Solved: Remove Dr Antispy

mje · Jul 8, 2007

Windows XP- Dr Antispy !! running a demo. that downloaded its self and can't be deleated ( at least not the usual way). This is driving me crazy!! Please help in very simple language. Thanks, mje

cybertech · Jul 8, 2007

Hi, Welcome to TSG!!

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.

Doubleclick on the HJTInstall.exe icon on your desktop.

By default it will install to C:\Program Files\Trend Micro\HijackThis .

Click on Install.

It will create a HijackThis icon on the desktop.

Once installed, it will launch Hijackthis.

Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Come back here to this thread and Paste the log in your next reply.

DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Run HijackThis and click Open the Misc Tools section
Click Open Uninstall Manager, Save list and save the log to your Desktop.
A list of programs will open in Notepad. Post the contents of the log here in your next reply.

mje · Jul 9, 2007

FROM mje: not sure I put the scan in the right place ! Thanks again

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:03 AM, on 7/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DrAntispy\DrAntispy.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\WordPerfect Office 11\Programs\CorUpd.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malware Wiped 6.6] "C:\Program Files\MW\Malware Wiped 6.6\MalwareWiped 6.6.exe" /h
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrAntispy] C:\Program Files\DrAntispy\DrAntispy.exe
O4 - HKCU\..\Run: [C:_Program Files_WordPerfe3a] C:\Program Files\WordPerfect Office 11\Programs\CorUpd.exe /Watch
O4 - Startup: DrAntispy.lnk = C:\Program Files\DrAntispy\DrAntispy.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: autism.about.com
O15 - Trusted Zone: bipolar.about.com
O15 - Trusted Zone: aviation.aerotek.com
O15 - Trusted Zone: dbapps.ama-assn.org
O15 - Trusted Zone: *.arkansas.gov
O15 - Trusted Zone: www.asafetyguide.com
O15 - Trusted Zone: www.asperger.org
O15 - Trusted Zone: www.bacomatic.org
O15 - Trusted Zone: www.baltimorepsych.com
O15 - Trusted Zone: forum.bcdb.com
O15 - Trusted Zone: www.bellhelicopter.com
O15 - Trusted Zone: www.bipolarchild.com
O15 - Trusted Zone: *.blueridgehillclimb.com
O15 - Trusted Zone: www.cabelas.com
O15 - Trusted Zone: www.carbdford.com
O15 - Trusted Zone: my.cigna.com
O15 - Trusted Zone: www.cigna.com
O15 - Trusted Zone: onlinecare.cingular.com
O15 - Trusted Zone: www.collectorcartraderonline.com
O15 - Trusted Zone: *.coloradoscca.org
O15 - Trusted Zone: northarkansas.cox.net
O15 - Trusted Zone: westernarkansas.cox.net
O15 - Trusted Zone: www.crazymeds.org
O15 - Trusted Zone: *.cu.edu
O15 - Trusted Zone: www.definityhealth.com
O15 - Trusted Zone: *.dlra.org.au
O15 - Trusted Zone: ajb.dni.us
O15 - Trusted Zone: www.drbart.com
O15 - Trusted Zone: *.epguides.com
O15 - Trusted Zone: login.fidelity.com
O15 - Trusted Zone: netbenefits.fidelity.com
O15 - Trusted Zone: workplaceservices100.fidelity.com
O15 - Trusted Zone: www.fordpinto.com
O15 - Trusted Zone: www.gforceengineering.net
O15 - Trusted Zone: www.greencountrymotorsports.com
