Novackfamily

Members
  • Content Count

    13
  • Joined

  • Last visited

Everything posted by Novackfamily

  1. 1) Allow importing email lists into safe list instead of having to hand add them one at a time. Maybe as text files or .xlsx or whatever. Maybe okay for occasional computer users but for business it is hours worth of frustration. 2) Allow entry of whole domains e.g. "@abc.com" so anyone there can email us. Any idea how annoying it is to add 50 team email addresses from the same company [email protected], [email protected], etc. 3) If you really want to join the 21st century, accept email from any email address in user's directory such as Outlook - unless user puts it on a block list. . . Lastly, have your people get logical. Even on Permissive: I get spam notices with my invoices/notices from major corporations such as AT&T, Sprint, US Bank, Wells Fargo, JP Morgan Chase and many more It even frequently marks your own Ad-Aware emails as SPAM!!!!!!!!! Engineers need to build in a realistic set of pass-thru emails and more a user friendly email management feature. Using Ad-Aware continuously since 1999
  2. Thanks Cecelia B I have submitted it through the online support channel. However, I feel that there would be general interest since this occurs on multiple machines, in multiple locations, run on various seat licenses on multiple accounts - all of which I administer. It is not a consumer wherein support can log on to some errant computer and fix it. Maybe I am missing something but in all these years I have never noted that the Forums were for free versions only. So I would imagine a whole bunch of paid users look to forums for answers and to share. And, in truth, considering (1) the low cost for extremely better functionality/protection and (2) the state of 24/7/365 internet attacks these days I can't imagine why anyone would try to squeak by with only any vendor's free version and hope nothing happens. I can say, our total switch to Lavasoft after the addtion of anti-virus has resulted so far in an invasion free experience - something we never got with machines running Norton or McAfee. With them, during any given year something always got by even on their highest level program. (My free commercial for Lavasoft). Having said that, I think they shot themselves in the foot by idiotizing the interface. Maybe that is what happens when a company is taken over.
  3. I am an Ad-aware user since it was invented 1999. I was pleased when Lavasoft added anti-virus. I administer a number of seats on a number of accounts. Recently I have been updating Pro Plus to 11 from 10 and had moved everyone to Pro Plus from Total in 2012 after a long discussion with Lavasoft tech because it is more effective and faster. I can attest not one of our machines has had a invasion. However 11 lacks Lavasoft's long standing ability to adjust settings. Here are some problems encountered: Email - 11 alone decides if an email is dangerous/spam/etc. There no longer is the ability to either click to allow an individual email or to enter an email address into an ignore list. One of many examples: Two of our businesses are customers of giant Office Max. Both are also MaxPerks members where there are points and discounts for purchases. In addition to ordinary emails which 11 lets through, MaxPerks sends "flash sale" notices of items on deep discount for only 4 to 6 hours - about once a week. These SALE emails arriving in Outlook (Microsoft Professional Plus 10 fully updated) are blocked by 11 and posts its substitute notice. The original inaccessible. HOWEVER, if that same email is downloaded from our servers (some on Exchange and some internet POP) on a machine still running Ad-aware Pro Plus 10 - it is not blocked. A right click scan of it yields that the message is all okay. And it is. Getting such email is important to a business saving money on regularly purchased supplies. Lavasoft's current solution? Stupidly - Turn off the email protection entirely. a/k/a throw out the baby with the bathwater. aa/k/a if you don't like it my way you are on your own. Java I access numerous bank accounts. Each bank has adopted deposit by photo/scan of check. A real convenience. I have been doing this for 2 years with it working fine on all our 64 bit windows 7 machines. All keep up with the latest Java version - used to manage the process. All those machines have been running Ad-aware Pro Plus 10. On updating to 11 no machine will allow the computer to use the scanner (via Java) to acquire the check photos let alone transmit them to the bank on clicking submit (never gets to submit or even to permits the scan.) I am going to assume that because action is being undertaken thru a page in a web browser ( tried ie10, FF, Chrome, Safari) that Ad-aware 11 is blocking the action. Nothing else is wrong since it can still be done on a machine running Pro Plus 10. A bank tier 3 tech suggested reinstalling the latest version of Java. OOPS, 11 also blocks the download of Java. As a loyal user, I am looking for solutions ASAP. This is affecting our businesses. Where can I adjust the settings like I always have? Thanks anyone for the help.
  4. I have an activated, registered Pro Security with the latest update 10.4.47.4163. Pro was installed about December 12. Previous Total Security was fully uninstalled. Running on windows 7, 64 bit, also kept updated. All Ad-aware functions enabled. Both check boxes set to minimize, not close. It is working just fine except: Two problems 1) multiple times a day the main menu screen occurs, (not the corner update installed slider which is also annoying.) That main menu at the bottom in orange warns an updated version is available. If I click it, I get a screen wanting me to buy Pro Security - which I already have and am running. Attached a shot of the relevant section. 2) Identity protection (now) does not exist activated according to that main screen and is not active. Yet I get emails informing me of credit change/inquiry because I did enable it on install. Final note: I have 10 seats of licenses on 2 accounts - and as far as I can tell, this is the only computer this is occurring upon. Thanks for any expert assistance.
  5. Thanks - will do. Meanwhile - that false positive must be with Total Security because it was occurring before Ad-Aware Pro 10.4 was downloaded. So you are saying it would have been detecting its own file. wierd.
  6. Working with Lavasoft staff on my systems I now have computers with the full, maximum paid versions of both Total Security <now expired> and Ad-Aware Pro Plus 10.4 at the same time. The new did not uninstall or deactivate the old. There are no instructions for what to do. Should I uninstall Total Security manually? Total appears in the tray while Pro Plus does not. althougn it appears under programs and shows it is fully activated. There is a worry because Total keeps popping up EVERY HALF-HOUR or so that it has blocked attempted access to a viris file while the new Ad-Aware does not. <C:\Users\user\AppData\Local\adaware\data\temp.zip Infected with: HTML:Fraud-J (Engine-B> If I uninstall or somehow deactivate Total will that recurring viris attempt take over?
  7. I'm confused. I understood Total Security was the maximum level of Ad-Aware which, until now, incorporated Ad-Aware 9. The new releases of Ad-Aware 10 appear to be only available - and freely upgrade - in Free, Personal and Pro. I tried checking versions but Total Security seems to use different version numbers in my "Info" as 21.xx excepting the firewall 3.0 -all of which on clicking "update" state I have the latest version. I administer a number of multi-seat accounts and for each received upgrade emails today which seem to indicate Ad-Aware 10 would replace Total Security, but have less features. Can someone enlighten me and my clients please? The Lavasoft Face bookpage only tells people to check the features of Total Security which explains nothing and is not a very customer friendly response. the real question is - is the expensive Total Security being dropped or left behind in this process?
