G&L

Thanks for the help, here you go The Rootrepeal Log looks like this ROOTREPEAL © AD, 2007-2008 ================================================== Scan Time: 2009/04/15 17:44 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\WINDOWS\Temp\mcmsc_uiTxI1QgORAXUTL Status: Allocation size mismatch (API: 4096, Raw: 0) The Combofix log looks like this ComboFix 09-04-15.08 - Glenn 15/04/2009 17:54.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.187 [GMT -4:00] Running from: c:\documents and settings\Glenn\Desktop\ComboFixamr.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt Infected copy of c:\windows\system32\userinit.exe was found and disinfected Restored copy from - c:\i386\USERINIT.EXE . ((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 ))))))))))))))))))))))))))))))) . 2009-04-13 22:25 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-13 22:25 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-13 21:41 . 2009-04-13 21:41 -------- d-----w c:\documents and settings\Glenn\Application Data\Malwarebytes 2009-04-13 21:40 . 2009-04-13 21:40 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-09 16:10 . 2007-08-21 08:12 21760 ----a-w c:\windows\system32\drivers\point32.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-15 22:05 . 2007-02-24 04:19 7083560 ----a-w C:\VETlog.txt 2009-04-15 22:05 . 2007-02-24 04:19 50275 ----a-w C:\VETlog.dmp 2009-04-15 21:46 . 2006-12-26 02:03 -------- d-----w c:\documents and settings\All Users\Application Data\WholeSecurity 2009-04-14 00:07 . 2009-04-14 00:07 -------- d-----w c:\program files\Trend Micro 2009-04-13 22:25 . 2009-04-13 22:25 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-13 18:38 . 2007-10-27 22:36 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-09 17:32 . 2004-10-29 00:25 31856 ----a-w c:\documents and settings\Glenn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-09 16:10 . 2009-04-09 16:09 -------- d-----w c:\program files\Microsoft IntelliPoint 2009-03-20 19:21 . 2009-02-10 21:36 -------- d-----w c:\program files\Simply Accounting Pro 2009 2009-02-26 08:10 . 2008-12-01 16:51 -------- d-----w c:\program files\Microsoft Silverlight 2009-02-19 08:02 . 2004-10-13 12:46 -------- d-----w c:\program files\Microsoft Works 2009-02-18 22:15 . 2005-11-02 11:36 -------- d-----w c:\program files\AOL Toolbar 2009-02-18 19:04 . 2009-02-18 19:04 -------- d-----w c:\program files\Virtual Earth 3D 2009-02-17 16:39 . 2009-02-17 16:38 594 ----a-w C:\updatedatfix.log 2009-02-17 16:39 . 2005-12-26 02:06 -------- d-----w c:\program files\HP 2009-02-17 16:38 . 2009-02-17 16:38 -------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant 2009-02-09 11:13 . 2008-10-16 07:37 1846784 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys 2009-02-09 11:13 . 2004-08-04 10:00 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys 2009-01-22 01:52 . 2007-01-04 21:29 244 ---ha-w C:\sqmnoopt11.sqm 2009-01-22 01:52 . 2007-01-04 21:29 232 ---ha-w C:\sqmdata11.sqm 2009-01-22 01:47 . 2007-01-04 21:29 244 ---ha-w C:\sqmnoopt10.sqm 2009-01-22 01:47 . 2007-01-04 21:29 232 ---ha-w C:\sqmdata10.sqm 2009-01-17 02:35 . 2006-05-19 15:08 3594752 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll 2008-11-06 18:32 . 2008-11-06 18:32 61224 ----a-w c:\documents and settings\Glenn\GoToAssistDownloadHelper.exe 2005-12-26 02:23 . 2005-12-26 02:23 128 ----a-w c:\documents and settings\Glenn\Local Settings\Application Data\fusioncache.