Error Code. 80072EFE with HijackThis log

Welcome. Thank you for using Dell Community Forums.

I am reviewing your log. It appears that you have quite a bit of malware in there. It is surprising that McAfee did not see it. When you say that you barely open Malwarebytes is that because it will not run, or because you do not choose to use it?

While I arrange how to deal with this, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE.

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. It is understood by the trained analysts that once a helper replies to a log, he continues working with you until the issue is resolved.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

We need to see some additional information about what is happening in your machine.

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.
• Click Yes at the prompt for Optional Scan.
• When done, DDS will open two (2) logs

1. DDS.txt
2. Attach.txt

• Save both reports to your desktop.
• Copy/paste both logs to your reply on the forum. Do not attach them.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
• Follow the onscreen instructions inside of the command window.
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log along with the two requested above, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

No Reply within 3 days will result in this topic being closed, and I will remove it from my subscriptions. If you require more time, please let me know.

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.

Please uninstall uTorrent .

Following that, please open Malwarebytes' Anti-Malware. Go to the Update Tab and update MBAM.

• If an update is found, the program will automatically update itself.
• Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates,

manually download them from here
and just double-click on mbam-rules.exe to install.
Alternatively, you can update through MBAM's interface from a clean computer,
copy the definitions (rules.ref) located in
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top.

• When the scan is finished, a message box will say "The scan completed successfully.

• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report along with any other requested logs into your next reply and exit MBAM.

Note:-- If MBAM encounters a file that is difficult to remove,
you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately.
Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- MBAM may make changes to your registry as part of its disinfection routine.
If you're using other security programs that detect registry changes (like Spybot's Teatimer),
they may interfere with the fix or alert you after scanning with MBAM.
Please disable such programs until disinfection is complete or permit them to allow the changes.

**If you need to re-install MBAM but encounter issue in re-installing, try using the MBAM Cleanup Utility by downloading it from HERE

If your system has not rebooted after running MBAM, please do so.

Please run a scan with HijackThis and save your new log.

 Go back to the HijackThis Main window and select "Open the misc tool section"

Click on the Config button.

Click the Misc. Tools button and select "Open uninstall manager". It will show you a list of your installed programs.

Click "Save list" and save it to your desktop. Copy and paste that list as a reply to this thread along with your log from MBAM and the output from the HijackThis scan.

Ok well I guess the closest thing to a cracked program would be my GBA emulator even if it is not, I deleted it. Malwarebytes has opened whenever I wanted it to but it is just that I never paid that much attention to it so I didn't check the things it did. About the System Restore I tried to go to System and to enable, but I just can't find the option to enable anything similar to that so as far as I know it is still off. This computer is mine though I lend it to other people what I do with it is up to me and I have not posted anything on other forums regarding help on any matter.

DDS (Ver_10-03-17.01) - NTFSx86 
Run by IanP at 13:49:49.46 on Sat 07/24/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3545.2003 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\IanP\AppData\Local\Temp\fFollower.exe
c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\conime.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Windows\sminst\sftservice.EXE
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\RUNDLL32.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\IanP\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uURLSearchHooks: Playdom Toolbar: {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - c:\program files\playdom\tbPlay.dll
mURLSearchHooks: Playdom Toolbar: {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - c:\program files\playdom\tbPlay.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: TBSB08970 Class: {10abdd5a-e10e-4af2-95ba-fcb47c7c90a7} - c:\progra~1\powers~1\POWERS~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Playdom Toolbar: {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - c:\program files\playdom\tbPlay.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Playdom Toolbar: {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - c:\program files\playdom\tbPlay.dll
TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [JDK5SWFMZY] c:\windows\temp\Bqd.exe
uRun: [lhyucoqa] c:\users\ianp\appdata\local\xxnlxmmay\ivwrafctssd.exe
uRun: [tdaoxvuy] c:\users\ianp\appdata\local\obkmghewi\yorhslktssd.exe
uRun: [awurqpsys] rundll32.exe "iiijkk.dll",DllRegisterServer
uRun: [setupupdate70702.exe] c:\windows\system32\config\systemprofile\appdata\roaming\9e3edc761a3e9e2ab303e65361b59258\setupupdate70702.exe
uRun: [Qronasevegu] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\Nlmgtui.dll",Startup
uRun: [yousonqo] c:\users\ianp\appdata\local\qwntpatme\mukkmhgtssd.exe
uRun: [{EA3B49BD-A60F-E202-EA39-A003DFBE80EF}] c:\users\ianp\appdata\roaming\ipnino\qopeh.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [sta] rundll32 "lanyp.dll",,Run
mRun: [netc] c:\windows\svc.exe
mRun: [cbywwtsys] rundll32.exe "iiijkk.dll",DllRegisterServer
mRun: [c:\users\ianp\appdata\local\temp\opef333.exe ] c:\users\ianp\appdata\local\temp\opeF333.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\Components\scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\runhstart.bat"
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
dRun: [JDK5SWFMZY] c:\windows\temp\Bqd.exe
dRun: [ksfjeeyu] c:\windows\system32\config\systemprofile\appdata\local\micbatcfp\lpxusqbtssd.exe
dRun: [Qronasevegu] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\Nlmgtui.dll",Startup
dRun: [efdaxvsys] rundll32.exe "iiijkk.dll",DllRegisterServer
StartupFolder: c:\users\ianp\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5808/mcfscan.cab
TCP: {F0929EDD-E08B-41EC-B5A9-6FBBD9EA236C} = 91.188.60.223,8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages = msv1_0 iiijkk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ianp\appdata\roaming\mozilla\firefox\profiles\y3kf4ubl.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm035YYUS&fl=0&ptb=9qaZMj5Pm8vgCZStJBzGHg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {6D937497-CE6B-45D7-924B-036DF16472B7} - c:\users\ianp\appdata\local\{6D937497-CE6B-45D7-924B-036DF16472B7}
FF - HiddenExtension: XULRunner: {C19160C5-B2F6-4E95-9DCA-93271D341251} - c:\windows\system32\config\systemprofile\appdata\local\{c19160c5-b2f6-4e95-9dca-93271d341251}\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-9 214664]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-5-9 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 Follower;Follower;c:\users\ianp\appdata\local\temp\fFollower.exe [2010-7-24 355840]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-9 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-9 144704]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-4-8 668912]
R2 SftService;SoftThinks Agent Service;c:\windows\sminst\SftService.exe [2009-5-9 632048]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-21 54632]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-9 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-9 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-9 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-9 40552]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\turbine\turbine download manager\TurbineMessageService.exe [2010-1-31 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2010-1-31 218608]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-9 34248]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]