  8. By the way - my reply above neglected to thank you for your help. thanks very much
  9. Hi Blade81 - sorry for the apparent delay I did reply on Dec 1 and I got the return page but it DID NOT POST and does not show up! When I checked after that for the rest of the day - the lavasoftsupport.com website came back as down - on several computers. I contacted lavasoft.com webmaster and received a ridiculous generic response. I was afraid it was some infection blocking it at my end or the lavasoftsupport site was under hacker attack. I am now back after a business trip. Everything SEEMS fine - the browser redirection ended - except for below: I removed and McAfee shredded the files you indicated. The Outlook files are over 3 gigabytes each and hundreds of thousands of emails kept as part of business requirements - not possible to hand examine. What bothers me is that I have re examined them with Kaspersky finding the same as before but when examined with Ad-aware Pro, McAfee and Spybot those files shw clean. In fact I selected the folder and running Ad-Aware Pro with all options correct it essentially skips the outlook pst files and does not deep examine those 3 gb files for more than a one second. It should be running through the file. Below is the dds file I thought I posted and does not show: Below it is a new dds file I did now. ************************************* DDS (Ver_09-11-29.01) - NTFSx86 Run by Assignor at 19:24:50.50 on 11/30/09 Internet Explorer: 8.0.6001.18828 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1599 [GMT -6:00] SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxbfcoms.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\System32\tcpsvcs.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Windows Media Player\wmpnetwk.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\Dwm.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Windows\system32\taskeng.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\Explorer.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\DllHost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe C:\Program Files\Java\jre6\bin\java.exe C:\Users\Assignor\AppData\Local\temp\jkos-Assignor\binaries\ScanningProcess.exe C:\Users\Assignor\AppData\Local\temp\jkos-Assignor\binaries\ScanningProcess.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Assignor\Desktop\Cleaning 11-29-09\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729)" -"http://www.shockwave.com/contentPlay/shockwave.jsp?id=carriethecaregiver2&refCode=&brand=ag" mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PDF4 Registry Controller] "c:\program files\scansoft\pdf converter 4\RegistryController.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp dRunOnce: [LabelMaker2.0] regsvr32 c:\program files\common files\mysoftware\regdll.dll /s StartupFolder: c:\users\assignor\appdata\roaming\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\scansoft\pdf converter 4\cnvres_eng.dll /100 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: domain.com\cp Trusted Zone: internet Trusted Zone: mcafee.com DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/crazytalk4.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} - hxxp://www.reallusion.com/plug-in/rltts.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-22 64288] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-5-23 214664] R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-28 93320] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-5-23 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-5-23 144704] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-21 1153368] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-5-23 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-5-23 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-5-23 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-5-23 40552] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-6-13 55280] S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-5-23 34248] =============== Created Last 30 ================ 2009-11-30 16:44:28 0 d-----w- c:\programdata\NOS 2009-11-30 15:54:29 260608 ----a-w- c:\windows\PEV.exe 2009-11-30 06:00:27 0 d-----w- c:\programdata\Office Genuine Advantage 2009-11-30 06:00:21 0 d-----w- c:\users\assignor\Office Genuine Advantage 2009-11-30 05:33:45 909824 ----a-w- c:\windows\system32\drivers\athr.sys 2009-11-30 05:33:45 0 d-----w- c:\windows\system32\nn-NO 2009-11-30 05:33:44 53248 ----a-w- c:\windows\system32\athihvui.dll 2009-11-30 05:33:44 393216 ----a-w- c:\windows\system32\athihvs.dll 2009-11-30 05:33:44 376832 ----a-w- c:\windows\system32\S64CPA.exe 2009-11-30 05:32:47 0 d-----w- c:\program files\Cisco 2009-11-30 05:05:11 80936 ----a-w- c:\windows\system32\drivers\btwavdt.sys 2009-11-30 05:05:10 80424 ----a-w- c:\windows\system32\drivers\btwaudio.sys 2009-11-30 05:05:10 16168 ----a-w- c:\windows\system32\drivers\btwrchid.sys 2009-11-30 05:05:01 233472 ----a-w- c:\windows\system32\BtwRSupport.dll 2009-11-30 05:04:33 0 d-----w- c:\windows\system32\es-MX 2009-11-30 05:04:33 0 d-----w- c:\windows\system32\es-AR 2009-11-29 22:45:51 98816 ----a-w- c:\windows\sed.exe 2009-11-29 22:45:51 77312 ----a-w- c:\windows\MBR.exe 2009-11-29 22:45:51 161792 ----a-w- c:\windows\SWREG.exe 2009-11-27 02:31:48 0 d-----w- c:\program files\Trend Micro 2009-11-27 02:00:03 0 d-----w- c:\program files\common files\xing shared 2009-11-26 09:01:43 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 13:50:58 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-25 13:50:58 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-25 13:50:53 714240 ----a-w- c:\windows\system32\timedate.cpl 2009-11-23 07:33:12 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-11-23 03:10:27 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-11-23 03:06:05 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-23 03:05:48 0 d-----w- c:\program files\Lavasoft 2009-11-22 20:11:37 0 d-----w- c:\programdata\Real 2009-11-21 14:08:45 0 d-----w- c:\programdata\Spybot - Search & Destroy 2009-11-21 14:08:45 0 d-----w- c:\program files\Spybot - Search & Destroy 2009-11-21 13:38:50 0 d-----w- c:\programdata\Citrix 2009-11-21 13:33:49 0 d-----w- c:\program files\Citrix 2009-11-17 09:20:29 0 d-----w- c:\program files\Windows Portable Devices 2009-11-17 09:19:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-17 09:03:31 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-11-17 09:03:28 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-11-17 09:03:28 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-11-17 09:01:54 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-11-17 09:00:22 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-11-17 09:00:21 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-11-17 09:00:21 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-11-11 07:20:00 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-11 00:42:48 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 00:42:25 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-08 05:26:38 0 d-----w- c:\program files\iPod 2009-11-08 05:26:34 0 d-----w- c:\program files\iTunes 2009-11-04 09:22:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb ==================== Find3M ==================== 2009-11-30 16:56:18 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-30 15:49:57 28124 ----a-w- c:\programdata\nvModes.dat 2009-11-30 15:43:36 2140 ----a-w- c:\windows\bthservsdp.dat 2009-11-30 05:34:11 51200 ----a-w- c:\windows\inf\infpub.dat 2009-11-30 05:34:10 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-11-30 05:34:07 86016 ----a-w- c:\windows\inf\infstor.dat 2009-11-17 09:20:17 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-19 22:30:06 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont 2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll 2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib409\perfd.dat 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib409\perfc.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib409\perfi.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfc.dat ============= FINISH: 19:25:35.60 =============== *********************************************************** DDS (Ver_09-11-29.01) - NTFSx86 Run by Assignor at 12:20:02.90 on 12/05/09 Internet Explorer: 8.0.6001.18828 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.945 [GMT -6:00] SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxbfcoms.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe C:\Windows\system32\rundll32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\System32\tcpsvcs.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\iPod\bin\iPodService.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Assignor\Desktop\Cleaning 11-29-09\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729)" -"http://www.shockwave.com/contentPlay/shockwave.jsp?id=carriethecaregiver2&refCode=&brand=ag" mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PDF4 Registry Controller] "c:\program files\scansoft\pdf converter 4\RegistryController.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" dRunOnce: [LabelMaker2.0] regsvr32 c:\program files\common files\mysoftware\regdll.dll /s StartupFolder: c:\users\assignor\appdata\roaming\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\scansoft\pdf converter 4\cnvres_eng.dll /100 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: domain.com\cp Trusted Zone: internet Trusted Zone: mcafee.com DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/crazytalk4.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} - hxxp://www.reallusion.com/plug-in/rltts.