Trojan horse Pakes.AW - any help appreciated

[ad603ms]

AVG Web Shield Alert

File name: 91.212.226.331/Deoxo9.exe

Threat name: Trojan horse Pakes.AW

Process name: C:\Windows\System32\svchost.exe

Process ID: 1244

Malwarebytes' Anti-Malware 1.44

Database version: 3728

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2/12/2010 5:00:40 PM

mbam-log-2010-02-12 (17-00-40).txt

Scan type: Quick Scan

Objects scanned: 123366

Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

----------------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86

Run by Michael at 18:28:35.62 on Fri 02/12/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.1830 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Windows\system32\lsm.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Fingerprint Reader Suite\upeksvr.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\DYMO\DYMO Label Software\DLSService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Lexmark 7600 Series\lxdwmon.exe

C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdwserv.exe

C:\Windows\system32\lxdwcoms.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Nuance\PDF Create 5\PdfCreate5Hook.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\ProgramData\U3\U3Launcher\LaunchU3.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\rpcnet.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Zune\ZuneNss.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Michael\Downloads\Defogger.exe

C:\Windows\system32\conhost.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k netsvcs

C:\Users\Michael\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll

BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll

TB: DataVault Bar: {0d792cb2-2654-4e99-a597-7fc317f04d61} - c:\program files\datavault\ie.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

mRun: [DLSService] "c:\program files\dymo\dymo label software\DLSService.exe"

mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"

mRun: [lxdwmon.exe] "c:\program files\lexmark 7600 series\lxdwmon.exe"

mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf create 5\RegistryController.exe

mRun: [PDFHook] c:\program files\nuance\pdf create 5\pdfcreate5hook.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Open with Nuance PDF Converter 6.0 - c:\program files\nuance\pdf converter 6\cnvres_eng.dll /100

IE: Save to DataVault - file://c:\program files\datavault\iemenuext.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: endicia.com\www

Trusted Zone: jamorama.com\www

Trusted Zone: motive.com\pattta.att

Trusted Zone: motive.com\patttbc.att

Trusted Zone: turbotax.com

DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll

Notify: psfus - c:\windows\system32\psqlpwd.dll

AppInit_DLLs: avgrsstx.dll

LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\

FF - prefs.js: browser.search.defaulturl - 4.6.6.2

FF - prefs.js: browser.search.selectedEngine - 4.6.6.2

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT649865&SearchSource=13

FF - prefs.js: keyword.URL - 4.6.6.2

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll

FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll

FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll

FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll

FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\FFExternalAlert.dll

FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\RadioWMPCore.dll

FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\progra~1\mozilla firefox\plugins\NPAskSBr.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\musicnotes\npmusicn.dll

FF - plugin: c:\program files\musicnotes\NPSibelius.dll

FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\michael\appdata\roaming\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\users\michael\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: browser.search.defaultenginename - 4.6.6.2

FF - user.js: browser.search.defaulturl - 4.6.6.2

FF - user.js: browser.search.selectedEngine - 4.6.6.2

FF - user.js: keyword.URL - 4.6.6.2

FF - user.js: keyword.enabled - true

FF - user.js: google.toolbar.linkdoctor.enabled - false

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-10-26 161800]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-11 64288]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-26 333192]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-26 28424]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-26 360584]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-26 285392]

R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]

R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [2008-5-16 98984]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2009-4-17 25824]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-11 1153368]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]

S2 gupdate1c9a4b67d3f4703;Google Update Service (gupdate1c9a4b67d3f4703);c:\program files\google\update\GoogleUpdate.exe [2009-3-14 133104]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-5-28 55280]

S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-7-10 11520]

=============== Created Last 30 ================

2010-02-12 23:27:12 0 -c--a-w- c:\users\michael\defogger_reenable

2010-02-12 03:44:22 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-02-12 03:18:10 0 dc----w- c:\program files\Spybot - Search & Destroy

2010-02-12 03:18:10 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-02-12 03:14:05 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2010-02-12 03:13:52 0 dc----w- c:\program files\Lavasoft

2010-02-12 02:33:14 0 dc----w- c:\users\michael\appdata\roaming\Malwarebytes

2010-02-12 02:33:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-12 02:33:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-12 02:33:07 0 dc----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-12 02:33:07 0 d-----w- c:\programdata\Malwarebytes

2010-02-11 00:35:29 524288 --sha-w- c:\users\michael\ntuser.dat{49c29523-16a5-11df-b8cb-001e4ce1ecfe}.TMContainer00000000000000000002.regtrans-ms

2010-02-11 00:35:29 524288 --sha-w- c:\users\michael\ntuser.dat{49c29523-16a5-11df-b8cb-001e4ce1ecfe}.TMContainer00000000000000000001.regtrans-ms

2010-02-11 00:35:28 65536 --sha-w- c:\users\michael\ntuser.dat{49c29523-16a5-11df-b8cb-001e4ce1ecfe}.TM.blf

2010-02-10 01:52:39 65536 --sha-w- c:\users\michael\ntuser.dat{d9f03683-15e6-11df-914d-001e4ce1ecfe}.TM.blf

2010-02-10 01:52:39 524288 --sha-w- c:\users\michael\ntuser.dat{d9f03683-15e6-11df-914d-001e4ce1ecfe}.TMContainer00000000000000000002.regtrans-ms

2010-02-10 01:52:39 524288 --sha-w- c:\users\michael\ntuser.dat{d9f03683-15e6-11df-914d-001e4ce1ecfe}.TMContainer00000000000000000001.regtrans-ms

