Alright, here's all the info:
'findfiles.bat'
ok I followed your intstructions, but the 'klook' file that opens up is empty... did I do something wrong?
'Main.txt'
Deckard's System Scanner v20071014.68
Run by Luke on 2008-04-09 19:43:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Luke.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:44 PM, on 09/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\BCMSMMSG.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Users\Luke\Desktop\dss.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Luke.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MagicTuneEngine] C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BM53a8ebeb] Rundll32.exe "C:\Users\Luke\AppData\Local\Temp\putjhvpe.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CCC.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/share ... insctl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail.com/mail/w2/resourc ... den-ca.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/Fac ... loader.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b55762.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binary/ZI ... b55579.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 7570 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080409-193945-148 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080409-193945-314 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Luke\AppData\Local\Temp\pmnOhghf.dll,c
backup-20080409-193945-331 O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Luke\AppData\Local\Temp\cbXPJAPf.dll,#1
backup-20080409-193945-868 O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Luke\AppData\Local\Temp\ojrnitur.dll",run
backup-20080409-193945-956 O4 - HKCU\..\Run: [BM53a8ebeb] Rundll32.exe "C:\Users\Luke\AppData\Local\Temp\putjhvpe.dll",s
backup-20080409-193945-975 O4 - HKCU\..\Run: [509bd877] rundll32.exe "C:\Users\Luke\AppData\Local\Temp\coiydnsw.dll",b
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 NCPro - c:\windows\system32\drivers\mtictwl.sys
R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys
S3 MagicTune - c:\windows\system32\drivers\mtictwl.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-04-09 05:12:15 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{9B4F8F7B-D558-461C-BC83-1542712686DC}.job
2008-04-01 01:00:08 350 --a------ C:\Windows\Tasks\McQcTask.job
2008-03-15 04:15:20 348 --a------ C:\Windows\Tasks\McDefragTask.job
-- Files created between 2008-03-09 and 2008-04-09 -----------------------------
2008-04-08 21:58:19 0 d-------- C:\VundoFix Backups
2008-04-05 19:57:36 0 d-------- C:\Program Files\Ubisoft
2008-04-02 23:31:03 0 d-------- C:\Users\All Users\Grisoft
2008-04-02 23:05:35 0 --a------ C:\Windows\ativpsrm.bin
2008-04-02 23:03:53 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-02 22:20:00 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-02 22:19:45 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-02 17:21:25 0 d-------- C:\Program Files\Trend Micro
2008-04-02 08:33:01 0 d-------- C:\Users\All Users\Lavasoft
2008-04-02 08:32:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-09 04:00:43 0 d-------- C:\Program Files\MSXML 4.0
-- Find3M Report ---------------------------------------------------------------
2008-04-06 07:22:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-04 20:45:09 0 d-------- C:\Program Files\Encore
2008-04-04 20:44:37 0 d-------- C:\Program Files\DivX
2008-04-04 20:44:22 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-04-04 18:15:55 0 d-------- C:\Program Files\Call of Duty
2008-04-04 18:10:30 0 d-------- C:\Program Files\Common Files
2008-04-02 22:19:45 0 d-------- C:\Users\Luke\AppData\Roaming\SUPERAntiSpyware.com
2008-03-24 18:54:15 0 d-------- C:\Program Files\Steam
2008-03-16 20:57:06 0 d-------- C:\Program Files\THQ
2008-03-13 17:47:45 0 d-------- C:\Program Files\Common Files\Steam
2008-03-12 03:09:31 0 d-------- C:\Program Files\Windows Mail
2008-03-08 09:06:56 0 d-------- C:\Users\Luke\AppData\Roaming\Roxio
2008-03-08 00:37:27 0 d-------- C:\Users\Luke\AppData\Roaming\Research In Motion
2008-03-08 00:30:11 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-08 00:29:23 0 d-------- C:\Program Files\Roxio
2008-03-08 00:27:32 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-08 00:26:19 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-08 00:17:53 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-03-08 00:17:28 0 d-------- C:\Program Files\Research In Motion
2008-02-20 20:05:44 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-02-20 20:04:16 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-20 20:04:16 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-20 20:04:04 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-20 20:04:04 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 20:04:04 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 20:04:04 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 20:03:24 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-02-16 04:08:25 0 d-------- C:\Program Files\McAfee
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/04/2007 03:01 AM]
"BCMSMMSG"="BCMSMMSG.exe" [29/08/2003 05:59 AM C:\Windows\BCMSMMSG.exe]
"CTHelper"="CTHELPER.EXE" [19/12/2006 02:58 PM C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [19/12/2006 02:58 PM C:\Windows\System32\CTXFIHLP.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 11:33 PM]
"MagicTuneEngine"="C:\Program Files\MagicTune Premium\MagicTuneEngine.exe" [14/06/2007 12:00 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/02/2008 12:13 AM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [16/08/2007 09:56 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/01/2008 04:02 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 01:54 PM]
"@"="" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 01:35 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 06:35 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29/02/2008 04:03 PM]
"BM53a8ebeb"="C:\Users\Luke\AppData\Local\Temp\putjhvpe.dll,s" []
C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [29/09/2006 10:57:36 AM]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [08/02/2008 10:15:05 PM]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [17/08/2007 10:14:08 AM]
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [26/12/2007 4:31:15 PM]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [26/12/2007 4:32:49 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bf0b437-be9c-11dc-a211-000cf19bf006}]
AutoRun\command- F:\JDLightning\Windows\JDLightning.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {F8487D71-8722-24E3-AC1E-8BA8B34E8832} /qb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-04-09 19:47:18 ------------
'Extra.txt'
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 3070.45 MiB / 1949.55 MiB
Pagefile Memory (total/avail): 6327.16 MiB / 5153.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.23 MiB
A: is Removable (No Media)
B: is Removable (No Media)
C: is Fixed (NTFS) - 111.72 GiB total, 38.16 GiB free.