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-22 64288] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-5-23 214664] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912] R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-28 93320] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-5-23 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-5-23 144704] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-5-23 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-5-23 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-5-23 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-5-23 40552] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-6-13 55280] S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-5-23 34248] =============== Created Last 30 ================ 2009-12-03 16:49:21 0 d-----w- C:\temp 2009-11-30 15:54:29 260608 ----a-w- c:\windows\PEV.exe 2009-11-30 06:00:27 0 d-----w- c:\programdata\Office Genuine Advantage 2009-11-30 06:00:21 0 d-----w- c:\users\assignor\Office Genuine Advantage 2009-11-30 05:33:45 909824 ----a-w- c:\windows\system32\drivers\athr.sys 2009-11-30 05:33:45 0 d-----w- c:\windows\system32\nn-NO 2009-11-30 05:33:44 53248 ----a-w- c:\windows\system32\athihvui.dll 2009-11-30 05:33:44 393216 ----a-w- c:\windows\system32\athihvs.dll 2009-11-30 05:33:44 376832 ----a-w- c:\windows\system32\S64CPA.exe 2009-11-30 05:32:47 0 d-----w- c:\program files\Cisco 2009-11-30 05:05:11 80936 ----a-w- c:\windows\system32\drivers\btwavdt.sys 2009-11-30 05:05:10 80424 ----a-w- c:\windows\system32\drivers\btwaudio.sys 2009-11-30 05:05:10 16168 ----a-w- c:\windows\system32\drivers\btwrchid.sys 2009-11-30 05:05:01 233472 ----a-w- c:\windows\system32\BtwRSupport.dll 2009-11-30 05:04:33 0 d-----w- c:\windows\system32\es-MX 2009-11-30 05:04:33 0 d-----w- c:\windows\system32\es-AR 2009-11-29 22:45:51 98816 ----a-w- c:\windows\sed.exe 2009-11-29 22:45:51 77312 ----a-w- c:\windows\MBR.exe 2009-11-29 22:45:51 161792 ----a-w- c:\windows\SWREG.exe 2009-11-27 02:31:48 0 d-----w- c:\program files\Trend Micro 2009-11-27 02:00:03 0 d-----w- c:\program files\common files\xing shared 2009-11-26 09:01:43 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 13:50:58 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-25 13:50:58 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-25 13:50:53 714240 ----a-w- c:\windows\system32\timedate.cpl 2009-11-23 07:33:12 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-11-23 03:10:27 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-11-23 03:06:05 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-23 03:05:48 0 d-----w- c:\program files\Lavasoft 2009-11-22 20:11:37 0 d-----w- c:\programdata\Real 2009-11-21 14:08:45 0 d-----w- c:\programdata\Spybot - Search & Destroy 2009-11-21 14:08:45 0 d-----w- c:\program files\Spybot - Search & Destroy 2009-11-21 13:38:50 0 d-----w- c:\programdata\Citrix 2009-11-21 13:33:49 0 d-----w- c:\program files\Citrix 2009-11-17 09:20:29 0 d-----w- c:\program files\Windows Portable Devices 2009-11-17 09:19:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-17 09:03:31 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-11-17 09:03:28 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-11-17 09:03:28 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-11-17 09:01:54 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-11-17 09:00:22 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-11-17 09:00:21 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-11-17 09:00:21 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-11-11 07:20:00 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-11 00:42:48 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 00:42:25 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-08 05:26:38 0 d-----w- c:\program files\iPod 2009-11-08 05:26:34 0 d-----w- c:\program files\iTunes ==================== Find3M ==================== 2009-12-01 02:25:29 2140 ----a-w- c:\windows\bthservsdp.dat 2009-11-30 16:56:18 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-30 15:49:57 28124 ----a-w- c:\programdata\nvModes.dat 2009-11-30 05:34:11 51200 ----a-w- c:\windows\inf\infpub.dat 2009-11-30 05:34:10 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-11-30 05:34:07 86016 ----a-w- c:\windows\inf\infstor.dat 2009-11-17 09:20:17 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-19 22:30:06 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont 2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe 2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib409\perfd.dat 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib409\perfc.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib409\perfi.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfc.dat ============= FINISH: 12:24:38.94 ===============
  10. Here it is Not encouraging to see that after all this kaspersky found 12 missed elsewhere Thanks for your continuing help. All 3 reports below: ComboFix------------------------------------------------------------------------- ComboFix 09-11-29.06 - Assignor 11/30/09 9:57.2.2 - x86 Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1606 [GMT -6:00] Running from: c:\users\Assignor\Desktop\ComboFix.exe Command switches used :: c:\users\Assignor\Desktop\CFscript.txt SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 ))))))))))))))))))))))))))))))) . 2009-11-30 16:17 . 2009-11-30 16:17 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-11-30 16:17 . 2009-11-30 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-30 06:00 . 2009-11-30 06:00 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-11-30 06:00 . 2009-11-30 06:00 -------- d-----w- c:\users\Assignor\Office Genuine Advantage 2009-11-30 05:33 . 2009-11-30 05:33 -------- d-----w- c:\windows\system32\nn-NO 2009-11-30 05:33 . 2008-04-27 17:07 909824 ----a-w- c:\windows\system32\drivers\athr.sys 2009-11-30 05:33 . 2008-04-22 11:13 376832 ----a-w- c:\windows\system32\S64CPA.exe 2009-11-30 05:33 . 2008-04-22 11:13 53248 ----a-w- c:\windows\system32\athihvui.dll 2009-11-30 05:33 . 2008-04-22 11:12 393216 ----a-w- c:\windows\system32\athihvs.dll 2009-11-30 05:32 . 2009-11-30 05:32 -------- d-----w- c:\program files\Cisco 2009-11-30 05:05 . 2007-12-12 19:12 80936 ----a-w- c:\windows\system32\drivers\btwavdt.sys 2009-11-30 05:05 . 2007-12-12 19:12 80424 ----a-w- c:\windows\system32\drivers\btwaudio.sys 2009-11-30 05:05 . 2007-12-12 19:12 16168 ----a-w- c:\windows\system32\drivers\btwrchid.sys 2009-11-30 05:05 . 2007-12-12 19:12 233472 ----a-w- c:\windows\system32\BtwRSupport.dll 2009-11-30 05:04 . 2009-11-30 05:04 -------- d-----w- c:\windows\system32\es-MX 2009-11-30 05:04 . 2009-11-30 05:04 -------- d-----w- c:\windows\system32\es-AR 2009-11-30 00:00 . 2009-11-30 16:18 12288 d-----w- c:\users\Assignor\AppData\Local\temp 2009-11-27 02:31 . 2009-11-27 02:31 -------- d-----w- c:\program files\Trend Micro 2009-11-27 02:00 . 2009-11-27 02:00 -------- d-----w- c:\users\Assignor\AppData\Local\Real 2009-11-27 02:00 . 2009-11-27 02:00 -------- d-----w- c:\program files\Common Files\xing shared 2009-11-27 01:59 . 2009-11-27 01:59 -------- d-----w- c:\program files\real 2009-11-26 09:01 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 13:50 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-25 13:50 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-23 07:33 . 2009-11-23 03:10 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-11-23 04:12 . 2009-11-23 04:12 79368 ----a-w- c:\users\Assignor\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe 2009-11-23 03:21 . 2009-11-23 03:21 2289688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ToolBox\LT\HostFileEditor.exe 2009-11-23 03:21 . 2009-11-23 03:21 77616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\i386\sbapifsl.sys 2009-11-23 03:21 . 2009-11-23 03:21 69936 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\i386\sbapifs.sys 2009-11-23 03:21 . 2009-11-23 03:21 13360 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\i386\sbaphd.sys 2009-11-23 03:21 . 2009-11-23 03:21 2057424 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ToolBox\LT\ProcessWatch.exe 2009-11-23 03:21 . 2009-11-23 03:21 112216 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ToolBox\AutoStart Manager\SO.dll 2009-11-23 03:21 . 2009-11-23 03:21 524200 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ToolBox\AutoStart Manager\AutoStart Manager.exe 2009-11-23 03:09 . 2009-11-23 03:09 5908024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll 2009-11-23 03:09 . 2009-11-23 03:09 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-11-23 03:09 . 2009-11-23 03:09 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-11-23 03:09 . 2009-11-23 03:09 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-11-23 03:09 . 2009-11-23 03:09 641632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2009-11-23 03:08 . 2009-11-23 03:08 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-11-23 03:08 . 2009-11-23 03:08 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-11-23 03:08 . 2009-11-23 03:08 1638640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-11-23 03:08 . 2009-11-23 03:08 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-11-23 03:08 . 2009-11-23 03:08 1184912 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-11-23 03:06 . 2009-11-23 03:06 4096 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-23 03:06 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe 2009-11-23 03:05 . 2009-11-23 03:05 -------- d-----w- c:\program files\Lavasoft 2009-11-22 20:11 . 2009-11-22 20:11 439816 ----a-w- c:\users\Assignor\AppData\Roaming\Real\Update\setup3.09\setup.exe 2009-11-21 14:08 . 2009-11-22 00:23 8192 d-----w- c:\program files\Spybot - Search & Destroy 2009-11-21 14:08 . 2009-11-21 14:46 4096 d-----w- c:\programdata\Spybot - Search & Destroy 2009-11-21 13:38 . 2009-11-21 13:38 -------- d-----w- c:\programdata\Citrix 2009-11-21 13:33 . 2009-11-21 13:33 -------- d-----w- c:\program files\Citrix 2009-11-17 09:20 . 2009-11-17 09:20 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-17 09:03 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-11-17 09:03 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-11-17 09:03 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-11-17 09:01 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-11-17 09:01 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-11-17 09:01 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-11-17 09:01 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-11-17 09:01 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-11-17 09:01 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-11-17 09:01 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-11-17 09:01 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-11-17 09:01 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-11-17 09:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-11-17 09:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-11-17 09:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-11-11 07:20 . 2009-11-11 07:19 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-11 00:42 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 00:42 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-08 05:26 . 2009-11-08 05:26 -------- d-----w- c:\program files\iPod 2009-11-08 05:26 . 2009-11-08 05:28 4096 d-----w- c:\program files\iTunes 2009-11-08 05:16 . 2009-11-08 05:16 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-30 15:49 . 2009-01-03 09:03 28124 ----a-w- c:\programdata\nvModes.dat 2009-11-30 15:43 . 2008-04-12 10:01 2140 ----a-w- c:\windows\bthservsdp.dat 2009-11-30 05:46 . 2008-05-24 00:50 4096 d-----w- c:\users\Assignor\AppData\Roaming\Hewlett-Packard 2009-11-30 05:39 . 2008-03-10 17:41 4096 d-----w- c:\program files\Hewlett-Packard 2009-11-30 05:34 . 2008-04-12 10:10 -------- d-----w- c:\program files\Atheros 2009-11-30 05:32 . 2008-03-10 17:45 12288 d--h--w- c:\program files\InstallShield Installation Information 2009-11-30 05:32 . 2008-04-12 10:10 -------- d-----w- c:\programdata\Atheros 2009-11-30 04:44 . 2008-03-10 18:54 4096 d-----w- c:\programdata\Hewlett-Packard 2009-11-30 03:05 . 2008-11-08 20:27 4096 d-----w- c:\programdata\Lavasoft 2009-11-28 05:43 . 2009-02-20 02:00 7620 ----a-w- c:\users\Assignor\AppData\Local\d3d9caps.dat 2009-11-27 19:04 . 2008-05-24 02:06 4096 d-----w- c:\program files\McAfee 2009-11-27 02:00 . 2008-11-08 15:37 4096 d-----w- c:\program files\Common Files\Real 2009-11-23 17:29 . 