2010-02-08 02:30:02 0 d-----w- c:\programdata\Musicnotes

2010-02-08 02:29:12 0 dc----w- c:\program files\Musicnotes

2010-02-07 18:47:00 61080040 -c--a-w- c:\users\michael\Qdata.QDF

2010-02-06 02:44:51 0 dc----w- c:\program files\Veetle

2010-02-06 02:14:56 0 dc----w- c:\program files\TrendMicro

2010-02-02 21:42:23 0 d-----w- c:\programdata\RetroExp

2010-02-02 16:18:49 0 dc----w- c:\program files\common files\Memeo

2010-02-02 16:18:48 0 dc----w- c:\program files\WD

2010-02-01 19:22:36 0 d-----w- c:\programdata\MemeoCommon

2010-02-01 19:16:30 0 dc----w- c:\users\michael\appdata\roaming\WD

2010-02-01 19:16:30 0 dc----w- c:\users\michael\appdata\roaming\Memeo

2010-02-01 19:04:37 0 dc----w- c:\program files\Memeo

2010-02-01 19:03:15 0 dc----w- c:\program files\common files\eSellerate

2010-02-01 19:02:30 0 dc----w- c:\program files\Western Digital Corporation

2010-02-01 19:02:09 0 dc----w- c:\program files\Western Digital

2010-02-01 19:01:52 20992 ----a-w- c:\windows\jestertb.dll

2010-01-30 19:00:55 90112 ----a-w- c:\windows\unvise32.exe

2010-01-30 19:00:54 0 dc----w- c:\users\michael\appdata\roaming\Quicken WillMaker

2010-01-30 19:00:51 0 dc----w- c:\program files\Quicken WillMaker Plus 2010

2010-01-30 18:59:54 0 dc----w- c:\program files\Educated Investor

2010-01-30 18:43:58 4199784 ----a-w- c:\windows\system32\cdintf400.dll

2010-01-30 01:24:58 0 dc----w- c:\program files\Stylet Click & Term 1.0

2010-01-27 22:48:14 0 dc----r- c:\users\michael\Podcasts

2010-01-27 22:33:49 547840 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2010-01-27 21:42:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf

2010-01-27 21:42:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf

2010-01-26 20:49:58 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-01-26 20:49:58 2614272 ----a-w- c:\windows\explorer.exe

2010-01-21 20:53:52 977920 ----a-w- c:\windows\system32\wininet.dll

==================== Find3M ====================

2010-02-12 21:38:54 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2010-02-12 21:38:52 56680 ----a-w- c:\windows\system32\rpcnet.dll

2010-02-11 03:15:01 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2010-02-07 19:49:40 28029 ----a-w- c:\programdata\nvModes.dat

2010-01-13 03:14:21 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-01-13 03:14:21 108544 ----a-w- c:\windows\system32\t2embed.dll

2010-01-07 19:38:18 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe

2010-01-07 19:22:04 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll

2010-01-07 19:22:04 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll

2010-01-07 19:22:04 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll

2010-01-07 19:22:04 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll

2010-01-07 19:22:04 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll

2010-01-07 19:22:04 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll

2009-12-14 19:15:14 2146304 -c--a-w- c:\windows\system32\GPhotos.scr

2009-12-13 22:42:52 2048 ----a-w- c:\windows\system32\tzres.dll

2009-11-15 02:23:17 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-11-15 02:23:17 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-07-22 17:54:15 7929 -csha-r- c:\program files\uninstall.log

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2008-03-07 13:21:35 76 --sha-r- c:\windows\CT4CET.bin

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:30:19.03 ===============

Attach.zip

[kahdah]

Hello ad603ms

Welcome to Malwarebytes.

=====================

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

==================

Download TDSSKiller and save it to your Desktop.

• Right click on the file and choose extract all extract the file to your desktop then run it.
  
• Once completed it will create a log in your C:\ drive
  
• Please post the contents of that log
  

==========================

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[ad603ms]

15:26:50:289 4432 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00

15:26:50:289 4432 ================================================================================

15:26:50:289 4432 SystemInfo:

15:26:50:289 4432 OS Version: 6.1.7600 ServicePack: 0.0

15:26:50:289 4432 Product type: Workstation

15:26:50:289 4432 ComputerName: MICHAEL-PC

15:26:50:290 4432 UserName: Michael

15:26:50:290 4432 Windows directory: C:\Windows

15:26:50:290 4432 Processor architecture: Intel x86

15:26:50:290 4432 Number of processors: 2

15:26:50:290 4432 Page size: 0x1000

15:26:50:291 4432 Boot type: Normal boot

15:26:50:291 4432 ================================================================================

15:26:50:293 4432 UnloadDriverW: NtUnloadDriver error 2

15:26:50:293 4432 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

15:26:50:294 4432 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000

15:26:50:327 4432 UtilityInit: KLMD drop and load success

15:26:50:328 4432 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)

15:26:50:328 4432 UtilityInit: KLMD open success

15:26:50:328 4432 UtilityInit: Initialize success

15:26:50:328 4432

15:26:50:328 4432 Scanning Services ...

15:26:50:328 4432 CreateRegParser: Registry parser init started

15:26:50:328 4432 CreateRegParser: DisableWow64Redirection error

15:26:50:328 4432 wfopen_ex: Trying to open file C:\Windows\system32\config\system

15:26:50:356 4432 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043

15:26:50:356 4432 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

15:26:50:356 4432 wfopen_ex: Trying to KLMD file open

15:26:50:356 4432 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system

15:26:50:356 4432 wfopen_ex: File opened ok (Flags 2)

15:26:50:357 4432 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 14F1468

15:26:50:357 4432 wfopen_ex: Trying to open file C:\Windows\system32\config\software

15:26:50:380 4432 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043

15:26:50:380 4432 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

15:26:50:380 4432 wfopen_ex: Trying to KLMD file open

15:26:50:380 4432 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software

15:26:50:380 4432 wfopen_ex: File opened ok (Flags 2)

15:26:50:382 4432 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 14F1490

15:26:50:382 4432 CreateRegParser: EnableWow64Redirection error

15:26:50:382 4432 CreateRegParser: RegParser init completed

15:26:51:336 4432 GetAdvancedServicesInfo: Raw services enum returned 496 services

15:26:51:348 4432 fclose_ex: Trying to close file C:\Windows\system32\config\system

15:26:51:350 4432 fclose_ex: Trying to close file C:\Windows\system32\config\software

15:26:51:350 4432

15:26:51:352 4432 Scanning Kernel memory ...

