Frigate

Somehow I managed two pick up something really nasty, as in the sort that blocks antivirus programs from running. I restarted in safe mode and after finding the malware was sill present even in safe mode, I restarted again and ran system restore as soon as I could. After that, I had Malwarebytes run a scan the found two trojans, which it got rid of. This seems to have cleared out the bug, although I'm not sure if I'm in the clear or not.

And now ping.exe seems to be gone, but I have this new pest pest called plugin-container.exe that is showing up in the task manager. The behavior is pretty much the same, so I suspect that it simply changed its name to disguise itself. I don't know if this is significant or not.

I don't know where I picked this one up, but it's been a persistent annoyance. No where near as scary as some of the other bugs I've dealt with. At least it doesn't prevent other programs from running. It does, however, drive up my CUPsage and takes up about 100 megs of memory. Attach.txt DDS.txt hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:31:10 PM, on 4/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\Program Files\PowerPanel Personal Edition\ppped.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\Tablet.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\TorCP\torcp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PowerPanel Personal Edition\pppeuser.exe C:\Program Files\America Online 7.0\aoltray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Tor\tor.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe C:\Program Files\Privoxy\privoxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.educateu.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Brian Callahan\Application Data\Mozilla\Firefox\Profiles\1q6r27me.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.58.dll (file missing) O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [TorCP] "C:\Program Files\TorCP\torcp.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\PowerPanel Personal Edition\pppeuser.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.syngress.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105140351792 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228604275937 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\PowerPanel Personal Edition\ppped.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10576 bytes -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Wednesday, April 15, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Wednesday, April 15, 2009 16:36:57 Records in database: 2047440 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Files scanned: 260861 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 04:39:55 No malware has been detected. The scan area is clean. The selected area was scanned. Everything looks okay, but I'll check back to this thread in case I missed something. Thanks again.

Thank you for your help, everything went fine this time around. Here are the logs: Malwarebytes' Anti-Malware 1.36 Database version: 1976 Windows 5.1.2600 Service Pack 3 4/13/2009 5:29:05 PM mbam-log-2009-04-13 (17-29-05).txt Scan type: Quick Scan Objects scanned: 68966 Time elapsed: 3 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:36:18 PM, on 4/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\Program Files\PowerPanel Personal Edition\ppped.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\Tablet.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\TorCP\torcp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PowerPanel Personal Edition\pppeuser.exe C:\Program Files\Tor\tor.exe C:\Program Files\America Online 7.0\aoltray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe C:\Program Files\Privoxy\privoxy.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.educateu.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Brian Callahan\Application Data\Mozilla\Firefox\Profiles\1q6r27me.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.58.dll (file missing) O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [TorCP] "C:\Program Files\TorCP\torcp.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\PowerPanel Personal Edition\pppeuser.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.syngress.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105140351792 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228604275937 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\PowerPanel Personal Edition\ppped.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10576 bytes

Here are the logs so far: ComboFix ComboFix 09-04-04.01 - Brian Callahan 2009-04-10 12:12:34.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.653 [GMT -5:00] Running from: c:\documents and settings\Brian Callahan\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Brian Callahan\Desktop\CFscript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Created a new restore point FILE :: c:\docume~1\alluse~1\applic~1\kexynanypi.reg c:\docume~1\brianc~1\applic~1\arutuniner.bat c:\docume~1\brianc~1\applic~1\tysexuxedy.dat c:\docume~1\brianc~1\applic~1\ufurucinu.bat c:\docume~1\brianc~1\applic~1\xose.dat c:\documents and settings\All Users\Application Data\kexynanypi.reg c:\documents and settings\Brian Callahan\Application Data\arutuniner.bat c:\documents and settings\Brian Callahan\Application Data\tysexuxedy.dat c:\program files\_INST32I.EX_ c:\program files\_ISDEL.EXE c:\program files\_setup.dll c:\program files\_sys1.cab c:\program files\_user1.cab c:\program files\common files\iwihako.pif c:\program files\common files\nopeq._dl c:\program files\common files\pynilyzih.vbs c:\program files\Common Files\vinexypu._dl c:\program files\Common Files\xexupesow.db c:\program files\DATA.TAG c:\program files\data1.cab c:\program files\lang.dat c:\program files\layout.bin c:\program files\os.dat c:\program files\ReadMe.htm c:\program files\setup.bmp c:\program files\SETUP.INI c:\program files\setup.ins c:\program files\setup.lid c:\program files\tor-bundle-uninstall.exe c:\windows\{B62FC6AF-46BF-4054-9BB9-154BD55549C0}.dat c:\windows\asizekudegemidar.dll c:\windows\d3desa.dll c:\windows\gendel32.exe c:\windows\Gralacaxoza.dat c:\windows\Jdewasule.bin c:\windows\p_981116.exe c:\windows\SYSTEM32\{AC4F1F73-1561-408C-990E-6BF0AAC531EB}.dat c:\windows\Tasks\Norton AntiVirus - Scan my computer.job c:\windows\Tasks\Symantec NetDetect.