D: is CDROM (UDF)
E: is CDROM (CDFS)
\\.\PHYSICALDRIVE0 - Maxtor 6Y120M0 - 111.76 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 111.72 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: McAfee VirusScan v (McAfee)
AS: McAfee VirusScan v (McAfee)
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.)
OutdatedAS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: SUPERAntiSpyware v4, 0, 0, 1154 (SUPERAntiSpyware.com)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Luke\AppData\Roaming
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LUKE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Luke
LOCALAPPDATA=C:\Users\Luke\AppData\Local
LOGONSERVER=\\LUKE-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Luke\AppData\Local\Temp
TMP=C:\Users\Luke\AppData\Local\Temp
USERDOMAIN=Luke-PC
USERNAME=Luke
USERPROFILE=C:\Users\Luke
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
Luke
Mcx1
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{2BE0C605-9BEC-434D-9FAE-931194E72414}
--> MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
--> MsiExec.exe /I{726A362E-EBFD-4C3F-8664-6593C2B08386}
--> MsiExec.exe /I{943CB81D-11B9-401E-8305-752528D00AA1}
--> MsiExec.exe /I{E75F019D-98A0-4B39-B1A8-3A01400D2A18}
--> MsiExec.exe /X{F664EDB9-59DF-452A-A3D7-085ED1B8D374}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
AQUAZONE "Virtual Aquarium Collection" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6A9D7C4-1E5B-42FD-98F5-E067A942AEE1}\Setup.exe" -l0x9
ArcSoft Camera Suite 1.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\setup.exe" -l0x9
BCM V.92 56K Modem --> C:\Windows\BCMSMU.exe quiet
BlackBerry Desktop Software 4.3 --> MsiExec.exe /I{D793A12F-E362-48BB-B332-1DA5E936B52D}
BlackBerry Desktop Software 4.3 --> MsiExec.exe /i{D793A12F-E362-48BB-B332-1DA5E936B52D}
Chessmaster Grandmaster Edition --> C:\Program Files\InstallShield Installation Information\{27614800-84A9-484E-9CCB-43ED2F1205F5}\setup.exe -runfromtemp -l0x0409
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer The First Decade --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative Audio Processing Object Interface Module --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
Dawn of War - Soulstorm --> "C:\Program Files\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x0009 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Half-Life 2: Episode Two --> "C:\Program Files\Steam\steam.exe"
steam://uninstall/420HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hoyle Card Games 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D361C406-ED11-4A88-AD42-4A749BBAE6F9}\setup.exe" -l0x9 -removeonly
MagicTunePremium --> C:\Program Files\InstallShield Installation Information\{59625CC8-69B3-4917-864B-3CE27B76DCF3}\setup.exe -runfromtemp -l0x0009 -removeonly
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Morpheus 5.3 (remove only) --> "C:\Program Files\Morpheus\UninstMorpheus.exe"
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Natural Color Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}\setup.exe" -l0x9
OpenAL --> "C:\Program Files\OpenAL\OALInst.exe" /U
Portal --> "C:\Program Files\Steam\steam.exe"
steam://uninstall/400QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Roxio Media Manager --> MsiExec.exe /X{303379C9-8610-4CCF-AF37-C4BF8998C591}
Starcraft --> C:\Windows\SCunin.exe C:\Windows\SCunin.dat
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Team Fortress 2 --> "C:\Program Files\Steam\steam.exe"
steam://uninstall/440Titan Quest --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x9 -removeonly
Titan Quest Immortal Throne --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x9 -removeonly
Warhammer 40,000: Dawn Of War - Platinum Edition --> MsiExec.exe /X{8F99E711-CE74-4718-BE04-19D1A53A735C}
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type24862 / Error
Event Submitted/Written: 04/09/2008 07:39:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16609, time stamp 0x47575b9a, faulting module WindowsLiveLogin.dll_unloaded, version 0.0.0.0, time stamp 0x44f7a9ed, exception code 0xc0000005, fault offset 0x2952f1d4,
process id 0x1dc, application start time 0xiexplore.exe0.