15:26:51:353 4432 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

15:26:51:353 4432 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86989030

15:26:51:353 4432 DetectCureTDL3: KLMD_GetDeviceObjectList returned 1 DevObjects

15:26:51:353 4432

15:26:51:353 4432 DetectCureTDL3: DEVICE_OBJECT: 8698AA00

15:26:51:353 4432 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8698AA00

15:26:51:354 4432 DetectCureTDL3: DEVICE_OBJECT: 85B0A030

15:26:51:354 4432 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85B0A030

15:26:51:354 4432 KLMD_ReadMem: Trying to ReadMemory 0x85B0A030[0x38]

15:26:51:354 4432 DetectCureTDL3: DRIVER_OBJECT: 86BCAA60

15:26:51:354 4432 KLMD_ReadMem: Trying to ReadMemory 0x86BCAA60[0xA8]

15:26:51:354 4432 KLMD_ReadMem: Trying to ReadMemory 0x864A7028[0x38]

15:26:51:354 4432 KLMD_ReadMem: Trying to ReadMemory 0x86456F38[0xA8]

15:26:51:354 4432 KLMD_ReadMem: Trying to ReadMemory 0x86447B10[0x1A]

15:26:51:354 4432 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

15:26:51:354 4432 DetectCureTDL3: IrpHandler (0) addr: 86840856

15:26:51:354 4432 DetectCureTDL3: IrpHandler (1) addr: 86840856

15:26:51:354 4432 DetectCureTDL3: IrpHandler (2) addr: 86840856

15:26:51:354 4432 DetectCureTDL3: IrpHandler (3) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (4) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (5) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (6) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (7) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (8) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (9) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (10) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (11) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (12) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (13) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (14) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (15) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (16) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (17) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (18) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (19) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (20) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (21) addr: 86840856

15:26:51:356 4432 DetectCureTDL3: IrpHandler (22) addr: 86840856

15:26:51:356 4432 DetectCureTDL3: IrpHandler (23) addr: 86840856

15:26:51:356 4432 DetectCureTDL3: IrpHandler (24) addr: 86840856

15:26:51:356 4432 DetectCureTDL3: IrpHandler (25) addr: 86840856

15:26:51:356 4432 DetectCureTDL3: IrpHandler (26) addr: 86840856

15:26:51:356 4432 DetectCureTDL3: All IRP handlers pointed to one addr: 86840856

15:26:51:356 4432 KLMD_ReadMem: Trying to ReadMemory 0x86840856[0x400]

15:26:51:356 4432 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 333, 121, 3, 109

15:26:51:356 4432 Driver "atapi" Irp handler infected by TDSS rootkit ... 15:26:51:357 4432 KLMD_WriteMem: Trying to WriteMemory 0x868408CF[0xD]

15:26:51:357 4432 cured

15:26:51:358 4432 KLMD_ReadMem: Trying to ReadMemory 0x86840701[0x400]

15:26:51:358 4432 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1

15:26:51:358 4432 Driver "atapi" StartIo handler infected by TDSS rootkit ... 15:26:51:359 4432 TDL3_StartIoHookCure: Number of patches 1

15:26:51:359 4432 KLMD_WriteMem: Trying to WriteMemory 0x8684080A[0x6]

15:26:51:359 4432 cured

15:26:51:359 4432 TDL3_FileDetect: Processing driver: atapi

15:26:51:360 4432 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\atapi.sys

15:26:51:360 4432 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\atapi.sys

15:26:51:373 4432 TDL3_FileDetect: C:\Windows\system32\DRIVERS\atapi.sys - Verdict: Infected

15:26:51:373 4432 File C:\Windows\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 15:26:51:373 4432 TDL3_FileCure: Processing driver file: C:\Windows\system32\DRIVERS\atapi.sys

15:26:53:028 4432 FileCallback: Backup candidate found: C:\Windows\system32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys:21584, checking..

15:26:53:042 4432 ValidateDriverFile: Stage 1 passed

15:26:53:044 4432 ValidateDriverFile: Stage 2 passed

15:26:53:144 4432 DigitalSignVerifyByHandle: Embedded DS result: 00000000

15:26:53:144 4432 ValidateDriverFile: Stage 3 passed

15:26:53:145 4432 FileCallback: File validated successfully, restore information prepared

15:26:54:951 4432 FindDriverFileBackup: Backup copy found in DriverStore

15:26:54:951 4432 TDL3_FileCure: Backup copy found, using it..

15:26:54:952 4432 TDL3_FileCure: Dumping cured buffer to file C:\Windows\system32\drivers\tskAF80.tmp

15:26:55:034 4432 TDL3_FileCure: New / Old Image paths: (system32\drivers\tskAF80.tmp, system32\drivers\atapi.sys)

15:26:55:035 4432 TDL3_FileCure: KLMD jobs schedule success

15:26:55:035 4432 will be cured on next reboot

15:26:55:036 4432 UtilityBootReinit: Reboot required for cure complete..