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\alluse~1\applic~1\kexynanypi.reg c:\docume~1\brianc~1\applic~1\arutuniner.bat c:\docume~1\brianc~1\applic~1\tysexuxedy.dat c:\docume~1\brianc~1\applic~1\ufurucinu.bat c:\docume~1\brianc~1\applic~1\xose.dat c:\documents and settings\All Users\Application Data\kexynanypi.reg c:\documents and settings\Brian Callahan\Application Data\arutuniner.bat c:\documents and settings\Brian Callahan\Application Data\tysexuxedy.dat c:\program files\_INST32I.EX_ c:\program files\_ISDEL.EXE c:\program files\_setup.dll c:\program files\_sys1.cab c:\program files\_user1.cab c:\program files\common files\iwihako.pif c:\program files\common files\nopeq._dl c:\program files\common files\pynilyzih.vbs c:\program files\Common Files\vinexypu._dl c:\program files\Common Files\xexupesow.db c:\program files\DATA.TAG c:\program files\data1.cab c:\program files\lang.dat c:\program files\layout.bin c:\program files\os.dat c:\program files\ReadMe.htm c:\program files\setup.bmp c:\program files\SETUP.INI c:\program files\setup.ins c:\program files\setup.lid c:\program files\tor-bundle-uninstall.exe c:\windows\asizekudegemidar.dll c:\windows\gendel32.exe c:\windows\Gralacaxoza.dat c:\windows\Jdewasule.bin c:\windows\p_981116.exe c:\windows\Tasks\Symantec NetDetect.job . ((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 ))))))))))))))))))))))))))))))) . 2009-04-08 12:20 . 2009-04-08 12:20 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-04-08 12:19 . 2009-04-08 12:20 <DIR> d-------- c:\program files\File Recover 2009-04-08 12:19 . 2009-03-24 01:57 44,544 --a------ c:\windows\SYSTEM32\msxml4a.dll 2009-04-07 13:08 . 2009-04-07 13:08 <DIR> d-------- c:\documents and settings\Brian Callahan\DoctorWeb 2009-04-07 12:24 . 2009-04-07 12:24 <DIR> d-------- c:\program files\CCleaner 2009-04-02 11:38 . 2009-03-26 16:49 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-04-02 11:38 . 2009-03-26 16:49 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-03-25 15:04 . 1996-03-27 12:24 28,856 --a------ c:\windows\BATTLEST.TTF 2009-03-18 22:21 . 2009-03-19 01:03 <DIR> d-------- C:\!KillBox 2009-03-16 22:07 . 2009-03-16 22:07 20 --a------ c:\windows\mafosav.INI 2009-03-12 11:32 . 2009-03-12 11:32 <DIR> d-------- c:\program files\Avira 2009-03-12 11:32 . 2009-03-12 11:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-03-12 11:28 . 2009-03-12 11:28 <DIR> d-------- c:\program files\Trend Micro 2009-03-11 17:08 . 2009-03-11 17:09 <DIR> d-------- C:\fixwareout 2009-03-11 14:14 . 2009-03-11 14:50 <DIR> d-------- c:\documents and settings\Brian Callahan\Application Data\FreeCAD 2009-03-11 14:09 . 2009-03-11 14:10 <DIR> d-------- c:\program files\FreeCAD0.7 2009-03-11 13:14 . 2009-03-11 13:22 <DIR> d-------- c:\program files\BRL-CAD . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-10 17:21 --------- d-----w c:\documents and settings\Brian Callahan\Application Data\Tor 2009-04-10 17:20 --------- d-----w c:\program files\PowerPanel Personal Edition 2009-04-10 16:10 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-04-10 16:05 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-04-09 19:06 --------- d-----w c:\program files\Symantec 2009-04-02 16:38 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-25 18:38 --------- d-----w c:\documents and settings\Brian Callahan\Application Data\Canon 2009-02-16 22:58 --------- d-----w c:\documents and settings\Brian Callahan\Application Data\U3 2006-02-11 00:41 26,657 ----a-w c:\program files\BUNDLE_LICENSE 2002-09-20 02:48 8,919,552 ----a-w c:\documents and settings\Brian Callahan\penguins.exe 2008-12-07 00:08 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008120620081207\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-04-08_13.30.48.50 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-09 11:08:53 1,847,552 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys + 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll + 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe + 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll + 2008-12-05 06:58:08 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll + 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll + 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll + 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe + 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll + 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll + 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll + 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll + 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll + 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll + 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe + 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll + 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll + 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll + 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll + 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll + 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll + 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll + 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll + 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe + 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe + 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll + 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll + 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll + 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll + 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll + 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll + 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll + 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll + 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll + 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll + 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll + 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll + 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll + 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll - 2008-10-16 20:38:34 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll + 2008-12-20 23:15:11 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll - 2008-10-16 20:38:34 124,928 ------w c:\windows\SYSTEM32\DLLCACHE\advpack.dll + 2008-12-20 23:15:11 124,928 ------w c:\windows\SYSTEM32\DLLCACHE\advpack.dll - 2008-10-16 20:38:34 347,136 ------w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll + 2008-12-20 23:15:12 347,136 ------w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll - 2008-10-16 20:38:34 214,528 ------w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll + 2008-12-20 23:15:13 214,528 ------w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll - 2008-10-16 20:38:35 133,120 ------w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll + 2008-12-20 23:15:13 133,120 ------w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll - 2008-10-16 20:38:35 63,488 ------w c:\windows\SYSTEM32\DLLCACHE\icardie.dll + 2008-12-20 23:15:13 63,488 ------w c:\windows\SYSTEM32\DLLCACHE\icardie.dll - 2008-10-16 13:11:09 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe + 2008-12-19 09:10:15 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe - 2008-10-16 20:38:35 153,088 ------w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll + 2008-12-20 23:15:14 153,088 ------w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll - 2008-10-16 20:38:35 230,400 ------w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll + 2008-12-20 23:15:14 230,400 ------w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll - 2008-10-15 07:04:53 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll + 2008-12-19 05:23:56 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll - 2008-10-16 20:38:35 383,488 ------w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll + 2008-12-20 23:15:15 383,488 ------w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll - 2008-10-16 20:38:35 384,512 ------w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll + 2008-12-20 23:15:16 384,512 ------w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll - 2008-10-16 20:38:37 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll + 2008-12-20 23:15:21 6,066,688 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll - 2008-10-16 20:38:37 44,544 ------w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll + 2008-12-20 23:15:21 44,544 ------w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll - 2008-10-16 20:38:37 267,776 ------w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll + 2008-12-20 23:15:22 267,776 ------w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll - 2008-10-16 13:11:09 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe + 2008-12-19 09:10:15 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe - 2008-10-15 07:06:26 633,632 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe + 2008-12-19 05:25:25 634,024 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe - 2008-10-16 20:38:37 27,648 ------w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll + 2008-12-20 23:15:23 27,648 ------w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll - 2008-10-16 20:38:37 459,264 ------w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll + 2008-12-20 23:15:23 459,264 ------w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll - 2008-10-16 20:38:37 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll + 2008-12-20 23:15:24 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll - 2008-12-13 06:40:02 3,593,216 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll + 2009-01-17 02:35:14 3,594,752 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll - 2008-10-16 20:38:38 477,696 ------w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll + 2008-12-20 23:15:30 477,696 ------w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll - 2008-10-16 20:38:38 193,024 ------w c:\windows\SYSTEM32\DLLCACHE\msrating.dll + 2008-12-20 23:15:31 193,024 ------w c:\windows\SYSTEM32\DLLCACHE\msrating.dll - 2008-10-16 20:38:39 671,232 ------w c:\windows\SYSTEM32\DLLCACHE\mstime.dll + 2008-12-20 23:15:32 671,232 ------w c:\windows\SYSTEM32\DLLCACHE\mstime.dll - 2008-10-16 20:38:39 102,912 ------w c:\windows\SYSTEM32\DLLCACHE\occache.dll + 2008-12-20 23:15:38 102,912 ------w c:\windows\SYSTEM32\DLLCACHE\occache.dll - 2008-10-16 20:38:39 44,544 ------w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll + 2008-12-20 23:15:38 44,544 ------w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll + 2008-12-05 06:54:55 144,896 ------w c:\windows\SYSTEM32\DLLCACHE\schannel.dll - 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\SYSTEM32\DLLCACHE\shell32.dll + 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\SYSTEM32\DLLCACHE\shell32.dll - 2008-09-08 10:41:42 333,824 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys + 2008-12-11 10:57:09 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys - 2008-10-16 20:38:39 105,984 ------w c:\windows\SYSTEM32\DLLCACHE\url.dll + 2008-12-20 23:15:39 105,984 ------w c:\windows\SYSTEM32\DLLCACHE\url.dll - 2008-10-16 20:38:39 1,160,192 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll + 2008-12-20 23:15:40 1,160,192 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll - 2008-10-16 20:38:39 233,472 ------w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll + 2008-12-20 23:15:40 233,472 ------w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll - 2008-09-15 12:12:56 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys + 2009-02-09 11:13:27 1,846,784 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys - 2008-10-16 20:38:40 826,368 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll + 2008-12-20 23:15:41 826,368 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll - 2008-09-08 10:41:42 333,824 ----a-w c:\windows\SYSTEM32\DRIVERS\srv.sys + 2008-12-11 10:57:09 333,952 ----a-w c:\windows\SYSTEM32\DRIVERS\srv.sys - 2008-10-16 20:38:34 347,136 ------w c:\windows\SYSTEM32\dxtmsft.dll + 2008-12-20 23:15:12 347,136 ------w c:\windows\SYSTEM32\dxtmsft.dll - 2008-10-16 20:38:34 214,528 ------w c:\windows\SYSTEM32\dxtrans.dll + 2008-12-20 23:15:13 214,528 ------w c:\windows\SYSTEM32\dxtrans.dll - 2008-10-16 20:38:35 133,120 ------w c:\windows\SYSTEM32\extmgr.dll + 2008-12-20 23:15:13 133,120 ------w c:\windows\SYSTEM32\extmgr.dll - 2009-03-27 16:36:57 184,224 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT + 2009-04-09 17:05:00 184,224 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT - 2008-10-16 20:38:35 63,488 ----a-w c:\windows\SYSTEM32\icardie.dll + 2008-12-20 23:15:13 63,488 ----a-w c:\windows\SYSTEM32\icardie.dll - 2008-10-16 13:11:09 70,656 ------w c:\windows\SYSTEM32\ie4uinit.exe + 2008-12-19 09:10:15 70,656 ------w c:\windows\SYSTEM32\ie4uinit.exe - 2008-10-16 20:38:35 153,088 ------w c:\windows\SYSTEM32\ieakeng.dll + 2008-12-20 23:15:14 153,088 ------w c:\windows\SYSTEM32\ieakeng.dll - 2008-10-16 20:38:35 230,400 ------w c:\windows\SYSTEM32\ieaksie.dll + 2008-12-20 23:15:14 230,400 ------w c:\windows\SYSTEM32\ieaksie.dll - 2008-10-15 07:04:53 161,792 ------w c:\windows\SYSTEM32\ieakui.dll + 2008-12-19 05:23:56 161,792 ------w c:\windows\SYSTEM32\ieakui.dll - 2008-10-16 20:38:35 383,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dll + 2008-12-20 23:15:15 383,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dll - 2008-10-16 20:38:35 384,512 ------w c:\windows\SYSTEM32\iedkcs32.dll + 2008-12-20 23:15:16 384,512 ------w c:\windows\SYSTEM32\iedkcs32.dll - 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\SYSTEM32\ieframe.dll + 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\SYSTEM32\ieframe.dll - 2008-10-16 20:38:37 44,544 ------w c:\windows\SYSTEM32\iernonce.dll + 2008-12-20 23:15:21 44,544 ------w c:\windows\SYSTEM32\iernonce.dll - 2008-10-16 20:38:37 267,776 ----a-w c:\windows\SYSTEM32\iertutil.dll + 2008-12-20 23:15:22 267,776 ----a-w c:\windows\SYSTEM32\iertutil.dll - 2008-10-16 13:11:09 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe + 2008-12-19 09:10:15 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe - 2008-10-16 20:38:37 27,648 ------w c:\windows\SYSTEM32\jsproxy.dll + 2008-12-20 23:15:23 27,648 ------w c:\windows\SYSTEM32\jsproxy.dll + 2009-02-25 17:55:00 24,768,960 ----a-w c:\windows\SYSTEM32\MRT.exe - 2008-10-16 20:38:37 459,264 ----a-w c:\windows\SYSTEM32\msfeeds.dll + 2008-12-20 23:15:23 459,264 ----a-w c:\windows\SYSTEM32\msfeeds.dll - 2008-10-16 20:38:37 52,224 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll + 2008-12-20 23:15:24 52,224 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll - 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\SYSTEM32\mshtml.dll + 2009-01-17 02:35:14 3,594,752 ----a-w c:\windows\SYSTEM32\mshtml.dll - 2008-10-16 20:38:38 477,696 ------w c:\windows\SYSTEM32\mshtmled.dll + 2008-12-20 23:15:30 477,696 ------w c:\windows\SYSTEM32\mshtmled.dll - 2008-10-16 20:38:38 193,024 ------w c:\windows\SYSTEM32\msrating.dll + 2008-12-20 23:15:31 193,024 ------w c:\windows\SYSTEM32\msrating.dll - 2008-10-16 20:38:39 671,232 ------w c:\windows\SYSTEM32\mstime.dll + 2008-12-20 23:15:32 671,232 ------w c:\windows\SYSTEM32\mstime.dll - 2008-10-16 20:38:39 102,912 ------w c:\windows\SYSTEM32\occache.dll + 2008-12-20 23:15:38 102,912 ------w c:\windows\SYSTEM32\occache.dll - 2009-04-08 18:21:24 60,236 ----a-w c:\windows\SYSTEM32\PERFC009.DAT + 2009-04-10 16:10:41 60,236 ----a-w c:\windows\SYSTEM32\PERFC009.DAT - 2009-04-08 18:21:24 397,274 ----a-w c:\windows\SYSTEM32\PERFH009.DAT + 2009-04-10 16:10:41 397,274 ----a-w c:\windows\SYSTEM32\PERFH009.DAT - 2008-10-16 20:38:39 44,544 ------w c:\windows\SYSTEM32\pngfilt.dll + 2008-12-20 23:15:38 44,544 ------w c:\windows\SYSTEM32\pngfilt.dll - 2008-04-14 00:12:05 144,384 ----a-w c:\windows\SYSTEM32\schannel.dll + 2008-12-05 06:54:55 144,896 ----a-w c:\windows\SYSTEM32\schannel.dll - 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\SYSTEM32\shell32.dll + 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\SYSTEM32\shell32.dll - 2007-11-30 12:39:22 17,272 ------w c:\windows\SYSTEM32\spmsg.dll + 2007-11-30 11:18:51 17,272 ------w c:\windows\SYSTEM32\spmsg.dll - 2008-10-16 20:38:39 105,984 ----a-w c:\windows\SYSTEM32\url.dll + 2008-12-20 23:15:39 105,984 ----a-w c:\windows\SYSTEM32\url.dll - 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\SYSTEM32\urlmon.dll + 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\SYSTEM32\urlmon.dll - 2008-10-16 20:38:39 233,472 ----a-w c:\windows\SYSTEM32\webcheck.dll + 2008-12-20 23:15:40 233,472 ----a-w c:\windows\SYSTEM32\webcheck.dll - 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys + 2009-02-09 11:13:27 1,846,784 ----a-w c:\windows\SYSTEM32\win32k.sys - 2008-10-16 20:38:40 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll + 2008-12-20 23:15:41 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll + 2008-04-15 17:47:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "TorCP"="c:\program files\TorCP\torcp.exe" [2005-12-11 225280] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "PowerPanel Personal Edition User Interaction"="c:\program files\PowerPanel Personal Edition\pppeuser.exe" [2007-08-09 266240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672] "MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-10-08 131072] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-10-08 53248] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-03 155648] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-18 185896] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe] "nwiz"="nwiz.exe" [2006-10-22 c:\windows\SYSTEM32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\SYSTEM32\narrator.exe] c:\documents and settings\Brian Callahan\Start Menu\Programs\Startup\ Privoxy.lnk - c:\program files\Privoxy\privoxy.exe [2004-01-31 212480] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] America Online 7.0 Tray Icon.lnk - c:\program files\America Online 7.0\aoltray.exe [2003-02-19 32839] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-02-19 45056] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-25 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-25 805392] TabUserW.exe.lnk - c:\windows\SYSTEM32\WTablet\TabUserW.exe [2005-12-02 106496] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.VP31"= vp31vfw.dll "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli d3desa.