Recently something has happened to my Google search abilities. If I search and then click on any of the resulting links the page gets redirected to something else sometimes relates sometimes not. I am using CounterSpy and McAfee SecurityCenter but neither find what is causing this problem. As I am not really up with what programs maybe usefull in getting rid of this I have simply been avoiding the problems by searching with Google Advance wich works ok. but I think its about time I fix the problem, and any help would be appreciated.

Thanks

Please post a hijackthis log.
Directions if you don't know how:
http://forum.piriform.com/index.php?showtopic=1720

thankyou so much for your help.. I think this is what you wanted?



Logfile of HijackThis v1.99.1
Scan saved at 11:33:24 AM, on 11/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA2ADB19-90AF-434B-9C69-D3C3557C8DA4}: NameServer = 10.1.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Yep thats what I wanted.

Please visit VirusTotal and have this file scanned:

C:\WINDOWS\system32\dlcdcoms.exe

Open the scan site and press Browse, locate the file and double click it to load the path into the Virus scan window then press Send, copy and paste the scan results back on here, let us know if you have any problems finding the file.

ok here it is..


Complete scanning result of "dlcdcoms.exe", processed in VirusTotal at
06/11/2007 04:50:06 (CET).

[ file data ]
* name: dlcdcoms.exe
* size: 491520
* md5.: 50868d0c21e953b60e3421e682541804
* sha1: 3f7dfc2e7b4b6144b9b1002293bcf367c33bc326

[ scan result ]
AhnLab-V3 2007.6.9.0/20070608 found nothing
AntiVir 7.4.0.32/20070609 found nothing
Authentium 4.93.8/20070523 found nothing
Avast 4.7.997.0/20070609 found nothing
AVG 7.5.0.467/20070610 found nothing
BitDefender 7.2/20070611 found nothing
CAT-QuickHeal 9.00/20070609 found nothing
ClamAV devel-20070416/20070610 found nothing
DrWeb 4.33/20070610 found nothing
eSafe 7.0.15.0/20070610 found nothing
eTrust-Vet 30.7.3707/20070609 found nothing
Ewido 4.0/20070610 found nothing
F-Prot 4.3.2.48/20070608 found nothing
F-Secure 6.70.13030.0/20070611 found nothing
FileAdvisor 1/20070611 found [No threat detected]
Fortinet 2.85.0.0/20070611 found nothing
Ikarus T3.1.1.8/20070610 found nothing
Kaspersky 4.0.2.24/20070611 found nothing
McAfee 5049/20070608 found nothing
Microsoft 1.2503/20070611 found nothing
NOD32v2 2321/20070610 found nothing
Norman 5.80.02/20070608 found nothing
Panda 9.0.0.4/20070611 found nothing
Prevx1 V2/20070611 found nothing
Sophos 4.18.0/20070601 found nothing
Sunbelt 2.2.907.0/20070609 found nothing
Symantec 10/20070611 found nothing
TheHacker 6.1.6.131/20070608 found nothing
VBA32 3.12.0/20070610 found nothing
VirusBuster 4.3.23:9/20070610 found nothing
Webwasher-Gateway 6.0.1/20070611 found nothing

Well that file came up clean.

Download Superantispyware

1. Load Superantispyware and click the check for updates button.
2. Once the update is finished click the scan your computer button.
3. Check Perform Complete Scan and then next.
4. Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
5. Make sure that they all have a check next to them and press next.
6. Click finish and you will be taken back to the main interface.
7. Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
8. Copy and paste the log onto the forum.

ok here's the results

UPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/11/2007 at 01:07 PM

Application Version : 3.8.1002

Core Rules Database Version : 3251
Trace Rules Database Version: 1262

Scan type : Complete Scan
Total Scan Time : 00:26:40

Memory items scanned : 466
Memory threats detected : 0
Registry items scanned : 6033
Registry threats detected : 0
File items scanned : 36560
File threats detected : 15