15:26:55:037 4432 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmdb.sys) returned status 00000000

15:26:55:042 4432 UtilityBootReinit: KLMD drop success

15:26:55:044 4432 KLMD_ApplyPendList: Pending buffer(3A78_225A, 616) dropped successfully

15:26:55:044 4432 UtilityBootReinit: Cure on reboot scheduled successfully

15:26:55:044 4432

15:26:55:045 4432 Completed

15:26:55:046 4432

15:26:55:047 4432 Results:

15:26:55:047 4432 Memory objects infected / cured / cured on reboot: 2 / 2 / 0

15:26:55:048 4432 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

15:26:55:049 4432 File objects infected / cured / cured on reboot: 1 / 0 / 1

15:26:55:050 4432

15:26:55:051 4432 UnloadDriverW: NtUnloadDriver error 1

15:26:55:051 4432 KLMD_Unload: UnloadDriverW(klmd21) error 1

15:26:55:052 4432 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000

15:26:55:053 4432 UtilityDeinit: KLMD(ARK) unloaded successfully

ComboFix 10-02-12.01 - Michael 02/13/2010 15:33:26.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2185 [GMT -5:00]

Running from: c:\users\Michael\Downloads\ComboFix.exe

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500

c:\recycler\S-1-5-21-3252328098-71414409-2463015037-501

c:\windows\jestertb.dll

c:\windows\system32\ndisapi.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Ndisrd

((((((((((((((((((((((((( Files Created from 2010-01-13 to 2010-02-13 )))))))))))))))))))))))))))))))

.

2010-02-13 20:40 . 2010-02-13 20:43 -------- d-----w- c:\users\Michael\AppData\Local\temp

2010-02-13 20:31 . 2010-02-13 20:32 -------- d-----w- C:\32788R22FWJFW

2010-02-12 03:44 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-02-12 03:18 . 2010-02-12 03:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-02-12 03:18 . 2010-02-12 03:19 -------- dc----w- c:\program files\Spybot - Search & Destroy

2010-02-12 03:14 . 2010-02-12 03:14 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2010-02-12 03:13 . 2010-02-12 03:13 -------- dc----w- c:\program files\Lavasoft

2010-02-12 02:33 . 2010-02-12 02:33 -------- dc----w- c:\users\Michael\AppData\Roaming\Malwarebytes

2010-02-12 02:33 . 2010-01-07 20:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-12 02:33 . 2010-02-12 02:33 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-12 02:33 . 2010-02-12 02:33 -------- d-----w- c:\programdata\Malwarebytes

2010-02-12 02:33 . 2010-01-07 20:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-08 02:30 . 2010-02-08 02:51 -------- d-----w- c:\programdata\Musicnotes

2010-02-08 02:29 . 2010-02-08 02:29 -------- dc----w- c:\program files\Musicnotes

2010-02-06 02:44 . 2010-02-06 02:44 -------- dc----w- c:\program files\Veetle

2010-02-06 02:14 . 2010-02-06 02:14 -------- dc----w- c:\program files\TrendMicro

2010-02-03 22:14 . 2010-02-08 01:35 -------- d-----w- c:\users\Michael\AppData\Local\Deployment

2010-02-02 21:42 . 2010-02-02 22:21 -------- d-----w- c:\programdata\RetroExp

2010-02-02 16:18 . 2010-02-02 16:18 -------- dc----w- c:\program files\Common Files\Memeo

2010-02-02 16:18 . 2010-02-02 16:18 -------- dc----w- c:\program files\WD

2010-02-01 22:39 . 2010-02-02 21:39 -------- d-----r- c:\windows\system32\config\systemprofile\Podcasts

2010-02-01 19:22 . 2010-02-01 19:29 -------- d-----w- c:\programdata\MemeoCommon

2010-02-01 19:16 . 2010-02-01 19:16 -------- dc----w- c:\users\Michael\AppData\Roaming\WD

2010-02-01 19:16 . 2010-02-01 19:16 -------- dc----w- c:\users\Michael\AppData\Roaming\Memeo

2010-02-01 19:04 . 2010-02-01 19:04 -------- dc----w- c:\program files\Memeo

2010-02-01 19:03 . 2010-02-01 19:04 -------- dc----w- c:\program files\Common Files\eSellerate

2010-02-01 19:02 . 2010-02-01 19:02 -------- dc----w- c:\program files\Western Digital Corporation

2010-02-01 19:02 . 2010-02-01 19:02 -------- dc----w- c:\program files\Western Digital

2010-01-30 19:00 . 2008-01-30 21:36 90112 ----a-w- c:\windows\unvise32.exe

2010-01-30 19:00 . 2010-01-30 19:00 -------- dc----w- c:\users\Michael\AppData\Roaming\Quicken WillMaker

2010-01-30 19:00 . 2010-01-30 19:00 -------- dc----w- c:\program files\Quicken WillMaker Plus 2010

2010-01-30 18:59 . 2010-01-30 18:59 -------- dc----w- c:\program files\Educated Investor

2010-01-30 18:43 . 2010-01-13 15:30 4199784 ----a-w- c:\windows\system32\cdintf400.dll

2010-01-30 01:24 . 2010-01-30 01:24 -------- dc----w- c:\program files\Stylet Click & Term 1.0

2010-01-27 22:48 . 2010-01-27 22:48 -------- dc----r- c:\users\Michael\Podcasts

2010-01-27 22:33 . 2010-01-27 22:33 547840 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2010-01-26 20:49 . 2010-01-27 01:45 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-01-26 20:49 . 2010-01-27 01:45 2614272 ----a-w- c:\windows\explorer.exe

2010-01-21 20:53 . 2010-01-21 21:03 977920 ----a-w- c:\windows\system32\wininet.dll

2010-01-18 12:03 . 2010-01-30 00:15 120 ----a-w- c:\users\Michael\AppData\Local\Wcomewejog.dat

2010-01-18 12:03 . 2010-01-30 00:15 0 ----a-w- c:\users\Michael\AppData\Local\Szeleqeluw.bin

