I think I may have a virus...

When I start up my laptop with Vista Home Premium, it all starts up but the screen is black and it's just my cursor. I found out "explorer.exe" wasn't running, so I started a new task and put in "explorer.exe." once i did that, my desktop and start bar and everything else came up normally.

I just think something is not letting explorer.exe initiate upon startup on its own.

Any ideas?

Thanks for your input!!

-Travis Bruno

Hi Travis. Let's see what is running on your computer. Download Deckard's System Scanner (dss.exe) from here (http://deckard.geekstogo.com/dss.exe) to your Desktop. Close all open applications and windows, doubleclick on dss.exe to run it and follow the prompts.

When the scan is complete, a text file will open. Copy and paste the contents of this log (Main.txt) in your next reply. Also post the contents of Extra.txt (it will be minimised on your taskbar).

Uh, the text file is HUGE. and the Extra.txt is just as large... Do you still want me to post them? or is there another way that I can do it so you can see it?

Well folk post them in the Cyber Safety Forum all the time. If necessary, halve each log and make several posts.

Deckard's System Scanner v20071014.68
Run by Travis on 2008-02-04 21:42:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
5: 2008-02-04 19:55:05 UTC - RP401 - Scheduled Checkpoint
4: 2008-02-03 20:39:31 UTC - RP400 - Scheduled Checkpoint
3: 2008-02-03 01:33:08 UTC - RP399 - Scheduled Checkpoint
2: 2008-02-01 15:10:44 UTC - RP398 - Scheduled Checkpoint
1: 2008-01-31 21:33:09 UTC - RP397 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-04 21:43:23
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\System32\WTClient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\RunFast\runfast.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Users\Travis\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F0 - system.ini: Shell=explorer.exe C:\WINDOWS\Media\csrss.exe
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\Media\csrss.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files\DataVault\ie.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [EasyMessage] C:\Program Files\Easy Message\em2.exe
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [RunFast] "C:\Program Files\RunFast\runfast.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Save to DataVault - file://C:\Program Files\DataVault\iemenuext.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O15 - Trusted Zone: *.stumbleupon.com (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/PopularScreenSaversFWBInitialSetup1.0.1.0.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/16.35/uploader2.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - http://www.lojackforlaptops.com/ctmweb/testoc.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\system32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcg_device - Unknown owner - C:\Windows\System32\dlcgcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\Rpcnet.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\drivers\WTSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 12319 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 dsunidrv - \??\c:\program files\dellsupport\drivers\dsunidrv.sys

S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 ##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R2 WinTabService (WinTab Service) - "c:\windows\system32\drivers\wtsrv.exe" <Not Verified; Tablet Driver; Tablet Driver for Win2000/XP/Vista>

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-02-04 00:44:04 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{CB3C4F3F-DE5C-468F-B63C-B49FB3A4A3D3}.job


-- Files created between 2008-01-04 and 2008-02-04 -----------------------------

2008-02-03 17:04:15 0 d-------- C:\Program Files\Western Digital Technologies
2008-02-02 11:33:51 0 d-------- C:\Program Files\Forsaken-RO
2008-01-22 21:44:38 0 d-------- C:\Program Files\Enterbrain
2008-01-20 23:10:30 0 d-------- C:\Program Files\iPod
2008-01-20 23:10:26 0 d-------- C:\Program Files\iTunes
2008-01-20 23:08:24 0 d-------- C:\Program Files\QuickTime
2008-01-15 22:33:20 0 d-------- C:\Program Files\Loradon Online
2008-01-09 03:02:53 0 d-------- C:\29fbaa9e7d0ca88ea4c8
2008-01-07 00:43:13 0 d--h----- C:\Program Files\Zero G Registry
2008-01-07 00:43:13 0 d-------- C:\Program Files\Ubisoft
2008-01-06 22:14:01 0 d-------- C:\Program Files\Tremulous