Adware.Tracking Cookie
C:\Documents and Settings\Dwayne\Cookies\dwayne@doubleclick[1].txt
C:\Documents and Settings\Dwayne\Cookies\dwayne@tribalfusion[2].txt
C:\Documents and Settings\Dwayne\Cookies\dwayne@mediaplex[1].txt
C:\Documents and Settings\Dwayne\Cookies\dwayne@atdmt[1].txt
C:\Documents and Settings\Dwayne\Cookies\dwayne@itxt.vibrantmedia[1].txt
C:\Documents and Settings\Dwayne\Local Settings\Temp\Cookies\dwayne@ad.yieldmanager[1].txt
C:\Documents and Settings\Dwayne\Local Settings\Temp\Cookies\dwayne@adtech[2].txt
C:\Documents and Settings\Dwayne\Local Settings\Temp\Cookies\dwayne@atdmt[2].txt
C:\Documents and Settings\Dwayne\Local Settings\Temp\Cookies\dwayne@bs.serving-sys[2].txt
C:\Documents and Settings\Dwayne\Local Settings\Temp\Cookies\dwayne@casalemedia[2].txt
C:\Documents and Settings\Dwayne\Local Settings\Temp\Cookies\dwayne@doubleclick[1].txt
C:\Documents and Settings\Dwayne\Local Settings\Temp\Cookies\dwayne@mediaplex[1].txt
C:\Documents and Settings\Dwayne\Local Settings\Temp\Cookies\dwayne@msnportal.112.2o7[1].txt
C:\Documents and Settings\Dwayne\Local Settings\Temp\Cookies\dwayne@serving-sys[2].txt
C:\WINDOWS\Temp\Cookies\dwayne@doubleclick[2].txt

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

I ran ComboFix.exe and McAfee produced this..

"Trojan Found"

The File C:\ComboFix\ntp.exe is infected by the New Malware.bm trojan and cannot be cleaned

and I think from memory Combo Fix popped up a window saying some istallation files are corrupt and to try get another version, so I'll try download it again..

samething happened again.. do you know somewhere else I can get ComboFix?

Disable mcafee when you run it next time. The program is clean.

I disabled McAfee and when I tried to run it this time ComboFix said some istallation files are corrupt and to download a fresh copy and retry the installation??

Try to download it from here instead:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

ok that one worked, here are the results



ComboFix 07-06-11.3 - C:\Documents and Settings\Dwayne\Desktop\ComboFix.exe
"Dwayne" - 2007-06-11 14:13:49 - Service Pack 2 NTFS

/wow section - STAGE #3
/wow section not completed

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\kdwes.exe


((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))


2007-06-11 14:12 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-11 12:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-11 12:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-11 12:36 <DIR> d-------- C:\DOCUME~1\Dwayne\APPLIC~1\SUPERAntiSpyware.com
2007-06-11 12:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-11 12:33 5,872,928 --a------ C:\SUPERAntiSpyware.exe
2007-06-11 11:02 251,392 --a------ C:\hijackthis_sfx.exe
2007-05-22 20:52 <DIR> d-------- C:\DOCUME~1\Dwayne\APPLIC~1\Apple Computer
2007-05-22 20:50 <DIR> d-------- C:\Program Files\QuickTime
2007-05-22 20:50 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-22 20:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-05-20 11:35 <DIR> d-------- C:\DOCUME~1\Dwayne\APPLIC~1\DivX
2007-05-20 11:33 <DIR> d-------- C:\DOCUME~1\Dwayne\APPLIC~1\Talkback
2007-05-20 11:30 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-05-20 11:30 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-05-20 11:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-05-20 11:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-05-20 11:30 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-05-20 11:29 <DIR> d-------- C:\Program Files\DivX
2007-05-20 11:28 21,612,432 --a------ C:\Program Files\DivXInstaller.exe
2007-05-19 18:51 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-05-19 17:08 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-05-19 16:56 <DIR> d-------- C:\WINDOWS\pss
2007-05-12 03:24 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-11 14:07 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-11 14:07 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-11 14:07 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-11 14:07 740,442 --a------ C:\WINDOWS\system32\DivX.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-11 03:43:48 -------- d-----w C:\Program Files\Dl_cats
2007-05-19 10:00:59 -------- d-----w C:\Program Files\NCH Swift Sound
2007-05-19 09:15:07 -------- d-----w C:\Program Files\Google
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:25 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 13:17:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 13:15:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 13:15:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 13:15:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 13:15:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 13:15:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 13:15:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 13:15:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 13:14:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 13:14:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-03-21 01:45:28 43,760 ----a-w C:\DOCUME~1\Dwayne\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 19:38]
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}=c:\program files\mcafee.com\mps\mcbrhlpr.dll [2005-07-26 14:53]
{3EC8255F-E043-4cae-8B3B-B191550C2A22}=c:\program files\mcafee.com\mps\popupkiller.dll [2005-07-26 14:50]
{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}=c:\program files\mcafee\spamkiller\mcapfbho.dll [2005-11-03 14:10]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 06:50]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 19:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 17:50 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:35]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 04:42]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 23:32]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 13:49]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:20]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 18:20]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 14:19]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-03 20:02]
"dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-06 21:31]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-06 19:07]
"SunServer"="C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" [2005-09-23 19:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2005-05-15 03:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:30]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"="C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll" [2005-09-23 19:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


Contents of the 'Scheduled Tasks' folder
2007-06-04 21:06:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-11 04:48:21 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (BOB-Dwayne).job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-11 14:18:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-11 14:19:22 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-11 14:19

--- E O F ---

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) back into this thread.
Post a hijackthis log as well.

my Google search result links are no longer being redirected since we did the combofix, but i've still done the next steps you suggested.. here is what you asked for..


Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.


Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"dlcdmon.exe"="\"C:\\Program Files\\Dell Photo AIO Printer 944\\dlcdmon.exe\""
"MemoryCardManager"="\"C:\\Program Files\\Dell Photo AIO Printer 944\\memcard.exe\""
"SunServer"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TrojanScanner"="C:\\Program Files\\Trojan Remover\\Trjscan.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

Logfile of HijackThis v1.99.1
Scan saved at 4:50:58 PM, on 12/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA2ADB19-90AF-434B-9C69-D3C3557C8DA4}: NameServer = 10.1.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Is your computer set up on any kind of network? Did you set up this:
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA2ADB19-90AF-434B-9C69-D3C3557C8DA4}: NameServer = 10.1.1.1

Also run the below scan and post back the results:

Run Kaspersky WebScanner

• Please go HERE and click Kaspersky Online Scanner
• Read and Accept the Agreement
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
• If you see a Windows dialog asking if you want to install this software, click the Install button.
• The program will launch and then begin downloading the latest definition files,
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
• Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
• Under "Please select a target to scan:", click My Computer to start the scan.
• When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
• Paste kaspersky log onto forum.

I'm having trouble getting Kaspersky Online Scanner.. I keep getting stuck at the stage when I get prompted to download the ActiveX component as after I accept it leaves me at the following page.. http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

and in reply to your question I haven't set any network up, but I think the Internet and Printer are possibly setup this way.. so not sure if that would explain that?

disregard that last post, I think I just got it working..

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, June 21, 2007 7:21:21 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 21/06/2007
Kaspersky Anti-Virus database records: 350007
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 64827
Number of viruses found: 2
Number of infected objects: 3 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:45:08

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Logs\Filtering.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Dwayne\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Dwayne\Application Data\Sun\Java\Deployment\log\plugin150_06.trace Object is locked skipped
C:\Documents and Settings\Dwayne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Dwayne\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Application Data\Microsoft\Messenger\hdettmann@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Application Data\Microsoft\Messenger\hdettmann@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Application Data\Microsoft\Messenger\hdettmann@hotmail.com\SharingMetadata\Working\database_6A54_3BE6_543B_B3A3\dfsr.db Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Application Data\Microsoft\Messenger\hdettmann@hotmail.com\SharingMetadata\Working\database_6A54_3BE6_543B_B3A3\fsr.log Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Application Data\Microsoft\Messenger\hdettmann@hotmail.com\SharingMetadata\Working\database_6A54_3BE6_543B_B3A3\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Application Data\Microsoft\Messenger\hdettmann@hotmail.com\SharingMetadata\Working\database_6A54_3BE6_543B_B3A3\tmp.edb Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Application Data\Microsoft\Windows Live Contacts\hdettmann@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Application Data\Microsoft\Windows Live Contacts\hdettmann@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Application Data\Sunbelt Software\CounterSpy\SunEventsData.sdb Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\History\History.IE5\MSHist012007062120070622\index.dat Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Temp\hsperfdata_Dwayne\2224 Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Temp\~DF134F.tmp Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Temp\~DF1362.tmp Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Temp\~DF2C68.tmp Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Temp\~DF32DA.tmp Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Temp\~DF32EB.tmp Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Temp\~DF86BC.tmp Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Temp\~DF88FF.tmp Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Temp\~DF90A6.tmp Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Temp\~DFC132.tmp Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Temp\~DFECA4.tmp Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Temp\~DFECB4.tmp Object is locked skipped
C:\Documents and Settings\Dwayne\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dwayne\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dwayne\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kdwes.exe.vir Infected: Trojan.Win32.DNSChanger.hg skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP288\A0031563.dll Infected: not-a-virus:AdWare.Win32.MyWay.v skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0033898.exe Infected: Trojan.Win32.DNSChanger.hg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP334\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Delete this folder:
C:\QooBox

You need to clear your restore points:
To Flush the infected restore points:

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.


Let me know if your computer seems back to normal.
You should delete that 017 entry if you don't know what it is. I don't think its from a printer.. Is your computer connected directly to the internet?