O15 - Trusted Zone: www.hankooktireusa.com
O15 - Trusted Zone: www.healthcyclopedia.com
O15 - Trusted Zone: www.healthyplace.com
O15 - Trusted Zone: *.hhs.gov
O15 - Trusted Zone: www.hopecsi.org
O15 - Trusted Zone: www.improvedtouring.com
O15 - Trusted Zone: www.intownsuites.com
O15 - Trusted Zone: www.ipl.org
O15 - Trusted Zone: www.iscracing.net
O15 - Trusted Zone: *.java.com
O15 - Trusted Zone: www.jobs.com
O15 - Trusted Zone: www.jonesnet.org
O15 - Trusted Zone: www.lifescan.com
O15 - Trusted Zone: www.malco.com
O15 - Trusted Zone: www.mapsonus.com
O15 - Trusted Zone: www.mazdatrix.com
O15 - Trusted Zone: www.mazspeed.com
O15 - Trusted Zone: host1.medcohealth.com
O15 - Trusted Zone: www.medicinenet.com
O15 - Trusted Zone: www.melissadata.com
O15 - Trusted Zone: *.members-site.net
O15 - Trusted Zone: jobsearch.monster.com
O15 - Trusted Zone: direct.motorola.com
O15 - Trusted Zone: www.motorola.com
O15 - Trusted Zone: www.mrcmfg.com
O15 - Trusted Zone: autos.msn.com
O15 - Trusted Zone: careers.msn.com
O15 - Trusted Zone: entertainment.msn.com
O15 - Trusted Zone: health.msn.com
O15 - Trusted Zone: moneycentral.msn.com
O15 - Trusted Zone: weather.msn.com
O15 - Trusted Zone: www.mutualofomaha.com
O15 - Trusted Zone: www.mycricket.com
O15 - Trusted Zone: www.myuhc.com
O15 - Trusted Zone: www.nami.org
O15 - Trusted Zone: www.nasaforums.com
O15 - Trusted Zone: www.nasaproracing.com
O15 - Trusted Zone: www.nationjob.com
O15 - Trusted Zone: *.nih.gov
O15 - Trusted Zone: www.okdhs.org
O15 - Trusted Zone: www.oklahomadday.com
O15 - Trusted Zone: www.oreillyauto.com
O15 - Trusted Zone: www.pahillclimb.org
O15 - Trusted Zone: www.patientcenters.com
O15 - Trusted Zone: *.prodracing.com
O15 - Trusted Zone: www.psycheducation.org
O15 - Trusted Zone: ajp.psychiatryonline.org
O15 - Trusted Zone: www.psycom.net
O15 - Trusted Zone: www.racingbeat.com
O15 - Trusted Zone: realguide.real.com
O15 - Trusted Zone: www.russmarshall.com
O15 - Trusted Zone: www.rx7club.com
O15 - Trusted Zone: www.sabinevalley.org
O15 - Trusted Zone: *.samhsa.gov
O15 - Trusted Zone: *.sccaforums.com
O15 - Trusted Zone: www.sears.com
O15 - Trusted Zone: www.shreve.net
O15 - Trusted Zone: *.state.ar.us
O15 - Trusted Zone: *.state.tx.us
O15 - Trusted Zone: java.sun.com
O15 - Trusted Zone: *.tarrant.tx.us
O15 - Trusted Zone: srx7.taylorrotorsports.com
O15 - Trusted Zone: www.teamtriumphtexas.com
O15 - Trusted Zone: www.tennhelp.com
O15 - Trusted Zone: www.texasscca.org
O15 - Trusted Zone: encyclopedia.thefreedictionary.com
O15 - Trusted Zone: www.torquecentral.com
O15 - Trusted Zone: *.tulsaracewaypark.com
O15 - Trusted Zone: *.tv-all-free.com
O15 - Trusted Zone: www.txkautox.com
O15 - Trusted Zone: www.uaw218.org
O15 - Trusted Zone: *.umassmed.edu
O15 - Trusted Zone: jobsearch.unicru.com
O15 - Trusted Zone: wwwapps.ups.com
O15 - Trusted Zone: zip4.usps.com
O15 - Trusted Zone: www.walmart.com
O15 - Trusted Zone: *.wheelcomponents.com
O15 - Trusted Zone: www.wwe.com
O15 - Trusted IP range: 66.218.69.11
O15 - Trusted IP range: 204.87.68.21
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 14385 bytes

