Redirecting while searching

i  havent posted anywhere else so theres no other link.  I was just thinking, i had a p2p program on here a few weeks ago. i figured thats when and where all the problems started . Its been deleted for over a month now. Im not sure if i got all of it or not.

A dns hacker well that dosent sound pleasant. As far as i know it was only ares that i had on here. Not sure wife uses this computer as well. And a 2 year old does when no ones lookin.  He likes to push all kinds of butons..  LOL

If you have removed Ares and any others that you are aware of, we will remove anything else that shows up. I also ask that, until this problem is fixed, you limit your online time to downloading our tools and coming here to get cleaned up. Surfing with that DNS hijacker present may undo all our good work.

Welcome. Thank you for using Dell Community Forums.
I am reviewing your log.
In the meantime, you can help me by doing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you are using any cracked software, please remove it.
Definition of cracked software:
http://en.wikipedia.org/wiki/Software_cracking

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.
The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That would be your Ares as well as any other file sharing programs.

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log.

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures.
Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using.

** We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case.
Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

I look forward to your reply.

He likes to push all kinds of butons.. LOL
Oh, great!


If you do not use Poker Stars, remove it. Then delete its folder if it still exists:
C:\Program Files\ PokerStars

Let's continue with downloading KILLBOX, extract it to your desktop.
If not available, here is an alternate link for the download:
KILLBOX



Note: In the event you already have Killbox, this is a new version that I need you to download
Save it to your Desktop.
Do not run it yet.

Please launch HijackThis and place a checkmark next to the following if they still exist:

O4 - HKLM\..\Run: [dmwil.exe] C:\Windows\system32\dmwil.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [dmqma.tmp] C:\Windows\system32\dmqma.tmp
O4 - HKCU\..\Run: [dmfwa.tmp] C:\Windows\system32\dmfwa.tmp
O4 - HKCU\..\Run: [dmzwb.tmp] C:\Windows\system32\dmzwb.tmp
O4 - HKCU\..\Run: [dmrsj.tmp] C:\Windows\system32\dmrsj.tmp
O4 - HKCU\..\Run: [dmovs.tmp] C:\Windows\system32\dmovs.tmp
O4 - HKCU\..\Run: [dmmsh.tmp] C:\Windows\system32\dmmsh.tmp
O4 - HKCU\..\Run: [dmbei.tmp] C:\Windows\system32\dmbei.tmp
O4 - HKCU\..\Run: [dmsev.tmp] C:\Windows\system32\dmsev.tmp
O4 - HKCU\..\Run: [dmgey.tmp] C:\Windows\system32\dmgey.tmp
O4 - HKCU\..\Run: [dmekh.tmp] C:\Windows\system32\dmekh.tmp
O4 - HKCU\..\Run: [dmbvu.tmp] C:\Windows\system32\dmbvu.tmp
O4 - HKCU\..\Run: [dmmpf.tmp] C:\Windows\system32\dmmpf.tmp
O4 - HKCU\..\Run: [dmxcz.tmp] C:\Windows\system32\dmxcz.tmp
O4 - HKCU\..\Run: [dmyeh.tmp] C:\Windows\system32\dmyeh.tmp
O4 - HKCU\..\Run: [dmhqe.tmp] C:\Windows\system32\dmhqe.tmp
O4 - HKCU\..\Run: [dmcrd.tmp] C:\Windows\system32\dmcrd.tmp
O4 - HKCU\..\Run: [dmtcs.tmp] C:\Windows\system32\dmtcs.tmp
O4 - HKCU\..\Run: [dmobu.tmp] C:\Windows\system32\dmobu.tmp
O4 - HKCU\..\Run: [dmznc.tmp] C:\Windows\system32\dmznc.tmp
O4 - HKCU\..\Run: [dmyfk.tmp] C:\Windows\system32\dmyfk.tmp
O4 - HKCU\..\Run: [dmjlx.tmp] C:\Windows\system32\dmjlx.tmp
O4 - HKCU\..\Run: [dmtoj.tmp] C:\Windows\system32\dmtoj.tmp
O4 - HKCU\..\Run: [dmawm.tmp] C:\Windows\system32\dmawm.tmp
O4 - HKCU\..\Run: [dmata.tmp] C:\Windows\system32\dmata.tmp
O4 - HKCU\..\Run: [dmwvy.tmp] C:\Windows\system32\dmwvy.tmp
O4 - HKCU\..\Run: [dmkpr.tmp] C:\Windows\system32\dmkpr.tmp
O4 - HKCU\..\Run: [dmrkl.tmp] C:\Windows\system32\dmrkl.tmp
O4 - HKCU\..\Run: [dmmvv.tmp] C:\Windows\system32\dmmvv.tmp
O4 - HKCU\..\Run: [dmdrm.tmp] C:\Windows\system32\dmdrm.tmp
O4 - HKCU\..\Run: [dmmkp.tmp] C:\Windows\system32\dmmkp.tmp
O4 - HKCU\..\Run: [dmoxm.tmp] C:\Windows\system32\dmoxm.tmp
O4 - HKCU\..\Run: [dmwvj.tmp] C:\Windows\system32\dmwvj.tmp
O4 - HKCU\..\Run: [dmvna.tmp] C:\Windows\system32\dmvna.tmp
O4 - HKCU\..\Run: [dmbxr.tmp] C:\Windows\system32\dmbxr.tmp
O17 - HKLM\System\CCS\Services\Tcpip\..\{5909B929-58F5-4821-B09B-8AA8BE97E48B}: NameServer = 85.255.116.73,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{C24B945B-4C22-4625-B0D4-54380FE8DD7F}: NameServer = 85.255.116.73,85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.187