-- Find3M Report ---------------------------------------------------------------

2008-02-04 21:41:24 41052 --a------ C:\Users\Travis\AppData\Roaming\nvModes.001
2008-02-04 19:58:22 17408 --a------ C:\Windows\system32\rpcnetp.exe
2008-02-04 19:58:20 41584 --a------ C:\Windows\system32\Rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-02-04 10:40:50 0 d-------- C:\Users\Travis\AppData\Roaming\uTorrent
2008-02-04 10:39:14 0 d-------- C:\Users\Travis\AppData\Roaming\.purple
2008-02-04 10:34:00 0 d-------- C:\Users\Travis\AppData\Roaming\AVG7
2008-02-04 10:29:31 17408 --a------ C:\Windows\system32\rpcnetp.dll
2008-02-03 22:57:17 0 d-------- C:\Users\Travis\AppData\Roaming\StumbleUpon
2008-02-03 17:07:55 0 d-------- C:\Users\Travis\AppData\Roaming\Adobe
2008-02-02 15:55:27 0 d-------- C:\Program Files\Dl_cats
2008-01-22 20:16:30 0 d-------- C:\Users\Travis\AppData\Roaming\Wormux
2008-01-09 03:12:15 0 d-------- C:\Program Files\Windows Mail
2008-01-09 03:02:06 0 d-------- C:\Program Files\Windows Sidebar
2008-01-08 14:28:19 41052 --a------ C:\Users\Travis\AppData\Roaming\nvModes.dat
2007-12-27 22:08:48 0 d-------- C:\Program Files\Windows Live
2007-12-27 22:08:27 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-27 22:03:05 0 d-------- C:\Program Files\Common Files
2007-12-24 11:41:50 0 d-------- C:\Program Files\MythWar_en
2007-12-24 11:19:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-24 00:51:17 0 d-------- C:\Program Files\uTorrent
2007-12-13 02:09:30 0 d-------- C:\Users\Travis\AppData\Roaming\gtk-2.0
2007-12-04 23:57:53 0 d-------- C:\Users\Travis\AppData\Roaming\SecondLife
2007-12-04 23:55:55 0 d-------- C:\Users\Travis\AppData\Roaming\Mozilla

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/11/2007 08:12 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/17/2006 05:52 PM]
"SigmatelSysTrayApp"="sttray.exe" [02/07/2007 11:11 PM C:\Windows\sttray.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 02:30 PM]
"@"="" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [04/04/2007 08:16 AM]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [11/17/2006 03:19 PM]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [10/13/2006 10:31 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/20/2007 01:58 PM]
"x3watch"="C:\Program Files\X3watch\x3watch.exe" []
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [08/11/2005 02:30 PM]
"dlcgmon.exe"="C:\Program Files\Dell AIO 810\dlcgmon.exe" [10/21/2005 09:42 AM]
"EasyMessage"="C:\Program Files\Easy Message\em2.exe" []
"WTClient"="WTClient.exe" [04/12/2007 12:27 AM C:\Windows\System32\WTClient.exe]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [10/09/2007 06:57 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [10/04/2007 09:24 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [10/04/2007 09:24 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [10/04/2007 09:24 PM]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [10/04/2007 09:24 PM]
"DLCGCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtim e.dll" [10/20/2006 04:50 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 06:35 AM]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [08/11/2005 02:30 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 05:16 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [10/09/2007 06:56 PM]
"RunFast"="C:\Program Files\RunFast\runfast.exe" [03/18/2004 03:00 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 06:36 AM]

C:\Users\Travis\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [11/20/2007 2:38:13 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [4/12/2007 6:02:58 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [4/4/2007 8:10:36 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 2:05:56 PM]
QuickSet.lnk - C:\Windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D 39BF83DC4.exe [4/4/2007 8:08:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe C:\WINDOWS\Media\csrss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 04/11/2007 11:25 PM 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6aba9c8d-0eca-11dc-94bc-0019b9682a75}]
AutoRun\command- F:\PortableApps\PortableAppsMenu\PortableAppsMenu. exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9d87dbcd-d28f-11dc-ad2c-0019b9682a75}]
AutoRun\command- F:\wd_windows_tools\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-02-04 21:45:19 ------------





And That's all the main one... now for the extra.txt

[edit] oops, wrong stuff...

You posted the second half of Main.txt instead of Extra.txt but I dont need to worry about that right now.

Your log shows malware startups but we have to be very careful with your machine. You have security software installed that has the capability of wiping your hard drive if your computer is reported stolen and the files tampered with. It looks like it was recently installed too. To be honest, I am not that keen to work on it nor do I think will any of our other helpers once they see this software. If any of our utilities accidentally deleted one of those files, your whole drive could be wiped.

Is this your own laptop or a work computer?

Yikes.. Yeah, I got some software when I first got my laptop in early 2007. Is there a way I can disable it, or will I have to just wait until my subscription runs out?

And this is my own laptop.

Well the files have just been updated so you must have renewed your subscription.

Is there a way I can disable it

I dont know. You could call the software company concerned and ask but I very much doubt it. If it was that easy, the software wouldnt really be very effective if your laptop was stolen would it?

Unless you are prepared to risk losing everything, including your operating system, I suggest that you take this into a repair shop and ask them to make an image of the drive before they remove the malware.

Mmk.. I will probably to that. Hah. I kinda need a lot of things on here.

Well the files have just been updated so you must have renewed your subscription.

Really? Do you know when exactly it was renewed? and maybe the name? I don't have the info here. It's back at home. I'm in an apartment during college.

Do you know when exactly it was renewed?

The software was either renewed or activated yesterday.

Really? I never did any renewing of software or anything yesterday.. Any idea about why it says that?

No idea, I'm afraid.