mje · Jul 9, 2007

FLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:03 AM, on 7/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DrAntispy\DrAntispy.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\WordPerfect Office 11\Programs\CorUpd.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malware Wiped 6.6] "C:\Program Files\MW\Malware Wiped 6.6\MalwareWiped 6.6.exe" /h
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrAntispy] C:\Program Files\DrAntispy\DrAntispy.exe
O4 - HKCU\..\Run: [C:_Program Files_WordPerfe3a] C:\Program Files\WordPerfect Office 11\Programs\CorUpd.exe /Watch
O4 - Startup: DrAntispy.lnk = C:\Program Files\DrAntispy\DrAntispy.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: autism.about.com
O15 - Trusted Zone: bipolar.about.com
O15 - Trusted Zone: aviation.aerotek.com
O15 - Trusted Zone: dbapps.ama-assn.org
O15 - Trusted Zone: *.arkansas.gov
O15 - Trusted Zone: www.asafetyguide.com
O15 - Trusted Zone: www.asperger.org
O15 - Trusted Zone: www.bacomatic.org
O15 - Trusted Zone: www.baltimorepsych.com
O15 - Trusted Zone: forum.bcdb.com
O15 - Trusted Zone: www.bellhelicopter.com
O15 - Trusted Zone: www.bipolarchild.com
O15 - Trusted Zone: *.blueridgehillclimb.com
O15 - Trusted Zone: www.cabelas.com
O15 - Trusted Zone: www.carbdford.com
O15 - Trusted Zone: my.cigna.com
O15 - Trusted Zone: www.cigna.com
O15 - Trusted Zone: onlinecare.cingular.com
O15 - Trusted Zone: www.collectorcartraderonline.com
O15 - Trusted Zone: *.coloradoscca.org
O15 - Trusted Zone: northarkansas.cox.net
O15 - Trusted Zone: westernarkansas.cox.net
O15 - Trusted Zone: www.crazymeds.org
O15 - Trusted Zone: *.cu.edu
O15 - Trusted Zone: www.definityhealth.com
O15 - Trusted Zone: *.dlra.org.au
O15 - Trusted Zone: ajb.dni.us
O15 - Trusted Zone: www.drbart.com
O15 - Trusted Zone: *.epguides.com
O15 - Trusted Zone: login.fidelity.com
O15 - Trusted Zone: netbenefits.fidelity.com
O15 - Trusted Zone: workplaceservices100.fidelity.com
O15 - Trusted Zone: www.fordpinto.com
O15 - Trusted Zone: www.gforceengineering.net
O15 - Trusted Zone: www.greencountrymotorsports.com
O15 - Trusted Zone: www.hankooktireusa.com
O15 - Trusted Zone: www.healthcyclopedia.com
O15 - Trusted Zone: www.healthyplace.com
O15 - Trusted Zone: *.hhs.gov
O15 - Trusted Zone: www.hopecsi.org
O15 - Trusted Zone: www.improvedtouring.com
O15 - Trusted Zone: www.intownsuites.com
O15 - Trusted Zone: www.ipl.org
O15 - Trusted Zone: www.iscracing.net
O15 - Trusted Zone: *.java.com
O15 - Trusted Zone: www.jobs.com
O15 - Trusted Zone: www.jonesnet.org
O15 - Trusted Zone: www.lifescan.com