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"= "c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"= "c:\\Program Files\\LightWave [8]\\Programs\\hub.exe"= "c:\\Program Files\\LightWave [8]\\Programs\\modeler.exe"= "c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"= "c:\\Program Files\\ASAP Games\\Pearl Harbor - Zero Hour\\PHarbor.exe"= "c:\\Program Files\\Freeciv-2.0.6-gtk2\\civserver.exe"= "c:\\Program Files\\Java\\jre1.5.0\\bin\\javaw.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\WINDOWS\\SYSTEM32\\CIDAEMON.EXE"= "c:\\WINDOWS\\SYSTEM32\\Tablet.exe"= "c:\\WINDOWS\\SYSTEM32\\WTablet\\TabUserW.exe"= "c:\\Program Files\\Logitech\\SetPoint\\LU\\LULnchr.exe"= R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9079fe2-bac6-11dc-b5c1-000c415c8ac6}] \Shell\AutoRun\command - F:\ONSPCLCK.exe . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://www.educateu.com/ uInternet Settings,ProxyOverride = hxxp://localhost IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html Trusted Zone: musicmatch.com Trusted Zone: musicmatch.com Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Brian Callahan\Application Data\Mozilla\Firefox\Profiles\1q6r27me.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/a/ FF - component: c:\documents and settings\Brian Callahan\Application Data\Mozilla\Firefox\Profiles\1q6r27me.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-10 12:21:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(844) c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\windows\SYSTEM32\nvsvc32.exe c:\program files\PowerPanel Personal Edition\ppped.exe c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\SYSTEM32\Tablet.exe c:\windows\SYSTEM32\wdfmgr.exe c:\windows\wanmpsvc.exe c:\program files\iPod\bin\iPodService.exe c:\windows\SYSTEM32\rundll32.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe . ************************************************************************** . Completion time: 2009-04-10 12:31:03 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-10 17:29:45 ComboFix2.txt 2009-04-08 18:33:38 Pre-Run: 8,192,626,688 bytes free Post-Run: 8,175,583,232 bytes free 446 --- E O F --- 2009-04-09 06:58:38 End of ComboFix JavaRa JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sat Apr 11 13:41:22 2009 Found and removed: C:\Program Files\Java\jre1.5.0 Found and removed: C:\Program Files\Java\jre1.5.0_11 Found and removed: Software\JavaSoft\Java2D\1.5.0 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\JavaPlugin.150 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\JavaPlugin.160_02 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\JavaPlugin.142_10 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02 Found and removed: Software\JavaSoft\Java2D\1.6.0_02 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\ ------------------------------------ Finished reporting. End of JavaRa By the way, for the Java SE Runtime Environment 6u13, should I install it for Windows, Windows Intel Itanium, or Windows x64?

Sorry for the delay - Norton AntiVirus didn't want to go, but I managed to uninstall it eventually. Oh, and the update to Adobe Shockwave Player is asking me if I want to install Norton Security Scan.

Okay, here are the logs: ComboFix ComboFix 09-04-04.01 - Brian Callahan 2009-04-08 13:13:41.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.629 [GMT -5:00] Running from: c:\documents and settings\Brian Callahan\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Brian Callahan\Cookies\agohefijil.com c:\documents and settings\Brian Callahan\Cookies\kilugynuz.dat c:\documents and settings\Brian Callahan\Cookies\noveridi._sy c:\documents and settings\Brian Callahan\Cookies\ximizesiwu._sy c:\documents and settings\Brian Callahan\Cookies\yfosimomep.vbs c:\program files\INSTALL.LOG c:\windows\clofghls.dll c:\windows\system32\lowsec c:\windows\system32\lowsec\local.ds c:\windows\system32\lowsec\user.ds . ((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 ))))))))))))))))))))))))))))))) . 2009-04-08 13:21 . 2009-04-08 13:21 <DIR> d-------- c:\windows\LastGood 2009-04-08 12:20 . 2009-04-08 12:20 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-04-08 12:19 . 2009-04-08 12:20 <DIR> d-------- c:\program files\File Recover 2009-04-08 12:19 . 2009-03-24 01:57 44,544 --a------ c:\windows\SYSTEM32\msxml4a.dll 2009-04-07 13:08 . 2009-04-07 13:08 <DIR> d-------- c:\documents and settings\Brian Callahan\DoctorWeb 2009-04-07 12:24 . 2009-04-07 12:24 <DIR> d-------- c:\program files\CCleaner 2009-04-02 11:38 . 2009-03-26 16:49 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-04-02 11:38 . 2009-03-26 16:49 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-03-25 15:04 . 1996-03-27 12:24 28,856 --a------ c:\windows\BATTLEST.TTF 2009-03-18 22:21 . 2009-03-19 01:03 <DIR> d-------- C:\!KillBox 2009-03-16 22:07 . 2009-03-16 22:07 20 --a------ c:\windows\mafosav.INI 2009-03-12 11:32 . 2009-03-12 11:32 <DIR> d-------- c:\program files\Avira 2009-03-12 11:32 . 2009-03-12 11:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-03-12 11:28 . 2009-03-12 11:28 <DIR> d-------- c:\program files\Trend Micro 2009-03-11 17:08 . 2009-03-11 17:09 <DIR> d-------- C:\fixwareout 2009-03-11 14:14 . 2009-03-11 14:50 <DIR> d-------- c:\documents and settings\Brian Callahan\Application Data\FreeCAD 2009-03-11 14:09 . 2009-03-11 14:10 <DIR> d-------- c:\program files\FreeCAD0.7 2009-03-11 13:14 . 2009-03-11 13:22 <DIR> d-------- c:\program files\BRL-CAD . