Thanks again for all of your help. Your instructions have the perfect amount of detail. I can now launch IE and do NOT get the page forwarding. Based on the logs below, would you give me a clean bill of health? Below are the logs from: DDS.txt Attach.txt Combofix.txt HijackThis I could not find any instructions for C:\Avenger.txt. Thanks, kj727 DDS.txt DDS (Ver_09-01-07.01) - NTFSx86 Run by BRUCE at 7:47:37.28 on Wed 01/21/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1530 [GMT -6:00] AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe C:\Program Files\Dell Photo AIO Printer 944\memcard.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\dlcdcoms.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Documents and Settings\BRUCE\Desktop\dds.com ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16 mRun: [dlcdmon.exe] "c:\program files\dell photo aio printer 944\dlcdmon.exe" mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 944\memcard.exe" mRun: [TkBellExe] c:\program files\common files\real\update_ob\realsched.exe -osboot mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: igfxcui - igfxdev.dll Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\bruce\applic~1\mozilla\firefox\profiles\e2eepcz4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.wellsfargo.com/ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\bruce\application data\mozilla\firefox\profiles\e2eepcz4.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-17 97928] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-17 26824] R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?] R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-7-24 12192] R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-17 875288] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-17 231704] R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-17 76040] R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856] R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-12 47640] R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ 2009-01-21 07:07 <DIR> a-dshr-- C:\cmdcons 2009-01-21 06:59 161,792 a------- c:\windows\SWREG.exe 2009-01-21 06:59 98,816 a------- c:\windows\sed.exe 2009-01-21 06:59 <DIR> --d----- C:\Combo-Fix 2009-01-19 06:21 <DIR> --d----- c:\program files\CCleaner 2009-01-18 05:16 <DIR> --d----- c:\program files\Trend Micro 2009-01-17 20:59 <DIR> --d----- c:\docume~1\bruce\applic~1\Malwarebytes 2009-01-17 20:59 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-01-17 20:59 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-17 20:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-01-17 20:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-01-17 18:47 <DIR> --d-h--- C:\$AVG8.VAULT$ 2009-01-17 18:28 10,520 a------- c:\windows\system32\avgrsstx.dll 2009-01-17 18:28 76,040 a------- c:\windows\system32\drivers\avgtdix.sys 2009-01-17 18:28 97,928 a------- c:\windows\system32\drivers\avgldx86.sys 2009-01-17 18:28 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-01-17 18:28 <DIR> --d----- c:\program files\AVG 2009-01-17 18:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2009-01-17 12:18 <DIR> --d----- c:\program files\Enigma Software Group ==================== Find3M ==================== 2008-12-13 00:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll 2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys 2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys 2008-11-06 10:39 61,224 a------- c:\documents and settings\bruce\GoToAssistDownloadHelper.exe 2008-10-24 05:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys 2007-02-18 16:46 144,480 a------- c:\program files\MS 2007-04-29 10:32 152 ---shr-- c:\windows\system32\F0151375D6.sys 2007-04-29 10:32 6,686 a--sh--- c:\windows\system32\KGyGaAvL.sys 2008-10-16 11:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101620081017\index.dat ============= FINISH: 7:47:47.84 =============== Attach.txt UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-01-07.