6 Replies Latest reply on Apr 23, 2010 8:10 PM by ejmcafee

    Search result redirect and random new-tab popups

      Hi there,

       

      Just started having this problem a few days ago, despite McAfee Internet Protection.

      After some searches to find out what it might be, I tried using ad-aware (crashed), malabytes

      mal-ware, search-and-destroy, and spybot doctor: nothing.

       

      I was also, separately, having issues w/ my McAfee giving me "backup and restore has been

      automatically uninstalled" messages, every day. I got rid of that yesterday by uninstalling and

      reinstalling McAfee.

       

      I'm currently running Stinger in SafeMode, as suggested. I tried to do the Safe Mode Scan, but

      received an error message that windows had to restart because "DCOM Service Process Launcher

      Terminated Unexpectedly" (or something like that--by the time I got the message, it was nearly ready

      to auto-restart. I'll try the scan again when stinger is done.

       

      my laptop is used (I've had it for 2 years; that's not the problem); it has a legal windows copy (updated daily, as is my mcafee), but I don't have CD's.

       

      I've spent 2 days on this (backing up and trying various scans and installing/uninstalling programs).

       

      please help! based on my poking around, this seems to be a common virus/malware. why does McAfee

      not find or recognize or stop it?

       

      thanks. I'll post the stinger results as soon as it's done, and the scan results if the scan works the

      second time. I'll also run stinger with the modified prefs as suggested.

        • 1. Re: Search result redirect and random new-tab popups

          Okay, this seems VERY fishy. Stinger hung up (for about 10 minutes), without actually crashing, on a file in c:\DRIVERS\nclient\English\WINNT\i386\redir

           

          called: Setupw2k.dll

           

          Would a redirect virus really be in a redir directory?

           

          Finally, I tried to stop Stinger. It tried to stop for maybe another 5 minutes, then I had to force quit out of it

          in order to do anything at all.

           

          I'll try it again now--and just for the heck of it, with the modified prefs--but since both the regular (safe mode) scan and the stinger scan crashed (or something like it, in the case of Stinger), I'm not optimistic. help!

           

          many thanks.

          • 2. Re: Search result redirect and random new-tab popups

            also, for the record, this is probably normal, but I got (and have now) a Mcafee warning that I'm not protected, and that real time scanning is off. I turn it on, and it almost immediately goes off again (I assume Stinger is doing this, but figured it was worth mentioning).

             

            thanks.

            • 3. Re: Search result redirect and random new-tab popups

              ps again: in case it's useful, I'm appending both a dds log and a hijack this log below (I downloaded these yesterday at the suggestion of a bleepingcomputer forum). I've tried to run GMER a few times, and each time, it's crashed my machine....blue screen of death.

               

              I did delete the malabytes/spy doctor/adaware programs, since I figured they'd conflict w/ McAfee (they're probably still noted below, because I still had them yesterday).

               

               

              DDS.txt:

               


              DDS (Ver_10-03-17.01) - NTFSx86 
              Run by enj at 16:47:19.15 on Tue 04/20/2010
              Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
              Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.172 [GMT -7:00]

               

              AV: McAfee VirusScan *On-access scanning enabled* (Updated)   {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
              FW: McAfee Personal Firewall *enabled*   {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

               

              ============== Running Processes ===============

               