2010-01-18 12:03 . 2010-01-18 12:03 -------- d-----w- c:\users\Michael\AppData\Local\{096C13FA-CD74-4FD9-A5D0-AD03A57C6A43}

2010-01-17 22:16 . 2010-01-17 22:16 -------- d-----w- c:\windows\Sun

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-13 20:42 . 2009-10-26 23:33 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2010-02-13 20:42 . 2009-10-26 23:52 56680 ----a-w- c:\windows\system32\rpcnet.dll

2010-02-13 20:29 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-02-12 22:00 . 2009-05-14 17:22 -------- dc----w- c:\programdata\Lx_cats

2010-02-12 21:13 . 2008-03-17 22:27 -------- dc----w- c:\users\Michael\AppData\Roaming\U3

2010-02-12 03:44 . 2010-02-12 03:44 862040 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-02-12 03:44 . 2010-02-12 03:44 206944 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll

2010-02-12 03:44 . 2010-02-12 03:44 15880 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe

2010-02-12 03:44 . 2010-02-12 03:44 390288 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll

2010-02-12 03:44 . 2010-02-12 03:44 537576 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll

2010-02-12 03:44 . 2010-02-12 03:44 389784 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2010-02-12 03:44 . 2010-02-12 03:44 163728 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll

2010-02-12 03:44 . 2010-02-12 03:43 6296864 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll

2010-02-12 03:43 . 2010-02-12 03:43 327000 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll

2010-02-12 03:43 . 2010-02-12 03:43 87496 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-02-12 03:43 . 2010-02-12 03:43 933120 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-02-12 03:43 . 2010-02-12 03:43 3803208 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

2010-02-12 03:43 . 2010-02-12 03:43 816784 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-02-12 03:43 . 2010-02-12 03:43 823928 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-02-12 03:43 . 2010-02-12 03:43 1643272 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-02-12 03:43 . 2010-02-12 03:43 788880 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-02-12 03:43 . 2010-02-12 03:43 1181328 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-02-12 03:13 . 2008-02-23 02:19 -------- dc----w- c:\programdata\Lavasoft

2010-02-11 03:15 . 2009-10-26 23:34 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2010-02-08 02:30 . 2009-10-27 01:02 143416 ----a-w- c:\users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-08 01:42 . 2008-02-23 15:45 -------- dc----w- c:\program files\Yahoo!

2010-02-07 19:56 . 2010-01-11 00:54 -------- dc----w- c:\users\Michael\AppData\Roaming\DYMO Stamps

2010-02-07 19:53 . 2008-02-20 23:54 -------- dc----w- c:\program files\DYMO Label

2010-02-07 19:49 . 2009-10-27 00:57 28029 ----a-w- c:\programdata\nvModes.dat

2010-02-07 19:44 . 2009-10-27 01:50 -------- d-----w- c:\programdata\avg9

2010-02-06 23:11 . 2008-02-22 00:44 -------- dc----w- c:\program files\RockStar Recipes

2010-02-06 02:14 . 2010-02-06 02:14 388096 -c--a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-02-02 22:59 . 2008-02-20 01:13 -------- dc-h--w- c:\program files\InstallShield Installation Information

2010-02-02 16:18 . 2010-02-02 16:18 20975272 -c--a-w- c:\users\Michael\AppData\Roaming\WD\WD Anywhere Backup\temp\5484_wd_ab_ALL_IN_ONE_setup.exe

2010-02-01 22:17 . 2008-02-23 02:19 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard

2010-02-01 01:56 . 2009-12-14 00:53 -------- dc----w- c:\program files\Mozilla Thunderbird

2010-01-31 22:57 . 2010-01-31 22:57 0 -c--a-w- c:\users\Michael\AppData\Roaming\Thunderbird\Profiles\4lgj8o0n.default\Mail\pop.bellsouth.net\RSS Feeds.sbd\RealCajunRecipes.com

2010-01-31 22:36 . 2010-01-31 22:57 0 -c--a-w- c:\users\Michael\AppData\Roaming\Thunderbird\Profiles\4lgj8o0n.default\Mail\Local Folders\Trash.sbd\RSS Feeds.sbd\RealCajunRecipes.com

2010-01-30 18:46 . 2010-01-30 18:46 7410688 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll

2010-01-30 18:45 . 2010-01-30 18:45 7032320 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll

2010-01-30 18:45 . 2010-01-30 18:45 6301696 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll

2010-01-30 18:44 . 2010-01-30 18:44 2776576 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll

2010-01-30 18:44 . 2010-01-30 18:44 241512 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE

2010-01-30 18:44 . 2010-01-30 18:44 230752 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll

2010-01-30 18:44 . 2010-01-30 18:44 956 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd

2010-01-30 18:43 . 2008-02-23 14:10 -------- dc----w- c:\program files\Quicken

2010-01-27 22:40 . 2008-02-20 00:57 -------- dc----w- c:\program files\Zune

2010-01-27 21:42 . 2010-01-27 21:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf

2010-01-27 21:42 . 2010-01-27 21:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf

2010-01-21 22:10 . 2010-01-24 16:10 52224 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll

2010-01-21 22:10 . 2010-01-24 16:10 101376 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll

2010-01-20 20:07 . 2008-03-03 23:42 -------- dc----w- c:\program files\Microsoft Silverlight

2010-01-20 17:17 . 2010-01-29 01:49 52224 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\FFExternalAlert.dll

2010-01-20 17:17 . 2010-01-29 01:49 101376 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\RadioWMPCore.dll

2010-01-17 23:01 . 2008-02-19 19:18 -------- dc----w- c:\program files\Common Files\Adobe