=============== Created Last 30 ================

2010-07-24 14:32:17    0    d-----w-    c:\program files\Trend Micro
2010-07-24 14:27:39    284    ----a-w-    C:\sqmnoopt06.sqm
2010-07-24 13:30:05    0    d-sh--w-    c:\windows\system32\lowsec
2010-07-24 13:29:34    0    d-----w-    c:\programdata\Update
2010-07-24 13:29:24    321536    ----a-w-    c:\windows\svc.exe
2010-07-24 13:29:23    81920    ---ha-w-    c:\windows\system32\iiijkk.dll
2010-07-18 01:32:42    284    ----a-w-    C:\sqmnoopt05.sqm
2010-07-18 01:10:09    0    d-----w-    c:\windows\Mozilla
2010-07-17 23:13:10    284    ----a-w-    C:\sqmnoopt04.sqm
2010-07-17 22:56:31    284    ----a-w-    C:\sqmnoopt03.sqm
2010-07-17 13:19:49    204417507    ----a-w-    c:\windows\MEMORY.DMP
2010-07-14 21:35:36    0    d-sh--w-    c:\windows\%APPDATA%
2010-07-14 21:35:14    768000    ----a-w-    c:\windows\system32\drivers\gmdfrwkk.sys
2010-07-14 21:34:49    150    ----a-w-    C:\zrpt.xml
2010-07-03 19:16:17    284    ----a-w-    C:\sqmnoopt02.sqm
2010-07-02 14:01:12    284    ----a-w-    C:\sqmnoopt01.sqm
2010-06-27 18:18:44    120    ----a-w-    C:\sqmnoopt00.sqm
2010-06-27 16:50:34    0    d-----w-    c:\users\ianp\appdata\roaming\Malwarebytes

==================== Find3M  ====================

2010-07-15 19:18:22    130424    ----a-w-    c:\windows\system32\drivers\Mpfp.sys
2010-06-07 23:12:25    79    ----a-w-    c:\users\ianp\appdata\roaming\wp4.dat
2010-06-07 23:12:25    2    ----a-w-    c:\users\ianp\appdata\roaming\wp3.dat
2010-06-07 22:10:24    36    ----a-w-    c:\users\ianp\appdata\roaming\skynet.dat
2009-11-29 20:27:19    665600    ----a-w-    c:\windows\inf\drvindex.dat
2009-11-29 20:27:19    51200    ----a-w-    c:\windows\inf\infpub.dat
2009-11-29 20:27:19    143360    ----a-w-    c:\windows\inf\infstrng.dat
2009-11-29 20:27:19    143360    ----a-w-    c:\windows\inf\infstor.dat
2008-01-21 02:43:21    174    --sha-w-    c:\program files\desktop.ini
2006-11-02 12:42:02    30674    ----a-w-    c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02    30674    ----a-w-    c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02    287440    ----a-w-    c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02    287440    ----a-w-    c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21    287440    ----a-w-    c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21    287440    ----a-w-    c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19    30674    ----a-w-    c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19    30674    ----a-w-    c:\windows\inf\perflib\0000\perfc.dat
2009-10-16 19:55:23    245760    --sha-w-    c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-08-31 15:05:43    245760    --sha-w-    c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-15 22:01:00    16384    --sha-w-    c:\windows\temp\cookies\index.dat
2009-10-15 22:01:00    16384    --sha-w-    c:\windows\temp\history\history.ie5\index.dat
2009-10-15 22:01:00    32768    --sha-w-    c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-05-09 13:51:41    8192    --sha-w-    c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:51:27.56 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/9/2009 2:23:49 AM
System Uptime: 7/24/2010 10:48:27 AM (3 hours ago)

