Using Malawarebytes Software to Remove System Security Virus

Is it supposed to open as a black screen with a message?

Yes and in the background its scanning your computer.

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Mary at 16:07:05.33 on Sun 08/02/2009
Internet Explorer: 7.0.6000.16890
Microsoft Windows Vista Home Premium 6.0.6000.0.1252.1.1033.18.958.303 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Safari\Safari.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Mary\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uWindow Title = Internet Explorer provided by Dell
uSearch Bar =
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4071005
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN helper: {91704c3f-a675-4e0e-9fb7-b03e005edda7} - systran.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [EPSON NX100 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieda.exe /fu "c:\windows\temp\E_S8D4A.tmp" /EF "HKCU"
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: []
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SBC_McciTrayApp] c:\program files\sbc\update\SST.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\mary\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\mary\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: netzero.com
Trusted Zone: netzero.net
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://config.skillcheck.com/onlinetesting/icaclients/win32/10.0/onlinetesting.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
S2 wjhfavyatbmf;wjhfavyatbmf;c:\windows\system32\drivers\fqatsaefywj.sys [2009-8-2 76544]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-10-5 29744]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-6 24652]

=============== Created Last 30 ================

2009-08-02 15:50 40,448 a------- c:\windows\system32\systran.dll
2009-08-02 15:50 3,460 a------- c:\windows\system32\kjnd
2009-08-02 15:48 213,024 -------- c:\windows\system32\drivers\str.sys
2009-08-02 15:22 76,544 a------- c:\windows\system32\drivers\fqatsaefywj.sys
2009-08-01 18:28 131,400 a---h--- c:\windows\system32\mlfcache.dat
2009-08-01 17:55 --dsh--- c:\users\mary\appdata\roaming\lowsec
2009-08-01 08:48 4 a------- c:\windows\system32\bincd32.dat
2009-08-01 05:31 1,738 a------- C:\Windows Antivirus Pro.lnk
2009-08-01 05:31 --d----- C:\Windows Antivirus Pro
2009-07-31 21:40 --d----- c:\program files\Trend Micro
2009-07-29 14:54 --d----- C:\!KillBox
2009-07-29 01:24 143,360 a------- c:\windows\system32\dunzip32.dll
2009-07-28 19:02 --dsh--- C:\found.001
2009-07-28 18:25 --d----- c:\programdata\SUPERAntiSpyware.com
2009-07-28 18:25 --d----- c:\progra~2\SUPERAntiSpyware.com
2009-07-28 18:23 --d----- c:\users\mary\appdata\roaming\SUPERAntiSpyware.com
2009-07-28 18:23 --d----- c:\program files\SUPERAntiSpyware
2009-07-28 18:22 --d----- c:\program files\common files\Wise Installation Wizard
2009-07-28 18:18 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 18:18 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-28 18:18 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 16:30 a-d----- c:\programdata\TEMP
2009-07-28 16:30 506,368 a------- c:\windows\system32\msxml.dll
2009-07-28 13:19 --d----- c:\programdata\19687354
2009-07-28 13:19 --d----- c:\progra~2\19687354
2009-07-28 10:01 412,160 a------- c:\windows\tacb5700.exe
2009-07-28 10:01 370,343 a------- c:\windows\cigx6623.exe
2009-07-28 10:01 0 a------- c:\windows\system32\drivers\tqtliriephuxoecv.sys
2009-07-28 10:01 220 a------- c:\windows\system32\winset.ini
2009-07-28 10:00 --d----- c:\program files\IEToolbar
2009-07-28 10:00 889,078 a------- c:\windows\wupgk3410.exe
2009-07-28 09:35 --d----- c:\program files\FrostWire
2009-07-28 09:34 --d----- c:\program files\AskBarDis
2009-07-18 20:53 --d----- c:\programdata\UDL
2009-07-18 20:53 --d----- c:\progra~2\UDL
2009-07-18 20:50 --d----- c:\program files\Epson Software
2009-07-18 20:41 86,528 a------- c:\windows\system32\E_FLBEDA.DLL
2009-07-18 20:41 78,848 a------- c:\windows\system32\E_FD4BEDA.DLL
2009-07-18 20:41 --d----- c:\programdata\EPSON
2009-07-18 20:41 --d----- c:\progra~2\EPSON
2009-07-18 20:39 71,680 a------- c:\windows\system32\escwiad.dll
2009-07-18 20:39 --d----- c:\program files\epson
2009-07-18 20:38 44 a------- c:\windows\EPNX100.ini
2009-07-16 11:11 --d----- c:\users\mary\Tracing
2009-07-15 07:03 156,160 a------- c:\windows\system32\t2embed.dll
2009-07-15 07:03 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 07:02 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 07:02 34,304 a------- c:\windows\system32\atmlib.dll
2009-07-15 07:02 24,064 a------- c:\windows\system32\lpk.dll
2009-07-15 07:02 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-06 13:08 --d----- c:\program files\Microsoft
2009-07-06 13:05 --d----- c:\program files\Windows Live SkyDrive
2009-07-06 12:44 --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-08-01 03:00 86,016 a------- c:\windows\inf\infstrng.dat
2009-08-01 03:00 51,200 a------- c:\windows\inf\infpub.dat
2009-07-18 20:46 86,016 a------- c:\windows\inf\infstor.dat
2009-07-18 07:17 827,392 a------- c:\windows\system32\wininet.dll
2009-07-18 07:10 56,320 a------- c:\windows\system32\iesetup.dll
2009-07-18 07:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 07:10 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-07-18 07:07 72,704 a------- c:\windows\system32\admparse.dll
2009-07-18 05:00 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-18 03:34 48,128 a------- c:\windows\system32\mshtmler.dll
2008-12-11 04:29 174 a--sh--- c:\program files\desktop.ini
2008-11-20 18:08 20 ----h--- c:\programdata\PKP_DLdu.DAT
2008-11-20 18:08 20 ----h--- c:\progra~2\PKP_DLdu.DAT
2008-06-11 03:11 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:47 603,648 a----r-- c:\users\mary\appdata\roaming\sdra64.exe
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-10-05 18:55 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:08:57.78 ===============