O15 - Trusted Zone: www.malco.com
O15 - Trusted Zone: www.mapsonus.com
O15 - Trusted Zone: www.mazdatrix.com
O15 - Trusted Zone: www.mazspeed.com
O15 - Trusted Zone: host1.medcohealth.com
O15 - Trusted Zone: www.medicinenet.com
O15 - Trusted Zone: www.melissadata.com
O15 - Trusted Zone: *.members-site.net
O15 - Trusted Zone: jobsearch.monster.com
O15 - Trusted Zone: direct.motorola.com
O15 - Trusted Zone: www.motorola.com
O15 - Trusted Zone: www.mrcmfg.com
O15 - Trusted Zone: autos.msn.com
O15 - Trusted Zone: careers.msn.com
O15 - Trusted Zone: entertainment.msn.com
O15 - Trusted Zone: health.msn.com
O15 - Trusted Zone: moneycentral.msn.com
O15 - Trusted Zone: weather.msn.com
O15 - Trusted Zone: www.mutualofomaha.com
O15 - Trusted Zone: www.mycricket.com
O15 - Trusted Zone: www.myuhc.com
O15 - Trusted Zone: www.nami.org
O15 - Trusted Zone: www.nasaforums.com
O15 - Trusted Zone: www.nasaproracing.com
O15 - Trusted Zone: www.nationjob.com
O15 - Trusted Zone: *.nih.gov
O15 - Trusted Zone: www.okdhs.org
O15 - Trusted Zone: www.oklahomadday.com
O15 - Trusted Zone: www.oreillyauto.com
O15 - Trusted Zone: www.pahillclimb.org
O15 - Trusted Zone: www.patientcenters.com
O15 - Trusted Zone: *.prodracing.com
O15 - Trusted Zone: www.psycheducation.org
O15 - Trusted Zone: ajp.psychiatryonline.org
O15 - Trusted Zone: www.psycom.net
O15 - Trusted Zone: www.racingbeat.com
O15 - Trusted Zone: realguide.real.com
O15 - Trusted Zone: www.russmarshall.com
O15 - Trusted Zone: www.rx7club.com
O15 - Trusted Zone: www.sabinevalley.org
O15 - Trusted Zone: *.samhsa.gov
O15 - Trusted Zone: *.sccaforums.com
O15 - Trusted Zone: www.sears.com
O15 - Trusted Zone: www.shreve.net
O15 - Trusted Zone: *.state.ar.us
O15 - Trusted Zone: *.state.tx.us
O15 - Trusted Zone: java.sun.com
O15 - Trusted Zone: *.tarrant.tx.us
O15 - Trusted Zone: srx7.taylorrotorsports.com
O15 - Trusted Zone: www.teamtriumphtexas.com
O15 - Trusted Zone: www.tennhelp.com
O15 - Trusted Zone: www.texasscca.org
O15 - Trusted Zone: encyclopedia.thefreedictionary.com
O15 - Trusted Zone: www.torquecentral.com
O15 - Trusted Zone: *.tulsaracewaypark.com
O15 - Trusted Zone: *.tv-all-free.com
O15 - Trusted Zone: www.txkautox.com
O15 - Trusted Zone: www.uaw218.org
O15 - Trusted Zone: *.umassmed.edu
O15 - Trusted Zone: jobsearch.unicru.com
O15 - Trusted Zone: wwwapps.ups.com
O15 - Trusted Zone: zip4.usps.com
O15 - Trusted Zone: www.walmart.com
O15 - Trusted Zone: *.wheelcomponents.com
O15 - Trusted Zone: www.wwe.com
O15 - Trusted IP range: 66.218.69.11
O15 - Trusted IP range: 204.87.68.21
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 14385 bytes