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "AOL Fast Start"="c:\progra~1\AOL9~1.0C\AOL.EXE" [2005-07-18 50776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-10-13 26112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-26 335872] "HostManager"="c:\program files\Common Files\AOL\1130931383\ee\AOLSoftware.exe" [2006-09-26 50736] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-04-16 65536] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "ConnectionManager"="c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2008-09-19 87336] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "P17Helper"="P17.dll" - c:\windows\SYSTEM32\P17.dll [2004-06-10 60928] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\program files\KODAK\Kodak EasyShare software\bin\EasyShare.exe [2006-6-15 180224] KODAK Software Updater.lnk - c:\program files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.smsv"= c:\windows\system32\wv32vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\WinMX\\WinMX.exe"= "c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\AOL 9.0a\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1130931383\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\msncall.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\AOL\\1130931383\\EE\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\AOL 9.0b\\waol.exe"= "c:\\Program Files\\AOL 9.0c\\waol.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Simply Accounting 2008\\SimplyAccounting.exe"= "c:\\Program Files\\Winsim\\ConnectionManager\\SimplyConnectionManager.exe"= "c:\\Program Files\\Winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqladmin.exe"= "c:\\Program Files\\Winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\Winsim\ConnectionManager\SimplyConnectionManager.exe [2008-09-19 16680] . Contents of the 'Scheduled Tasks' folder 2009-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 22:13] 2004-10-29 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12] 2009-02-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-31 18:32] 2009-03-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-31 18:32] 2009-04-09 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 19:01] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://sympatico.msn.ca/?lang=en-CA uInternet Connection Wizard,ShellNext = iexplore IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {6D62DDE2-E7AA-4D65-AC9D-AF9521D069FB} = 205.188.146.145 DPF: {4BEF854E-6531-40D8-825E-5228A12861F3} - hxxps://sagesoftware.thruinc.net/Components/PowerUpload.cab . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-15 18:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2728) c:\docume~1\Glenn\LOCALS~1\Temp\IadHide5.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Common Files\aolshare\aolshcpy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\SYSTEM32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\windows\SYSTEM32\rundll32.exe c:\progra~1\AOL9~1.0C\waol.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\windows\SYSTEM32\CTSVCCDA.EXE c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\windows\SYSTEM32\DRIVERS\dcfssvc.exe c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\McAfee\MPF\MpfSrv.exe c:\windows\SYSTEM32\HPZipm12.exe c:\windows\wanmpsvc.exe c:\windows\SYSTEM32\MsPMSPSv.exe c:\program files\iPod\bin\iPodService.exe c:\progra~1\McAfee\MSC\mcupdmgr.exe c:\progra~1\McAfee\MSC\mcuimgr.exe c:\progra~1\AOL9~1.0C\shellmon.exe . ************************************************************************** . Completion time: 2009-04-15 18:20 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-15 22:19 Pre-Run: 116,072,693,760 bytes free Post-Run: 116,074,958,848 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 231 --- E O F --- 2009-03-13 07:02

ATF Cleaner has been run Here is updated MBAM log Malwarebytes' Anti-Malware 1.36 Database version: 1983 Windows 5.1.2600 Service Pack 3 14/04/2009 5:14:08 PM mbam-log-2009-04-14 (17-14-08).txt Scan type: Quick Scan Objects scanned: 72590 Time elapsed: 6 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here is Updated HJT Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:34:45 PM, on 14/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\Common Files\AOL\1130931383\ee\AOLSoftware.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\AOL9~1.0C\waol.exe C:\PROGRA~1\AOL9~1.0C\shellmon.exe C:\WINDOWS\system32\NOTEPAD.EXE c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {491AF6C5-21F2-46E1-C653-3DF529127D7B} - C:\WINDOWS\wcidBHO.