Here is the combofix log:
ComboFix 08-08-12.01 - lisa 2008-08-12 19:20:43.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1190 [GMT -4:00]
Running from: C:\Users\lisa\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\lisa\AppData\Local\Temp\kbroeore.dll
C:\Users\lisa\AppData\Local\Temp\ovuiwwey.dll
C:\Users\lisa\AppData\Roaming\macromedia\Flash Player\#SharedObjects\DQH6CNA5\interclick.com
C:\Users\lisa\AppData\Roaming\macromedia\Flash Player\#SharedObjects\DQH6CNA5\interclick.com\ud.sol
C:\Users\lisa\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\lisa\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Windows\system32\MSINET.oca
C:\Windows\system32\pac.txt
.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.
2008-08-12 17:54 . 2008-08-12 17:54 77 --a------ C:\Users\lisa\2746.bat
2008-08-12 15:39 . 2008-08-12 15:39 <DIR> d-------- C:\VundoFix Backups
2008-08-12 15:37 . 2008-08-12 15:37 77 --a------ C:\Users\lisa\8751.bat
2008-08-12 13:49 . 2008-08-12 13:49 77 --a------ C:\Users\lisa\1716.bat
2008-08-12 13:18 . 2008-08-12 13:18 77 --a------ C:\Users\lisa\7043.bat
2008-08-12 13:03 . 2008-08-12 13:03 77 --a------ C:\Users\lisa\5326.bat
2008-08-12 11:51 . 2008-08-12 11:51 77 --a------ C:\Users\lisa\1814.bat
2008-08-12 11:41 . 2008-08-12 11:41 77 --a------ C:\Users\lisa\7893.bat
2008-08-12 11:15 . 2008-08-12 11:15 77 --a------ C:\Users\lisa\4422.bat
2008-08-12 10:50 . 2008-08-12 11:11 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-12 10:50 . 2008-08-12 11:11 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-12 10:50 . 2008-08-12 10:51 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-11 18:56 . 2008-08-11 18:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-11 18:43 . 2008-08-11 18:43 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-10 08:50 . 2008-08-10 08:50 77 --a------ C:\Users\lisa\1065.bat
2008-08-08 16:32 . 2008-08-08 16:32 77 --a------ C:\Users\lisa\2045.bat
2008-08-08 15:13 . 2008-08-08 15:13 77 --a------ C:\Users\lisa\8439.bat
2008-08-05 13:30 . 2008-08-05 13:30 <DIR> d-------- C:\Windows\System32\kBin02
2008-08-05 13:30 . 2008-08-05 13:30 <DIR> d-------- C:\Temp\epr1
2008-08-05 13:30 . 2008-08-05 13:30 77 --a------ C:\Users\lisa\6488.bat
2008-08-05 13:17 . 2008-08-05 13:34 <DIR> d-------- C:\Users\lisa\AppData\Roaming\LimeWire
2008-07-22 22:00 . 2008-06-25 21:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-22 21:59 . 2008-06-25 21:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-22 21:59 . 2008-06-25 23:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 16:20 --------- d-----w C:\Program Files\dl_Cats
2008-08-12 15:14 --------- d-----w C:\Program Files\McAfee
2008-08-05 17:12 --------- d---a-w C:\ProgramData\TEMP
2008-07-10 07:06 --------- d-----w C:\Program Files\Windows Mail
2008-07-04 20:36 --------- d-----w C:\Program Files\Coupons
2008-06-28 14:07 936 ----a-w C:\Users\lisa\AppData\Roaming\wklnhst.dat
2008-06-27 22:38 53,248 --sh--w C:\Users\lisa\winlogon.exe
2008-06-21 16:29 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-15 21:11 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-10 17:35 174 --sha-w C:\Program Files\desktop.ini
2008-06-10 13:45 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-10 13:45 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-03-08 16:02 84,064 ----a-w C:\Users\lisa\AppData\Roaming\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Logon Applicationedc"="C:\Users\lisa\winlogon.exe" [2008-06-27 18:38 53248]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 14:09 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-04-16 17:39 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-15 11:06 1862144]
"DLBTCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 10:26 73728]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-23 00:11 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-23 00:11 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-23 00:11 81920]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-15 09:32 4390912 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-15 10:54:51 50688]
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 14:27:34 471040]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A2D942E6-CA92-4016-BC11-4F254CBAC099}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{BA2ED07B-AA0E-49C0-BD3F-456BC3F1FC11}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{43511B94-D629-4435-B22D-23D7BA3E8E87}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{CB076EBE-E58F-466D-B698-945493257F39}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{4A5DAFD7-C0F6-4DA9-8290-B6D5890F3D6C}"= Disabled:UDP:135:TCP Port 135
"{5BD535C3-A19B-49C0-9624-5FB3AF9F4FBF}"= Disabled:UDP:5000:TCP Port 5000
"{68BE6B40-B9D7-4C8B-98F1-0ABB00918FD1}"= Disabled:UDP:5001:TCP Port 5001
"{538960F8-13F8-4F31-B685-A748344F68DB}"= Disabled:UDP:5002:TCP Port 5002
"{949CFBB9-688B-4965-B556-B534F82C4D0D}"= Disabled:UDP:5003:TCP Port 5003
"{CC66243D-A863-4826-A4AB-60064420A587}"= Disabled:UDP:5004:TCP Port 5004