Motherboard: Dell Inc. |  | 0G848F
Processor: Pentium(R) Dual-Core CPU       T4200  @ 2.00GHz | Microprocessor | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 283 GiB total, 161.889 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 7.351 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP287: 5/24/2010 3:18:28 PM - Restore Operation
RP288: 5/24/2010 3:40:03 PM - Restore Operation
RP289: 5/24/2010 3:55:52 PM - Restore Operation
RP290: 5/24/2010 4:18:32 PM - Restore Operation
RP291: 5/24/2010 4:36:30 PM - Restore Operation
RP292: 5/24/2010 7:37:47 PM - Restore Operation
RP296: 5/27/2010 10:14:10 PM - Restore Operation
RP297: 5/27/2010 10:39:31 PM - Restore Operation
RP298: 5/27/2010 10:53:43 PM - Restore Operation
RP299: 5/27/2010 11:22:47 PM - Restore Operation
RP300: 5/27/2010 11:39:06 PM - Restore Operation
RP306: 5/30/2010 1:48:31 PM - Restore Operation
RP307: 5/30/2010 2:04:48 PM - Restore Operation
RP311: 6/2/2010 10:33:55 PM - Restore Operation
RP317: 6/6/2010 11:56:54 PM - Restore Operation

==== Installed Programs ======================

µTorrent
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Antimalware Doctor
Antivirus 2010
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
BrightShadow
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Defense Center
Dell-eBay
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
Dungeons & Dragons Online - Eberron Unlimited™
EPSON NX100 Series Printer Uninstall
GoToAssist 8.0.0.514
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
ITRWoW 3.2.2a
iTunes
Java(TM) 6 Update 11
Junk Mail filter update
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.6)
MSVCRT
OGA Notifier 2.0.0048.0
Pando Media Booster
Playdom Toolbar
Power Search Tool
PowerDVD DX
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype web features
Skype™ 4.1
SlingPlayer
Street-Ads Browser Enhancer
Turbine Download Manager
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon Broadband Toolbar (IE only)
Verizon Servicepoint 3.5.10
Vz In Home Agent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Wizard101
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

7/24/2010 9:30:57 AM, Error: Service Control Manager [7030]  - The Follower service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
7/24/2010 6:51:07 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error:  An instance of the service is already running.
7/24/2010 6:48:07 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
7/24/2010 5:03:29 AM, Error: Service Control Manager [7034]  - The Marvell Yukon Service service terminated unexpectedly.  It has done this 1 time(s).
7/24/2010 12:33:24 PM, Error: netbt [4321]  - The name "JOVAN          :0" could not be registered on the interface with IP address 192.168.1.3. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
7/24/2010 12:11:07 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
7/24/2010 12:09:11 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
7/24/2010 11:17:53 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer JCLAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F0929EDD-E08B-41EC-B5A9-6FBBD9EA2. The master browser is stopping or an election is being forced.
7/24/2010 10:49:44 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the User Profile Service service to connect.
7/24/2010 10:49:44 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.
7/24/2010 10:49:44 AM, Error: Service Control Manager [7001]  - The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
7/24/2010 10:49:44 AM, Error: Service Control Manager [7000]  - The User Profile Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/24/2010 10:49:44 AM, Error: Service Control Manager [7000]  - The Multimedia Class Scheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/24/2010 10:49:44 AM, Error: Service Control Manager [7000]  - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/24/2010 10:49:44 AM, Error: Service Control Manager [7000]  - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/24/2010 10:48:58 AM, Error: EventLog [6008]  - The previous system shutdown at 10:47:17 AM on 7/24/2010 was unexpected.
7/24/2010 10:47:17 AM, Error: EventLog [6008]  - The previous system shutdown at 10:46:17 AM on 7/24/2010 was unexpected.
7/24/2010 10:25:47 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Themes service to connect.
7/24/2010 10:25:47 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the System Event Notification Service service to connect.
7/24/2010 10:25:47 AM, Error: Service Control Manager [7000]  - The Themes service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/24/2010 10:25:47 AM, Error: Service Control Manager [7000]  - The System Event Notification Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/24/2010 10:24:13 AM, Error: EventLog [6008]  - The previous system shutdown at 10:22:36 AM on 7/24/2010 was unexpected.
7/24/2010 10:22:49 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/24/2010 10:22:48 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/24/2010 10:22:47 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/24/2010 10:22:44 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/24/2010 10:22:36 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/24/2010 10:22:01 AM, Error: EventLog [6008]  - The previous system shutdown at 10:20:05 AM on 7/24/2010 was unexpected.
7/24/2010 10:20:05 AM, Error: EventLog [6008]  - The previous system shutdown at 10:18:27 AM on 7/24/2010 was unexpected.
7/23/2010 12:50:27 AM, Error: BROWSER [8007]  - The browser was unable to update the service status bits.  The data is the error.
7/17/2010 9:24:48 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Shell Hardware Detection service to connect.
7/17/2010 9:24:48 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Extensible Authentication Protocol service to connect.
7/17/2010 9:24:48 PM, Error: Service Control Manager [7001]  - The WLAN AutoConfig service depends on the Extensible Authentication Protocol service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
7/17/2010 9:24:48 PM, Error: Service Control Manager [7001]  - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
7/17/2010 9:24:48 PM, Error: Service Control Manager [7000]  - The Extensible Authentication Protocol service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/17/2010 9:20:01 AM, Error: EventLog [6008]  - The previous system shutdown at 9:18:10 AM on 7/17/2010 was unexpected.