Event Record #/Type24861 / Error
Event Submitted/Written: 04/09/2008 09:19:56 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16609, time stamp 0x47575b9a, faulting module WindowsLiveLogin.dll_unloaded, version 0.0.0.0, time stamp 0x44f7a9ed, exception code 0xc0000005, fault offset 0x2952f1d4,
process id 0x1274, application start time 0xiexplore.exe0.
Event Record #/Type24859 / Error
Event Submitted/Written: 04/09/2008 00:30:24 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16609, time stamp 0x47575b9a, faulting module WindowsLiveLogin.dll_unloaded, version 0.0.0.0, time stamp 0x44f7a9ed, exception code 0xc0000005, fault offset 0x2952f1d4,
process id 0x1758, application start time 0xiexplore.exe0.
Event Record #/Type24803 / Error
Event Submitted/Written: 04/07/2008 10:28:58 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16609, time stamp 0x47575b9a, faulting module WindowsLiveLogin.dll_unloaded, version 0.0.0.0, time stamp 0x44f7a9ed, exception code 0xc0000005, fault offset 0x2952f1d4,
process id 0x1168, application start time 0xiexplore.exe0.
Event Record #/Type24779 / Success
Event Submitted/Written: 04/06/2008 07:26:23 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type42162 / Warning
Event Submitted/Written: 04/09/2008 07:45:02 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Luke-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Luke-PC27 can't undo changes that you allow.
For more information please see the following:
%Luke-PC275
Scan ID: {6CD07229-673B-4B3D-A852-8A71C86B8C32}
User: Luke-PC\Luke
Name: %Luke-PC271
ID: %Luke-PC272
Severity ID: %Luke-PC273
Category ID: %Luke-PC274
Path Found: %Luke-PC276
Alert Type: %Luke-PC278
Detection Type: 1.1.1505.02
Event Record #/Type42161 / Warning
Event Submitted/Written: 04/09/2008 07:45:02 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Luke-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Luke-PC27 can't undo changes that you allow.
For more information please see the following:
%Luke-PC275
Scan ID: {6E6D8540-9AC1-4034-87E4-434061C64504}
User: Luke-PC\Luke
Name: %Luke-PC271
ID: %Luke-PC272
Severity ID: %Luke-PC273
Category ID: %Luke-PC274
Path Found: %Luke-PC276
Alert Type: %Luke-PC278
Detection Type: 1.1.1505.02
Event Record #/Type42160 / Warning
Event Submitted/Written: 04/09/2008 07:45:02 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Luke-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Luke-PC27 can't undo changes that you allow.
For more information please see the following:
%Luke-PC275
Scan ID: {8208A123-9613-4ECB-B325-A9187E4259E8}
User: Luke-PC\Luke
Name: %Luke-PC271
ID: %Luke-PC272
Severity ID: %Luke-PC273
Category ID: %Luke-PC274
Path Found: %Luke-PC276
Alert Type: %Luke-PC278
Detection Type: 1.1.1505.02
Event Record #/Type42159 / Warning
Event Submitted/Written: 04/09/2008 07:45:02 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Luke-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Luke-PC27 can't undo changes that you allow.
For more information please see the following:
%Luke-PC275
Scan ID: {6A5C066F-6843-4B00-A74D-132A0A2A748F}
User: Luke-PC\Luke
Name: %Luke-PC271
ID: %Luke-PC272
Severity ID: %Luke-PC273
Category ID: %Luke-PC274
Path Found: %Luke-PC276
Alert Type: %Luke-PC278
Detection Type: 1.1.1505.02
Event Record #/Type42158 / Warning
Event Submitted/Written: 04/09/2008 07:44:59 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Luke-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Luke-PC27 can't undo changes that you allow.
For more information please see the following:
%Luke-PC275
Scan ID: {2EBD0AF8-09EF-4141-AE3F-46DDD5E2AC8B}
User: Luke-PC\Luke
Name: %Luke-PC271
ID: %Luke-PC272
Severity ID: %Luke-PC273
Category ID: %Luke-PC274
Path Found: %Luke-PC276
Alert Type: %Luke-PC278
Detection Type: 1.1.1505.02
-- End of Deckard's System Scanner: finished at 2008-04-09 19:47:18 ------------
Also, when DSS was running, Mcafee kept saying it caught a virus named 'Vundo' (it happened about 3 or 4 times)