[Resolved] dr. guard virus

[phillip 245]

Dr. guard has infected my pc will not allow anti virus to run tried downloading rkill.com and will not allow it any help would be appreciated
Hope this is better for you I am new to the forum sorry for any trouble Thanks again

 Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:45:43 AM, on 3/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\mcafee\sitead~1\McSACore.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [asr64_ldm.exe] C:\WINDOWS\TEMP\asr64_ldm.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [asr64_ldm.exe] C:\WINDOWS\TEMP\asr64_ldm.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196655279875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: intu-qt2009 - {03947252-2355-4E9B-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\progra~1\mcafee\sitead~1\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7499 bytes
thanks

[PCBruiser]

We do not open attachments for security reasons.  I have deleted your attachment. 

Please carefully follow all the instructions here: http://spywarehammer.com/simplemachinesforum/index.php?topic=88.0  Rerun HJT and post your log using copy and paste.  Remember to uncheck WordWrap in the Format menu of Notepad first.

[1972vet]

Greetings phillip 245 and Welcome to our Forums,

I understand you already downloaded and tried to run rkill...who advised you to do that? Did you do that out of your own curiosity?

I'm afraid rkill is what you need but you evidently didn't receive proper guidance on it's use...Please don't jump ahead of yourself either. Just because it may appear that I am giving you some instruction to do something you already did please don't assume that you will get the same results as you did when you performed this on your own.

...for example, did you try changing the file extension of the rkill tool you downloaded? Or...did you try downloading any one of the other rill tools that have different file extensions?

See? You must first read through the instruction entirely before you begin and make sure you understand exactly what is being requested of you. If you have any question about any instruction given, please post back here first with your question before continuing on.

Please download Rkill by Grinler and save it to your desktop.

• Link 2
  
• Link 3
  
• Link 4
  

Double-click on the Rkill desktop icon to run the tool.

• If using Vista, right-click on it and Run As Administrator.
  
• A black DOS box will appear and then disappear in about 10 seconds. At this point, a log file will open. Please copy/paste the contents of that file back here on your next reply.
  
• If nothing happens when you double-clicked the file then delete the one you downloaded and use the one provided in Link 2.
  
• Repeat the above process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.

Do not reboot the computer, you will need to run the application again...next: ...Please  download Malwarebytes Anti-Malware and save it to your desktop.
If you have problems with that link, you can also download it from Here or Here

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
• Update Malwarebytes' Anti-Malware
  
• Launch Malwarebytes' Anti-Malware
  
• Then click Finish.
  
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
   If you encounter any problems while downloading the updates, manually download them from here
  and just double-click on mbam-rules.exe to install.
  
• On the Scanner tab:
• Make sure the "Perform Quick Scan" option is selected then click on the Scan button.

• The scan will begin and "Scan in progress" will show at the top. Wait for the scan to complete and do nothing else with the computer during the scan.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.
  
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Exit MBAM. Please remember to copy and paste the contents of that report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process.
 Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

[phillip 245]

Hi; Thanks for the quick reply I have tried the download for rkill and iexplore.exe but the site will not come up for me bleeping computer also tried your other links thanks

[1972vet]

Hi; Thanks for the quick reply I have tried the download for rkill and iexplore.exe but the site will not come up for me bleeping computer also tried your other links thanks

Uhmm...please point me to the link for iexplore.exe or explain further what you mean. I went back over the instruction and find nothing relating to a download for iexplore.exe. Also, you mentioned you tried the other links but stopped there. Please tell me what happened when you tried them. Thanks!

[phillip 245]

Hi: thanks for the reply; When I tried to download rkill from bleeping com. my computer would not allow that to happen, I then tried the same thing with the link 2, 3, 4, but could not get the file.I then tried to download from bleeping computer, iexplorer.exe or eXplorer.exe which are renamed copies of rkill.com.  Thanks phillip

[1972vet]

I see now, thanks for explaining that better for me...

I'm still a bit confused with your statements which seem to contradict:

I have tried the download for rkill and iexplore.exe but the site will not come up for me

When I tried to download rkill from bleeping com. my computer would not allow that to happen, I then tried the same thing with the link 2, 3, 4, but could not get the file.I then tried to download from bleeping computer, iexplorer.exe or eXplorer.exe which are renamed copies of rkill.com.

...See, on the one hand you seem to be saying that you cannot get the BleepingComputer site to come up for you, and on the other hand, you say you went to the BleepingComputer site to download the iexplorer.exe...which of course, I can only assume you would not have known about without having read it on the BleepingComputer self help removal guide web page, since I made no mention of it in my instruction.

So...you actually CAN reach the BleepingComputer web site, but the download never completes? Is that it?

Please explain what you mean by my computer would not allow that to happen, and whether you just cannot get the file to download or you are in fact, not able to reach the web site. Your answer will determine how we should proceed next. Thanks!

Edit added:
I also wonder why, you still have made no mention of the recommendation to download mbam. Were you successful in downloading that? Tell me what happened please. Thanks!

[phillip 245]

Hi: When i try to go to bleep com Firefox says the link appears broken.The box says i can go to a cached copy form Google. I go to the cached copy the web site comes up but cannot download the links because it tells me the links appear broken comes up again.I wonder if i go to another computer and download the files on a usb drive if that could help.thanks

[1972vet]

If you have access to another computer that you trust is in good working order, then by all means...YES, use that to download the file to some removable media. Transfer that to the infected computer and run it as instructed.

I'll remind you again, you have still not mentioned a word about the instruction to download and install MBAM. Please advise if you are having any difficulty downloading it or visiting that web site...are you getting the "link is broken" indication when you try to visit that web site as well? Please make it your first priority in your next reply to address the question above regarding the mbam download instruction. Thanks!

[phillip 245]

HI: I cannot download the file mbam from bleeping computer or any other site , I get redirected to different web sites i appreciate the time and effort you are taking to resolve my issues.    thanks again

[1972vet]

OK...I suppose I just wait then until you post back after you have used another computer to download the file to some removable media. Please remember to keep this thread up dated with your progress. Otherwise, we tend to think you've abandoned the effort, and will archive the request. Thanks!

[1972vet]

Still with us phillip 245? Still trying to copy the download over to the infected computer these last couple days?

[phillip 245]

Hi: had quite a bit of trouble the last few days with my computer i got r kill & mbam to run after losing my internet connection and a few other issues but i believe the issues are fixed and no sight of Dr. guard the last 24 hours , also the searches have not been hijacked near as much. i want to thank you and your team of moderators for all of your valuable time and effort in helping me complete this task.
                                                    Phillip

[1972vet]

You believe they are fixed? Would you rather know they are fixed?

Would you allow us to have a look at your logs so we can make that determination? If you would prefer not, that is fine as well, just please let us know how you wish to proceed from here. Thanks!

[phillip 245]

Hi: 1972
            I have been busy and yes I would be pleased if you would check my latest log i will post it with my reply Thanks again for the time and effort. Phillip Log file of Trend Micro Hijack This v2.0.3 (BETA)
Scan saved at 10:45:55 AM, on 3/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196655279875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-qt2009 - {03947252-2355-4E9B-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0028311268695257) (0028311268695257mcinstcleanup) - Unknown owner - C:\DOCUME~1\Phillip\LOCALS~1\Temp\002831~1.EXE (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: The Cleaner 2011 Helper Service (moohelp) - MooSoft Development LLC - C:\Program Files\The Cleaner\mhelper.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (file missing)
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (file missing)
O23 - Service: Trend Micro Proxy Service (TmProxy) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (file missing)

--
End of file - 6609 bytes