              C:\WINDOWS\system32\ibmpmsvc.exe
              C:\WINDOWS\system32\svchost -k DcomLaunch
              svchost.exe
              C:\WINDOWS\System32\svchost.exe -k netsvcs
              C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
              svchost.exe
              svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              svchost.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
              C:\WINDOWS\system32\acs.exe
              C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
              C:\WINDOWS\System32\svchost.exe -k HTTPFilter
              C:\Program Files\Java\jre6\bin\jqs.exe
              C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
              C:\Program Files\McAfee Online Backup\MOBKbackup.exe
              C:\WINDOWS\system32\rundll32.exe
              C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
              C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
              C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
              C:\WINDOWS\System32\svchost.exe -k imgsvc
              C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
              C:\WINDOWS\System32\TPHDEXLG.exe
              C:\WINDOWS\system32\TpKmpSVC.exe
              C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
              C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
              C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
              c:\program files\lenovo\system update\suservice.exe
              C:\WINDOWS\System32\CCM\CcmExec.exe
              C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
              C:\WINDOWS\System32\TpScrLk.exe
              c:\PROGRA~1\mcafee.com\agent\mcagent.exe
              C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
              C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
              C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
              C:\WINDOWS\system32\rundll32.exe
              C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
              C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
              C:\WINDOWS\system32\TpShocks.exe
              C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
              C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
              C:\Program Files\Common Files\Real\Update_OB\realsched.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\Program Files\Common Files\Java\Java Update\jusched.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Windows Media Player\WMPNSCFG.exe
              C:\Program Files\Messenger\msmsgs.exe
              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
              C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\Documents and Settings\enj\My Documents\Downloads\dds.scr

               

              ============== Pseudo HJT Report ===============

               

              uInternet Connection Wizard,ShellNext = hxxp://www.emusic.com/
              uInternet Settings,ProxyOverride = *.local
              uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
              BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
              BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
              BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100420125121.dll
              BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
              BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
              BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
              BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
              TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
              EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
              uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
              uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
              uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
              uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
              uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
              mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
              mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
              mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
              mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe
              mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
              mRun: [TP4EX] tp4ex.exe
              mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
              mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
              mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
              mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
              mRun: [BLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
              mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
              mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
              mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
              mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
              mRun: [TpShocks] TpShocks.exe
              mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
              mRun: [<NO NAME>]
              mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
              mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
              mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
              mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
              mRun: [BCWipeTM Startup] "c:\program files\jetico\bcwipe\BCWipeTM.exe" startup
              mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
              mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
              mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
              mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
              mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
              mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
              mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
              dRunOnce: [RunNarrator] Narrator.exe
              StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
              StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
              StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lumixs~1.lnk - c:\program files\panasonic\lumixsimpleviewer\PhLeAutoRun.exe
              IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
              IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
              IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
              IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
              IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
              IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
              Trusted Zone: internet
              Trusted Zone: mcafee.com
              DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
              DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
              DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
              DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://download.boulder.ibm.com/ibmdl/pub/pc/pccbbs/bp_pc/acpir.cab
              DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
              DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
              DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_s ite.cab?1172536256467
              DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
              DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
              DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
              DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
              DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
              Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
              Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
              Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
              Notify: igfxcui - igfxsrvc.dll
              Notify: tpfnf2 - notifyf2.dll
              Notify: tphotkey - tphklock.dll
              SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
              SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
              LSA: Authentication Packages = msv1_0 nwprovau

               

              ================= FIREFOX ===================

               

              FF - ProfilePath - c:\docume~1\enj\applic~1\mozilla\firefox\profiles\vdi018uj.default\
              FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/#inbox|http://www.nytimes.com/
              FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
              FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
              FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
              FF - plugin: c:\program files\google\google updater\2.4.1908.5032\npCIDetect14.dll
              FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
              FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
              FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
              FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
              FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
              FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

               

              ---- FIREFOX POLICIES ----
              c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_ pref", true);
              c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
              c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
              c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
              c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

               

              ============= SERVICES / DRIVERS ===============

               

              R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 385536]
              R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
              R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [2008-3-21 6144]
              R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-20 82952]
              R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-4-20 54776]
              R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2005-12-22 16384]
              R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-20 271480]
              R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-20 271480]
              R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-20 271480]
              R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-20 271480]
              R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-20 170144]
              R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-20 188136]
              R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-20 141792]
              R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-2-5 229688]
              R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
              R2 tp4serv;tp4serv;c:\program files\lenovo\trackpoint\tp4servinst.exe [2007-11-8 35616]
              R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-20 55456]
              R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-20 152320]
              R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-20 51688]
              R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-20 312584]
              R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-20 88480]
              R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2005-7-13 22568]
              R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
              S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-20 135664]
              S3 DSSUSBF;DSSUSBF Device;c:\windows\system32\drivers\dssusbf.sys --> c:\windows\system32\drivers\DSSUSBF.sys [?]
              S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-20 88480]
              S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-20 83496]
              S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
              S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSwap.sys [2007-1-25 91496]
              S4 Wupncicff;Wupncicff;c:\windows\system32\dllhst3g.exe [2002-8-29 4608]