2008-03-10 19:03 4096 d-----w- c:\program files\Java 2009-11-17 09:20 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-17 09:19 . 2009-11-17 09:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-12 15:37 . 2008-10-28 22:18 4096 d-----w- c:\users\Assignor\AppData\Roaming\Move Networks 2009-11-12 15:37 . 2009-08-06 20:16 143976 ----a-w- c:\users\Assignor\AppData\Roaming\Move Networks\uninstall.exe 2009-11-12 15:37 . 2009-10-15 00:50 5642688 ----a-w- c:\users\Assignor\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll 2009-11-12 00:04 . 2008-04-12 10:23 12288 d-----w- c:\programdata\WildTangent 2009-11-12 00:03 . 2008-05-30 22:13 942480 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en-us\Installers\SetupGamesClient.exe 2009-11-11 09:28 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-11-08 05:26 . 2008-05-24 17:08 -------- d-----w- c:\program files\Common Files\Apple 2009-10-27 18:17 . 2008-06-12 04:02 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-27 13:20 . 2009-10-27 13:20 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2009-10-11 10:17 . 2008-12-05 03:48 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-01 01:02 . 2009-11-17 09:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02 . 2009-11-17 09:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01 . 2009-11-17 09:02 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-09-30 18:11 . 2008-06-28 05:39 288096 ----a-r- c:\users\Assignor\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\detect.dll 2009-09-25 02:10 . 2009-11-17 09:02 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07 . 2009-11-17 09:02 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04 . 2009-11-17 09:02 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49 . 2009-11-17 09:02 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48 . 2009-11-17 09:02 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38 . 2009-11-17 09:02 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36 . 2009-11-17 09:02 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35 . 2009-11-17 09:02 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33 . 2009-11-17 09:02 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33 . 2009-11-17 09:02 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33 . 2009-11-17 09:02 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32 . 2009-11-17 09:02 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31 . 2009-11-17 09:02 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31 . 2009-11-17 09:02 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31 . 2009-11-17 09:02 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31 . 2009-11-17 09:02 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31 . 2009-11-17 09:02 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31 . 2009-11-17 09:02 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30 . 2009-11-17 09:02 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30 . 2009-11-17 09:02 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27 . 2009-11-17 09:02 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-09-25 01:27 . 2009-11-17 09:02 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27 . 2009-11-17 09:02 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27 . 2009-11-17 09:02 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54 . 2009-11-17 09:02 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54 . 2009-11-17 09:02 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54 . 2009-11-17 09:02 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-23 15:00 . 2009-08-03 21:48 4187512 ----a-w- c:\users\Assignor\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll 2009-09-23 12:55 . 2009-11-23 03:10 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-09-16 15:22 . 2008-05-24 02:06 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-09-16 15:22 . 2008-05-24 02:06 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-09-16 15:22 . 2008-05-24 02:06 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-09-16 15:22 . 2008-05-24 02:06 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 15:22 . 2008-05-24 02:06 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-09-14 09:29 . 2009-10-14 21:42 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-09-10 16:48 . 2009-11-30 04:42 93552 ----a-w- c:\windows\Help\OEM\scripts\RegRestore.exe 2009-09-10 16:48 . 2009-11-30 04:42 12288 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager1_5.dll 2009-09-10 16:48 . 2009-11-30 04:42 9728 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager.DLL 2009-09-10 16:48 . 2009-10-14 21:44 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 14:59 . 2009-10-29 00:51 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-09-10 14:58 . 2009-10-29 00:51 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-09-04 11:41 . 2009-10-14 21:42 60928 ----a-w- c:\windows\system32\msasn1.dll . ((((((((((((((((((((((((((((( [email protected]_23.50.16 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-30 05:02 . 2009-11-30 05:02 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc80KOR.dll + 2009-11-30 05:02 . 2009-11-30 05:02 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc80JPN.dll + 2009-11-30 05:02 . 2009-11-30 05:02 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc80ITA.dll + 2009-11-30 05:02 . 2009-11-30 05:02 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc80FRA.dll + 2009-11-30 05:02 . 2009-11-30 05:02 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc80ESP.dll + 2009-11-30 05:02 . 2009-11-30 05:02 57344 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc80ENU.dll + 2009-11-30 05:02 . 2009-11-30 05:02 65536 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc80DEU.dll + 2009-11-30 05:02 . 2009-11-30 05:02 45056 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc80CHT.dll + 2009-11-30 05:02 . 2009-11-30 05:02 40960 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6\mfc80CHS.dll + 2009-11-30 05:02 . 2009-11-30 05:02 95744 c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1\ATL80.dll + 2008-01-21 01:58 . 2009-11-30 15:51 66476 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-11-30 15:51 84488 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-04-12 10:12 . 2007-09-18 13:12 16168 c:\windows\System32\DriverStore\FileRepository\btwrchid.inf_7ce66a88\btwrchid.sys + 2009-11-30 05:05 . 2007-12-12 19:12 16168 c:\windows\System32\DriverStore\FileRepository\btwrchid.inf_7ce66a88\btwrchid.sys + 2009-11-30 05:05 . 2007-12-12 19:12 80936 c:\windows\System32\DriverStore\FileRepository\btwrchid.inf_7ce66a88\btwavdt.sys - 2008-04-12 10:12 . 2007-09-18 13:12 80936 c:\windows\System32\DriverStore\FileRepository\btwrchid.inf_7ce66a88\btwavdt.sys - 2008-04-12 10:12 . 2007-09-18 13:12 80936 c:\windows\System32\DriverStore\FileRepository\btwavdt.inf_1ce5bdc0\btwavdt.sys + 2009-11-30 05:05 . 2007-12-12 19:12 80936 c:\windows\System32\DriverStore\FileRepository\btwavdt.inf_1ce5bdc0\btwavdt.sys + 2009-11-30 05:05 . 2007-12-12 19:12 80936 c:\windows\System32\DriverStore\FileRepository\btwaudio.inf_07351a5a\btwavdt.sys - 2008-04-12 10:12 . 2007-09-18 13:12 80936 c:\windows\System32\DriverStore\FileRepository\btwaudio.inf_07351a5a\btwavdt.sys - 2008-04-12 10:12 . 2007-09-18 13:12 80424 c:\windows\System32\DriverStore\FileRepository\btwaudio.inf_07351a5a\btwaudio.sys + 2009-11-30 05:05 . 2007-12-12 19:12 80424 c:\windows\System32\DriverStore\FileRepository\btwaudio.inf_07351a5a\btwaudio.sys - 2008-05-24 00:43 . 2009-11-29 22:56 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-05-24 00:43 . 2009-11-30 15:48 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-05-24 00:42 . 2009-11-30 15:48 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-05-24 00:42 . 2009-11-29 22:56 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-05-24 00:43 . 2009-11-30 15:48 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-05-24 00:43 . 2009-11-29 22:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2007-12-04 19:44 . 2007-12-04 19:44 21504 c:\windows\System32\BtXpShell.dll - 2007-09-05 19:40 . 2007-09-05 19:40 21504 c:\windows\System32\BtXpShell.dll + 2007-12-04 20:13 . 2007-12-04 20:13 12800 c:\windows\System32\BtwRadioCoInst.dll - 2007-09-05 20:09 . 2007-09-05 20:09 12800 c:\windows\System32\BtwRadioCoInst.dll - 2007-09-05 19:33 . 2007-09-05 19:33 61440 c:\windows\System32\btdev.dll + 2007-12-04 19:37 . 2007-12-04 19:37 61440 c:\windows\System32\btdev.dll - 2009-06-14 20:01 . 2009-11-28 07:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-06-14 20:01 . 2009-11-30 05:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-06-14 20:01 . 2009-11-28 07:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-06-14 20:01 . 2009-11-30 05:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-06-14 20:01 . 2009-11-30 05:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-06-14 20:01 . 2009-11-28 07:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-02 23:26 . 2009-11-29 22:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-02 23:26 . 2009-11-30 15:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-11-30 04:05 . 2009-11-30 05:22 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat + 2009-11-30 04:05 . 2009-11-30 05:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat + 2009-11-30 04:05 . 2009-11-30 05:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat + 2008-06-02 23:26 . 2009-11-30 15:45 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-06-02 23:26 . 2009-11-29 22:52 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-06-02 23:26 . 2009-11-30 15:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-02 23:26 . 2009-11-29 22:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-04-12 10:12 . 2008-04-12 10:12 33982 c:\windows\Installer\{03D1988F-469F-4843-8E6E-E5FE9D17889D}\ARPPRODUCTICON.exe + 2008-04-12 10:12 . 2009-11-30 05:04 33982 c:\windows\Installer\{03D1988F-469F-4843-8E6E-E5FE9D17889D}\ARPPRODUCTICON.exe + 2005-12-02 20:18 . 2005-12-02 20:18 29184 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\ResetFileTime.exe + 2009-10-14 19:24 . 2009-10-14 19:24 99976 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\HPDownload.exe + 2008-11-12 05:15 . 2008-11-12 05:15 16296 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\hpdom.wsf + 2006-11-02 10:25 . 2009-11-30 05:34 86016 c:\windows\inf\infstor.dat - 2006-11-02 10:25 . 2009-11-17 09:20 86016 c:\windows\inf\infstor.dat + 2006-11-02 10:25 . 2009-11-30 05:34 51200 c:\windows\inf\infpub.dat - 2006-11-02 10:25 . 2009-11-17 09:20 51200 c:\windows\inf\infpub.dat - 2006-10-17 23:05 . 2006-10-17 23:05 24576 c:\windows\Help\OEM\scripts\launchAP.exe + 2006-10-18 00:05 . 2006-10-18 00:05 24576 c:\windows\Help\OEM\scripts\launchAP.exe + 2009-11-30 04:53 . 2009-03-06 23:12 21256 c:\windows\Help\OEM\scripts\HPScript.exe + 2008-09-30 21:05 . 2008-09-30 21:05 11264 c:\windows\Help\OEM\scripts\HelpDTICO.dll + 2009-11-30 04:42 . 2008-08-21 22:16 11520 c:\windows\Help\OEM\scripts\HCNetworkTest.exe + 2009-11-30 04:42 . 