FROM mje: These are the programs from the "uninstall manager" thanks mje

cybertech · Jul 9, 2007

Run HJT again and put a check in the following:

R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - (no file)
O4 - HKLM\..\Run: [Malware Wiped 6.6] "C:\Program Files\MW\Malware Wiped 6.6\MalwareWiped 6.6.exe" /h
O4 - HKCU\..\Run: [DrAntispy] C:\Program Files\DrAntispy\DrAntispy.exe
O4 - Startup: DrAntispy.lnk = C:\Program Files\DrAntispy\DrAntispy.exe

Close all applications and browser windows before you click "fix checked".

Download RogueRemover from the link below.
http://www.malwarebytes.org/rogueremover.php

Unzip to a convenient location such as C:\RogueRemover.
Navigate to the folder you unzipped the files to and double click on the file named RogueRemover.exe.
Finally, select Scan and the program will walk you through the remaining steps.

When you are finished with all of that please post your HJT log again.

mje · Jul 9, 2007

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:19 PM, on 7/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WordPerfect Office 11\Programs\CorUpd.exe
C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:_Program Files_WordPerfe3a] C:\Program Files\WordPerfect Office 11\Programs\CorUpd.exe /Watch
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: autism.about.com
O15 - Trusted Zone: bipolar.about.com
O15 - Trusted Zone: aviation.aerotek.com
O15 - Trusted Zone: dbapps.ama-assn.org
O15 - Trusted Zone: *.arkansas.gov
O15 - Trusted Zone: www.asafetyguide.com
O15 - Trusted Zone: www.asperger.org
O15 - Trusted Zone: www.bacomatic.org
O15 - Trusted Zone: www.baltimorepsych.com
O15 - Trusted Zone: forum.bcdb.com
O15 - Trusted Zone: www.bellhelicopter.com
O15 - Trusted Zone: www.bipolarchild.com
O15 - Trusted Zone: *.blueridgehillclimb.com
O15 - Trusted Zone: www.cabelas.com
O15 - Trusted Zone: www.carbdford.com
O15 - Trusted Zone: my.cigna.com
O15 - Trusted Zone: www.cigna.com
O15 - Trusted Zone: onlinecare.cingular.com
O15 - Trusted Zone: www.collectorcartraderonline.com
O15 - Trusted Zone: *.coloradoscca.org
O15 - Trusted Zone: northarkansas.cox.net
O15 - Trusted Zone: westernarkansas.cox.net
O15 - Trusted Zone: www.crazymeds.org
O15 - Trusted Zone: *.cu.edu
O15 - Trusted Zone: www.definityhealth.com
O15 - Trusted Zone: *.dlra.org.au
O15 - Trusted Zone: ajb.dni.us
O15 - Trusted Zone: www.drbart.com
O15 - Trusted Zone: *.epguides.com
O15 - Trusted Zone: login.fidelity.com
O15 - Trusted Zone: netbenefits.fidelity.com
O15 - Trusted Zone: workplaceservices100.fidelity.com
O15 - Trusted Zone: www.fordpinto.com
O15 - Trusted Zone: www.gforceengineering.net
O15 - Trusted Zone: www.greencountrymotorsports.com
O15 - Trusted Zone: www.hankooktireusa.com
O15 - Trusted Zone: www.healthcyclopedia.com
O15 - Trusted Zone: www.healthyplace.com
O15 - Trusted Zone: *.hhs.gov
O15 - Trusted Zone: www.hopecsi.org
O15 - Trusted Zone: www.improvedtouring.com
O15 - Trusted Zone: www.intownsuites.com
O15 - Trusted Zone: www.ipl.org
O15 - Trusted Zone: www.iscracing.net
O15 - Trusted Zone: *.java.com
O15 - Trusted Zone: www.jobs.com
O15 - Trusted Zone: www.jonesnet.org
O15 - Trusted Zone: www.lifescan.com
O15 - Trusted Zone: www.malco.com
O15 - Trusted Zone: www.mapsonus.com
O15 - Trusted Zone: www.mazdatrix.com
O15 - Trusted Zone: www.mazspeed.com
O15 - Trusted Zone: host1.medcohealth.com
O15 - Trusted Zone: www.medicinenet.com
O15 - Trusted Zone: www.melissadata.com
O15 - Trusted Zone: *.members-site.net
O15 - Trusted Zone: jobsearch.monster.com