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {85CF4327-68DE-1974-B32E-766E84A9706C} - C:\WINDOWS\wcidBHO.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130931383\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.0C\AOL.EXE" -b O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Norton Confidence Online - {144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab O16 - DPF: {4BEF854E-6531-40D8-825E-5228A12861F3} (pwrUpl2 Class) - https://sagesoftware.thruinc.net/Components/PowerUpload.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099170973562 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - http://td.nortonconfidenceonline.com/plug-in/WSAS.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6D62DDE2-E7AA-4D65-AC9D-AF9521D069FB}: NameServer = 205.188.146.145 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE (file missing) O23 - Service: Simply Accounting Database Connection Manager - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 12539 bytes Here is DDS.txt DDS (Ver_09-03-16.01) - NTFSx86 Run by Glenn at 17:20:40.56 on 14/04/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.164 [GMT -4:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) FW: McAfee Personal Firewall *enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\Common Files\AOL\1130931383\ee\AOLSoftware.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\AOL9~1.0C\waol.exe C:\PROGRA~1\AOL9~1.0C\shellmon.exe C:\WINDOWS\system32\NOTEPAD.EXE c:\PROGRA~1\mcafee\msc\mcuimgr.exe c:\PROGRA~1\mcafee.com\agent\mcupdate.exe C:\Documents and Settings\Glenn\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://sympatico.msn.ca/?lang=en-CA uDefault_Page_URL = hxxp://www.dell.com uInternet Connection Wizard,ShellNext = iexplore uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {491af6c5-21f2-46e1-c653-3df529127d7b} - c:\windows\wcidBHO.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: {85cf4327-68de-1974-b32e-766e84a9706c} - c:\windows\wcidBHO.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AOL Fast Start] "c:\progra~1\aol9~1.0c\AOL.EXE" -b mRun: [updReg] c:\windows\UpdReg.EXE mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [P17Helper] Rundll32 P17.dll,P17Helper mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe mRun: [iAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [HostManager] c:\program files\common files\aol\1130931383\ee\AOLSoftware.exe mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {144FDEB7-A23D-4D39-A00E-AA44195535B6} - c:\windows\wcidButton.exe IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab DPF: {4BEF854E-6531-40D8-825E-5228A12861F3} - hxxps://sagesoftware.thruinc.net/Components/PowerUpload.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099170973562 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - hxxp://td.nortonconfidenceonline.com/plug-in/WSAS.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: {6D62DDE2-E7AA-4D65-AC9D-AF9521D069FB} = 205.188.146.145 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-31 201320] R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-9-25 574808] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-1-31 359248] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-1-31 144704] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-1-31 695624] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-31 79304] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-31 35240] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-31 40488] S2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2008-11-6 16680] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-31 33832] =============== Created Last 30 ================ 2009-04-13 20:07 <DIR> --d----- c:\program files\Trend Micro 2009-04-13 18:25 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-04-13 18:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-13 18:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-04-13 17:41 <DIR> --d----- c:\docume~1\glenn\applic~1\Malwarebytes 2009-04-13 17:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-04-09 12:10 21,760 a------- c:\windows\system32\drivers\point32.sys 2009-04-09 12:09 <DIR> --d----- c:\program files\Microsoft IntelliPoint ==================== Find3M ==================== 2009-04-12 21:53 75,264 a------- c:\windows\system32\userinit.exe 2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys 2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys 2009-01-16 22:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll 2008-11-06 14:32 61,224 a------- c:\documents and settings\glenn\GoToAssistDownloadHelper.exe 2008-10-13 11:27 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101320081014\index.dat ============= FINISH: 17:21:49.21 =============== Here is Attach.txt UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-03-16.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 28/10/2004 8:25:20 PM System Uptime: 14/04/2009 4:48:19 PM (1 hours ago) Motherboard: Dell Inc. | | 0J3492 Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 145 GiB total, 108.228 GiB free. D: is CDROM () E: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1322: 13/01/2009 6:39:20 PM - Removed TrafficEye. RP1323: 13/01/2009 7:16:59 PM - Installed Java 6 Update 11 RP1324: 14/01/2009 7:31:37 PM - System Checkpoint RP1325: 15/01/2009 3:00:18 AM - Software Distribution Service 3.0 RP1326: 16/01/2009 3:42:07 AM - System Checkpoint RP1327: 17/01/2009 3:53:55 AM - System Checkpoint RP1328: 18/01/2009 4:32:00 AM - System Checkpoint RP1329: 19/01/2009 5:33:02 AM - System Checkpoint RP1330: 20/01/2009 6:32:28 AM - System Checkpoint RP1331: 21/01/2009 7:27:28 AM - System Checkpoint RP1332: 22/01/2009 8:31:10 AM - System Checkpoint RP1333: 23/01/2009 9:17:22 AM - System Checkpoint RP1334: 24/01/2009 9:21:45 AM - System Checkpoint RP1335: 25/01/2009 9:24:39 AM - System Checkpoint RP1336: 26/01/2009 10:31:40 AM - System Checkpoint RP1337: 27/01/2009 11:02:39 AM - System Checkpoint RP1338: 28/01/2009 11:10:14 AM - System Checkpoint RP1339: 29/01/2009 11:17:07 AM - System Checkpoint RP1340: 30/01/2009 11:52:14 AM - System Checkpoint RP1341: 31/01/2009 12:26:49 PM - System Checkpoint RP1342: 01/02/2009 1:32:01 PM - System Checkpoint RP1343: 02/02/2009 2:03:47 PM - System Checkpoint RP1344: 03/02/2009 2:28:57 PM - System Checkpoint RP1345: 04/02/2009 3:40:37 PM - System Checkpoint RP1346: 05/02/2009 4:02:04 PM - System Checkpoint RP1347: 06/02/2009 5:16:29 PM - System Checkpoint RP1348: 07/02/2009 5:47:19 PM - System Checkpoint RP1349: 08/02/2009 6:21:54 PM - System Checkpoint RP1350: 09/02/2009 6:55:54 PM - System Checkpoint RP1351: 10/02/2009 4:36:43 PM - Installed Simply Accounting by Sage 2009 RP1352: 10/02/2009 4:37:00 PM - Installed Simply Accounting by Sage 2009 RP1353: 10/02/2009 9:37:47 PM - Configured Simply Accounting by Sage 2009 Product Update RP1354: 11/02/2009 10:18:19 PM - Software Distribution Service 3.0 RP1355: 12/02/2009 10:28:52 PM - System Checkpoint RP1356: 13/02/2009 11:25:54 PM - System Checkpoint RP1357: 15/02/2009 12:19:43 AM - System Checkpoint RP1358: 16/02/2009 3:20:40 AM - System Checkpoint RP1359: 17/02/2009 8:16:38 AM - System Checkpoint RP1360: 17/02/2009 11:38:15 AM - Installed HP Product Assistant RP1361: 17/02/2009 11:38:48 AM - Removed HPSU306Stub RP1362: 17/02/2009 11:38:52 AM - Removed HP Update RP1363: 17/02/2009 11:39:04 AM - Installed HP Update RP1364: 18/02/2009 6:47:46 PM - System Checkpoint RP1365: 19/02/2009 3:00:22 AM - Software Distribution Service 3.0 RP1366: 19/02/2009 11:25:59 PM - Software Distribution Service 3.0 RP1367: 21/02/2009 5:46:16 AM - System Checkpoint RP1368: 22/02/2009 6:46:21 AM - System Checkpoint RP1369: 23/02/2009 7:46:19 AM - System Checkpoint RP1370: 24/02/2009 