2009-03-31 20:35 17160 c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe + 2009-11-30 04:42 . 2009-08-12 01:51 17160 c:\windows\Help\OEM\scripts\HC_RegistrationRecovery.exe + 2009-11-30 04:42 . 2009-03-05 18:29 16648 c:\windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe + 2009-11-30 04:42 . 2009-01-31 00:24 14600 c:\windows\Help\OEM\scripts\HC_InstallHPHC.exe + 2009-11-30 04:42 . 2009-03-30 22:30 17160 c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe + 2009-11-30 04:42 . 2008-10-06 17:51 20224 c:\windows\Help\OEM\scripts\HC_checkMUI.dll + 2009-11-30 04:42 . 2009-06-30 17:44 18184 c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe + 2009-11-30 04:42 . 2009-06-26 23:36 18184 c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe + 2009-11-30 04:42 . 2009-06-30 20:36 18696 c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe + 2009-11-30 04:42 . 2009-06-30 20:10 18696 c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe + 2009-11-30 04:42 . 2009-06-30 20:03 18696 c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe + 2008-09-04 21:49 . 2008-09-04 21:49 14848 c:\windows\Help\OEM\scripts\checkMui.dll - 2008-10-10 04:32 . 2008-10-10 04:32 98304 c:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll + 2009-11-30 04:50 . 2009-11-30 04:50 98304 c:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll + 2008-05-24 01:16 . 2009-11-30 15:51 8604 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-947481849-1117208691-1868129963-1000_UserData.bin - 2009-11-29 22:52 . 2009-11-29 22:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-11-30 15:45 . 2009-11-30 15:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-11-30 15:45 . 2009-11-30 15:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-11-29 22:52 . 2009-11-29 22:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-09-29 20:28 . 2006-09-29 20:28 4096 c:\windows\Help\OEM\scripts\Interop.HelpPane.dll - 2006-09-29 19:28 . 2006-09-29 19:28 4096 c:\windows\Help\OEM\scripts\Interop.HelpPane.dll + 2008-10-24 17:55 . 2008-10-24 17:55 7168 c:\windows\Help\OEM\scripts\HPHS_Launcher.exe + 2007-12-04 19:31 . 2007-12-04 19:31 602112 c:\windows\System32\wbtapi.dll - 2007-09-05 19:26 . 2007-09-05 19:26 602112 c:\windows\System32\wbtapi.dll + 2006-11-02 10:33 . 2009-11-30 15:51 598588 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-11-29 22:59 598588 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-11-29 22:59 102194 c:\windows\System32\perfc009.dat + 2006-11-02 10:33 . 2009-11-30 15:51 102194 c:\windows\System32\perfc009.dat + 2009-08-03 21:07 . 2009-08-03 21:07 230768 c:\windows\System32\OGAEXEC.exe + 2009-08-03 21:07 . 2009-08-03 21:07 403816 c:\windows\System32\OGACheckControl.dll + 2009-08-03 21:07 . 2009-08-03 21:07 322928 c:\windows\System32\OGAAddin.dll + 2009-11-30 05:33 . 2008-04-27 17:07 909824 c:\windows\System32\DriverStore\FileRepository\netathr.inf_0cb94f7a\athr.sys - 2007-09-05 19:40 . 2007-09-05 19:40 249856 c:\windows\System32\BTXPPanel.dll + 2007-12-04 19:44 . 2007-12-04 19:44 249856 c:\windows\System32\BTXPPanel.dll + 2007-12-04 20:12 . 2007-12-04 20:12 569344 c:\windows\System32\btwprofpack.dll - 2007-09-05 19:43 . 2007-09-05 19:43 180224 c:\windows\System32\btwpimif.dll + 2007-12-04 19:47 . 2007-12-04 19:47 180224 c:\windows\System32\btwpimif.dll + 2007-12-04 20:12 . 2007-12-04 20:12 368640 c:\windows\System32\BtwNeLib.dll + 2007-12-04 20:12 . 2007-12-04 20:12 647168 c:\windows\System32\BtwNamespaceExt.dll - 2007-09-05 20:08 . 2007-09-05 20:08 647168 c:\windows\System32\BtwNamespaceExt.dll - 2007-09-05 19:52 . 2007-09-05 19:52 389120 c:\windows\System32\btwhidcs.dll + 2007-12-04 19:55 . 2007-12-04 19:55 389120 c:\windows\System32\btwhidcs.dll + 2007-12-04 19:33 . 2007-12-04 19:33 659456 c:\windows\System32\BtWdSdk.dll + 2007-12-04 20:10 . 2007-12-04 20:10 339968 c:\windows\System32\BtwApplExt.dll + 2007-12-04 19:32 . 2007-12-04 19:32 602112 c:\windows\System32\btwapi.dll - 2007-09-05 19:27 . 2007-09-05 19:27 602112 c:\windows\System32\btwapi.dll - 2007-09-05 19:46 . 2007-09-05 19:46 229376 c:\windows\System32\btsendto_wab.dll + 2007-12-04 19:50 . 2007-12-04 19:50 229376 c:\windows\System32\btsendto_wab.dll - 2007-09-05 19:47 . 2007-09-05 19:47 352256 c:\windows\System32\btsendto_office.dll + 2007-12-04 19:51 . 2007-12-04 19:51 352256 c:\windows\System32\btsendto_office.dll + 2007-12-04 19:49 . 2007-12-04 19:49 172032 c:\windows\System32\btsendto_notes.dll + 2007-12-04 19:51 . 2007-12-04 19:51 188416 c:\windows\System32\btsendto_ie.dll + 2007-12-04 19:46 . 2007-12-04 19:46 405504 c:\windows\System32\btsendto.dll + 2007-12-04 19:53 . 2007-12-04 19:53 675840 c:\windows\System32\btsec.dll + 2007-12-04 19:49 . 2007-12-04 19:49 548864 c:\windows\System32\btosif_wincal.dll - 2007-09-05 19:44 . 2007-09-05 19:44 270336 c:\windows\System32\btosif_olx.dll + 2007-12-04 19:48 . 2007-12-04 19:48 270336 c:\windows\System32\btosif_olx.dll + 2007-12-04 19:48 . 2007-12-04 19:48 442368 c:\windows\System32\btosif_ol.dll - 2007-09-05 19:44 . 2007-09-05 19:44 442368 c:\windows\System32\btosif_ol.dll - 2007-09-05 19:44 . 2007-09-05 19:44 335872 c:\windows\System32\btosif_notes.dll + 2007-12-04 19:48 . 2007-12-04 19:48 335872 c:\windows\System32\btosif_notes.dll + 2007-12-04 19:45 . 2007-12-04 19:45 233472 c:\windows\System32\btosif.dll - 2007-09-05 19:41 . 2007-09-05 19:41 233472 c:\windows\System32\btosif.dll + 2007-12-04 19:36 . 2007-12-04 19:36 184320 c:\windows\System32\BTNCopy.dll - 2007-09-05 19:31 . 2007-09-05 19:31 184320 c:\windows\System32\BTNCopy.dll + 2007-12-04 20:13 . 2007-12-04 20:13 208896 c:\windows\System32\BtMmHook.dll - 2007-09-05 20:09 . 2007-09-05 20:09 208896 c:\windows\System32\BtMmHook.dll - 2007-09-05 19:49 . 2007-09-05 19:49 516096 c:\windows\System32\btcss.dll + 2007-12-04 19:53 . 2007-12-04 19:53 516096 c:\windows\System32\btcss.dll - 2007-09-05 19:42 . 2007-09-05 19:42 794624 c:\windows\System32\BTChooser.dll + 2007-12-04 19:46 . 2007-12-04 19:46 794624 c:\windows\System32\BTChooser.dll + 2007-12-04 19:34 . 2007-12-04 19:34 471040 c:\windows\System32\btbip.dll - 2007-09-05 19:29 . 2007-09-05 19:29 471040 c:\windows\System32\btbip.dll + 2007-12-04 19:44 . 2007-12-04 19:44 180224 c:\windows\System32\BtAudioHelper.dll - 2007-09-05 19:40 . 2007-09-05 19:40 180224 c:\windows\System32\BtAudioHelper.dll - 2007-09-05 19:33 . 2007-09-05 19:33 233472 c:\windows\System32\bt2k_ins.dll + 2007-12-04 19:38 . 2007-12-04 19:38 233472 c:\windows\System32\bt2k_ins.dll + 2009-11-30 05:54 . 2009-11-30 05:54 119296 c:\windows\Installer\d5c70.msi + 2009-11-30 05:53 . 2009-11-30 05:53 553984 c:\windows\Installer\d5c50.msi + 2009-11-30 05:33 . 2009-11-30 05:33 369664 c:\windows\Installer\d5b5d.msi + 2009-11-30 05:33 . 2009-11-30 05:33 370176 c:\windows\Installer\d5b56.msi + 2009-11-30 05:33 . 2009-11-30 05:33 371200 c:\windows\Installer\d5b4f.msi + 2009-11-30 04:52 . 2009-11-30 04:52 323072 c:\windows\Installer\29802a.msi + 2009-11-30 04:52 . 2009-11-30 04:52 188416 c:\windows\Installer\298008.msi + 2009-11-30 04:50 . 2009-11-30 04:50 753152 c:\windows\Installer\297fdc.msi + 2009-11-30 04:50 . 2009-11-30 04:50 217088 c:\windows\Installer\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\ARPPRODUCTICON.exe + 2009-11-30 05:39 . 2009-11-30 05:39 327680 c:\windows\Installer\{0054A0F6-00C9-4498-B821-B5C9578F433E}\NewShortcut1_25FA95A8A87846FD8452981B34D3557D.exe + 2009-11-30 05:39 . 2009-11-30 05:39 217088 c:\windows\Installer\{0054A0F6-00C9-4498-B821-B5C9578F433E}\ARPPRODUCTICON.exe - 2006-11-02 10:25 . 2009-11-17 09:20 143360 c:\windows\inf\infstrng.dat + 2006-11-02 10:25 . 2009-11-30 05:34 143360 c:\windows\inf\infstrng.dat + 2007-12-04 20:13 . 2007-12-04 20:13 285224 c:\windows\BtwIEProxy.exe - 2007-09-05 20:09 . 2007-09-05 20:09 285224 c:\windows\BtwIEProxy.exe - 2006-11-02 10:22 . 2009-11-26 09:18 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat + 2006-11-02 10:22 . 2009-11-30 05:17 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat + 2001-11-14 18:56 . 2001-11-14 18:56 1802240 c:\windows\System32\lcppn21.dll - 2001-11-14 20:56 . 2001-11-14 20:56 1802240 c:\windows\System32\lcppn21.dll + 2007-12-04 19:54 . 2007-12-04 19:54 1208320 c:\windows\System32\BtWizard.dll - 2007-09-05 19:23 . 2007-09-05 19:23 5271552 c:\windows\System32\btrez.dll + 2007-12-04 19:29 . 2007-12-04 19:29 5271552 c:\windows\System32\btrez.dll + 2007-12-04 19:56 . 2007-12-04 19:56 1052672 c:\windows\System32\btins.dll - 2007-09-05 19:52 . 2007-09-05 19:52 1052672 c:\windows\System32\btins.dll + 2009-11-30 05:54 . 2009-11-30 05:54 2317312 c:\windows\Installer\d5c69.msi + 2009-11-30 05:39 . 2009-11-30 05:39 1167872 c:\windows\Installer\d5c43.msi + 2009-11-30 05:04 . 2009-11-30 05:04 3485696 c:\windows\Installer\29812d.msi + 2009-05-30 08:01 . 2009-11-30 05:02 200771125 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Converter 4\RegistryController.exe" [2006-12-19 46632] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-27 198160] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "LabelMaker2.0"="c:\program files\Common Files\MySoftware\regdll.dll" [2006-08-03 94208] c:\users\Assignor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-4 727592] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Brother SmartUI PopUp.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Brother SmartUI PopUp.lnk backup=c:\windows\pss\Brother SmartUI PopUp.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:D4,f9,41,4e,7c,39,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-947481849-1117208691-1868129963-1000] "EnableNotificationsRef"=dword:00000001 R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [11/22/09 9:10 PM 64288] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/24/09 5:17 AM 1184912] R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [08/28/08 9:19 PM 93320] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [11/21/09 8:08 AM 1153368] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [01/20/08 8:23 PM 21504] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [06/13/09 6:10 PM 55280] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [02/06/09 5:08 PM 533360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-11-30 c:\windows\Tasks\HPCeeScheduleForAssignor.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-03-10 18:58] 2009-10-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22] 2009-11-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: domain.com\cp Trusted Zone: internet Trusted Zone: mcafee.com DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/crazytalk4.cab DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} - hxxp://www.reallusion.com/plug-in/rltts.