2010-01-17 20:09 . 2008-02-25 22:21 -------- dc----w- c:\users\Michael\AppData\Roaming\LimeWire

2010-01-17 01:09 . 2009-12-04 01:18 -------- dc----w- c:\program files\SopCast

2010-01-16 19:55 . 2008-02-21 00:39 -------- dc----w- c:\users\Michael\AppData\Roaming\uTorrent

2010-01-13 15:27 . 2010-01-30 18:43 26472 -c--a-w- c:\programdata\Intuit\Quicken\Sku\RPM\Custom\billmind.exe

2010-01-13 15:27 . 2010-01-30 18:43 26472 -c--a-w- c:\programdata\Intuit\Quicken\Sku\Premier\Custom\billmind.exe

2010-01-13 15:27 . 2010-01-30 18:43 26472 -c--a-w- c:\programdata\Intuit\Quicken\Sku\Hab\Custom\billmind.exe

2010-01-13 15:26 . 2010-01-13 15:26 91 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\Pnf\Pas\reg.bat

2010-01-13 03:14 . 2010-01-13 00:33 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-01-13 03:14 . 2010-01-13 00:33 108544 ----a-w- c:\windows\system32\t2embed.dll

2010-01-11 00:53 . 2008-03-23 17:31 -------- dc----w- c:\program files\DYMO Stamps

2010-01-09 13:13 . 2010-01-09 13:13 -------- dc----w- c:\program files\DataVault

2010-01-07 19:38 . 2010-01-07 19:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe

2010-01-07 19:22 . 2010-01-07 19:22 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll

2010-01-07 19:22 . 2010-01-07 19:22 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll

2010-01-07 19:22 . 2010-01-07 19:22 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll

2010-01-07 19:22 . 2010-01-07 19:22 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll

2010-01-07 19:22 . 2010-01-07 19:22 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll

2010-01-07 19:22 . 2010-01-07 19:22 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll

2010-01-05 20:57 . 2010-01-24 16:10 545280 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe

2010-01-05 20:57 . 2010-01-24 16:10 344064 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

2010-01-05 20:57 . 2010-01-24 16:10 153600 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

2010-01-05 20:57 . 2010-01-24 16:10 103424 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\libs\pixomatic.dll

2010-01-05 20:57 . 2010-01-24 16:10 57856 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

2010-01-05 20:57 . 2010-01-24 16:10 4725760 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\libs\cooliris192.dll

2009-12-23 17:31 . 2009-12-23 17:29 -------- dc----w- c:\users\SYSTEM\AppData\Roaming\7600 Series

2009-12-23 17:31 . 2009-05-14 18:12 -------- dc----w- c:\program files\Lexmark 7600 Series

2009-12-23 17:29 . 2009-12-23 17:28 -------- dc----w- c:\users\SYSTEM\AppData\Roaming\Coverpgs

2009-12-21 02:59 . 2009-12-19 20:55 -------- dc----w- c:\program files\Recovery Toolbox for Outlook

2009-12-20 20:24 . 2009-07-14 04:52 -------- dc----w- c:\program files\MSBuild

2009-12-19 21:17 . 2008-02-20 23:12 -------- dc----w- c:\program files\Google

2009-12-19 16:08 . 2008-02-23 01:47 -------- dc----w- c:\program files\Microsoft Works

2009-12-14 19:15 . 2009-12-14 19:15 2146304 -c--a-w- c:\windows\system32\GPhotos.scr

2009-12-13 22:42 . 2009-12-13 22:42 2048 ----a-w- c:\windows\system32\tzres.dll

2009-12-07 14:10 . 2010-02-12 03:14 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe

2009-12-02 03:28 . 2009-12-02 03:28 2274619 ----a-w- c:\programdata\SPL2D22.tmp

2009-07-22 17:54 . 2009-07-22 17:53 7929 -csha-r- c:\program files\uninstall.log

2007-01-26 21:10 . 2008-10-29 20:52 69632 -c--a-w- c:\program files\mozilla firefox\plugins\Application.DYMOAddIn.dll

2006-06-16 01:33 . 2008-03-07 13:21 233472 -c--a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll

2006-05-25 23:43 . 2008-03-07 13:21 204895 -c--a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll

2005-09-29 19:41 . 2008-03-07 13:21 77824 -c--a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll

2006-06-19 18:10 . 2008-03-07 13:21 426081 -c--a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll

2005-02-02 17:19 . 2008-03-07 13:21 458752 -c--a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll

2004-11-06 06:51 . 2008-10-29 20:52 3584 -c--a-w- c:\program files\mozilla firefox\plugins\Interop.AddrFx32COM.dll

2004-02-12 22:03 . 2008-10-29 20:52 7168 -c--a-w- c:\program files\mozilla firefox\plugins\Interop.Dymo.dll

2005-10-08 02:14 . 2008-10-29 20:52 4096 -c--a-w- c:\program files\mozilla firefox\plugins\Interop.DymoActFieldFormatter.dll

2004-08-04 08:56 . 2008-10-29 20:52 11776 -c--a-w- c:\program files\mozilla firefox\plugins\Interop.StdType.dll

2006-04-10 23:35 . 2008-03-07 13:21 139264 -c--a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll

2005-11-09 16:10 . 2008-03-07 13:21 204800 -c--a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll

2005-11-09 16:42 . 2008-03-07 13:21 106496 -c--a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll

2006-01-04 16:22 . 2008-03-07 13:21 212992 -c--a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll

2006-01-04 16:21 . 2008-03-07 13:21 167936 -c--a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll

2008-03-07 13:21 . 2008-03-07 13:21 76 --sha-r- c:\windows\CT4CET.bin

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-11-18 16:58 333192 -c--a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-10-16 17:13 1115392 -c--a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-09-10 20:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-09-10 20:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-14 1688872]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-03 13552160]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-03 92704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-03 96800]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2009-06-13 55808]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-11 46632]

