kim2009

Hi Ron, Did everything, including removing the WMI Registration for WSS. Everything seems to be working fine, log files below. A couple of things popped up during the process, they may all be normal but I am mentioning them just in case. When I tried to remove Macromedia Shockwave I got an error message saying that it could not open the install file. While I was removing the files you recommended, I also tried to remove a screen saver I do not use. Computer froze and I had to reboot. On reboot I got a Data Execution Prevention warning for Generic Host Process for Win32 services. I checked the settings, and DEP is enabled for essential services but nothing else. Do I need to beef this up to the "all but" level, and if so, what should I exclude? I have not tried removing the screen saver again since. On the next reboot, after removing JAVA files, I got a message regarding tcsd_Win32.exe. I think it said could not read, but the message disappeared before I could write it all down. Reboot seemed to be OK though. Tried rebooting again, but the same message did not appear. On the next reboot (after installing latest version of JAVA) another message flashed up saying that asflpMon.exe could not be read. Boot seemed to proceed just fine. Tried rebooting again, and did not get the same message. I am going to switch to Firefox and the antivirus and firewall programs you recommend in your pinned post. Hopefully I won't ever have to go through this again! I do believe we have this thing licked...I am so grateful! Is there anything I can do for you...bear your next child...walk through hot coals?? Thanks again! JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Sep 23 08:58:56 2009 Found and removed: C:\Documents and Settings\Kim\Application Data\Sun\Java\jre1.6.0_13 Found and removed: C:\Documents and Settings\Kim\Application Data\Sun\Java\jre1.6.0_14 ------------------------------------ Finished reporting. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=81cd0f0e0fc6ad4cb3ceb7b07f9d00d1 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-09-23 02:33:41 # local_time=2009-09-23 10:33:41 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5121 37 100 88 19079990156250 # scanned=116142 # found=0 # cleaned=0 # scan_time=2118 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:43:12 AM, on 9/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206473571031 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1220802438093 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://reddotevents.webex.com/client/T25L/webex/ieatgpc.cab O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard....rueSwitchEC.exe O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll O23 - Service: McAfee Application Installer Cleanup (0153161253617436) (0153161253617436mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\015316~1.EXE (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: CopyPwd Service (CpPwdSvc) - Unknown owner - C:\Program Files\Laplink\PCmover\cppwdsvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 13117 bytes

Hi Ron, Logs follow, attach.txt attached. Malwarebytes did not instruct me to remove anything..I still see WSS listed as enabled (rats...what a persistent little bugger...) by the way, I also see Norton listed as enabled, but I thought I had unistalled all versions months ago. Thanks again for your help. Malwarebytes' Anti-Malware 1.41 Database version: 2845 Windows 5.1.2600 Service Pack 3 9/22/2009 9:01:49 PM mbam-log-2009-09-22 (21-01-49).txt Scan type: Quick Scan Objects scanned: 109755 Time elapsed: 3 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:03:34 PM, on 9/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\DellTPad\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080318 N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\KIM\Application Data\Mozilla\Profiles\default\ljagdbqv.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\KIM\Application Data\Mozilla\Profiles\default\ljagdbqv.slt\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206473571031 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1220802438093 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://reddotevents.webex.com/client/T25L/webex/ieatgpc.cab O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard....rueSwitchEC.exe O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll O23 - Service: McAfee Application Installer Cleanup (0153161253617436) (0153161253617436mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\015316~1.EXE (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: CopyPwd Service (CpPwdSvc) - Unknown owner - C:\Program Files\Laplink\PCmover\cppwdsvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 13609 bytes DDS (Ver_09-07-30.01) - NTFSx86 Run by Kim at 21:09:23.34 on Tue 09/22/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1391 [GMT -4:00] AV: Windows System Suite *On-access scanning enabled* (Updated) {635135CA-6C19-41AB-B9F1-0FE47C5A92A4} AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} FW: Windows System Suite *enabled* {F622727A-8B7B-4C37-8B7F-D03A29205272} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\DellTPad\Apoint.