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\windows\system32\kjnd
  c:\windows\system32\drivers\str.sys
  c:\windows\system32\drivers\fqatsaefywj.sys
  C:\Windows Antivirus Pro.lnk
  C:\Windows Antivirus Pro*
  c:\windows\system32\msxml.dll
  c:\programdata\19687354*
  c:\progra~2\19687354*
  c:\windows\tacb5700.exe
  c:\windows\cigx6623.exe
  c:\windows\system32\drivers\tqtliriephuxoecv.sys
  c:\windows\system32\winset.ini
  c:\windows\wupgk3410.exe
  c:\program files\FrostWire*
  c:\program files\AskBarDis*
  
  :services
  wjhfavyatbmf
  Viewpoint Manager Service
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== FILES ==========
c:\windows\system32\kjnd moved successfully.
c:\windows\system32\drivers\str.sys moved successfully.
c:\windows\system32\drivers\fqatsaefywj.sys moved successfully.
C:\Windows Antivirus Pro.lnk moved successfully.
C:\Windows Antivirus Pro moved successfully.
LoadLibrary failed for c:\windows\system32\msxml.dll
c:\windows\system32\msxml.dll NOT unregistered.
c:\windows\system32\msxml.dll moved successfully.
c:\programdata\19687354 moved successfully.
File/Folder c:\progra~2\19687354* not found.
c:\windows\tacb5700.exe moved successfully.
c:\windows\cigx6623.exe moved successfully.
c:\windows\system32\drivers\tqtliriephuxoecv.sys moved successfully.
c:\windows\system32\winset.ini moved successfully.
c:\windows\wupgk3410.exe moved successfully.
c:\program files\FrostWire moved successfully.
c:\program files\AskBarDis\bar\Settings moved successfully.
c:\program files\AskBarDis\bar\bin moved successfully.
c:\program files\AskBarDis\bar moved successfully.
c:\program files\AskBarDis moved successfully.
========== SERVICES/DRIVERS ==========

Service\Driver wjhfavyatbmf deleted successfully.