               

              =============== Created Last 30 ================

               

              2010-04-20 23:45:30    0    ----a-w-    c:\documents and settings\enj\defogger_reenable
              2010-04-20 19:55:31    0    d-----w-    c:\program files\McAfeeMOBK
              2010-04-20 19:54:50    54776    ----a-w-    c:\windows\system32\drivers\MOBK.sys
              2010-04-20 19:54:27    0    d-----w-    c:\program files\McAfee Online Backup
              2010-04-20 19:51:17    9344    ----a-w-    c:\windows\system32\drivers\mfeclnk.sys
              2010-04-20 19:51:07    88480    ----a-w-    c:\windows\system32\drivers\mfendisk.sys
              2010-04-20 19:51:07    83496    ----a-w-    c:\windows\system32\drivers\mferkdet.sys
              2010-04-20 19:51:07    82952    ----a-w-    c:\windows\system32\drivers\mfetdi2k.sys
              2010-04-20 19:51:07    55456    ----a-w-    c:\windows\system32\drivers\cfwids.sys
              2010-04-20 19:51:07    51688    ----a-w-    c:\windows\system32\drivers\mfebopk.sys
              2010-04-20 19:51:07    312584    ----a-w-    c:\windows\system32\drivers\mfefirek.sys
              2010-04-20 19:51:07    152320    ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
              2010-04-20 19:50:53    0    d-----w-    c:\program files\common files\Mcafee
              2010-04-20 19:50:49    0    d-----w-    c:\program files\McAfee.com
              2010-04-20 19:49:59    0    d-----w-    c:\program files\McAfee
              2010-04-20 18:50:32    0    d-----w-    c:\program files\Lavasoft
              2010-04-19 18:40:11    73728    ----a-w-    c:\windows\system32\javacpl.cpl
              2010-04-19 18:40:11    411368    ----a-w-    c:\windows\system32\deployJava1.dll
              2010-04-19 04:18:50    0    d-----w-    c:\program files\TrendMicro
              2010-04-19 02:50:48    0    d-----w-    c:\docume~1\enj\applic~1\Malwarebytes
              2010-04-19 02:48:42    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
              2010-04-19 02:48:39    0    d-----w-    c:\docume~1\alluse~1\applic~1\Malwarebytes
              2010-04-19 02:48:35    20824    ----a-w-    c:\windows\system32\drivers\mbam.sys
              2010-04-19 02:48:34    0    d-----w-    c:\program files\Malwarebytes' Anti-Malware
              2010-04-19 02:30:18    0    d-----w-    c:\program files\Spybot - Search & Destroy
              2010-04-19 02:30:18    0    d-----w-    c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
              2010-04-18 05:06:09    0    d-----w-    c:\program files\common files\PC Tools
              2010-04-18 05:06:08    0    d-----w-    c:\program files\Spyware Doctor
              2010-04-05 02:31:42    0    d-----w-    c:\program files\Qwest Personal Digital Vault
              2010-04-05 02:18:42    0    d-----w-    c:\program files\common files\supportsoft
              2010-04-05 02:09:18    0    d-----w-    c:\docume~1\alluse~1\applic~1\Qwest
              2010-04-05 02:08:47    0    d-----w-    c:\windows\XSxS
              2010-04-05 02:08:47    0    d-----w-    c:\program files\Xenocode

               

              ==================== Find3M  ====================

               

              2010-03-10 06:15:52    420352    ----a-w-    c:\windows\system32\vbscript.dll
              2010-02-25 06:24:37    916480    ----a-w-    c:\windows\system32\wininet.dll
              2010-02-24 13:11:07    455680    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
              2010-02-17 16:10:28    2189952    ----a-w-    c:\windows\system32\ntoskrnl.exe
              2010-02-16 13:25:04    2066816    ----a-w-    c:\windows\system32\ntkrnlpa.exe
              2010-02-12 04:33:11    100864    ----a-w-    c:\windows\system32\6to4svc.dll
              2009-05-27 18:01:54    245760    --sha-w-    c:\windows\system32\config\systemprofile\ietldcache\index.dat
              2008-08-21 16:01:43    32768    --sha-w-    c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082120080822\index.dat