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2009-11-30 10:18 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}00\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}01\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}02\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}03\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(2960) c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\windows\system32\btmmhook.dll . Completion time: 2009-11-30 10:23 ComboFix-quarantined-files.txt 2009-11-30 16:23 ComboFix2.txt 2009-11-30 00:00 Pre-Run: 18,212,286,464 bytes free Post-Run: 18,110,935,040 bytes free - - End Of File - - 0222D7F476D0848DB144FD6B10F5F143 Kaspersky------------------------------------------------------------------------ -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, November 30, 2009 Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, November 30, 2009 16:06:07 Records in database: 3313301 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 385293 Threats found: 12 Infected objects found: 13 Suspicious objects found: 4 Scan duration: 06:21:01 File name / Threat / Threats count C:\Qoobox\Quarantine\C\Windows\System32\drivers\atapi.sys.vir Infected: Rootkit.Win32.TDSS.y 1 C:\Users\Assignor\AppData\Local\Microsoft\Outlook\Outlook-E.pst Suspicious: Exploit.HTML.Iframe.FileDownload 4 C:\Users\Assignor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\59af077c-1af6a43e Infected: Trojan-Downloader.Java.OpenConnection.at 1 C:\Users\Assignor\Documents\Backup\Outlook backup.pst Infected: Worm.Win32.Socks.agw 1 C:\Users\Assignor\Documents\Backup\Outlook backup.pst Infected: Trojan-Spy.Win32.Zbot.dlh 1 C:\Users\Assignor\Documents\Backup\Outlook backup.pst Infected: Trojan-Spy.Win32.Zbot.dri 2 C:\Users\Assignor\Documents\Backup\Outlook backup.pst Infected: Trojan-Spy.Win32.Zbot.dvy 1 C:\Users\Assignor\Documents\Backup\Outlook backup.pst Infected: Worm.Win32.AutoRun.ndc 1 C:\Users\Assignor\Documents\Backup\Outlook backup.pst Infected: Worm.Win32.AutoRun.prf 2 C:\Users\Assignor\Documents\Backup\Outlook backup.pst Infected: Worm.Win32.AutoRun.qpr 1 C:\Users\Assignor\Documents\Monique\Monies from Andre\orangeflowercur.exe Infected: not-a-virus:AdWare.Win32.EZula.j 1 C:\Users\Assignor\Documents\Monique\Monies from Andre\orangeflowercur.exe Infected: not-a-virus:AdWare.Win32.IGetNet.a 1 Selected area has been scanned. DDS----------------------------------------------------------------------------------------------------------------------- DDS (Ver_09-11-29.01) - NTFSx86 Run by Assignor at 19:24:50.50 on 11/30/09 Internet Explorer: 8.0.6001.18828 Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1599 [GMT -6:00] SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxbfcoms.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\System32\tcpsvcs.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Windows Media Player\wmpnetwk.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\Dwm.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Windows\system32\taskeng.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\Explorer.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\DllHost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe C:\Program Files\Java\jre6\bin\java.exe C:\Users\Assignor\AppData\Local\temp\jkos-Assignor\binaries\ScanningProcess.exe C:\Users\Assignor\AppData\Local\temp\jkos-Assignor\binaries\ScanningProcess.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Assignor\Desktop\Cleaning 11-29-09\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729)" -"http://www.shockwave.com/contentPlay/shockwave.jsp?id=carriethecaregiver2&refCode=&brand=ag" mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PDF4 Registry Controller] "c:\program files\scansoft\pdf converter 4\RegistryController.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp dRunOnce: [LabelMaker2.0] regsvr32 c:\program files\common files\mysoftware\regdll.dll /s StartupFolder: c:\users\assignor\appdata\roaming\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\scansoft\pdf converter 4\cnvres_eng.dll /100 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: domain.com\cp Trusted Zone: internet Trusted Zone: mcafee.com DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/crazytalk4.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} - hxxp://www.reallusion.com/plug-in/rltts.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-22 64288] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-5-23 214664] R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-28 93320] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-5-23 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-5-23 144704] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-21 1153368] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-5-23 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-5-23 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-5-23 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-5-23 40552] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-6-13 55280] S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-5-23 34248] =============== Created Last 30 ================ 2009-11-30 16:44:28 0 d-----w- c:\programdata\NOS 2009-11-30 15:54:29 260608 ----a-w- c:\windows\PEV.exe 2009-11-30 06:00:27 0 d-----w- c:\programdata\Office Genuine Advantage 2009-11-30 06:00:21 0 d-----w- c:\users\assignor\Office Genuine Advantage 2009-11-30 05:33:45 909824 ----a-w- c:\windows\system32\drivers\athr.sys 2009-11-30 05:33:45 0 d-----w- c:\windows\system32\nn-NO 2009-11-30 05:33:44 53248 ----a-w- c:\windows\system32\athihvui.dll 2009-11-30 05:33:44 393216 ----a-w- c:\windows\system32\athihvs.dll 2009-11-30 05:33:44 376832 ----a-w- c:\windows\system32\S64CPA.exe 2009-11-30 05:32:47 0 d-----w- c:\program files\Cisco 2009-11-30 05:05:11 80936 ----a-w- c:\windows\system32\drivers\btwavdt.sys 2009-11-30 05:05:10 80424 ----a-w- c:\windows\system32\drivers\btwaudio.sys 2009-11-30 05:05:10 16168 ----a-w- c:\windows\system32\drivers\btwrchid.sys 2009-11-30 05:05:01 233472 ----a-w- c:\windows\system32\BtwRSupport.dll 2009-11-30 05:04:33 0 d-----w- c:\windows\system32\es-MX 2009-11-30 05:04:33 0 d-----w- c:\windows\system32\es-AR 2009-11-29 22:45:51 98816 ----a-w- c:\windows\sed.exe 2009-11-29 22:45:51 77312 ----a-w- c:\windows\MBR.exe 2009-11-29 22:45:51 161792 ----a-w- c:\windows\SWREG.exe 2009-11-27 02:31:48 0 d-----w- c:\program files\Trend Micro 2009-11-27 02:00:03 0 d-----w- c:\program files\common files\xing shared 2009-11-26 09:01:43 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 13:50:58 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-25 13:50:58 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-25 13:50:53 714240 ----a-w- c:\windows\system32\timedate.cpl 2009-11-23 07:33:12 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-11-23 03:10:27 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-11-23 03:06:05 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-23 03:05:48 0 d-----w- c:\program files\Lavasoft 2009-11-22 20:11:37 0 d-----w- c:\programdata\Real 2009-11-21 14:08:45 0 d-----w- c:\programdata\Spybot - Search & Destroy 2009-11-21 14:08:45 0 d-----w- c:\program files\Spybot - Search & Destroy 2009-11-21 13:38:50 0 d-----w- c:\programdata\Citrix 2009-11-21 13:33:49 0 d-----w- c:\program files\Citrix 2009-11-17 09:20:29 0 d-----w- c:\program files\Windows Portable Devices 2009-11-17 09:19:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-17 09:03:31 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-11-17 09:03:28 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-11-17 09:03:28 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-11-17 09:01:54 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-11-17 09:00:22 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-11-17 09:00:21 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-11-17 09:00:21 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-11-11 07:20:00 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-11 00:42:48 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 00:42:25 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-08 05:26:38 0 d-----w- c:\program files\iPod 2009-11-08 05:26:34 0 d-----w- c:\program files\iTunes 2009-11-04 09:22:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb ==================== Find3M ==================== 2009-11-30 16:56:18 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-30 15:49:57 28124 ----a-w- c:\programdata\nvModes.dat 2009-11-30 15:43:36 2140 ----a-w- c:\windows\bthservsdp.dat 2009-11-30 05:34:11 51200 ----a-w- c:\windows\inf\infpub.dat 2009-11-30 05:34:10 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-11-30 05:34:07 86016 ----a-w- c:\windows\inf\infstor.dat 2009-11-17 09:20:17 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-19 22:30:06 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont 2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll 2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib409\perfd.dat 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib409\perfc.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib409\perfi.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfc.dat ============= FINISH: 19:25:35.60 ===============
  11. I appreciate your help! Here are the 3 items. Pasted below 1. ComboFix log 2. DDS log 3. And per the instructions I have zipped and attached the Attach File I have not re-enabled Ad-Aware, McAfee or Spybot and am keeping this computer off-line until I hear back. Looking forward to hearing back when you can. ComboFix Log---------------------------------------------------------------- ComboFix 09-11-29.02 - Assignor 11/29/09 16:57.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.2040 [GMT -6:00] Running from: c:\users\Assignor\Desktop\ComboFix.exe SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1032403844-1656704120-3049521593-500 c:\$recycle.bin\S-1-5-21-947481849-1117208691-1868129963-500 c:\users\Assignor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Publication1 (Read-Only).pdf c:\windows\system32\KBL.LOG Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected Restored copy from - Kitty ate it . ((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 ))))))))))))))))))))))))))))))) . 2009-11-29 23:26 . 2009-11-29 23:45 4096 d-----w- c:\users\Assignor\AppData\Local\temp 2009-11-29 23:26 . 2009-11-29 23:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-27 02:31 . 2009-11-27 02:31 -------- d-----w- c:\program files\Trend Micro 2009-11-27 02:00 . 2009-11-27 02:00 -------- d-----w- c:\users\Assignor\AppData\Local\Real 2009-11-27 02:00 . 2009-11-27 02:00 -------- d-----w- c:\program files\Common Files\xing shared 2009-11-27 01:59 . 2009-11-27 01:59 -------- d-----w- c:\program files\real 2009-11-26 09:01 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 13:50 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-25 13:50 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-23 07:33 . 2009-11-23 03:10 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-11-23 04:12 . 2009-11-23 04:12 79368 ----a-w- c:\users\Assignor\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe 2009-11-23 03:21 . 2009-11-23 03:21 2289688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ToolBox\LT\HostFileEditor.exe 2009-11-23 03:21 . 2009-11-23 03:21 77616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\i386\sbapifsl.sys 2009-11-23 03:21 . 