSN Messenger 6.0.0602
    2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
    2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
    2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
    2008-03-21 20:30 129,784 ------w C:\Windows\System32\PxAFS.DLL
    2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
    2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
    2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
    2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
    2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
    2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
    2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
    2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
    2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
    2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
    2008-03-09 10:57 --------- d-----w C:\Program Files\Microsoft Games
    2008-03-09 07:43 --------- d--h--w C:\ProgramData\CanonBJ
    2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
    2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-16 16:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-16 16:06 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-16 16:06 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-16 16:06 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-16 16:06 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-16 16:06 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-16 16:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-16 16:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-16 16:05 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-16 16:05 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-02-16 16:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-16 16:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-16 16:05 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-02-16 16:02 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2007-08-31 22:29 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-04_18.25.55.31 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-04 07:28:39 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-05-05 08:52:45 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-05-02 03:29:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-05-05 08:52:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-05-02 03:29:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-05-05 08:52:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-05-04 07:28:48 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
    + 2008-05-05 09:07:54 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
    - 2008-05-02 03:31:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-05-05 09:03:31 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-05-05 09:03:31 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-05-04 07:59:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
    + 2008-05-05 08:56:04 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
    - 2008-05-02 03:30:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-05-05 09:03:25 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-05-05 09:03:25 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-05-04 07:42:46 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-05-05 08:39:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-05-04 07:42:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-05 08:39:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-05-04 07:42:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-05-05 08:39:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-02 03:31:42 9,788 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3559093049-3652714596-2342599852-1000_UserData.bin
    + 2008-05-04 08:34:29 9,788 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3559093049-3652714596-2342599852-1000_UserData.bin
    - 2008-05-02 03:31:42 69,078 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-05-04 08:34:29 69,218 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-05-02 03:31:35 45,730 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-05-04 08:48:02 45,826 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2008-05-04 07:28:45 431,452 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2008-05-05 08:36:34 435,030 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter "= "oobefldr.dll" [2006-11-02 22:34 2159104 C:\Windows\System32\oobefldr.dll]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [2006-11-12 04:19 446976]
    "ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2006-11-02 22:35 125440]
    "DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 08:29 165784]
    "AdobeUpdater "= "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
    "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-31 18:54 1006264]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-18 09:52 815104]
    "NvSvc "= "C:\Windows\system32\nvsvc.dll" [2006-12-14 09:16 90191]
    "NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [2006-12-14 09:16 7766016]
    "NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [2006-12-14 09:16 81920]
    "SunJavaUpdateSched "= "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-05-26 11:14 77824]
    "SigmatelSysTrayApp "= "sttray.exe" [2007-02-08 15:11 303104 C:\Windows\sttray.exe]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
    "RoxWatchTray "= "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 13:22 221184]
    "Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-26 11:27 1862144]
    "ECenter "= "c:\dell\E-Center\EULALauncher.exe" [2006-11-18 07:08 17920]
    "PCMService "= "C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-10-13 13:31 184320]
    "RoxioDragToDisc "= "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 09:00 1116920]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18 270648]
    "mcagent_exe "= "C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 21:33 582992]
    "combofix "= "C:\Windows\system32\CF12086.exe" [2006-11-02 19:44 320000]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-05-26 11:20:10 50688]
    QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-05-26 11:16:52 45056]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.IV41 "= ir41_32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{771FF0DA-1F9C-46A4-BBC6-290B0DF61ECF} "= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "{A0DA3556-BE87-4F8D-B8B4-E3BA33920AF3} "= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "{0097B62E-7FDE-4A78-BBC3-E99BF2CE85B4} "= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{02A0A530-E112-4E55-AE0A-1571F9FB8A09} "= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{50849064-9E6F-4F78-BD87-552497F13B4B} "= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{6DA7075B-81E6-4CFF-97C2-D2C6B5B38081} "= UDP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
    "{BFB0BCF8-D0D3-4CB1-A71B-F93815C3A2B6} "= TCP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
    "{87BCC231-3C49-4B67-8483-ABC2FACC6780} "= UDP:C:\Program Files\qvsoftware\Sport Of Kings 2\HR.exe:Horse Racing Manager 2
    "{F17CB81C-6D74-4993-9C82-C4630BB24597} "= TCP:C:\Program Files\qvsoftware\Sport Of Kings 2\HR.exe:Horse Racing Manager 2
    "{B8DECDC1-3DE3-49CE-B0A7-87CCFC67FAC8} "= UDP:C:\Program Files\qvsoftware\Sport Of Kings 2\AutoRun.exe:Horse Racing Manager 2 - AutoRun
    "{C24AE424-7418-4642-AB2B-2D6EBD5A98D0} "= TCP:C:\Program Files\qvsoftware\Sport Of Kings 2\AutoRun.exe:Horse Racing Manager 2 - AutoRun
    "{2CEFE748-E7AA-440C-AE01-9C4CFC95536B} "= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{AF028B90-8C02-4962-AB6C-595DB7B49DA7} "= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{0CDBE137-C239-47AE-A842-578F8CF0BBAA} "= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{6717D15B-944F-49E6-BC9F-0AD03EAD09B7} "= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{E0FFDB8F-A3E9-4EC5-825D-5AA8C2E67C05} "= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1 "= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall "= 0 (0x0)

    R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2006-08-11 10:35]
    S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 17:36]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75ac0c5b-8145-11dc-80ce-0019b965e5ba}]
    \shell\AutoRun\command - G:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd9a14d2-20a4-11dc-819b-0019b965e5ba}]
    \shell\AutoRun\command - F:\autorun.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-01-14 14:00:02 C:\Windows\Tasks\McDefragTask.job "
    - c:\program files\mcafee\mqc\QcConsol.exe'
    "2008-04-30 15:00:00 C:\Windows\Tasks\McQcTask.job "
    - c:\program files\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-05 19:09:36
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Windows\Runservice.exe
    C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    C:\Program Files\McAfee\MPF\MpfSrv.exe
    C:\Program Files\McAfee\MSK\msksrver.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
    C:\Windows\System32\drivers\XAudio.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    .
    **************************************************************************
    .
    Completion time: 2008-05-05 19:18:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-05 09:17:50
    ComboFix2.txt 2008-05-04 08:27:35

    The system cannot find message text for message number 0x2379 in the message file for Application.
    The system cannot find message text for message number 0x2379 in the message file for Application.

    252 --- E O F --- 2008-04-26 23:42:51






    HiJackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:33:23 PM, on 2/05/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\sttray.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deakin.edu.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe "
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe "
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Matty\AppData\Local\Temp\tuvUOGvw.dll,#1
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Matty\AppData\Local\Temp\jkkLCutu.dll,c
    O4 - HKCU\..\Run: [90621a2b] rundll32.exe "C:\Users\Matty\AppData\Local\Temp\ghdqsnkm.dll ",b
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BM935129b7] Rundll32.exe "C:\Users\Matty\AppData\Local\Temp\lolccgbb.dll ",s
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games "“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://origin.www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11847 bytes
     
    champ,
    #7
  9. 2008/05/06
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi champ

    That was a old HJT log.

    Please run and post a new HJT log.

    Thanks
    Geri
     
    Geri,
    #8

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...