==== End Of File ===========================

 Results of screen317's Security Check version 0.99.4 
 Windows Vista Service Pack 2 (UAC is disabled!)
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled! 
 Antivirus 2010    
 McAfee SecurityCenter    
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 Java(TM) 6 Update 11 
 Out of date Java installed!
 Adobe Flash Player 10.1.53.64 
Adobe Reader 9
Out of date Adobe Reader installed!
 Mozilla Firefox (3.6.6)
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 McAfee VIRUSS~1 mcshield.exe 
````````````````````````````````
DNS Vulnerability Check:
 Unknown. This method cannot test your vulnerability to DNS cache poisoning.

``````````End of Log````````````

....I believe that is everything thx again for the help ^^.

Well I ran into some problems, every time I do something related to malwarebytes my computer gets a blue screen. So I am really stuck and now this Antimalware Doctor program is bothering me I really don't know what to do next any suggestions?

As long as you have already installed MBAM let's see if you can simply rename mbam.exe. Try renaming it bozo.exe.

You will be changing this one:  http://www.gt500.org/images/rename_mbam.png
Please download Rkill by Grinler from one of the links below and save it to your desktop.

• Link 2
  Link 3
  Link 4
  

• Double-click on the Rkill desktop icon to run the tool.
• Using Vista, right-click on it and Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.

A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish.
Now....
See if your renamed MBAM (bozo) will run so that you can REMOVE SELECTED and post your log as requested above.

No, you were not supposed to fix anything with HijackThis yet. As you can see, MBAM found a lot of infection in there.  We still have more to do.

Please visit this webpage for download links, and instructions for running ComboFix (If you have a prior copy of Combofix, delete it now!) :

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



Double click on ComboFix.exe & follow the prompts.

• As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.
Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log for further review.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

* Additional information on A/V control HERE. * ComboFix is not intended for use with servers.

I wasn't supposed to "fix" selected with HijackThis right? because I didn't do that

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4345

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

7/24/2010 7:59:13 PM
mbam-log-2010-07-24 (19-59-13).txt

Scan type: Quick scan
Objects scanned: 166913
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 17
Registry Values Infected: 16
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 71

Memory Processes Infected:
C:\Windows\System32\config\systemprofile\AppData\Roaming\9E3EDC761A3E9E2AB303E65361B59258\setupupdate70702.exe (Trojan.Agent.Gen) -> Unloaded process successfully.

Memory Modules Infected:
C:\Windows\System32\iiijkk.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\config\systemprofile\AppData\Local\Nlmgtui.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JDK5SWFMZY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\follower (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Sysinternals Antivirus (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\setupupdate70702.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qronasevegu (Trojan.Hiloti) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qronasevegu (Trojan.Hiloti) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jdk5swfmzy (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lhyucoqa (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tdaoxvuy (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yousonqo (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\awurqpsys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cbywwtsys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\efdaxvsys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\efdaxvsys (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\IanP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sysinternals Antivirus (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.
C:\Windows\System32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\iiijkk.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\config\systemprofile\AppData\Roaming\9E3EDC761A3E9E2AB303E65361B59258\setupupdate70702.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Nlmgtui.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Windows\system32\Drivers\gmdfrwkk.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\0.345412721178449.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\0.7127039105708863.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\rvWPCqOsYw.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\wrkB2F4.tmp_30 (Trojan.Scar) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\wrkC325.tmp_30 (Trojan.Scar) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\wrkD197.tmp_30 (Trojan.Scar) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\wrkD385.tmp_30 (Trojan.Scar) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\wrkF493.tmp_30 (Trojan.Scar) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\itse.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\lvjhkt.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\insF954.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\wrkACE7.tmp_30 (Trojan.Scar) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\wrk66FC.tmp_30 (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\FC4E.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\ins77A4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\insB1B7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\insB861.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\insC7D7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\insD648.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\insD827.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\insE980.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\pkujnvv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\jHYgUZOXVZ.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\leajHKzMRQ.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Windows\Temp\9.7027712845825E7.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\VBEEceovwG.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Windows\Temp\mrxru.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\Temp\BFE1.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\About.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Activate.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Buy.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Defense Center Support.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Defense Center.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Scan.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Settings.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Update.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\About.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Activate.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Buy.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Defense Center Support.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Defense Center.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Scan.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Settings.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defense Center\Update.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.
C:\Windows\System32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Windows\System32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Windows\System32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\ProgramData\Update\seupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Defense Center.LNK (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Windows\System32\ernel32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Windows\Temp\0.34194301437978314.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\0.6802962783401109.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\1_goo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\6_ldry3no.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\4_pinnew.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\2_load.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\60325cahp25ca2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\avto.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\ffollower.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\IanP\AppData\Local\Temp\q1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Windows\svc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:17:38 PM, on 7/24/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\svchosty.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\svchosty.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\svchosty.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\svchosty.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\svchosty.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\svchosty.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\svchosty.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\svchosty.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\svchosty.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: TBSB08970 - {10ABDD5A-E10E-4AF2-95BA-FCB47C7C90A7} - C:\PROGRA~1\POWERS~1\POWERS~1.DLL (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Playdom Toolbar - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPlay.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Playdom Toolbar - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPlay.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [C:\Users\IanP\AppData\Local\Temp\opeF333.exe ] C:\Users\IanP\AppData\Local\Temp\opeF333.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [JDK5SWFMZY] C:\Windows\Temp\Bqd.exe
O4 - HKCU\..\Run: [ksfjeeyu] C:\Windows\system32\config\systemprofile\AppData\Local\micbatcfp\lpxusqbtssd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5808/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0929EDD-E08B-41EC-B5A9-6FBBD9EA236C}: NameServer = 91.188.60.223,8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Windows\sminst\sftservice.EXE
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 14060 bytes