"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2008-09-10 676520]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-11 30248]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"PDF5 Registry Controller"="c:\program files\Nuance\PDF Create 5\RegistryController.exe" [2008-12-13 58656]

"PDFHook"="c:\program files\Nuance\PDF Create 5\pdfcreate5hook.exe" [2009-04-10 1277952]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-15 198160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-12-28 22486]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-26 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-04-17 03:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]

backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup

backupExtension=.CommonStartup

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LaunchU3.exe.lnk]

backup=c:\windows\pss\LaunchU3.exe.lnk.CommonStartup

backupExtension=.CommonStartup

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk

[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]

path=c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk

backup=c:\windows\pss\Yahoo! Widgets.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 13:58 40368 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DYMOFileMonitor]

2008-05-16 17:04 196608 -c--a-w- c:\program files\DYMO File\DYMOFileMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DymoQuickPrint]

2009-06-13 04:10 1882360 -c--a-w- c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 7600 Series Fax Server]

2008-09-10 10:15 311976 -c--a-w- c:\program files\Lexmark 7600 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdwamon]

2008-09-10 10:15 16040 -c--a-w- c:\program files\Lexmark 7600 Series\lxdwamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]

2008-11-06 18:20 144608 -c--a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-02-06 22:51 3885408 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance OmniPage 17-reminder]

2008-11-03 15:02 54560 -c--a-w- c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Converter 6-reminder]

2008-11-03 15:02 54560 -c--a-w- c:\program files\Nuance\PDF Converter 6\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF6 Registry Controller]

2009-06-30 20:48 111904 -c--a-w- c:\program files\Nuance\PDF Converter 6\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]

2006-11-16 15:01 35368 -c--a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]

2007-04-17 02:50 49168 -c--a-w- c:\program files\Fingerprint Reader Suite\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2009-07-08 17:31 236016 -c--a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 21:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 13:03 210472 -c--a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Anywhere Backup]

2009-04-17 17:51 197856 -c--a-w- c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Live Sync]

2009-10-23 02:18 1171784 -c--a-w- c:\program files\Windows Live\Sync\WindowsLiveSync.exe

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [10/26/2009 8:50 PM 161800]

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2/11/2010 10:44 PM 64288]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/26/2009 8:50 PM 333192]

R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/26/2009 8:50 PM 360584]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/26/2009 8:50 PM 285392]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]

R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]

R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdwserv.exe [5/16/2008 10:32 AM 98984]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [4/17/2009 12:51 PM 25824]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/11/2010 10:18 PM 1153368]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\netw5v32.sys [6/10/2009 4:18 PM 4231168]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [9/28/2009 9:22 AM 315392]

S2 gupdate1c9a4b67d3f4703;Google Update Service (gupdate1c9a4b67d3f4703);c:\program files\Google\Update\GoogleUpdate.exe [3/14/2009 10:06 AM 133104]

S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [5/28/2009 6:08 AM 55280]

S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 5:08 PM 533360]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam.sys [7/10/2008 2:47 PM 11520]

.

Contents of the 'Scheduled Tasks' folder

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 15:06]

2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 15:06]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://att.my.yahoo.com/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Converter 6\cnvres_eng.dll /100

IE: Save to DataVault - file://c:\program files\DataVault\iemenuext.htm

Trusted Zone: endicia.com\www

Trusted Zone: jamorama.com\www

Trusted Zone: motive.com\pattta.att

Trusted Zone: motive.com\patttbc.att

Trusted Zone: turbotax.com

DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\

FF - prefs.js: browser.search.defaulturl - 4.6.6.2

FF - prefs.js: browser.search.selectedEngine - 4.6.6.2

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT649865&SearchSource=13

FF - prefs.js: keyword.URL - 4.6.6.2

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll

FF - component: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll

FF - component: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll

FF - component: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

FF - component: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\FFExternalAlert.dll

FF - component: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\RadioWMPCore.dll

FF - component: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\Musicnotes\npmusicn.dll

FF - plugin: c:\program files\Musicnotes\NPSibelius.dll

FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll

FF - plugin: c:\program files\Veetle\Player\npvlc.dll

FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Michael\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\users\Michael\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.search.defaultenginename - 4.6.6.2

FF - user.js: browser.search.defaulturl - 4.6.6.2

FF - user.js: browser.search.selectedEngine - 4.6.6.2

FF - user.js: keyword.URL - 4.6.6.2

FF - user.js: keyword.enabled - true

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CM108Sound - CM108.cpl

MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

MSConfigStartUp-Nuance PDF Professional 5-reminder - c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe

MSConfigStartUp-PDF5 Registry Controller - c:\program files\Nuance\PDF Professional 5\RegistryController.exe

MSConfigStartUp-PDFHook - c:\program files\Nuance\PDF Professional 5\pdfpro5hook.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(520)

c:\windows\system32\psqlpwd.DLL

c:\program files\Fingerprint Reader Suite\homefus2.dll

c:\program files\Fingerprint Reader Suite\infra.dll

- - - - - - - > 'Explorer.exe'(1828)

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\program files\Fingerprint Reader Suite\farchns.dll

c:\program files\Fingerprint Reader Suite\infra.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\program files\Fingerprint Reader Suite\upeksvr.exe

c:\windows\system32\taskhost.exe

c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

c:\windows\system32\lxdwcoms.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files\AVG\AVG9\avgam.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\rpcnet.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\HidFind.exe

c:\program files\DellTPad\Apntex.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\programdata\U3\U3Launcher\LaunchU3.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

c:\windows\system32\sppsvc.exe

c:\program files\Zune\ZuneNss.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2010-02-13 15:48:08 - machine was rebooted

ComboFix-quarantined-files.txt 2010-02-13 20:48

Pre-Run: 122,945,433,600 bytes free

Post-Run: 122,687,954,944 bytes free

- - End Of File - - 8341793E52F777A84B1C473DE79C1357

Hello ad603ms

Welcome to Malwarebytes.