"{DBAB8195-E927-4610-83B1-5BAAD5511A1D}"= Disabled:UDP:5005:TCP Port 5005
"{268F87DA-0BB3-4FB2-B54D-93487AFC40B5}"= Disabled:UDP:5006:TCP Port 5006
"{AAFF0D2C-D6D2-46C0-8F6E-ECAC4354A68F}"= Disabled:UDP:5007:TCP Port 5007
"{A643BA8B-2FA8-48E2-B851-0E30FE653377}"= Disabled:UDP:5008:TCP Port 5008
"{19CF917E-7516-4AD8-9F80-20B6E2D7D4C0}"= Disabled:UDP:5009:TCP Port 5009
"{6E6C92D5-BE22-4381-805C-72BE7F82DD31}"= Disabled:UDP:5010:TCP Port 5010
"{7AB66D99-7075-4D84-9338-D84ED4DEACFD}"= Disabled:UDP:5011:TCP Port 5011
"{1E598121-D3E0-49A8-BD22-4F5F7292F984}"= Disabled:UDP:5012:TCP Port 5012
"{20DFC793-F980-48F0-B8C3-7328DEFD7299}"= Disabled:UDP:5013:TCP Port 5013
"{892CF3C1-9179-4266-9455-F12345E0446F}"= Disabled:UDP:5014:TCP Port 5014
"{5457B84D-D165-49AA-BE13-7D6B64149E69}"= Disabled:UDP:5015:TCP Port 5015
"{56862FD1-239B-452E-BC89-8D12EFD9DE73}"= Disabled:UDP:5016:TCP Port 5016
"{442DD4F4-031D-4579-BDF0-477909E0A1EA}"= Disabled:UDP:5017:TCP Port 5017
"{6582F404-CF55-4616-942C-3F354EFB98D9}"= Disabled:UDP:5018:TCP Port 5018
"{F9E7D3E7-E21F-4F3A-B9FF-0AFCA56165CA}"= Disabled:UDP:5019:TCP Port 5019
"{8FA43128-13E7-4A7D-890B-522878BB25F0}"= Disabled:UDP:5020:TCP Port 5020
"{1A1B9A47-64E8-4D28-8650-CB9E30DF180D}"= UDP:C:\Windows\System32\dlbtcoms.exe:Photo AIO Printer 922 Server
"{83DD0C65-0E6B-4967-94B4-A25AB7F4E82F}"= TCP:C:\Windows\System32\dlbtcoms.exe:Photo AIO Printer 922 Server
"{2BD10744-B64D-45BA-A63C-A2B1207F0BA5}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\dlbtpswx.exe:Photo AIO Printer 922 Printer Status
"{74F4A837-A8E6-499F-90BD-5C3E335CED13}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\dlbtpswx.exe:Photo AIO Printer 922 Printer Status
"{36F6F1BB-4029-4916-845C-60633018B522}"= UDP:C:\Users\lisa\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{2ED2A55B-261E-43DF-A394-D5F57BAFD8B7}"= TCP:C:\Users\lisa\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{B753D979-68F0-476F-AC0B-EB5746127435}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{417DAFA8-6DF8-4242-98D3-4F7988755E91}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
.
Contents of the 'Scheduled Tasks' folder
2008-07-15 C:\Windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-04-01 C:\Windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-08-12 C:\Windows\Tasks\SDMsgUpdate (TE).job
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe [2007-09-26 09:53]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{A057A204-BACC-4D26-CEC4-75A487FD6484} - (no file)
HKLM-Run-NSWatchDog - C:\Windows\NSWATC~1.EXE
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.malwareremoval.com/forum/vie ... 150b005dceO8 -: Customize Menu -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 -: Fill Forms -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 -: RoboForm Toolbar -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 -: Save Forms -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-12 19:25:21
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Users\lisa\winlogon.exe
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\dlbtcoms.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\drivers\XAudio.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2008-08-12 19:30:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-12 23:30:04
Pre-Run: 235,720,912,896 bytes free
Post-Run: 235,953,205,248 bytes free
214 --- E O F --- 2008-08-08 19:22:06
here is the HJL:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:57 PM, on 8/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\System32\rundll32.exe
C:\Users\lisa\winlogon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\taskeng.exe
C:\Users\lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUUURBOY\VundoFix[1].exe
C:\Program Files\Trend Micro\HijackThis\findme.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
viewtopic.php?f=11&t=33624R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NSWatchDog] C:\Windows\NSWATC~1.EXE &PT=MP&MI=60531745832&OS=Microsoft_Windows_Vista_version_6.0
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Windows Logon Applicationedc] C:\Users\lisa\winlogon.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\lisa\AppData\Local\Temp\pmnlMCsP.dll,#1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [40c11f10] rundll32.exe "C:\Users\lisa\AppData\Local\Temp\ovuiwwey.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\lisa\AppData\Local\Temp\yATmLccA.dll,c
O4 - HKCU\..\Run: [BM43f22c8c] Rundll32.exe "C:\Users\lisa\AppData\Local\Temp\kbroeore.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Customize Menu -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone:
http://*.mcafee.comO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... se5036.cabO16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) -
https://accounting.quickbooks.com/c4/v1 ... boax10.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: dlbt_device - - C:\Windows\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11362 bytes