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [Google Update] "c:\documents and settings\kim\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [KADxMain] c:\windows\system32\KADxMain.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - hxxp://www.symantec.com/techsupp/activedata/nprdtinf.cab DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206473571031 DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220802438093 DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://reddotevents.webex.com/client/T25L/webex/ieatgpc.cab DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 wvauth ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\kim\applic~1\mozilla\firefox\profiles\default.4dk\ FF - plugin: c:\documents and settings\kim\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-31 214024] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-31 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-3-31 144704] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-31 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-31 35272] RUnknown szkg5;szkg5; [x] S2 0153161253617436mcinstcleanup;McAfee Application Installer Cleanup (0153161253617436);c:\windows\temp\015316~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\015316~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?] S3 CpPwdSvc;CopyPwd Service;c:\program files\laplink\pcmover\cppwdsvc.exe [2007-3-15 46648] S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2005-8-3 4736] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-31 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-31 40552] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2005-8-3 8960] S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe --> c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [?] S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-31 606736] =============== Created Last 30 ================ 2009-09-22 21:07 359,932 a------- c:\program files\dds.scr 2009-09-22 20:49 1,048,000 a------- c:\program files\ccsetup223_slim.exe 2009-09-22 07:28 <DIR> a-dshr-- C:\cmdcons 2009-09-22 07:25 229,888 a------- c:\windows\PEV.exe 2009-09-22 07:25 161,792 a------- c:\windows\SWREG.exe 2009-09-22 07:25 98,816 a------- c:\windows\sed.exe 2009-09-22 07:25 <DIR> --d----- C:\Combo-Fix 2009-09-17 08:13 <DIR> --d----- c:\docume~1\kim\applic~1\Malwarebytes 2009-09-17 08:13 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-17 08:13 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-17 08:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-17 08:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-09-17 06:49 <DIR> --d----- c:\program files\Trend Micro 2009-09-16 22:28 153,088 -------- c:\windows\system32\dllcache\triedit.dll 2009-09-16 22:28 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx 2009-09-16 22:28 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll 2009-09-16 22:21 <DIR> --d----- c:\windows\system32\wbem\Repository 2009-09-16 22:20 <DIR> --d----- c:\program files\Nick Clickables 2009-09-16 22:20 <DIR> --d----- c:\program files\AOD ==================== Find3M ==================== 2009-08-13 11:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll 2009-08-13 10:23 4,298,693,511 a------- c:\documents and settings\kim\My Documents 8-13-09.zip 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-19 09:33 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll 2009-07-19 09:32 6,067,200 a------- c:\windows\system32\dllcache\ieframe.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll 2009-07-14 10:01 16,853,617 a------- c:\program files\magento-1.3.2.2.zip 2009-07-12 12:21 4,874,240 a------- c:\windows\system32\dllcache\wmp.dll 2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll 2009-07-12 12:21 233,472 -------- c:\windows\system32\dllcache\wmpdxm.dll 2009-06-29 07:07 13,824 a------- c:\windows\system32\dllcache\ieudinit.exe 2009-06-29 07:07 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe 2009-06-29 04:35 634,632 a------- c:\windows\system32\dllcache\iexplore.exe 2009-06-29 04:33 2,452,872 a------- c:\windows\system32\dllcache\ieapfltr.dat 2009-06-29 04:33 161,792 a------- c:\windows\system32\dllcache\ieakui.dll 