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Antivirus 2010
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
BrightShadow
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
Dell-eBay
Dungeons & Dragons Online - Eberron Unlimited™
EPSON NX100 Series Printer Uninstall
GoToAssist 8.0.0.514
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
ITRWoW 3.2.2a
iTunes
Java(TM) 6 Update 11
Junk Mail filter update
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.6)
MSVCRT
OGA Notifier 2.0.0048.0
Pando Media Booster
Playdom Toolbar
Power Search Tool
PowerDVD DX
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype web features
Skype™ 4.1
SlingPlayer
SlingPlayer
Turbine Download Manager
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon Broadband Toolbar (IE only)
Verizon Servicepoint 3.5.10
Vz In Home Agent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Wizard101
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

The Microsoft Recovery Console prompt never appeared during the search just thought I should point it out. Also the Combofix icon is no longer in my Desktop, for some reason I can't find it.

ComboFix 10-07-24.03 - IanP 07/25/2010   9:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3545.2353 [GMT -4:00]
Running from: c:\windows\system32\config\systemprofile\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\program files\Power Search Tool
c:\program files\Power Search Tool\alert_plugin.dll
c:\program files\Power Search Tool\basis.xml
c:\program files\Power Search Tool\ebay.bmp
c:\program files\Power Search Tool\icons.bmp
c:\program files\Power Search Tool\logo-4.bmp
c:\program files\Power Search Tool\mbback.bmp
c:\program files\Power Search Tool\mbbigopen.bmp
c:\program files\Power Search Tool\mbclose.bmp
c:\program files\Power Search Tool\mbfwd.bmp
c:\program files\Power Search Tool\mbsep.bmp
c:\program files\Power Search Tool\nav1c.bmp
c:\program files\Power Search Tool\options.html
c:\program files\Power Search Tool\PowerSearchTool4_0.crc
c:\program files\Power Search Tool\version.txt
c:\users\IanP\AppData\Local\Windows Server
c:\users\IanP\AppData\Roaming\758bad87.exe
c:\users\IanP\AppData\Roaming\Ipnino
c:\users\IanP\AppData\Roaming\Ipnino\qopeh.exe
c:\users\IanP\AppData\Roaming\scdata
c:\users\IanP\AppData\Roaming\skynet.dat
c:\users\IanP\AppData\Roaming\wp3.dat
c:\users\IanP\AppData\Roaming\wp4.dat
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\%appdata%
c:\windows\system32\config\systemprofile\AppData\Local\Windows Server
c:\windows\system32\config\systemprofile\AppData\Local\Windows Server\flags.ini
c:\windows\system32\config\systemprofile\AppData\Local\Windows Server\uses32.dat
c:\windows\system32\config\systemprofile\AppData\Roaming\9E3EDC761A3E9E2AB303E65361B59258
c:\windows\system32\config\systemprofile\AppData\Roaming\9E3EDC761A3E9E2AB303E65361B59258\enemies-names.txt
c:\windows\system32\config\systemprofile\AppData\Roaming\9E3EDC761A3E9E2AB303E65361B59258\local.ini
c:\windows\system32\config\systemprofile\AppData\Roaming\9E3EDC761A3E9E2AB303E65361B59258\lsrslt.ini
c:\windows\system32\st326124.dll
E:\AUTORUN.INF

Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PRAGMAtptvtyrxpm
-------\Service_PRAGMAtptvtyrxpm


(((((((((((((((((((((((((   Files Created from 2010-06-25 to 2010-07-25  )))))))))))))))))))))))))))))))
.