Close all windows except Hijackthis and click "Fix Checked". Close HijackThis.

Please double-click Killbox.exe to run it.
Select: Delete on Reboot


Click on the All Files button.


Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


C:\Windows\system32\dmwil.exe
C:\Windows\system32\dmqma.tmp
C:\Windows\system32\dmfwa.tmp
C:\Windows\system32\dmzwb.tmp
C:\Windows\system32\dmrsj.tmp
C:\Windows\system32\dmovs.tmp
C:\Windows\system32\dmmsh.tmp
C:\Windows\system32\dmbei.tmp
C:\Windows\system32\dmsev.tmp
C:\Windows\system32\dmgey.tmp
C:\Windows\system32\dmekh.tmp
C:\Windows\system32\dmbvu.tmp
C:\Windows\system32\dmmpf.tmp
C:\Windows\system32\dmxcz.tmp
C:\Windows\system32\dmyeh.tmp
C:\Windows\system32\dmhqe.tmp
C:\Windows\system32\dmcrd.tmp
C:\Windows\system32\dmtcs.tmp
C:\Windows\system32\dmobu.tmp
C:\Windows\system32\dmznc.tmp
C:\Windows\system32\dmyfk.tmp
C:\Windows\system32\dmjlx.tmp
C:\Windows\system32\dmtoj.tmp
C:\Windows\system32\dmawm.tmp
C:\Windows\system32\dmata.tmp
C:\Windows\system32\dmwvy.tmp
C:\Windows\system32\dmkpr.tmp
C:\Windows\system32\dmrkl.tmp
C:\Windows\system32\dmmvv.tmp
C:\Windows\system32\dmdrm.tmp
C:\Windows\system32\dmmkp.tmp
C:\Windows\system32\dmoxm.tmp
C:\Windows\system32\dmwvj.tmp
C:\Windows\system32\dmvna.tmp
C:\Windows\system32\dmbxr.tmp

Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button.
Click Yes at the Delete on Reboot prompt.
Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message.).

If your computer does not restart automatically, please restart it manually into normal mode.

[Note: Killbox makes backups of all deleted files & folders in a folder called C:\!killbox ]
If Killbox tells you any files are missing don't worry but make a note and let us know in your next reply.

1. Click the Microsoft Vista Start logo in the bottom left corner of the screen
2. Click All Programs
3. Click Accessories
4. RIGHT-click on Command Prompt
5. Select Run As Administrator

6. In the command window type the following:
ipconfig /flushdns

7.Hit Enter
(Notice the space between the g and the slash.)

8. You will see the following confirmation:

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

If you have any problem with your connection after that, reset your DNS:
* Open Network Connections by clicking the Start button Picture of the Start button, clicking Control Panel, clicking Network and Internet, clicking Network and Sharing Center, and then clicking Manage network connections.

* Right-click the connection that you want to change, and then click Properties. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

* Click the Networking tab. Under This connection uses the following items, click either Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6), and then click Properties.

* Click Obtain an IP address automatically, and then click OK.

Please perform this online scan: F-Secure Online Scanner
The online scanner is on the bottom right of the page.
Direct link: http://support.f-secure.com/enu/home/ols.shtml

Follow the directions on the F-Secure page for proper Installation.

* You may receive an alert on the address bar at this point to install the ActiveX control.
* Click on that alert and then click " Install ActiveX component".
* Read the license agreement and click " Accept".
* Click " Custom Scan" and be sure the following are checked:

• Scan whole System
• 
  
• Scan all files
• Scan whole system for rootkits
• Scan whole system for spyware
• Scan inside archives
• Use advanced heuristics

* When the scan completes, click the " I want to decide item by item" button.
* For each item found, Select " Disinfect" and click " Next".