2009-11-23 03:21 69936 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\i386\sbapifs.sys 2009-11-23 03:21 . 2009-11-23 03:21 13360 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\i386\sbaphd.sys 2009-11-23 03:21 . 2009-11-23 03:21 2057424 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ToolBox\LT\ProcessWatch.exe 2009-11-23 03:21 . 2009-11-23 03:21 112216 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ToolBox\AutoStart Manager\SO.dll 2009-11-23 03:21 . 2009-11-23 03:21 524200 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ToolBox\AutoStart Manager\AutoStart Manager.exe 2009-11-23 03:09 . 2009-11-23 03:09 5908024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll 2009-11-23 03:09 . 2009-11-23 03:09 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-11-23 03:09 . 2009-11-23 03:09 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-11-23 03:09 . 2009-11-23 03:09 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-11-23 03:09 . 2009-11-23 03:09 641632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2009-11-23 03:08 . 2009-11-23 03:08 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-11-23 03:08 . 2009-11-23 03:08 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-11-23 03:08 . 2009-11-23 03:08 1638640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-11-23 03:08 . 2009-11-23 03:08 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-11-23 03:08 . 2009-11-23 03:08 1184912 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-11-23 03:06 . 2009-11-23 03:06 4096 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-23 03:06 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe 2009-11-23 03:05 . 2009-11-23 03:05 -------- d-----w- c:\program files\Lavasoft 2009-11-22 20:11 . 2009-11-22 20:11 439816 ----a-w- c:\users\Assignor\AppData\Roaming\Real\Update\setup3.09\setup.exe 2009-11-21 14:08 . 2009-11-22 00:23 8192 d-----w- c:\program files\Spybot - Search & Destroy 2009-11-21 14:08 . 2009-11-21 14:46 4096 d-----w- c:\programdata\Spybot - Search & Destroy 2009-11-21 13:38 . 2009-11-21 13:38 -------- d-----w- c:\programdata\Citrix 2009-11-21 13:33 . 2009-11-21 13:33 -------- d-----w- c:\program files\Citrix 2009-11-17 09:20 . 2009-11-17 09:20 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-17 09:03 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-11-17 09:03 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-11-17 09:03 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-11-17 09:01 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-11-17 09:01 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-11-17 09:01 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-11-17 09:01 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-11-17 09:01 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-11-17 09:01 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-11-17 09:01 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-11-17 09:01 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-11-17 09:01 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-11-17 09:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-11-17 09:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-11-17 09:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-11-11 07:20 . 2009-11-11 07:19 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-11 00:42 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 00:42 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-08 05:26 . 2009-11-08 05:26 -------- d-----w- c:\program files\iPod 2009-11-08 05:26 . 2009-11-08 05:28 4096 d-----w- c:\program files\iTunes 2009-11-08 05:16 . 2009-11-08 05:16 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-29 22:51 . 2008-04-12 10:01 2140 ----a-w- c:\windows\bthservsdp.dat 2009-11-29 01:31 . 2009-01-03 09:03 28124 ----a-w- c:\programdata\nvModes.dat 2009-11-28 18:00 . 2008-11-08 20:27 4096 d-----w- c:\programdata\Lavasoft 2009-11-28 05:43 . 2009-02-20 02:00 7620 ----a-w- c:\users\Assignor\AppData\Local\d3d9caps.dat 2009-11-27 19:04 . 2008-05-24 02:06 4096 d-----w- c:\program files\McAfee 2009-11-27 02:00 . 2008-11-08 15:37 4096 d-----w- c:\program files\Common Files\Real 2009-11-23 17:29 . 2008-03-10 19:03 4096 d-----w- c:\program files\Java 2009-11-17 09:20 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-17 09:19 . 2009-11-17 09:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-12 15:37 . 2008-10-28 22:18 4096 d-----w- c:\users\Assignor\AppData\Roaming\Move Networks 2009-11-12 15:37 . 2009-08-06 20:16 143976 ----a-w- c:\users\Assignor\AppData\Roaming\Move Networks\uninstall.exe 2009-11-12 15:37 . 2009-10-15 00:50 5642688 ----a-w- c:\users\Assignor\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll 2009-11-12 00:04 . 2008-04-12 10:23 12288 d-----w- c:\programdata\WildTangent 2009-11-12 00:03 . 2008-05-30 22:13 942480 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en-us\Installers\SetupGamesClient.exe 2009-11-11 09:28 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-11-08 05:26 . 2008-05-24 17:08 -------- d-----w- c:\program files\Common Files\Apple 2009-10-27 18:17 . 2008-06-12 04:02 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-27 13:20 . 2009-10-27 13:20 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2009-10-27 13:20 . 2008-03-10 18:54 4096 d-----w- c:\programdata\Hewlett-Packard 2009-10-11 10:17 . 2008-12-05 03:48 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-01 01:02 . 2009-11-17 09:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02 . 2009-11-17 09:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01 . 2009-11-17 09:02 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-09-30 18:11 . 2008-06-28 05:39 288096 ----a-r- c:\users\Assignor\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\detect.dll 2009-09-25 02:10 . 2009-11-17 09:02 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07 . 2009-11-17 09:02 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04 . 2009-11-17 09:02 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49 . 2009-11-17 09:02 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48 . 2009-11-17 09:02 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38 . 2009-11-17 09:02 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36 . 2009-11-17 09:02 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35 . 2009-11-17 09:02 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33 . 2009-11-17 09:02 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33 . 2009-11-17 09:02 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33 . 2009-11-17 09:02 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32 . 2009-11-17 09:02 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31 . 2009-11-17 09:02 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31 . 2009-11-17 09:02 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31 . 2009-11-17 09:02 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31 . 2009-11-17 09:02 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31 . 2009-11-17 09:02 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31 . 2009-11-17 09:02 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30 . 2009-11-17 09:02 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30 . 2009-11-17 09:02 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27 . 2009-11-17 09:02 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-09-25 01:27 . 2009-11-17 09:02 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27 . 2009-11-17 09:02 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27 . 2009-11-17 09:02 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54 . 2009-11-17 09:02 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54 . 2009-11-17 09:02 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54 . 2009-11-17 09:02 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-23 15:00 . 2009-08-03 21:48 4187512 ----a-w- c:\users\Assignor\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll 2009-09-23 12:55 . 2009-11-23 03:10 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-09-16 15:22 . 2008-05-24 02:06 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-09-16 15:22 . 2008-05-24 02:06 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-09-16 15:22 . 2008-05-24 02:06 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-09-16 15:22 . 2008-05-24 02:06 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 15:22 . 2008-05-24 02:06 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-09-14 09:29 . 2009-10-14 21:42 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-09-10 16:48 . 2009-10-14 21:44 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 14:59 . 2009-10-29 00:51 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-09-10 14:58 . 2009-10-29 00:51 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-09-04 11:41 . 2009-10-14 21:42 60928 ----a-w- c:\windows\system32\msasn1.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Converter 4\RegistryController.exe" [2006-12-19 46632] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-27 198160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "LabelMaker2.0"="c:\program files\Common Files\MySoftware\regdll.dll" [2006-08-03 94208] c:\users\Assignor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Brother SmartUI PopUp.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Brother SmartUI PopUp.lnk backup=c:\windows\pss\Brother SmartUI PopUp.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:D4,f9,41,4e,7c,39,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-947481849-1117208691-1868129963-1000] "EnableNotificationsRef"=dword:00000001 R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [11/22/09 9:10 PM 64288] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/24/09 5:17 AM 1184912] R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [08/28/08 9:19 PM 93320] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [11/21/09 8:08 AM 1153368] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [01/20/08 8:23 PM 21504] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [06/13/09 6:10 PM 55280] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [02/06/09 5:08 PM 533360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-11-29 c:\windows\Tasks\HPCeeScheduleForAssignor.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-03-10 18:58] 2009-10-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22] 2009-11-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: domain.com\cp Trusted Zone: internet Trusted Zone: mcafee.com DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/crazytalk4.cab DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} - hxxp://www.reallusion.com/plug-in/rltts.cab . - - - - ORPHANS REMOVED - - - - AddRemove-Ad-Aware - c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI AddRemove-Pdf995 - c:\program files\pdf995\setup.exe uninstall AddRemove-RealPlayer 12.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0 AddRemove-TaxCut Business 2007 - c:\program files\TaxCut Business 2007\Uninstal.exe AddRemove-WEFT - c:\program files\OpenType Tools\WEFT\Setup\isetup.