2010-07-25 13:16 . 2010-07-25 13:21    --------    d-----w-    c:\users\IanP\AppData\Local\temp
2010-07-25 13:16 . 2010-07-25 13:16    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2010-07-25 13:16 . 2010-07-25 13:16    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-07-25 13:16 . 2010-07-25 13:16    --------    d-----w-    c:\users\Bibi\AppData\Local\temp
2010-07-25 13:16 . 2010-07-25 13:16    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-07-25 13:16 . 2010-07-25 13:16    --------    d-----w-    c:\users\Admin\AppData\Local\temp
2010-07-24 23:49 . 2010-04-29 19:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-24 23:49 . 2010-04-29 19:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-07-24 19:30 . 2010-07-24 23:49    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-07-24 18:49 . 2010-07-24 18:49    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Roaming\uTorrent
2010-07-24 14:32 . 2010-07-24 14:32    --------    d-----w-    c:\program files\Trend Micro
2010-07-24 13:29 . 2010-07-24 13:29    --------    d-----w-    c:\users\IanP\AppData\Local\qwntpatme
2010-07-24 13:29 . 2010-07-24 23:59    --------    d-----w-    c:\programdata\Update
2010-07-24 11:58 . 2010-07-24 11:58    --------    d-----w-    c:\users\IanP\AppData\Local\obkmghewi
2010-07-24 10:15 . 2010-07-24 10:15    --------    d-----w-    c:\users\IanP\AppData\Local\xxnlxmmay
2010-07-19 07:58 . 2010-07-19 07:58    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\{C19160C5-B2F6-4E95-9DCA-93271D341251}
2010-07-19 07:56 . 2010-07-19 07:56    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\micbatcfp
2010-07-18 01:16 . 2010-07-18 01:16    --------    d-----w-    c:\program files\NOS
2010-07-18 01:10 . 2010-07-18 01:10    --------    d-----w-    c:\windows\Mozilla
2010-07-17 23:14 . 2010-07-17 23:14    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-07-17 00:28 . 2010-07-17 00:28    --------    d-----w-    c:\users\IanP\AppData\Local\qibjpikbc
2010-07-17 00:26 . 2010-07-17 00:26    --------    d-----w-    c:\users\IanP\AppData\Local\eotrnaopm
2010-07-14 21:35 . 2010-07-14 21:35    --------    d-sh--w-    c:\windows\%APPDATA%
2010-07-14 21:34 . 2010-07-14 21:34    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\cnvgjfkbp
2010-07-12 22:07 . 2010-07-12 22:07    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\fsqmrfmeb
2010-07-10 09:53 . 2010-07-10 09:53    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\ckrgfchkm
2010-07-03 21:28 . 2010-07-19 07:58    120    ----a-w-    c:\windows\system32\config\systemprofile\AppData\Local\Bkebe.dat
2010-07-03 21:28 . 2010-07-19 07:58    0    ----a-w-    c:\windows\system32\config\systemprofile\AppData\Local\Rsehura.bin
2010-07-02 17:37 . 2010-07-02 17:37    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\rxymnfptc
2010-07-02 14:08 . 2010-07-02 14:08    --------    d-----w-    c:\users\IanP\AppData\Local\{6D937497-CE6B-45D7-924B-036DF16472B7}
2010-07-01 15:07 . 2010-07-01 15:07    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\Apple
2010-07-01 15:06 . 2010-07-01 15:06    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2010-07-01 15:06 . 2010-07-01 15:06    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2010-06-29 00:52 . 2010-06-29 00:52    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\tbplctcvp
2010-06-28 03:36 . 2010-06-28 03:37    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\bywyfbwqu
2010-06-27 16:50 . 2010-07-24 23:49    --------    d-----w-    c:\users\IanP\AppData\Roaming\Malwarebytes
2010-06-26 08:14 . 2010-07-24 08:52    120    ----a-w-    c:\users\IanP\AppData\Local\Bkebe.dat
2010-06-26 08:14 . 2010-07-24 08:52    0    ----a-w-    c:\users\IanP\AppData\Local\Rsehura.bin
2010-06-26 08:12 . 2010-06-26 08:12    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\tlhkdyrlg

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-25 13:23 . 2010-02-07 23:22    --------    d-----w-    c:\users\IanP\AppData\Roaming\Skype
2010-07-25 00:03 . 2010-06-07 23:01    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-07-24 23:37 . 2010-06-07 23:01    --------    d-----w-    c:\programdata\Malwarebytes
2010-07-24 20:01 . 2010-05-22 21:10    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Roaming\Skype
2010-07-24 14:55 . 2010-07-24 14:55    388096    ----a-r-    c:\users\IanP\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-24 13:46 . 2009-12-15 19:00    --------    d-----w-    c:\users\IanP\AppData\Roaming\Niumor
2010-07-24 09:04 . 2009-05-09 11:43    --------    d-----w-    c:\program files\McAfee
2010-07-23 06:27 . 2010-04-21 17:40    --------    d-----w-    c:\program files\ITRWoW-LK-322a
2010-07-23 03:46 . 2009-11-21 23:16    999256    ----a-w-    c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\WizardLauncher.exe
2010-07-23 03:46 . 2009-11-21 23:16    999256    ----a-w-    c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\WizardLauncher.exe
2010-07-23 03:46 . 2010-01-06 00:43    73728    ----a-w-    c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\PatchClientUIRsrc-En.dll
2010-07-23 03:46 . 2010-01-06 00:43    39424    ----a-w-    c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\ConfiguratorResEnglish.dll
2010-07-23 03:46 . 2010-01-06 00:43    73728    ----a-w-    c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\PatchClientUIRsrc-En.dll
2010-07-23 03:46 . 2010-01-06 00:43    39424    ----a-w-    c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\ConfiguratorResEnglish.dll
2010-07-23 03:46 . 2009-11-21 23:16    102232    ----a-w-    c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\Configurator.exe
2010-07-23 03:46 . 2009-11-21 23:16    102232    ----a-w-    c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\Configurator.exe
2010-07-18 05:40 . 2010-04-12 19:44    --------    d-----w-    c:\programdata\PMB Files
2010-07-18 05:40 . 2009-06-25 22:42    --------    d-----w-    c:\programdata\Yahoo! Companion
2010-07-18 05:40 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2010-07-18 05:40 . 2009-05-09 11:41    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-07-18 01:25 . 2010-06-03 02:20    --------    d-----w-    c:\programdata\NOS
2010-07-15 19:18 . 2009-05-09 11:43    130424    ----a-w-    c:\windows\system32\drivers\Mpfp.sys
2010-06-07 23:13 . 2010-06-07 22:08    --------    d-----w-    c:\users\IanP\AppData\Roaming\Sysinternals Antivirus
2010-06-07 04:04 . 2010-01-31 05:00    --------    d-----w-    c:\program files\Turbine
2010-06-07 04:04 . 2010-04-13 03:49    --------    d-----w-    c:\program files\Gpotato
2010-06-07 04:04 . 2010-02-07 23:22    --------    d-----w-    c:\program files\Common Files\Skype
2010-06-07 04:04 . 2010-02-07 23:22    --------    d-----r-    c:\program files\Skype
2010-06-07 04:04 . 2010-01-24 20:37    --------    d-----w-    c:\program files\Conduit
2010-06-07 04:04 . 2010-01-24 20:37    --------    d-----w-    c:\program files\Playdom
2010-06-07 03:39 . 2010-06-07 03:39    --------    d-----w-    c:\users\Default\AppData\Roaming\Yahoo!
2010-06-03 02:26 . 2010-02-07 23:22    --------    d-----w-    c:\users\IanP\AppData\Roaming\Skype(178)
2010-05-28 04:34 . 2009-10-17 15:33    --------    d-----w-    c:\programdata\Microsoft Help
2010-05-28 04:29 . 2010-02-07 23:22    --------    d-----w-    c:\programdata\Skype
2010-05-28 04:22 . 2010-02-07 23:25    --------    d-----w-    c:\users\IanP\AppData\Roaming\skypePM
2010-05-28 03:11 . 2010-05-28 03:11    --------    d-----w-    c:\users\Default\AppData\Roaming\Dell
2010-05-22 20:47 . 2009-05-16 19:57    70744    ----a-w-    c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-08 16:59 . 2009-12-16 01:24    6080    ----a-w-    c:\users\IanP\AppData\Local\d3d9caps.dat
2009-05-09 13:51 . 2009-05-09 13:48    8192    --sha-w-    c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{69d1a568-ffdf-4ef5-8919-7003582e0ee8}"= "c:\program files\Playdom\tbPlay.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}]
2009-12-31 16:53    2349080    ----a-w-    c:\program files\Playdom\tbPlay.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{69d1a568-ffdf-4ef5-8919-7003582e0ee8}"= "c:\program files\Playdom\tbPlay.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{69D1A568-FFDF-4EF5-8919-7003582E0EE8}"= "c:\program files\Playdom\tbPlay.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-12 2937528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-11-18 4269296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\Components\scheduler\Launcher.exe" [2009-02-23 165104]
"DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2008-10-29 123]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