               

              ============= FINISH: 16:53:38.25 ===============

               

              HiJackThis log:

               

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 12:20:21 PM, on 4/19/2010
              Platform: Windows XP SP3 (WinNT 5.01.2600)
              MSIE: Internet Explorer v8.00 (8.00.6001.18702)
              Boot mode: Normal

               

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\ibmpmsvc.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
              C:\WINDOWS\system32\acs.exe
              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
              C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
              C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
              C:\Program Files\Spyware Doctor\pctsAuxs.exe
              C:\Program Files\Spyware Doctor\pctsSvc.exe
              C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
              C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
              C:\WINDOWS\System32\TPHDEXLG.exe
              C:\WINDOWS\system32\TpKmpSVC.exe
              C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
              C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
              c:\program files\lenovo\system update\suservice.exe
              C:\WINDOWS\System32\CCM\CcmExec.exe
              C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
              C:\WINDOWS\System32\TpScrLk.exe
              C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
              C:\WINDOWS\System32\hkcmd.exe
              C:\WINDOWS\system32\rundll32.exe
              C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
              C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
              C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
              C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
              C:\WINDOWS\system32\TpShocks.exe
              C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
              C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
              C:\Program Files\Common Files\Real\Update_OB\realsched.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\Program Files\McAfee.com\Agent\mcagent.exe
              C:\Program Files\Spyware Doctor\pctsTray.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Windows Media Player\WMPNSCFG.exe
              C:\Program Files\Messenger\msmsgs.exe
              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
              C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\Program Files\Java\jre6\bin\jqs.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\Program Files\McAfee\Supportability\MVT\MvtApp.exe
              C:\Program Files\HiJackThis\HijackThis.exe

               

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
              R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
              R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emusic.com/
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
              R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
              O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100315174416.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
              O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
              O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
              O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
              O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
              O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
              O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
              O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
              O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\System32\TpScrLk.exe
              O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
              O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
              O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
              O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
              O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
              O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
              O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
              O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
              O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
              O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
              O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
              O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
              O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
              O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
              O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
              O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
              O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
              O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
              O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
              O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
              O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
              O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (file missing)
              O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (file missing)
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
              O15 - Trusted Zone: http://*.mcafee.com
              O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://download.boulder.ibm.com/ibmdl/pub/...bp_pc/acpir.cab
              O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172536256467
              O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
              O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
              O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (file missing)
              O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
              O23 - Service: ACU Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
              O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
              O23 - Service: DM1Service - Unknown owner - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe (file missing)
              O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
              O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
              O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
              O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
              O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
              O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
              O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
              O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
              O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
              O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
              O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
              O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
              O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
              O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
              O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
              O23 - Service: McAfee Anti-Spam Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing)
              O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
              O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
              O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
              O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
              O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
              O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
              O23 - Service: SupportSoft RemoteAssist - Unknown owner - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (file missing)
              O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
              O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
              O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
              O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
              O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
              O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

               

              --
              End of file - 15586 bytes

              • 4. Re: Search result redirect and random new-tab popups

                okay, final post till  I hear from someone:

                 

                the 2nd run of Stinger (with "report only" and "very high" heuristics) had precisely the same result--stopped (with hard drive noise) on the same file, till I finally forced my machine off in order to restart.

                 

                I'll now cease and desist from any further exploration till I get your expert advice......this is eating up absurd amounts of time.

                 

                thank you!

                • 6. Re: Search result redirect and random new-tab popups

                  Is anybody there? i'm getting a little desperate--I'm avoiding searches altogether, but I'm also getting random popups and occasional random security messages--just this afternoon, for the first time, McAfee warned me that an unknown program was trying to access the web (I should have written it down, but I hit "block" too quickly).