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-22 05:00 56,320 ----a-w c:\windows\gendel32.exe 2009-04-08 18:21 --------- d-----w c:\documents and settings\Brian Callahan\Application Data\Tor 2009-04-08 18:18 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-04-08 18:17 --------- d-----w c:\program files\PowerPanel Personal Edition 2009-04-02 16:38 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-25 18:38 --------- d-----w c:\documents and settings\Brian Callahan\Application Data\Canon 2009-02-16 22:58 --------- d-----w c:\documents and settings\Brian Callahan\Application Data\U3 2008-09-04 16:52 19,882 ----a-w c:\program files\Common Files\iwihako.pif 2008-09-04 16:52 14,624 ----a-w c:\documents and settings\Brian Callahan\Application Data\xose.dat 2008-09-04 16:52 12,209 ----a-w c:\documents and settings\Brian Callahan\Application Data\ufurucinu.bat 2008-09-04 16:52 12,189 ----a-w c:\program files\Common Files\pynilyzih.vbs 2008-09-04 04:32 17,739 ----a-w c:\documents and settings\Brian Callahan\Application Data\tysexuxedy.dat 2008-09-04 04:32 16,442 ----a-w c:\program files\Common Files\vinexypu._dl 2008-09-04 04:32 16,371 ----a-w c:\program files\Common Files\nopeq._dl 2008-09-04 04:32 16,285 ----a-w c:\documents and settings\All Users\Application Data\kexynanypi.reg 2008-09-04 04:32 14,238 ----a-w c:\documents and settings\Brian Callahan\Application Data\arutuniner.bat 2008-09-04 04:32 13,954 ----a-w c:\program files\Common Files\xexupesow.db 2006-09-08 17:42 54,312 ----a-w c:\program files\tor-bundle-uninstall.exe 2006-02-11 00:41 26,657 ----a-w c:\program files\BUNDLE_LICENSE 2002-09-20 02:48 8,919,552 ----a-w c:\documents and settings\Brian Callahan\penguins.exe 2000-06-26 21:30 61 ----a-w c:\program files\SETUP.INI 2000-06-26 21:30 49 ----a-w c:\program files\setup.lid 2000-06-26 21:30 43,883,633 ----a-w c:\program files\data1.cab 2000-06-26 21:30 353 ----a-w c:\program files\layout.bin 2000-06-26 21:30 254,373 ----a-w c:\program files\_user1.cab 2000-06-26 21:30 186,656 ----a-w c:\program files\_sys1.cab 2000-06-26 21:30 105 ----a-w c:\program files\DATA.TAG 2000-06-26 21:17 5,815 ----a-w c:\program files\ReadMe.htm 2000-06-16 21:50 56,992 ----a-w c:\program files\setup.ins 2000-03-01 02:42 160,438 ----a-w c:\program files\setup.bmp 1997-11-19 22:08 11,264 ----a-w c:\program files\_setup.dll 1997-11-19 22:05 8,192 ----a-w c:\program files\_ISDEL.EXE 1997-11-19 22:05 300,178 ----a-w c:\program files\_INST32I.EX_ 1997-05-30 17:31 4,557 ----a-w c:\program files\lang.dat 1997-05-06 20:15 417 ----a-w c:\program files\os.dat 2003-02-19 12:57 32 --sha-w c:\windows\{B62FC6AF-46BF-4054-9BB9-154BD55549C0}.dat 2003-02-19 12:57 32 --sha-w c:\windows\SYSTEM32\{AC4F1F73-1561-408C-990E-6BF0AAC531EB}.dat 2008-12-07 00:08 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008120620081207\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "TorCP"="c:\program files\TorCP\torcp.exe" [2005-12-11 225280] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "PowerPanel Personal Edition User Interaction"="c:\program files\PowerPanel Personal Edition\pppeuser.exe" [2007-08-09 266240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672] "MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-10-08 131072] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 50880] "ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 34504] "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936] "DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-10-08 53248] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528] "Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-11-02 100056] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-03 155648] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-18 185896] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Ucisesiqasoqege"="c:\windows\asizekudegemidar.dll" [2008-04-13 157184] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe] "nwiz"="nwiz.exe" [2006-10-22 c:\windows\SYSTEM32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\SYSTEM32\narrator.exe] c:\documents and settings\Brian Callahan\Start Menu\Programs\Startup\ Privoxy.lnk - c:\program files\Privoxy\privoxy.exe [2004-01-31 212480] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] America Online 7.0 Tray Icon.lnk - c:\program files\America Online 7.0\aoltray.exe [2003-02-19 32839] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-02-19 45056] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-25 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-25 805392] TabUserW.exe.lnk - c:\windows\SYSTEM32\WTablet\TabUserW.exe [2005-12-02 106496] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.VP31"= vp31vfw.dll "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli d3desa.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"= "c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"= "c:\\Program Files\\LightWave [8]\\Programs\\hub.exe"= "c:\\Program Files\\LightWave [8]\\Programs\\modeler.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"= "c:\\Program Files\\ASAP Games\\Pearl Harbor - Zero Hour\\PHarbor.exe"= "c:\\Program Files\\Freeciv-2.0.6-gtk2\\civserver.exe"= "c:\\Program Files\\Java\\jre1.5.0\\bin\\javaw.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\WINDOWS\\SYSTEM32\\CIDAEMON.EXE"= "c:\\WINDOWS\\SYSTEM32\\Tablet.exe"= "c:\\WINDOWS\\SYSTEM32\\WTablet\\TabUserW.exe"= "c:\\Program Files\\Logitech\\SetPoint\\LU\\LULnchr.exe"= R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9079fe2-bac6-11dc-b5c1-000c415c8ac6}] \Shell\AutoRun\command - F:\ONSPCLCK.exe . Contents of the 'Scheduled Tasks' folder 2009-04-02 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job - c:\progra~1\NORTON~1\NAVW32.exe [2002-11-14 19:31] 2009-04-08 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 18:26] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Redemption - \redemption.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://www.educateu.com/ uInternet Settings,ProxyOverride = hxxp://localhost IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html Trusted Zone: musicmatch.com Trusted Zone: musicmatch.com Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Brian Callahan\Application Data\Mozilla\Firefox\Profiles\1q6r27me.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/a/ FF - component: c:\documents and settings\Brian Callahan\Application Data\Mozilla\Firefox\Profiles\1q6r27me.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-08 13:24:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(856) c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll - - - - - - - > 'lsass.exe'(912) c:\windows\d3desa.