2008-09-13 20:41 0 a------- c:\documents and settings\kim\jagex_runescape_preferences.dat 2007-03-04 22:56 722,176 a------- c:\documents and settings\kim\gotomypc_428.exe 2006-09-28 10:11 563,712 a------- c:\documents and settings\kim\gotomypc_370.exe 2006-08-02 04:27 345,068,035 a------- c:\program files\Photoshop_CS2.exe 2006-07-12 17:04 28,672 a------- c:\documents and settings\kim\atwbxdet.dll 2005-05-11 08:07 67,253,473 a------- c:\program files\PM701Tryout.exe 2005-04-21 08:31 8,388,079 a------- c:\program files\c2c_pdftoolbox.exe 2005-03-20 13:20 113,149,118 a------- c:\program files\psp901entr.exe 2004-08-12 17:36 31,033,932 a------- c:\program files\ACT!603TB30Trial.exe 2004-01-21 21:24 16,706,160 a------- c:\program files\AdbeRdr60_enu_full.exe 2004-01-21 21:22 6,262,872 a------- c:\program files\psa2se_us.exe 2004-01-14 06:47 19,616,112 a------- c:\program files\MoneyTrial.exe 2003-12-18 07:20 451,136 a------- c:\program files\GoogleToolbarInstaller.exe 2004-08-25 22:11 56 a--shr-- c:\windows\system32\ACC2C605EE.sys 2006-07-10 19:23 88 a--shr-- c:\windows\system32\EE05C6C2AC.sys 2006-08-24 23:10 4,184 a--sh--- c:\windows\system32\KGyGaAvL.sys 2008-09-07 11:43 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080908\index.dat ============= FINISH: 21:09:47.59 =============== Attach.txt

Thanks Ron! Logs are below. Two things I should mention: I had clicked on Combo-Fix when I remembered I had not disabled the windows firewall. I disabled the firewall before the scan started. Combo-Fix also gave me a warning about disabling Windows System Suite, which (of course) I can't do. Hope I didn't mess the scan up... ComboFix 09-09-21.01 - Kim 09/22/2009 7:30.1.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1333 [GMT -4:00] Running from: c:\documents and settings\Kim\Desktop\Combo-Fix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Windows System Suite *On-access scanning enabled* (Updated) {635135CA-6C19-41AB-B9F1-0FE47C5A92A4} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} FW: Windows System Suite *enabled* {F622727A-8B7B-4C37-8B7F-D03A29205272} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\searchplugins\search.xml c:\windows\Downloaded Program Files\ODCTOOLS c:\windows\Installer\1128E.MSI c:\windows\Installer\13705b.msp c:\windows\Installer\216b4f9a.msi c:\windows\Installer\36354f91.msp c:\windows\Installer\3c45fc2.msi c:\windows\Installer\4707c.msi c:\windows\Installer\4e887.msi c:\windows\Installer\53b209d.msi c:\windows\Installer\e590816.msp c:\windows\Installer\e590817.msp c:\windows\Installer\e59083a.msp c:\windows\wpd99.drv . ((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 ))))))))))))))))))))))))))))))) . 2009-09-22 11:28 . 2009-09-22 11:28 -------- d-----w- c:\windows\LastGood.Tmp 2009-09-17 12:13 . 2009-09-17 12:13 -------- d-----w- c:\documents and settings\Kim\Application Data\Malwarebytes 2009-09-17 12:13 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-17 12:13 . 2009-09-17 12:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-17 12:13 . 2009-09-17 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-17 12:13 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-17 10:49 . 2009-09-17 10:49 -------- d-----w- c:\program files\Trend Micro 2009-09-17 02:28 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-17 02:28 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-09-17 02:21 . 2009-09-17 02:21 -------- d-----w- c:\windows\system32\wbem\Repository 2009-09-17 02:20 . 2009-09-17 02:20 -------- d-----w- c:\program files\Nick Clickables 2009-09-17 02:20 . 2009-09-17 02:20 -------- d-----w- c:\program files\AOD . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-22 11:38 . 2009-09-22 11:38 1893 ----a-w- c:\windows\bcmwltrytmp.reg 2009-09-22 11:37 . 2008-03-25 18:56 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-09-22 11:37 . 2008-03-25 12:48 0 ----a-w- c:\documents and settings\Kim\Local Settings\Application Data\WavXMapDrive.bat 2009-09-22 11:22 . 2009-08-05 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla! 2009-09-22 11:11 . 2009-04-01 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-22 11:03 . 2009-04-01 02:42 -------- d-----w- c:\program files\McAfee 2009-09-17 13:31 . 2008-03-25 13:20 -------- d-----w- c:\program files\Easy CD-DA Extractor 7 2009-09-17 02:25 . 2008-03-25 12:48 56040 ----a-w- c:\documents and settings\Kim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-17 02:23 . 2008-03-17 23:56 56040 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-17 02:20 . 2008-03-18 00:02 -------- d-----w- c:\program files\Google 2009-08-13 14:23 . 2009-08-13 14:05 4298693511 ----a-w- c:\documents and settings\Kim\My Documents 8-13-09.zip 2009-08-13 13:48 . 