Service\Driver Viewpoint Manager Service deleted successfully.

OTM by OldTimer - Version 3.0.0.5 log created on 08022009_202541

Can I delete DDS? It said one time use.

BUMP

Hello.
Please run DDS again and post a fresh log, just making sure it's gone now.

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Mary at 13:36:21.53 on Wed 08/05/2009
Internet Explorer: 7.0.6000.16890
Microsoft Windows Vista Home Premium 6.0.6000.0.1252.1.1033.18.958.386 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\System32\mshta.exe
C:\Windows\System32\temp.exe
C:\Windows\System32\mshta.exe
C:\Program Files\Safari\Safari.exe
C:\Users\Mary\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uWindow Title = Internet Explorer provided by Dell
uSearch Bar =
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4071005
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN helper: {91704c3f-a675-4e0e-9fb7-b03e005edda7} - systran.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: : {bf98dd74-148c-4a86-a6f3-7571f810d650} - c:\windows\temp\~66A7.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [EPSON NX100 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieda.exe /fu "c:\windows\temp\E_S8D4A.tmp" /EF "HKCU"
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: []
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SBC_McciTrayApp] c:\program files\sbc\update\SST.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [PrivacyCenter] c:\program files\privacycenter\protector.exe -startup
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\mary\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\mary\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {5199201E-60B4-11DE-85CF-260556D89593} - c:\program files\privacycenter\protector.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: netzero.com
Trusted Zone: netzero.net
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://config.skillcheck.com/onlinetesting/icaclients/win32/10.0/onlinetesting.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-10-5 29744]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]

=============== Created Last 30 ================

2009-08-04 04:16 1,148,928 a------- c:\windows\system32\temp.exe
2009-08-04 04:16 --d----- c:\program files\PrivacyCenter
2009-08-02 20:25 --d----- C:\_OTM
2009-08-02 15:50 40,448 a------- c:\windows\system32\systran.dll
2009-08-01 18:28 131,400 a---h--- c:\windows\system32\mlfcache.dat
2009-08-01 17:55 --dsh--- c:\users\mary\appdata\roaming\lowsec
2009-08-01 08:48 4 a------- c:\windows\system32\bincd32.dat
2009-07-31 21:40 --d----- c:\program files\Trend Micro
2009-07-29 14:54 --d----- C:\!KillBox
2009-07-29 01:24 143,360 a------- c:\windows\system32\dunzip32.dll
2009-07-28 19:02 --dsh--- C:\found.001
2009-07-28 18:25 --d----- c:\programdata\SUPERAntiSpyware.com
2009-07-28 18:25 --d----- c:\progra~2\SUPERAntiSpyware.com
2009-07-28 18:23 --d----- c:\users\mary\appdata\roaming\SUPERAntiSpyware.com
2009-07-28 18:23 --d----- c:\program files\SUPERAntiSpyware
2009-07-28 18:22 --d----- c:\program files\common files\Wise Installation Wizard
2009-07-28 18:18 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 18:18 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-28 18:18 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 16:30 a-d----- c:\programdata\TEMP
2009-07-28 10:00 --d----- c:\program files\IEToolbar
2009-07-18 20:53 --d----- c:\programdata\UDL
2009-07-18 20:53 --d----- c:\progra~2\UDL
2009-07-18 20:50 --d----- c:\program files\Epson Software
2009-07-18 20:41 86,528 a------- c:\windows\system32\E_FLBEDA.DLL
2009-07-18 20:41 78,848 a------- c:\windows\system32\E_FD4BEDA.DLL
2009-07-18 20:41 --d----- c:\programdata\EPSON
2009-07-18 20:41 --d----- c:\progra~2\EPSON
2009-07-18 20:39 71,680 a------- c:\windows\system32\escwiad.dll
2009-07-18 20:39 --d----- c:\program files\epson
2009-07-18 20:38 44 a------- c:\windows\EPNX100.ini
2009-07-16 11:11 --d----- c:\users\mary\Tracing
2009-07-15 07:03 156,160 a------- c:\windows\system32\t2embed.dll
2009-07-15 07:03 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 07:02 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 07:02 34,304 a------- c:\windows\system32\atmlib.dll
2009-07-15 07:02 24,064 a------- c:\windows\system32\lpk.dll
2009-07-15 07:02 10,240 a------- c:\windows\system32\dciman32.dll