c:\users\Bibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

c:\users\IanP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-09 11:48    10536    ----a-w-    c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):34,0f,c1,e7,0c,70,ca,01

R3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2010-02-07 271856]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2010-02-07 218608]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-15 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2009-11-18 668912]
S2 SftService;SoftThinks Agent Service;c:\windows\sminst\sftservice.EXE [2009-02-23 632048]
S2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2009-09-25 93960]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc


--- Other Services/Drivers In Memory ---

*Deregistered* - gmdfrwkk

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
getPlusHelper    REG_MULTI_SZ       getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2010-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2010-07-25 c:\windows\Tasks\User_Feed_Synchronization-{860E7A72-934C-4886-A740-84DCD0BE1E18}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {F0929EDD-E08B-41EC-B5A9-6FBBD9EA236C} = 91.188.60.223,8.8.8.8
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
FF - ProfilePath - c:\users\IanP\AppData\Roaming\Mozilla\Firefox\Profiles\y3kf4ubl.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm035YYUS&fl=0&ptb=9qaZMj5Pm8vgCZStJBzGHg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {6D937497-CE6B-45D7-924B-036DF16472B7} - c:\users\IanP\AppData\Local\{6D937497-CE6B-45D7-924B-036DF16472B7}
FF - HiddenExtension: XULRunner: {C19160C5-B2F6-4E95-9DCA-93271D341251} - c:\windows\system32\config\systemprofile\AppData\Local\{C19160C5-B2F6-4E95-9DCA-93271D341251}\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{EA3B49BD-A60F-E202-EA39-A003DFBE80EF} - c:\users\IanP\AppData\Roaming\Ipnino\qopeh.exe
HKLM-Run-c:\users\IanP\AppData\Local\Temp\opeF333.exe  - c:\users\IanP\AppData\Local\Temp\opeF333.exe



**************************************************************************
scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gmdfrwkk]

.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\windows\SMINST\Components\scheduler\STService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Verizon\VSP\VerizonServicepointComHandler.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-07-25  09:28:17 - machine was rebooted
ComboFix-quarantined-files.txt  2010-07-25 13:28

Pre-Run: 172,959,428,608 bytes free
Post-Run: 173,629,169,664 bytes free

- - End Of File - - 2CCE191580357C6B07308EA75C3185B3

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:33:54 AM, on 7/25/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\conime.exe
C:\windows\SMINST\Components\scheduler\STService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Playdom Toolbar - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPlay.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Playdom Toolbar - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPlay.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Playdom Toolbar - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPlay.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5808/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0929EDD-E08B-41EC-B5A9-6FBBD9EA236C}: NameServer = 91.188.60.223,8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Windows\sminst\sftservice.EXE
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 12698 bytes

Vista already has the RC, so you would not see that.

* Please let me know if you want to keep the Playdom Toolbar. It is open to debate as to whether it should be kept: http://www.systemlookup.com/search.php?list=&type=clsid&search=69d1a568-ffdf-4ef5-8919-7003582e0ee8&s=

If you don't want it, please go to Add/Remove and uninstall it.

Following that, delete the Playdom folder: c:\program files\Playdom

If you cannot find ComboFix on your Desktop, download it again. Make sure you save it DIRECTLY to the Desktop this time.