2008-03-25 13:14 -------- d-----w- c:\program files\Cartoon Network 2009-08-13 13:37 . 2008-03-25 13:37 -------- d-----w- c:\program files\PopCap Games 2009-08-06 12:48 . 2009-08-05 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard 2009-08-05 23:41 . 2009-08-05 23:41 -------- d-----w- c:\program files\STOPzilla! 2009-08-05 23:41 . 2009-08-05 23:41 -------- d-----w- c:\program files\Common Files\iS3 2009-08-05 09:01 . 2004-08-10 18:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-31 18:26 . 2009-07-30 07:07 2352 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-07-20 18:57 . 2009-07-20 18:57 17408 ----a-r- c:\windows\system32\SZIO5.dll 2009-07-20 18:56 . 2009-07-20 18:56 311296 ----a-r- c:\windows\system32\SZBase5.dll 2009-07-20 18:56 . 2009-07-20 18:56 540672 ----a-r- c:\windows\system32\SZComp5.dll 2009-07-17 19:01 . 2004-08-10 18:50 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-16 16:32 . 2009-04-01 02:43 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-07-14 14:01 . 2009-07-14 14:01 16853617 ----a-w- c:\program files\magento-1.3.2.2.zip 2009-07-12 16:21 . 2004-08-10 18:51 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 19:52 . 2009-07-09 19:52 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll 2009-07-09 19:52 . 2009-07-09 19:52 393216 ----a-r- c:\windows\system32\IS3DBA5.dll 2009-07-09 19:51 . 2009-07-09 19:51 385024 ----a-r- c:\windows\system32\IS3UI5.dll 2009-07-09 19:51 . 2009-07-09 19:51 61440 ----a-r- c:\windows\system32\IS3Hks5.dll 2009-07-09 19:51 . 2009-07-09 19:51 23040 ----a-r- c:\windows\system32\IS3XDat5.dll 2009-07-09 19:50 . 2009-07-09 19:50 225280 ----a-r- c:\windows\system32\IS3Win325.dll 2009-07-09 19:50 . 2009-07-09 19:50 94208 ----a-r- c:\windows\system32\IS3Inet5.dll 2009-07-09 19:50 . 2009-07-09 19:50 90112 ----a-r- c:\windows\system32\IS3Svc5.dll 2009-07-09 19:47 . 2009-07-09 19:47 724992 ----a-r- c:\windows\system32\IS3Base5.dll 2009-07-08 17:44 . 2009-04-01 02:43 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-07-08 17:44 . 2009-04-01 02:43 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-07-08 17:44 . 2009-04-01 02:43 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-07-08 17:44 . 2009-04-01 02:43 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-07-08 17:43 . 2009-04-01 02:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-06-29 16:12 . 2004-08-10 18:51 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-10 18:51 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-10 18:50 17408 ----a-w- c:\windows\system32\corpol.dll 2006-08-02 08:27 . 2006-08-02 08:22 345068035 ----a-w- c:\program files\Photoshop_CS2.exe 2005-05-11 12:07 . 2005-05-11 12:07 67253473 ----a-w- c:\program files\PM701Tryout.exe 2005-04-21 12:31 . 2005-01-07 17:25 8388079 ----a-w- c:\program files\c2c_pdftoolbox.exe 2005-03-20 17:20 . 2005-03-20 17:18 113149118 ----a-w- c:\program files\psp901entr.exe 2004-08-12 21:36 . 2004-08-12 21:34 31033932 ----a-w- c:\program files\ACT!603TB30Trial.exe 2004-01-22 01:24 . 2004-01-22 01:22 16706160 ----a-w- c:\program files\AdbeRdr60_enu_full.exe 2004-01-22 01:22 . 2004-01-22 01:21 6262872 ----a-w- c:\program files\psa2se_us.exe 2004-01-14 10:47 . 2004-01-14 10:47 19616112 ----a-w- c:\program files\MoneyTrial.exe 2003-12-18 11:20 . 2003-12-18 11:20 451136 ----a-w- c:\program files\GoogleToolbarInstaller.exe 2004-08-26 02:11 . 2004-08-26 02:08 56 --sha-r- c:\windows\system32\ACC2C605EE.sys 2006-07-10 23:23 . 2006-06-04 19:11 88 --sha-r- c:\windows\system32\EE05C6C2AC.sys 2006-08-25 03:10 . 2004-08-26 02:08 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-18 68856] "Google Update"="c:\documents and settings\Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-05 133104] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-10 159744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-10 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-10 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-10 137752] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-09-07 1236992] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-18 1838592] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2003-12-15 26112] "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-09-14 405504] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-17 50688] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] 2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 3:30 PM 79168] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 2:50 PM 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536] S2 0153161253617436mcinstcleanup;McAfee Application Installer Cleanup (0153161253617436);c:\windows\TEMP\015316~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\015316~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S3 CpPwdSvc;CopyPwd Service;c:\program files\Laplink\PCmover\cppwdsvc.exe [3/15/2007 8:50 AM 46648] S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [8/3/2005 3:59 PM 4736] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [8/3/2005 3:59 PM 8960] . Contents of the 'Scheduled Tasks' folder 2009-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 22:13] 2009-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4118102988-3820216254-2328666360-1009Core.job - c:\documents and settings\Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-05 23:16] 2009-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4118102988-3820216254-2328666360-1009UA.job - c:\documents and settings\Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-05 23:16] 2009-09-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-01 01:26] 2009-09-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-01 01:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe FF - ProfilePath - c:\documents and settings\Kim\Application Data\Mozilla\Firefox\Profiles\default.4dk\ FF - plugin: c:\documents and settings\Kim\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - Toolbar-SITEguard - (no file) HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe AddRemove-ActiveTouchMeetingClient - c:\windows\DOWNLO~1\atcliun.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-22 07:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-4118102988-3820216254-2328666360-1009\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(684) c:\windows\System32\BCMLogon.dll - - - - - - - > 'lsass.exe'(740) c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll - - - - - - - > 'explorer.exe'(524) c:\windows\system32\WININET.dll c:\windows\system32\IEFRAME.dll c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL c:\windows\system32\mshtml.dll c:\windows\IME\SPGRMR.DLL c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\TFSWAPI.DLL c:\windows\system32\CDRTC.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\BCMWLTRY.EXE c:\windows\system32\igfxsrvc.exe c:\program files\Dell\Support\Alert\bin\NotifyAlert.exe c:\program files\DellTPad\ApMsgFwd.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\program files\DellTPad\hidfind.exe c:\program files\DellTPad\ApntEx.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\Dell\QuickSet\NicConfigSvc.exe c:\windows\system32\stacsv.exe c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\msdtc.exe c:\program files\Common Files\Dell\EUSW\DSLog.exe . ************************************************************************** . Completion time: 2009-09-22 7:42 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-22 11:42 Pre-Run: 70,165,245,952 bytes free Post-Run: 72,838,930,432 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 285 --- E O F --- 2009-09-17 07:04 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:45:38 AM, on 9/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\DellTPad\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080318 N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\KIM\Application Data\Mozilla\Profiles\default\ljagdbqv.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\KIM\Application Data\Mozilla\Profiles\default\ljagdbqv.slt\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206473571031 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1220802438093 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://reddotevents.webex.com/client/T25L/webex/ieatgpc.cab O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard....rueSwitchEC.exe O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll O23 - Service: McAfee Application Installer Cleanup (0153161253617436) (0153161253617436mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\015316~1.EXE (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: CopyPwd Service (CpPwdSvc) - Unknown owner - C:\Program Files\Laplink\PCmover\cppwdsvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 14550 bytes