==================== Find3M ====================

2009-08-01 03:00 86,016 a------- c:\windows\inf\infstrng.dat
2009-08-01 03:00 51,200 a------- c:\windows\inf\infpub.dat
2009-07-18 20:46 86,016 a------- c:\windows\inf\infstor.dat
2009-07-18 07:17 827,392 a------- c:\windows\system32\wininet.dll
2009-07-18 07:10 56,320 a------- c:\windows\system32\iesetup.dll
2009-07-18 07:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 07:10 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-07-18 07:07 72,704 a------- c:\windows\system32\admparse.dll
2009-07-18 05:00 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-18 03:34 48,128 a------- c:\windows\system32\mshtmler.dll
2008-12-11 04:29 174 a--sh--- c:\program files\desktop.ini
2008-11-20 18:08 20 ----h--- c:\programdata\PKP_DLdu.DAT
2008-11-20 18:08 20 ----h--- c:\progra~2\PKP_DLdu.DAT
2008-06-11 03:11 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:47 603,648 a----r-- c:\users\mary\appdata\roaming\sdra64.exe
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-10-05 18:55 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:38:08.53 ===============

Run another Malwarebytes scan for me and post the log back here.

Malwarebytes' Anti-Malware 1.39
Database version: 2524
Windows 6.0.6000

8/5/2009 6:28:00 PM
mbam-log-2009-08-05 (18-28-00).txt

Scan type: Quick Scan
Objects scanned: 106741
Time elapsed: 7 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf98dd74-148c-4a86-a6f3-7571f810d650} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf98dd74-148c-4a86-a6f3-7571f810d650} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.SecretService) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.SecretService) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.SecretService) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.SecretService) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.SecretService) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.SecretService) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91704c3f-a675-4e0e-9fb7-b03e005edda7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{91704c3f-a675-4e0e-9fb7-b03e005edda7} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D3 (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\pr (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\BN (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\gd (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D1 (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D2 (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\privacycenter (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Temp\~66A7.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Program Files\PrivacyCenter\protector.exe (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.

Hello.
One more time, then this should be okay.

• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\windows\system32\temp.exe
  c:\program files\PrivacyCenter
  C:\!KillBox
  C:\found.***
  c:\users\mary\appdata\roaming\lowsec
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== FILES ==========
c:\windows\system32\temp.exe moved successfully.
c:\program files\PrivacyCenter moved successfully.
C:\!KillBox\Logs moved successfully.
C:\!KillBox moved successfully.
C:\found.000\dir0000.chk moved successfully.
C:\found.000 moved successfully.
C:\found.001 moved successfully.
c:\users\mary\appdata\roaming\lowsec moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.

OTM by OldTimer - Version 3.0.0.5 log created on 08062009_112520

We can remove OTMoveIt now.

• Please double-click OTM.exe to run it again.
  
• Press the green CleanUp! button.
  
• Press Yes cleanup process prompt, do the same for the reboot prompt.
  

How is the machine running now?