You had quite a mess in there.That is unusual for a Vista system running McAfee - unless you installed McAfee after the fact.. I'm not sure we can get all of it, but I will certainly try. Any idea how that computer got so intected?

Do you have any idea what this is? c:\users\IanP\AppData\Roaming\Niumor

Let's continue with ComboFix:

Disconnect from the internet....pull the plug!
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray.

Here are the McAfee instructions to be sure McAfee is not deleting Combofix or interfering:

If that does not work, please uninstall McAfee. (If you have the CD's, or use McAfee Support,  you can re-install it once we have verified that the computer is clean.)

• Please open McAfee Security Centre
• Under Common Tasks click on Home
• Click Computer Files
• Click Configure
• Make sure the following are disabled by ticking the "Off" button.

• Next, select never for "When to re-enable real time scanning"
• and click OK.

Further info on disabling and re-enabling McAfee: http://help.aol.com/help/microsites/microsite.do?cmd=displayKCPopup&docType=kc&externalID=222820

Open Notepad and copy/paste the following text between the lines below. Do not copy the dotted lines.
 ** Make sure you copy/paste ALL the text at once. Do not try to edit extra spaces. It will copy correctly to Notepad if you highlight and copy as is.

-----------------------------------------------------------------------------------

File::
c:\windows\system32\config\systemprofile\AppData\Local\Bkebe.dat
c:\windows\system32\config\systemprofile\AppData\Local\Rsehura.bin


Folder::
c:\users\IanP\AppData\Local\qwntpatme
c:\users\IanP\AppData\Local\obkmghewi
c:\users\IanP\AppData\Local\xxnlxmmay
c:\windows\system32\config\systemprofile\AppData\Local\{C19160C5-B2F6-4E95-9DCA-93271D341251}
c:\windows\system32\config\systemprofile\AppData\Local\micbatcfp
c:\users\IanP\AppData\Local\qibjpikbc
c:\users\IanP\AppData\Local\eotrnaopm
c:\windows\system32\config\systemprofile\AppData\Local\cnvgjfkbp
c:\windows\system32\config\systemprofile\AppData\Local\fsqmrfmeb
c:\windows\system32\config\systemprofile\AppData\Local\ckrgfchkm
c:\windows\system32\config\systemprofile\AppData\Local\rxymnfptc
c:\users\IanP\AppData\Local\{6D937497-CE6B-45D7-924B-036DF16472B7}
c:\windows\system32\config\systemprofile\AppData\Local\tbplctcvp
c:\windows\system32\config\systemprofile\AppData\Local\bywyfbwqu
c:\windows\system32\config\systemprofile\AppData\Local\tlhkdyrlg


DirLook::
c:\programdata\Update


----------------------------------------------------------------------------

  Save this as CFScript.txt

Referring to the picture above, drag CFScript into ComboFix.exe

You will be prompted to run Combofix again.

Follow the same instructions you did before for running ComboFix. CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

When finished, a log is produced here: C:\ComboFix.txt.

Please download GooredFix and save it to your Desktop.

Double-click Goored.exe to run it.

Select 1. Find Goored (no fix) by typing 1 and pressing Enter.

A log will open, please post the contents of that log in your next reply along with your other requested logs. (It can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

In your next reply, please post that log along with:

1. Your recent ComboFix log

2. A new HijackThis log.

Goored Fix gives me a prompt that it will check for infections and remove them, doesn't let me type anything so I don't know if I should continue because you said no "fix". Also I have no idea how the computer got so infected and no I do not know what that file is.

Click Start >> Run and then copy/paste the following into the box and hit Enter:
"%userprofile%\Desktop\GooredFix.exe /uninstall"
If any of your security programs query a new Registry/AutoStart value being added please allow the changes.

Don't forget to enable McAfee again.

Please go to the Update Tab in Malwarebytes' Anti-Malware, and update it.

Run a scan and please post your new log. Let me know  how things are running at that point. Please include a fresh HijackThis log. If everything looks good, we''ll update Java  and continue with cleanup.

Is McAfee still disabled? It should be so that it does not interfere.

Did you type 1 and press Enter? A log should have opened. You won't have to look for it. Just copy it and paste it here.

I copied the %userprofile%\Desktop\GooredFix.exe /uninstall(without the quotation marks) and pressed enter but it just prompted me to do another scan and it wasn't uninstalled also when I do the Malwarebytes scan do I also remove? just thought I might ask.

The Computer itself is running great and its checking for updates now but I haven't installed any of them so it doesn't screw up with what you are doing which I appreciate greatly.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4352

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

7/26/2010 11:45:41 AM
mbam-log-2010-07-26 (11-45-41).txt

Scan type: Quick scan
Objects scanned: 165524
Time elapsed: 7 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\Drivers\gmdfrwkk.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:51:52 AM, on 7/26/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\windows\SMINST\Components\scheduler\STService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\wscript.exe
C:\Windows\sminst\DataSafe.exe
C:\Windows\sminst\Components\FileBackup\BackupPlg.exe
C:\Windows\System32\vdsldr.exe
C:\Windows\sminst\Components\PSTImageExt\STImageExtPlg.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Playdom Toolbar - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPlay.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Playdom Toolbar - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPlay.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Playdom Toolbar - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPlay.dll (file missing)
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5808/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0929EDD-E08B-41EC-B5A9-6FBBD9EA236C}: NameServer = 91.188.60.223,8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Windows\sminst\sftservice.EXE
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 12634 bytes