Thanks in advance for your help! My nephew (God bless him) downloaded Windows System Suite on my computer Aug 5th. It blew right past McAfee and disabled it. Tried working with Stopzilla, but they weren't much help. Found out about malwarebytes and hijackthis today, ran malwarebytes and it cleared up a lot, but IE, Firefox & MSN are all still hijacked. My malwarebytes and hijackthis logs are below. I have to be out of town and away from my computer on Saturday and Sunday (9/19 to 9/20), just in case you get to me while I am gone. I will check in tomorrow and first thing in Monday. Thanks again for your help! Kim Malwarebytes' Anti-Malware 1.41 Database version: 2818 Windows 5.1.2600 Service Pack 3 9/17/2009 11:36:56 PM mbam-log-2009-09-17 (23-36-56).txt Scan type: Quick Scan Objects scanned: 116584 Time elapsed: 6 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:39:28 PM, on 9/17/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\STOPzilla!\STOPzilla.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080318 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080318 N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\KIM\Application Data\Mozilla\Profiles\default\ljagdbqv.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\KIM\Application Data\Mozilla\Profiles\default\ljagdbqv.slt\prefs.js) O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 64.86.17.32 google.ae O1 - Hosts: 64.86.17.32 google.as O1 - Hosts: 64.86.17.32 google.at O1 - Hosts: 64.86.17.32 google.az O1 - Hosts: 64.86.17.32 google.ba O1 - Hosts: 64.86.17.32 google.be O1 - Hosts: 64.86.17.32 google.bg O1 - Hosts: 64.86.17.32 google.bs O1 - Hosts: 64.86.17.32 google.ca O1 - Hosts: 64.86.17.32 google.cd O1 - Hosts: 64.86.17.32 google.com.gh O1 - Hosts: 64.86.17.32 google.com.hk O1 - Hosts: 64.86.17.32 google.com.jm O1 - Hosts: 64.86.17.32 google.com.mx O1 - Hosts: 64.86.17.32 google.com.my O1 - Hosts: 64.86.17.32 google.com.na O1 - Hosts: 64.86.17.32 google.com.nf O1 - Hosts: 64.86.17.32 google.com.ng O1 - Hosts: 64.86.17.32 google.ch O1 - Hosts: 64.86.17.32 google.com.np O1 - Hosts: 64.86.17.32 google.com.pr O1 - Hosts: 64.86.17.32 google.com.qa O1 - Hosts: 64.86.17.32 google.com.sg O1 - Hosts: 64.86.17.32 google.com.tj O1 - Hosts: 64.86.17.32 google.com.tw O1 - Hosts: 64.86.17.32 google.dj O1 - Hosts: 64.86.17.32 google.de O1 - Hosts: 64.86.17.32 google.dk O1 - Hosts: 64.86.17.32 google.dm O1 - Hosts: 64.86.17.32 google.ee O1 - Hosts: 64.86.17.32 google.fi O1 - Hosts: 64.86.17.32 google.fm O1 - Hosts: 64.86.17.32 google.fr O1 - Hosts: 64.86.17.32 google.ge O1 - Hosts: 64.86.17.32 google.gg O1 - Hosts: 64.86.17.32 google.gm O1 - Hosts: 64.86.17.32 google.gr O1 - Hosts: 64.86.17.32 google.ht O1 - Hosts: 64.86.17.32 google.ie O1 - Hosts: 64.86.17.32 google.im O1 - Hosts: 64.86.17.32 google.in O1 - Hosts: 64.86.17.32 google.it O1 - Hosts: 64.86.17.32 google.ki O1 - Hosts: 64.86.17.32 google.la O1 - Hosts: 64.86.17.32 google.li O1 - Hosts: 64.86.17.32 google.lv O1 - Hosts: 64.86.17.32 google.ma O1 - Hosts: 64.86.17.32 google.ms O1 - Hosts: 64.86.17.32 google.mu O1 - Hosts: 64.86.17.32 google.mw O1 - Hosts: 64.86.17.32 google.nl O1 - Hosts: 64.86.17.32 google.no O1 - Hosts: 64.86.17.32 google.nr O1 - Hosts: 64.86.17.32 google.nu O1 - Hosts: 64.86.17.32 google.pl O1 - Hosts: 64.86.17.32 google.pn O1 - Hosts: 64.86.17.32 google.pt O1 - Hosts: 64.86.17.32 google.ro O1 - Hosts: 64.86.17.32 google.ru O1 - Hosts: 64.86.17.32 google.rw O1 - Hosts: 64.86.17.32 google.sc O1 - Hosts: 64.86.17.32 google.se O1 - Hosts: 64.86.17.32 google.sh O1 - Hosts: 64.86.17.32 google.si O1 - Hosts: 64.86.17.32 google.sm O1 - Hosts: 64.86.17.32 google.sn O1 - Hosts: 64.86.17.32 google.st O1 - Hosts: 64.86.17.32 google.tl O1 - Hosts: 64.86.17.32 google.tm O1 - Hosts: 64.86.17.32 google.tt O1 - Hosts: 64.86.17.32 google.us O1 - Hosts: 64.86.17.32 google.vu O1 - Hosts: 64.86.17.32 google.ws O1 - Hosts: 64.86.17.32 google.co.ck O1 - Hosts: 64.86.17.32 google.co.id O1 - Hosts: 64.86.17.32 google.co.il O1 - Hosts: 64.86.17.32 google.co.in O1 - Hosts: 64.86.17.32 google.co.jp O1 - Hosts: 64.86.17.32 google.co.kr O1 - Hosts: 64.86.17.32 google.co.ls O1 - Hosts: 64.86.17.32 google.co.ma O1 - Hosts: 64.86.17.32 google.co.nz O1 - Hosts: 64.86.17.32 google.co.tz O1 - Hosts: 64.86.17.32 google.co.ug O1 - Hosts: 64.86.17.32 google.co.uk O1 - Hosts: 64.86.17.32 google.co.za O1 - Hosts: 64.86.17.32 google.co.zm O1 - Hosts: 64.86.17.32 google.com O1 - Hosts: 64.86.17.32 google.com.af O1 - Hosts: 64.86.17.32 google.com.ag O1 - Hosts: 64.86.17.32 google.com.ar O1 - Hosts: 64.86.17.32 google.com.au O1 - Hosts: 64.86.17.32 google.com.bn O1 - Hosts: 64.86.17.32 google.com.br O1 - Hosts: 64.86.17.32 google.com.by O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206473571031 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1220802438093 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://reddotevents.webex.com/client/T25L/webex/ieatgpc.cab O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard....rueSwitchEC.exe O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: CopyPwd Service (CpPwdSvc) - Unknown owner - C:\Program Files\Laplink\PCmover\cppwdsvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 18542 bytes