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Norton AntiVirus\NAVAPSVC.EXE c:\windows\SYSTEM32\nvsvc32.exe c:\program files\PowerPanel Personal Edition\ppped.exe c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\SYSTEM32\Tablet.exe c:\windows\SYSTEM32\wdfmgr.exe c:\windows\wanmpsvc.exe c:\windows\SYSTEM32\rundll32.exe c:\program files\iPod\bin\iPodService.exe c:\windows\SYSTEM32\wscntfy.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe . ************************************************************************** . Completion time: 2009-04-08 13:33:36 - machine was rebooted [brian Callahan] ComboFix-quarantined-files.txt 2009-04-08 18:32:17 Pre-Run: 8,376,778,752 bytes free Post-Run: 8,290,402,304 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 244 --- E O F --- 2008-12-19 08:30:18 End ComboxFix Hijack This Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:06:55 PM, on 4/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\Program Files\PowerPanel Personal Edition\ppped.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\Tablet.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PowerPanel Personal Edition\pppeuser.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\America Online 7.0\aoltray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe C:\Program Files\Privoxy\privoxy.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.educateu.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Brian Callahan\Application Data\Mozilla\Firefox\Profiles\1q6r27me.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.58.dll (file missing) O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ucisesiqasoqege] rundll32.exe "C:\WINDOWS\asizekudegemidar.dll",e O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [TorCP] "C:\Program Files\TorCP\torcp.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\PowerPanel Personal Edition\pppeuser.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.syngress.com O15 - Trusted Zone: *.musicmatch.com O15 - Trusted Zone: *.musicmatch.com (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105140351792 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228604275937 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\PowerPanel Personal Edition\ppped.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 11982 bytes End Hijack This DDS DDS (Ver_09-03-16.01) - NTFSx86 Run by Brian Callahan at 14:05:55.28 on Wed 04/08/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.603 [GMT -5:00] AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\Program Files\PowerPanel Personal Edition\ppped.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\Tablet.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PowerPanel Personal Edition\pppeuser.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\America Online 7.0\aoltray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe C:\Program Files\Privoxy\privoxy.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Documents and Settings\Brian Callahan\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://www.educateu.com/ uInternet Settings,ProxyOverride = hxxp://localhost TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\documents and settings\brian callahan\application data\mozilla\firefox\profiles\1q6r27me.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.58.dll TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [TorCP] "c:\program files\torcp\torcp.exe" uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\powerpanel personal edition\pppeuser.exe" mRun: [bCMSMMSG] BCMSMMSG.exe mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe mRun: [ccRegVfy] c:\program files\common files\symantec shared\ccRegVfy.exe mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe" mRun: [DXM6Patch_981116] c:\windows\p_981116.exe /Q:A mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe" mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min mRun: [ucisesiqasoqege] rundll32.exe "c:\windows\asizekudegemidar.dll",e dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\brianc~1\startm~1\programs\startup\privoxy.lnk - c:\program files\privoxy\privoxy.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 7.0\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe uPolicies-explorer: ForceClassicControlPanel = 1 (0x1) IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: musicmatch.com Trusted Zone: musicmatch.com DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105140351792 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228604275937 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll LSA: Notification Packages = scecli d3desa.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\brianc~1\applic~1\mozilla\firefox\profiles\1q6r27me.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/a/ FF - component: c:\documents and settings\brian callahan\application data\mozilla\firefox\profiles\1q6r27me.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - HiddenExtension: XUL Cache: {2DF82E57-1095-48AC-AF0F-05E18F19F106} - c:\documents and settings\brian callahan\local settings\application data\{2DF82E57-1095-48AC-AF0F-05E18F19F106} ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-3-12 11840] R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304] R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-3-12 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-3-12 151297] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2002-8-8 308936] R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2002-8-19 116336] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784] R2 SAVRTPEL;SAVRTPEL;c:\windows\system32\drivers\SAVRTPEL.SYS [2002-7-25 35552] R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-3-12 52032] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060104.006\NAVENG.Sys [2006-1-4 77864] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060104.006\NavEx15.Sys [2006-1-4 750952] R3 SAVRT;SAVRT;c:\windows\system32\drivers\SAVRT.SYS [2002-7-25 235744] S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2001-8-14 54408] S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2002-8-19 63176] =============== Created Last 30 ================ 2009-04-08 13:40 0 a------- c:\windows\Jdewasule.bin 2009-04-08 13:40 408 a------- c:\windows\Gralacaxoza.dat 2009-04-08 13:07 <DIR> a-dshr-- C:\cmdcons 2009-04-08 13:04 161,792 a------- c:\windows\SWREG.exe 