* When done, click the " Show Report" button, then copy and paste the entire report into your next reply.

Also, please include a fresh HijackThis log, and let me know how things are running.

ok i get an error message that says"Pending file rname options registry data has been removed by external process"

Thanks. Please continue with the rest of the instructions.

it also said "for some reason your system has denied acsess to your host file. if any hijack domains are in this file this may NOT be able to fix  this.  if this happens you need to edit the file yourself. to do this click run and type   

 

Please post the log from F-Secure.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:22 PM, on 14/03/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080123
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dmwil.exe] C:\Windows\system32\dmwil.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [dmqma.tmp] C:\Windows\system32\dmqma.tmp
O4 - HKCU\..\Run: [dmfwa.tmp] C:\Windows\system32\dmfwa.tmp
O4 - HKCU\..\Run: [dmzwb.tmp] C:\Windows\system32\dmzwb.tmp
O4 - HKCU\..\Run: [dmrsj.tmp] C:\Windows\system32\dmrsj.tmp
O4 - HKCU\..\Run: [dmovs.tmp] C:\Windows\system32\dmovs.tmp
O4 - HKCU\..\Run: [dmmsh.tmp] C:\Windows\system32\dmmsh.tmp
O4 - HKCU\..\Run: [dmbei.tmp] C:\Windows\system32\dmbei.tmp
O4 - HKCU\..\Run: [dmsev.tmp] C:\Windows\system32\dmsev.tmp
O4 - HKCU\..\Run: [dmgey.tmp] C:\Windows\system32\dmgey.tmp
O4 - HKCU\..\Run: [dmekh.tmp] C:\Windows\system32\dmekh.tmp
O4 - HKCU\..\Run: [dmbvu.tmp] C:\Windows\system32\dmbvu.tmp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [dmmpf.tmp] C:\Windows\system32\dmmpf.tmp
O4 - HKCU\..\Run: [dmxcz.tmp] C:\Windows\system32\dmxcz.tmp
O4 - HKCU\..\Run: [dmyeh.tmp] C:\Windows\system32\dmyeh.tmp
O4 - HKCU\..\Run: [dmhqe.tmp] C:\Windows\system32\dmhqe.tmp
O4 - HKCU\..\Run: [dmcrd.tmp] C:\Windows\system32\dmcrd.tmp
O4 - HKCU\..\Run: [dmtcs.tmp] C:\Windows\system32\dmtcs.tmp
O4 - HKCU\..\Run: [dmobu.tmp] C:\Windows\system32\dmobu.tmp
O4 - HKCU\..\Run: [dmznc.tmp] C:\Windows\system32\dmznc.tmp
O4 - HKCU\..\Run: [dmyfk.tmp] C:\Windows\system32\dmyfk.tmp
O4 - HKCU\..\Run: [dmjlx.tmp] C:\Windows\system32\dmjlx.tmp
O4 - HKCU\..\Run: [dmtoj.tmp] C:\Windows\system32\dmtoj.tmp
O4 - HKCU\..\Run: [dmawm.tmp] C:\Windows\system32\dmawm.tmp
O4 - HKCU\..\Run: [dmata.tmp] C:\Windows\system32\dmata.tmp
O4 - HKCU\..\Run: [dmwvy.tmp] C:\Windows\system32\dmwvy.tmp
O4 - HKCU\..\Run: [dmkpr.tmp] C:\Windows\system32\dmkpr.tmp
O4 - HKCU\..\Run: [dmrkl.tmp] C:\Windows\system32\dmrkl.tmp
O4 - HKCU\..\Run: [dmmvv.tmp] C:\Windows\system32\dmmvv.tmp
O4 - HKCU\..\Run: [dmdrm.tmp] C:\Windows\system32\dmdrm.tmp
O4 - HKCU\..\Run: [dmmkp.tmp] C:\Windows\system32\dmmkp.tmp
O4 - HKCU\..\Run: [dmoxm.tmp] C:\Windows\system32\dmoxm.tmp
O4 - HKCU\..\Run: [dmwvj.tmp] C:\Windows\system32\dmwvj.tmp
O4 - HKCU\..\Run: [dmvna.tmp] C:\Windows\system32\dmvna.tmp
O4 - HKCU\..\Run: [dmbxr.tmp] C:\Windows\system32\dmbxr.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3612007009-3029333122-3111616099-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Belinda')
O4 - HKUS\S-1-5-21-3612007009-3029333122-3111616099-501\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (User 'Guest')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-ca.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5909B929-58F5-4821-B09B-8AA8BE97E48B}: NameServer = 85.255.116.73,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{C24B945B-4C22-4625-B0D4-54380FE8DD7F}: NameServer = 85.255.116.73,85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.187
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11886 bytes