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2009-11-29 17:45 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}00\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}01\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}02\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}03\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2009-11-29 18:00 ComboFix-quarantined-files.txt 2009-11-30 00:00 Pre-Run: 21,068,103,680 bytes free Post-Run: 21,129,121,792 bytes free - - End Of File - - 96D831B6182665D6705CD6EDC1609431 DDS.txt --------------------------------------------------------------------------- DDS (Ver_09-11-29.01) - NTFSx86 Run by Assignor at 18:47:04.43 on 11/29/09 Internet Explorer: 8.0.6001.18828 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1352 [GMT -6:00] SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxbfcoms.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\System32\tcpsvcs.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\notepad.exe C:\Windows\explorer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\mobsync.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Users\Assignor\Desktop\dds.scr C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729)" -"http://www.shockwave.com/contentPlay/shockwave.jsp?id=carriethecaregiver2&refCode=&brand=ag" mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PDF4 Registry Controller] "c:\program files\scansoft\pdf converter 4\RegistryController.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot dRunOnce: [LabelMaker2.0] regsvr32 c:\program files\common files\mysoftware\regdll.dll /s StartupFolder: c:\users\assignor\appdata\roaming\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\scansoft\pdf converter 4\cnvres_eng.dll /100 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: domain.com\cp Trusted Zone: internet Trusted Zone: mcafee.com DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/crazytalk4.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} - hxxp://www.reallusion.com/plug-in/rltts.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-22 64288] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-5-23 214664] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912] R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-28 93320] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-5-23 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-5-23 144704] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-21 1153368] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-5-23 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-5-23 35272] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-6-13 55280] S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-5-23 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-5-23 40552] S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-5-23 606736] =============== Created Last 30 ================ 2009-11-29 22:45:51 98816 ----a-w- c:\windows\sed.exe 2009-11-29 22:45:51 77312 ----a-w- c:\windows\MBR.exe 2009-11-29 22:45:51 260608 ----a-w- c:\windows\PEV.exe 2009-11-29 22:45:51 161792 ----a-w- c:\windows\SWREG.exe 2009-11-29 22:45:07 0 d-----w- C:\ComboFix 2009-11-27 02:31:48 0 d-----w- c:\program files\Trend Micro 2009-11-27 02:00:03 0 d-----w- c:\program files\common files\xing shared 2009-11-26 09:01:43 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 13:50:58 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-25 13:50:58 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-25 13:50:53 714240 ----a-w- c:\windows\system32\timedate.cpl 2009-11-23 07:33:12 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-11-23 03:10:27 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-11-23 03:06:05 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-23 03:05:48 0 d-----w- c:\program files\Lavasoft 2009-11-22 20:11:37 0 d-----w- c:\programdata\Real 2009-11-21 14:08:45 0 d-----w- c:\programdata\Spybot - Search & Destroy 2009-11-21 14:08:45 0 d-----w- c:\program files\Spybot - Search & Destroy 2009-11-21 13:38:50 0 d-----w- c:\programdata\Citrix 2009-11-21 13:33:49 0 d-----w- c:\program files\Citrix 2009-11-17 09:20:29 0 d-----w- c:\program files\Windows Portable Devices 2009-11-17 09:19:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-17 09:03:31 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-11-17 09:03:28 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-11-17 09:03:28 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-11-17 09:01:54 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-11-17 09:00:22 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-11-17 09:00:21 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-11-17 09:00:21 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-11-11 07:20:00 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-11 00:42:48 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 00:42:25 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-08 05:26:38 0 d-----w- c:\program files\iPod 2009-11-08 05:26:34 0 d-----w- c:\program files\iTunes 2009-11-04 09:22:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb ==================== Find3M ==================== 2009-11-29 22:51:44 2140 ----a-w- c:\windows\bthservsdp.dat 2009-11-29 01:31:48 28124 ----a-w- c:\programdata\nvModes.dat 2009-11-17 09:20:17 86016 ----a-w- c:\windows\inf\infstor.dat 2009-11-17 09:20:17 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-17 09:20:17 51200 ----a-w- c:\windows\inf\infpub.dat 2009-11-17 09:20:17 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-10-11 10:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-19 22:30:06 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont 2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll 2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib409\perfd.dat 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib409\perfc.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib409\perfi.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfc.dat ============= FINISH: 18:48:22.30 ===============
  12. Strangely I did not have to click scan - it Quick scanned rootkit on loading POSTED here however after posting this I am having it do the full rootkit scan if you need it: GMER 1.0.15.15252 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit quick scan 2009-11-29 09:46:01 Windows 6.0.6002 Service Pack 2 Running: z67hlynk.exe; Driver: C:\Users\Assignor\AppData\Local\Temp\awaiquow.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8EE9B79E] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8EE9B7DC] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8EE9B81F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8EE9B710] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8EE9B724] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8EE9B7B2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8EE9B847] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8EE9B833] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8EE9B776] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8EE9B80B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8EE9B7F2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8EE9B7C8] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8EE9B762] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) Device \Driver000262 -> \Driver\atapi \Device\Harddisk0\DR0 856C3170 ---- Files - GMER 1.0.15 ---- File C:\Windows\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ----
  13. Hello - I am referred here by Ad-Aware Support - I have 8.1.2 Pro [color="#006400"]I have previously done all the recommended procedures including on this forum:[/color] [b]Problem(s)[/b] 1. Search engine results (Google, Yahoo, Webcrawler, etc.) in browsers (IE & Safari - latest versions up to date) are hijacked with links sending to malware sites for SOME not all links posted (e.g. ebay and government sites go direct every time - while others seem to re-search the subject elsewhere.) 2. SOME link addresses typed or pasted in address bar have same result unless the same paste has "http://" added 3. Some services do not work or pop-up alert that they have stopped working and the information is being sent to Microsoft CEEment HP PC Health Check Scheduler Windows Mobile Sync (syncs my mobile phone with PC) And now - following forum instructions the same "stopped working" message pops up trying to use your SysRestorePoint utility So I have manually turned restore point back on and set a restore point (It has been off for all recent scans) And because I have Vista, instead of ERUNT backing up registry, I exported a copy using regedit. [b]Tried So Far - all in SAFE MODE[/b] 1. Have Used McAfee for 10 years - kept up to date. Also used McAfee's latest version of Stinger - which frankly in the past has been successful 2. Have Used Ad-Aware since it began 10 years ago and have had paid versions once you started charging. Currently have 8.1.2 Pro Results: 8.1.2 now blocks most - but not all redirects But it finds nothing on scans that leads me to believe the infection snuck-in under the previous Ad-Aware version 3. Tried Spybot - which also is unsuccessful 4. As a Microsoft partner I have some knowledge so I hand searched the registry trying to find a prepend for search links and did not find anything Attached: HiJackThis log done after all of the above - Except it will only run in Normal mode (as administrator) not in Safe Mode ALSO AVAILABLE to help Ad-Aware labs find what this is are multiple saved scan logs. thanks ----------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:04:23 AM, on 11/28/09 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Converter 4\RegistryController.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729)" -"http://www.shockwave.com/contentPlay/shockwave.jsp?id=carriethecaregiver2&refCode=&brand=ag" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [LabelMaker2.0] regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [LabelMaker2.0] regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s (User 'Default user') O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - [url="http://plug-in.reallusion.com/crazytalk4.cab"]http://plug-in.reallusion.com/crazytalk4.cab[/url] O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - [url="https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB"]https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB[/url] O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [url="http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab"]http://upload.facebook.com/controls/2009.0...oUploader55.cab[/url] O16 - DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} (TTS Engine Control) - [url="http://www.reallusion.com/plug-in/rltts.cab"]http://www.reallusion.com/plug-in/rltts.cab[/url] O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [url="https://secure.logmein.com/activex/ractrl.cab?lmi=100"]https://secure.logmein.com/activex/ractrl.cab?lmi=100[/url] O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxbf_device - - C:\Windows\system32\lxbfcoms.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 14364 bytes