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 2/6/2006 4:44:57 PM System Uptime: 1/21/2009 7:24:43 AM (0 hours ago) Motherboard: Dell Inc. | | 0JC474 Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 70 GiB total, 54.376 GiB free. D: is CDROM () E: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP896: 1/4/2009 12:23:30 PM - System Checkpoint RP897: 1/4/2009 12:23:30 PM - System Checkpoint RP898: 1/4/2009 12:23:30 PM - System Checkpoint RP899: 1/4/2009 12:23:31 PM - System Checkpoint RP900: 1/4/2009 12:23:31 PM - System Checkpoint RP901: 1/4/2009 12:23:31 PM - System Checkpoint RP902: 1/4/2009 12:23:31 PM - Installed LogMeIn RP903: 1/4/2009 12:23:31 PM - Software Distribution Service 3.0 RP904: 1/4/2009 12:23:32 PM - System Checkpoint RP905: 1/4/2009 12:23:32 PM - Software Distribution Service 3.0 RP906: 1/4/2009 12:23:32 PM - Software Distribution Service 3.0 RP907: 1/4/2009 12:23:32 PM - Software Distribution Service 3.0 RP908: 1/4/2009 12:23:33 PM - Software Distribution Service 3.0 RP909: 1/4/2009 12:23:33 PM - System Checkpoint RP910: 1/4/2009 12:23:33 PM - System Checkpoint RP911: 1/4/2009 12:23:33 PM - Software Distribution Service 3.0 RP912: 1/4/2009 12:23:34 PM - System Checkpoint RP913: 1/4/2009 12:23:35 PM - System Checkpoint RP914: 1/4/2009 12:23:35 PM - Printer Driver LogMeIn Printer Driver Installed RP915: 1/4/2009 12:23:35 PM - System Checkpoint RP916: 1/4/2009 12:23:36 PM - System Checkpoint RP917: 1/4/2009 12:23:36 PM - System Checkpoint RP918: 1/4/2009 12:23:37 PM - System Checkpoint RP919: 1/4/2009 12:23:38 PM - System Checkpoint RP920: 1/4/2009 12:23:38 PM - System Checkpoint RP921: 1/4/2009 12:23:39 PM - System Checkpoint RP922: 1/4/2009 12:23:40 PM - System Checkpoint RP923: 1/4/2009 12:23:40 PM - System Checkpoint RP924: 1/4/2009 12:23:40 PM - System Checkpoint RP925: 1/4/2009 12:23:41 PM - Software Distribution Service 3.0 RP926: 1/4/2009 12:23:41 PM - System Checkpoint RP927: 1/4/2009 12:23:41 PM - System Checkpoint RP928: 1/4/2009 12:23:41 PM - System Checkpoint RP929: 1/4/2009 12:23:42 PM - System Checkpoint RP930: 1/4/2009 12:23:42 PM - System Checkpoint RP931: 1/4/2009 12:23:42 PM - System Checkpoint RP932: 1/4/2009 12:23:43 PM - System Checkpoint RP933: 1/4/2009 12:23:43 PM - Installed Microsoft Office 2000 Professional RP934: 1/4/2009 12:23:45 PM - System Checkpoint RP935: 1/4/2009 12:23:45 PM - System Checkpoint RP936: 1/4/2009 12:23:45 PM - System Checkpoint RP937: 1/4/2009 12:23:46 PM - System Checkpoint RP938: 1/4/2009 12:23:46 PM - System Checkpoint RP939: 1/4/2009 12:23:46 PM - System Checkpoint RP940: 1/4/2009 12:23:46 PM - System Checkpoint RP941: 1/4/2009 12:23:47 PM - Installed SigmaTel Audio RP942: 1/4/2009 12:23:47 PM - System Checkpoint RP943: 1/4/2009 12:23:48 PM - System Checkpoint RP944: 1/4/2009 12:23:48 PM - System Checkpoint RP945: 1/4/2009 12:23:48 PM - System Checkpoint RP946: 1/4/2009 12:23:48 PM - Software Distribution Service 3.0 RP947: 1/4/2009 12:23:48 PM - Software Distribution Service 3.0 RP948: 1/4/2009 12:23:49 PM - System Checkpoint RP949: 1/4/2009 12:23:49 PM - System Checkpoint RP950: 1/4/2009 12:23:49 PM - System Checkpoint RP951: 1/4/2009 12:23:49 PM - System Checkpoint RP952: 1/4/2009 12:23:50 PM - System Checkpoint RP953: 1/4/2009 12:23:50 PM - System Checkpoint RP954: 1/4/2009 12:23:50 PM - System Checkpoint RP955: 1/4/2009 12:23:51 PM - System Checkpoint RP956: 1/4/2009 12:23:51 PM - System Checkpoint RP957: 1/4/2009 12:23:51 PM - System Checkpoint RP958: 1/4/2009 12:23:59 PM - Last known good configuration RP959: 1/16/2009 1:30:34 PM - System Checkpoint RP960: 1/17/2009 11:11:20 PM - System Checkpoint RP961: 1/18/2009 4:47:58 AM - Installed Windows NLSDownlevelMapping. RP962: 1/18/2009 4:48:27 AM - Installed Windows IDNMitigationAPIs. RP963: 1/18/2009 4:48:46 AM - Installed Windows Internet Explorer 7. RP964: 1/18/2009 9:20:12 AM - Avg8 Update RP965: 1/18/2009 6:50:45 PM - Installed Windows NLSDownlevelMapping. RP966: 1/18/2009 6:51:10 PM - Installed Windows IDNMitigationAPIs. RP967: 1/18/2009 6:51:32 PM - Installed Windows Internet Explorer 7. RP968: 1/19/2009 3:00:36 AM - Software Distribution Service 3.0 RP969: 1/19/2009 6:11:28 AM - Removed J2SE Runtime Environment 5.0 Update 8 RP970: 1/20/2009 6:48:12 AM - System Checkpoint RP971: 1/21/2009 6:59:57 AM - ComboFix created restore point ==== Installed Programs ====================== 360Share Pro(remove only) ABBYY FineReader 6.0 Sprint Adobe Flash Player 10 ActiveX Adobe Reader 7.0 Adobe Shockwave Player America Online (Choose which version to remove) AOLIcon Apple Mobile Device Support Apple Software Update Audacity 1.2.6 AVG Free 8.0 Batman Begins Screen Saver Bejeweled 2 Deluxe Bonjour CCleaner (remove only) Conexant D850 56K V.9x DFVc Modem Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Game Console Dell Photo AIO Printer 944 Dell Support Center Dell System Restore DellSupport Digital Content Portal