2009-04-08 13:04 98,816 a------- c:\windows\sed.exe 2009-04-08 12:19 44,544 a------- c:\windows\system32\msxml4a.dll 2009-04-08 12:19 <DIR> --d----- c:\program files\File Recover 2009-04-07 13:08 <DIR> --d----- c:\documents and settings\brian callahan\DoctorWeb 2009-04-07 12:24 <DIR> --d----- c:\program files\CCleaner 2009-04-02 11:38 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-04-02 11:38 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-25 15:04 28,856 a------- c:\windows\BATTLEST.TTF 2009-03-18 22:21 <DIR> --d----- C:\!KillBox 2009-03-16 22:07 20 a------- c:\windows\mafosav.INI 2009-03-12 11:32 <DIR> --d----- c:\program files\Avira 2009-03-12 11:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira 2009-03-12 11:28 <DIR> --d----- c:\program files\Trend Micro 2009-03-11 17:08 <DIR> --d----- C:\fixwareout 2009-03-11 14:14 <DIR> --d----- c:\docume~1\brianc~1\applic~1\FreeCAD 2009-03-11 14:09 <DIR> --d----- c:\program files\FreeCAD0.7 2009-03-11 13:14 <DIR> --d----- c:\program files\BRL-CAD ==================== Find3M ==================== 2008-09-04 11:52 19,882 a------- c:\program files\common files\iwihako.pif 2008-09-04 11:52 14,624 a------- c:\docume~1\brianc~1\applic~1\xose.dat 2008-09-04 11:52 12,209 a------- c:\docume~1\brianc~1\applic~1\ufurucinu.bat 2008-09-04 11:52 12,189 a------- c:\program files\common files\pynilyzih.vbs 2008-09-03 23:32 17,739 a------- c:\docume~1\brianc~1\applic~1\tysexuxedy.dat 2008-09-03 23:32 16,442 a------- c:\program files\common files\vinexypu._dl 2008-09-03 23:32 16,371 a------- c:\program files\common files\nopeq._dl 2008-09-03 23:32 16,285 a------- c:\docume~1\alluse~1\applic~1\kexynanypi.reg 2008-09-03 23:32 14,238 a------- c:\docume~1\brianc~1\applic~1\arutuniner.bat 2008-09-03 23:32 13,954 a------- c:\program files\common files\xexupesow.db 2006-09-08 12:42 54,312 a------- c:\program files\tor-bundle-uninstall.exe 2006-02-10 19:41 26,657 a------- c:\program files\BUNDLE_LICENSE 2002-09-19 21:48 8,919,552 a------- c:\documents and settings\brian callahan\penguins.exe 2000-06-26 16:30 43,883,633 a------- c:\program files\data1.cab 2000-06-26 16:30 353 a------- c:\program files\layout.bin 2000-06-26 16:30 49 a------- c:\program files\setup.lid 2000-06-26 16:30 254,373 a------- c:\program files\_user1.cab 2000-06-26 16:30 186,656 a------- c:\program files\_sys1.cab 2000-06-26 16:30 105 a------- c:\program files\DATA.TAG 2000-06-26 16:30 61 a------- c:\program files\SETUP.INI 2000-06-26 16:17 5,815 a------- c:\program files\ReadMe.htm 2000-06-16 16:50 56,992 a------- c:\program files\setup.ins 2000-02-29 21:42 160,438 a------- c:\program files\setup.bmp 1997-11-19 17:08 11,264 a------- c:\program files\_setup.dll 1997-11-19 17:05 8,192 a------- c:\program files\_ISDEL.EXE 1997-11-19 17:05 300,178 a------- c:\program files\_INST32I.EX_ 1997-05-30 12:31 4,557 a------- c:\program files\lang.dat 1997-05-06 15:15 417 a------- c:\program files\os.dat 2003-02-19 07:57 32 a--sh--- c:\windows\{B62FC6AF-46BF-4054-9BB9-154BD55549C0}.dat 2003-02-19 07:57 32 a--sh--- c:\windows\system32\{AC4F1F73-1561-408C-990E-6BF0AAC531EB}.dat 2008-12-06 19:08 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120620081207\index.dat ============= FINISH: 14:06:09.90 =============== End DDS And the file Attach.zip. Attach.zip Attach.zip

Everything went swimingly until I tried to get Dr Web CureIt to run a scan. It said "Preparing for scanning", but never did anything after that. Also it wont quit (mind you it hasn't froze, it just ignores the exit command).

Is there any additional information you want me to post?

Yeah, but I have no idea if this is related to malware or if it's just a bug in version 1.35.

A day ago I updated to 1.35 in the hopes that the new version would be able to get rid of what Avira AntiVir Personal couldn't. Ever since then, whenever I try to run a scan it will run normally for 15 to 25 seconds, then freeze up. Trying to get it to force quit using Task Manager doesn't work, only restarting or shutting down gets it to quit. I've tried uninstalling and reinstalling; no dice. The last thing it scanned before freezing up was C:\WINDOWS\system32\wdigest.dll My Hijack This log is as follows: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:50:29 PM, on 4/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\Program Files\PowerPanel Personal Edition\ppped.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\Tablet.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\TorCP\torcp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PowerPanel Personal Edition\pppeuser.exe C:\Program Files\Tor\tor.exe C:\Program Files\America Online 7.0\aoltray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe C:\Program Files\Privoxy\privoxy.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Documents and Settings\Brian Callahan\Desktop\KillBox.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.educateu.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Syngress Media Inc R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Brian Callahan\Application Data\Mozilla\Firefox\Profiles\1q6r27me.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.58.dll (file missing) O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [Redemption] "\redemption.exe" /STARTUP O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ucisesiqasoqege] rundll32.exe "C:\WINDOWS\asizekudegemidar.dll",e O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [TorCP] "C:\Program Files\TorCP\torcp.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\PowerPanel Personal Edition\pppeuser.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.syngress.com O15 - Trusted Zone: *.musicmatch.com O15 - Trusted Zone: *.musicmatch.com (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105140351792 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228604275937 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: karina.dat C:\WINDOWS\system32\kenayiba.dll C:\WINDOWS\system32\zevigulo.dll , O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\PowerPanel Personal Edition\ppped.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 12770 bytes Any ideas on what's causing the freezing?