O15 - Trusted Zone: direct.motorola.com
O15 - Trusted Zone: www.motorola.com
O15 - Trusted Zone: www.mrcmfg.com
O15 - Trusted Zone: autos.msn.com
O15 - Trusted Zone: careers.msn.com
O15 - Trusted Zone: entertainment.msn.com
O15 - Trusted Zone: health.msn.com
O15 - Trusted Zone: moneycentral.msn.com
O15 - Trusted Zone: weather.msn.com
O15 - Trusted Zone: www.mutualofomaha.com
O15 - Trusted Zone: www.mycricket.com
O15 - Trusted Zone: www.myuhc.com
O15 - Trusted Zone: www.nami.org
O15 - Trusted Zone: www.nasaforums.com
O15 - Trusted Zone: www.nasaproracing.com
O15 - Trusted Zone: www.nationjob.com
O15 - Trusted Zone: *.nih.gov
O15 - Trusted Zone: www.okdhs.org
O15 - Trusted Zone: www.oklahomadday.com
O15 - Trusted Zone: www.oreillyauto.com
O15 - Trusted Zone: www.pahillclimb.org
O15 - Trusted Zone: www.patientcenters.com
O15 - Trusted Zone: *.prodracing.com
O15 - Trusted Zone: www.psycheducation.org
O15 - Trusted Zone: ajp.psychiatryonline.org
O15 - Trusted Zone: www.psycom.net
O15 - Trusted Zone: www.racingbeat.com
O15 - Trusted Zone: realguide.real.com
O15 - Trusted Zone: www.russmarshall.com
O15 - Trusted Zone: www.rx7club.com
O15 - Trusted Zone: www.sabinevalley.org
O15 - Trusted Zone: *.samhsa.gov
O15 - Trusted Zone: *.sccaforums.com
O15 - Trusted Zone: www.sears.com
O15 - Trusted Zone: www.shreve.net
O15 - Trusted Zone: *.state.ar.us
O15 - Trusted Zone: *.state.tx.us
O15 - Trusted Zone: java.sun.com
O15 - Trusted Zone: *.tarrant.tx.us
O15 - Trusted Zone: srx7.taylorrotorsports.com
O15 - Trusted Zone: www.teamtriumphtexas.com
O15 - Trusted Zone: www.tennhelp.com
O15 - Trusted Zone: www.texasscca.org
O15 - Trusted Zone: encyclopedia.thefreedictionary.com
O15 - Trusted Zone: www.torquecentral.com
O15 - Trusted Zone: *.tulsaracewaypark.com
O15 - Trusted Zone: *.tv-all-free.com
O15 - Trusted Zone: www.txkautox.com
O15 - Trusted Zone: www.uaw218.org
O15 - Trusted Zone: *.umassmed.edu
O15 - Trusted Zone: jobsearch.unicru.com
O15 - Trusted Zone: wwwapps.ups.com
O15 - Trusted Zone: zip4.usps.com
O15 - Trusted Zone: www.walmart.com
O15 - Trusted Zone: *.wheelcomponents.com
O15 - Trusted Zone: www.wwe.com
O15 - Trusted IP range: 66.218.69.11
O15 - Trusted IP range: 204.87.68.21
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 13721 bytes
Followed all the steps - I think - and here is the new log. Thanks mje

cybertech · Jul 10, 2007

Looks good. Any problems now?

I think you should go through your sites in Trusted Zones and only keep the ones you really trust and need to be there.

Log in or Sign up

Solved: Remove Dr Antispy

mje Thread Starter

cybertech Retired Moderator

mje Thread Starter

mje Thread Starter

cybertech Retired Moderator

mje Thread Starter

cybertech Retired Moderator

Sponsor

Welcome to Tech Support Guy!

In Progress Remove Segurazo Antivirus

In Progress I have Adware on my computer how do I remove it?

In Progress How do I remove win tonic from my computer?

New How to remove the virus from WinRar file?

New How do i remove this IE4Data from my PC ?

Log in or Sign up

Solved: Remove Dr Antispy

mje Thread Starter

cybertech Retired Moderator

mje Thread Starter

mje Thread Starter

cybertech Retired Moderator

mje Thread Starter

cybertech Retired Moderator

Sponsor

Welcome to Tech Support Guy!

In Progress Remove Segurazo Antivirus

In Progress I have Adware on my computer how do I remove it?

In Progress How do I remove win tonic from my computer?

New How to remove the virus from WinRar file?

New How do i remove this IE4Data from my PC ?

Useful Searches