Digital Line Detect EarthLink setup files EducateU ELIcon ESPNMotion Final Drive Fury Form Fill (Windows Live Toolbar) GemMaster Mystic Get High Speed Internet! Google AFE Google Earth Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers Intel® PROSet for Wired Connections InterActual Player iTunes Learn2 Player (Uninstall Only) LogMeIn Malwarebytes' Anti-Malware MCU Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Professional Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Modem Helper Mozilla Firefox (3.0.5) MSN MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Musicmatch for Windows Media Player MySpaceIM NetWaiting NetZeroInstallers OneCare Advisor (Windows Live Toolbar) OTOY Otto PowerDVD 5.5 QuickTime RealOne Player Rhapsody Player Engine Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) SigmaTel Audio Smart Menus (Windows Live Toolbar) Sonic Encoders Tabbed Browsing (Windows Live Toolbar) tdk-screensaver-a03 Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update Rollup 2 for Windows XP Media Center Edition 2005 Viewpoint Media Player WebCyberCoach 3.2 Dell WebFldrs XP WildTangent Web Driver Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Live Outlook Toolbar (Windows Live Toolbar) Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Extension (Windows Live Toolbar) Windows Live Toolbar Feed Detector (Windows Live Toolbar) Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information] Windows Media Player 11 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Windows XP Service Pack 3 Yahoo! Browser Services Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Toolbar Zoo Tycoon: Complete Collection ==== Event Viewer Messages From Past Week ======== 1/17/2009 4:14:00 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 1/15/2009 3:14:15 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service. 1/17/2009 9:55:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde ==== End Of File =========================== C:\Combofix.txt ComboFix 09-01-20.03 - BRUCE 2009-01-21 7:19:29.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1572 [GMT -6:00] Running from: c:\documents and settings\BRUCE\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\HbTools c:\program files\HbTools\Bin\HbtUninst.exe c:\program files\HbTools\HBTV\uninstaller.exe c:\windows\Downloaded Program Files\setup.inf c:\windows\IE4 Error Log.txt c:\windows\system32\abtsvujl.ini c:\windows\system32\bfdurkup.dll c:\windows\system32\edunoniy.ini c:\windows\system32\fodedozu.dll c:\windows\system32\inoyuvog.ini c:\windows\system32\KUxHNXbc.ini c:\windows\system32\KUxHNXbc.ini2 c:\windows\system32\kxunxy.dll c:\windows\system32\mavbnigf.ini c:\windows\system32\mifyjv.dll c:\windows\system32\obitadoz.ini c:\windows\system32\paweharo.dll c:\windows\system32\ppngiqtq.ini c:\windows\system32\suouchwh.ini c:\windows\system32\TDSSpqxt.dat c:\windows\system32\winsrc.dll.tmp c:\windows\system32\xjjplcsg.ini c:\windows\system32\yHNqprqr.ini c:\windows\system32\yHNqprqr.ini2 c:\windows\wiaserviv.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS -------\Service_TDSSserv.sys ((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 ))))))))))))))))))))))))))))))) . 2009-01-19 06:21 . 2009-01-19 06:21 <DIR> d-------- c:\program files\CCleaner 2009-01-18 05:16 . 2009-01-18 05:16 <DIR> d-------- c:\program files\Trend Micro 2009-01-17 20:59 . 2009-01-17 20:59 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-17 20:59 . 2009-01-17 20:59 <DIR> d-------- c:\documents and settings\BRUCE\Application Data\Malwarebytes 2009-01-17 20:59 . 2009-01-17 20:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-17 20:59 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-17 20:59 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-17 18:47 . 2009-01-20 02:58 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-01-17 18:28 . 2009-01-21 01:18 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-01-17 18:28 . 2009-01-17 18:28 <DIR> d-------- c:\program files\AVG 2009-01-17 18:28 . 2009-01-17 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-01-17 18:28 . 2009-01-17 18:28 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-01-17 18:28 . 2009-01-17 18:28 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-01-17 18:28 . 2009-01-17 18:28 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-01-17 12:18 . 2009-01-17 12:18 <DIR> d-------- c:\program files\Enigma Software Group . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-21 13:40 --------- d-----w c:\program files\Dl_cats 2009-01-21 12:16 --------- d-----w c:\program files\LogMeIn 2009-01-19 23:43 --------- d-----w c:\program files\Common Files\AOL 2009-01-19 23:43 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-01-19 23:42 --------- d-----w c:\program files\Common Files\aolshare 2009-01-18 13:43 --------- d-----w c:\program files\GoogleAFE 2009-01-18 13:43 --------- d-----w c:\program files\Google 2009-01-18 00:15 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-05 23:49 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2008-12-03 16:19 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-23 17:12 --------- d-----w c:\program files\microsoft frontpage 2008-11-23 17:12 --------- d-----w c:\documents and settings\BRUCE\Application Data\Microsoft Web Folders 2008-11-06 16:39 61,224 ----a-w c:\documents and settings\BRUCE\GoToAssistDownloadHelper.exe 2007-02-18 22:46 144,480 ----a-w c:\program files\MS 2007-04-29 16:32 152 --sh--r c:\windows\system32\F0151375D6.sys 2007-04-29 16:32 6,686 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-10-16 17:32 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101620081017\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-14 73728] "dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 430080] "MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-07 290816] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-29 151597] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-17 1261336] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 19:35 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ehshell.exe] "Debugger"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dlcdcoms.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcdPSWX.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\verclsid.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= "c:\\Program Files\\Windows Live Toolbar\\MSNTBUP.EXE"= "c:\\WINDOWS\\system32\\imapi.exe"= "c:\\Program Files\\iPod\\bin\\iPodService.exe"= "c:\\WINDOWS\\ehome\\ehmsas.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-17 97928] R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?] R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-07-24 12192] R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-17 875288] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-17 231704] R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-17 76040] R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856] R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-12 47640] S4 LMIRfsClientNP;LMIRfsClientNP; [x] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . Contents of the 'Scheduled Tasks' folder 2009-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2009-01-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\documents and settings\BRUCE\Application Data\Mozilla\Firefox\Profiles\e2eepcz4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.wellsfargo.com/ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\BRUCE\Application Data\Mozilla\Firefox\Profiles\e2eepcz4.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-21 07:40:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(632) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\LogMeIn\x86\ramaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\ehome\mcrdsvc.exe c:\program files\AVG\AVG8\avgrsx.exe c:\windows\system32\dllhost.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\dlcdcoms.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\taskmgr.exe . ************************************************************************** . Completion time: 2009-01-21 7:43:29 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-21 13:43:26 Pre-Run: 56,904,429,568 bytes free Post-Run: 58,267,078,656 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 245 --- E O F --- 2009-01-19 09:07:47 HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:54:57 AM, on 1/21/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe C:\Program Files\Dell Photo AIO Printer 944\memcard.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\dlcdcoms.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-4035870155-1314270974-3780199590-1012\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-21-4035870155-1314270974-3780199590-1012\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'LogMeInRemoteUser') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- End of file - 8588 bytes