8:29:31 AM - System Checkpoint RP1371: 25/02/2009 9:20:32 AM - System Checkpoint RP1372: 26/02/2009 3:00:19 AM - Software Distribution Service 3.0 RP1373: 27/02/2009 3:17:02 AM - System Checkpoint RP1374: 28/02/2009 4:15:57 AM - System Checkpoint RP1375: 01/03/2009 6:17:46 AM - System Checkpoint RP1376: 02/03/2009 6:34:50 AM - System Checkpoint RP1377: 03/03/2009 7:34:52 AM - System Checkpoint RP1378: 04/03/2009 8:34:07 AM - System Checkpoint RP1379: 05/03/2009 10:03:53 AM - System Checkpoint RP1380: 06/03/2009 10:04:18 AM - System Checkpoint RP1381: 07/03/2009 10:32:24 AM - System Checkpoint RP1382: 08/03/2009 11:19:47 AM - System Checkpoint RP1383: 09/03/2009 1:54:35 PM - System Checkpoint RP1384: 10/03/2009 2:03:20 PM - System Checkpoint RP1385: 11/03/2009 2:00:27 AM - Software Distribution Service 3.0 RP1386: 12/03/2009 2:24:07 AM - System Checkpoint RP1387: 13/03/2009 2:00:21 AM - Software Distribution Service 3.0 RP1388: 14/03/2009 2:33:41 AM - System Checkpoint RP1389: 15/03/2009 3:58:08 AM - System Checkpoint RP1390: 16/03/2009 5:04:34 AM - System Checkpoint RP1391: 17/03/2009 6:02:06 AM - System Checkpoint RP1392: 18/03/2009 6:55:42 AM - System Checkpoint RP1393: 19/03/2009 7:48:19 AM - System Checkpoint RP1394: 20/03/2009 8:57:55 AM - System Checkpoint RP1395: 20/03/2009 3:16:56 PM - Configured Simply Accounting by Sage 2009 Product Update RP1396: 21/03/2009 3:47:49 PM - System Checkpoint RP1397: 22/03/2009 4:55:53 PM - System Checkpoint RP1398: 23/03/2009 6:03:06 PM - System Checkpoint RP1399: 24/03/2009 6:50:51 PM - System Checkpoint RP1400: 25/03/2009 8:06:45 PM - System Checkpoint RP1401: 26/03/2009 9:07:46 PM - System Checkpoint RP1402: 27/03/2009 9:57:04 PM - System Checkpoint RP1403: 28/03/2009 9:59:30 PM - System Checkpoint RP1404: 29/03/2009 11:53:15 PM - System Checkpoint RP1405: 31/03/2009 12:34:39 AM - System Checkpoint RP1406: 01/04/2009 4:22:28 AM - System Checkpoint RP1407: 02/04/2009 8:47:54 AM - System Checkpoint RP1408: 03/04/2009 9:22:28 AM - System Checkpoint RP1409: 04/04/2009 9:32:11 AM - System Checkpoint RP1410: 05/04/2009 11:07:31 AM - System Checkpoint RP1411: 06/04/2009 11:18:16 AM - System Checkpoint RP1412: 07/04/2009 12:18:16 PM - System Checkpoint RP1413: 08/04/2009 1:07:52 PM - System Checkpoint RP1414: 09/04/2009 2:06:04 PM - System Checkpoint RP1415: 10/04/2009 2:49:46 PM - System Checkpoint RP1416: 11/04/2009 4:29:11 PM - System Checkpoint RP1417: 12/04/2009 5:21:24 PM - System Checkpoint ==== Installed Programs ====================== 3100_3200_3300_Help 3100_3200_3300trb 3300 Actiontec USB/Ethernet Home DSL Modem Actiontec USB/Ethernet Home DSL Monitor Ad-Aware 2007 Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe SVG Viewer 3.0 AiO_Scan_CDA AiOSoftwareNPI aMSN 0.97.2 AOL Deskbar AOL Toolbar AOL Uninstaller (Choose which Products to Remove) AOL You've Got Pictures Screensaver Apple Software Update ATI Control Panel ATI Display Driver Broadcom Advanced Control Suite 2 BufferChm CCScore Chinese Simplified Fonts Support For Adobe Reader 8 Citrix ICA Web Client Classic PhoneTools CP_AtenaShokunin1Config CP_CalendarTemplates1 CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config Creative MediaSource Critical Update for Windows Media Player 11 (KB959772) CueTour CustomerResearchQFolder Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Media Experience Dell Networking Guide DellSupport Destinations DeviceFunctionQFolder DeviceManagementQFolder DocProc DocumentViewer DocumentViewerQFolder ESSBrwr ESSCDBK ESScore ESSgui ESShelp ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS essvatgt essvcpt eSupportQFolder Family Tree Maker Fax_CDA FullDPAppQFolder Google Earth HijackThis 2.0.2 HLPPDOCK Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) HP Document Viewer 5.3 HP Extended Capabilities 5.3 HP Image Zone 5.3 HP Imaging Device Functions 5.3 HP Product Assistant HP PSC & OfficeJet 5.3.A HP Solution Center & Imaging Support Tools 5.3 HP Update HPProductAssistant InstantShareDevices Intel Application Accelerator Intel® 537EP V9x DFV PCI Modem iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 8 Japanese Fonts Support For Adobe Reader 8 Jasc Paint Shop Photo Album Jasc Paint Shop Pro 8 Dell Edition Java 2 Runtime Environment, SE v1.4.2_03 Java 6 Update 11 KeyRipper 3.1 kgcbase Kodak EasyShare software KSU Learn2 Player (Uninstall Only) LimeWire 4.16.6 Macromedia Flash Player 8 Malwarebytes' Anti-Malware MarketResearch McAfee SecurityCenter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft IntelliPoint 6.2 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 Microsoft PowerPoint Viewer 97 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Modem Event Monitor Modem Helper Modem On Hold Move Networks Media Player for Internet Explorer MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MUSICMATCH

Got hit with MS AntiSpyware 2009 I installed Malwarebytes Anti-Malware and did a scan. It found some infected files and says it fixed them here is the log Malwarebytes' Anti-Malware 1.36 Database version: 1978 Windows 5.1.2600 Service Pack 3 13/04/2009 6:00:23 PM mbam-log-2009-04-13 (18-00-23).txt Scan type: Quick Scan Objects scanned: 85333 Time elapsed: 15 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Glenn\Local Settings\Temporary Internet Files\Content.IE5\48WVYVMG\srm_free_setup[1].exe (Rogue.SpywareRemover) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenn\Local Settings\Temporary Internet Files\Content.IE5\GKLAZYW0\srm_free_setup[1].exe (Rogue.SpywareRemover) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenn\Local Settings\Temporary Internet Files\Content.IE5\GOZTSSH5\srm_free_setup[1].exe (Rogue.SpywareRemover) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenn\Local Settings\Temporary Internet Files\Content.IE5\IIV8GO31\srm_free_setup_nf[1].exe (Rogue.SpywareRemover) -> Quarantined and deleted successfully. C:\Documents and Settings\Glenn\Local Settings\Temporary Internet Files\Content.IE5\OJ2Y5FRR\srm_free_setup[1].exe (Rogue.SpywareRemover) -> Quarantined and deleted successfully. Although not as frequent, I am still getting the pop ups saying I have a security problem. I rebooted and ran the scan again. This time no detections. Here is the log Malwarebytes' Anti-Malware 1.36 Database version: 1978 Windows 5.1.2600 Service Pack 3 13/04/2009 6:41:54 PM mbam-log-2009-04-13 (18-41-54).txt Scan type: Quick Scan Objects scanned: 85379 Time elapsed: 15 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I then installed Hijackthis. Here is the log from that Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:08:10 PM, on 13/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\Common Files\AOL\1130931383\ee\AOLSoftware.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe c:\PROGRA~1\mcafee.com\agent\mcupdate.exe C:\PROGRA~1\AOL9~1.0C\waol.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {491AF6C5-21F2-46E1-C653-3DF529127D7B} - C:\WINDOWS\wcidBHO.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {85CF4327-68DE-1974-B32E-766E84A9706C} - C:\WINDOWS\wcidBHO.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130931383\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.0C\AOL.EXE" -b O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Norton Confidence Online - {144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab O16 - DPF: {4BEF854E-6531-40D8-825E-5228A12861F3} (pwrUpl2 Class) - https://sagesoftware.thruinc.net/Components/PowerUpload.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099170973562 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - http://td.nortonconfidenceonline.com/plug-in/WSAS.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE (file missing) O23 - Service: Simply Accounting Database Connection Manager - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 12347 bytes What can I do next?