=====================

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

==================

Download TDSSKiller and save it to your Desktop.

• Right click on the file and choose extract all extract the file to your desktop then run it.
  
• Once completed it will create a log in your C:\ drive
  
• Please post the contents of that log
  

==========================

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[kahdah]

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

• Click on the update tab then click on Check for updates.
  
• If an update is found, it will download and install the latest version.
  
• Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
  
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
  
• This will start the program and scan your system.
  
• The scan will take a while, so be patient and let it run.
  
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post.
  

[ad603ms]

15:26:50:289 4432 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00

15:26:50:289 4432 ================================================================================

15:26:50:289 4432 SystemInfo:

15:26:50:289 4432 OS Version: 6.1.7600 ServicePack: 0.0

15:26:50:289 4432 Product type: Workstation

15:26:50:289 4432 ComputerName: MICHAEL-PC

15:26:50:290 4432 UserName: Michael

15:26:50:290 4432 Windows directory: C:\Windows

15:26:50:290 4432 Processor architecture: Intel x86

15:26:50:290 4432 Number of processors: 2

15:26:50:290 4432 Page size: 0x1000

15:26:50:291 4432 Boot type: Normal boot

15:26:50:291 4432 ================================================================================

15:26:50:293 4432 UnloadDriverW: NtUnloadDriver error 2

15:26:50:293 4432 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

15:26:50:294 4432 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000

15:26:50:327 4432 UtilityInit: KLMD drop and load success

15:26:50:328 4432 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)

15:26:50:328 4432 UtilityInit: KLMD open success

15:26:50:328 4432 UtilityInit: Initialize success

15:26:50:328 4432

15:26:50:328 4432 Scanning Services ...

15:26:50:328 4432 CreateRegParser: Registry parser init started

15:26:50:328 4432 CreateRegParser: DisableWow64Redirection error

15:26:50:328 4432 wfopen_ex: Trying to open file C:\Windows\system32\config\system

15:26:50:356 4432 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043

15:26:50:356 4432 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

15:26:50:356 4432 wfopen_ex: Trying to KLMD file open

15:26:50:356 4432 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system

15:26:50:356 4432 wfopen_ex: File opened ok (Flags 2)

15:26:50:357 4432 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 14F1468

15:26:50:357 4432 wfopen_ex: Trying to open file C:\Windows\system32\config\software

15:26:50:380 4432 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043

15:26:50:380 4432 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

15:26:50:380 4432 wfopen_ex: Trying to KLMD file open

15:26:50:380 4432 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software

15:26:50:380 4432 wfopen_ex: File opened ok (Flags 2)

15:26:50:382 4432 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 14F1490

15:26:50:382 4432 CreateRegParser: EnableWow64Redirection error

15:26:50:382 4432 CreateRegParser: RegParser init completed

15:26:51:336 4432 GetAdvancedServicesInfo: Raw services enum returned 496 services

15:26:51:348 4432 fclose_ex: Trying to close file C:\Windows\system32\config\system

15:26:51:350 4432 fclose_ex: Trying to close file C:\Windows\system32\config\software

15:26:51:350 4432

15:26:51:352 4432 Scanning Kernel memory ...

15:26:51:353 4432 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

15:26:51:353 4432 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86989030

15:26:51:353 4432 DetectCureTDL3: KLMD_GetDeviceObjectList returned 1 DevObjects

15:26:51:353 4432

15:26:51:353 4432 DetectCureTDL3: DEVICE_OBJECT: 8698AA00

15:26:51:353 4432 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8698AA00

15:26:51:354 4432 DetectCureTDL3: DEVICE_OBJECT: 85B0A030

15:26:51:354 4432 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85B0A030

15:26:51:354 4432 KLMD_ReadMem: Trying to ReadMemory 0x85B0A030[0x38]

15:26:51:354 4432 DetectCureTDL3: DRIVER_OBJECT: 86BCAA60

15:26:51:354 4432 KLMD_ReadMem: Trying to ReadMemory 0x86BCAA60[0xA8]

15:26:51:354 4432 KLMD_ReadMem: Trying to ReadMemory 0x864A7028[0x38]

15:26:51:354 4432 KLMD_ReadMem: Trying to ReadMemory 0x86456F38[0xA8]

15:26:51:354 4432 KLMD_ReadMem: Trying to ReadMemory 0x86447B10[0x1A]

15:26:51:354 4432 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

15:26:51:354 4432 DetectCureTDL3: IrpHandler (0) addr: 86840856

15:26:51:354 4432 DetectCureTDL3: IrpHandler (1) addr: 86840856

15:26:51:354 4432 DetectCureTDL3: IrpHandler (2) addr: 86840856

15:26:51:354 4432 DetectCureTDL3: IrpHandler (3) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (4) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (5) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (6) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (7) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (8) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (9) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (10) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (11) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (12) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (13) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (14) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (15) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (16) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (17) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (18) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (19) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (20) addr: 86840856

15:26:51:355 4432 DetectCureTDL3: IrpHandler (21) addr: 86840856

15:26:51:356 4432 DetectCureTDL3: IrpHandler (22) addr: 86840856

15:26:51:356 4432 DetectCureTDL3: IrpHandler (23) addr: 86840856

15:26:51:356 4432 DetectCureTDL3: IrpHandler (24) addr: 86840856

15:26:51:356 4432 DetectCureTDL3: IrpHandler (25) addr: 86840856

15:26:51:356 4432 DetectCureTDL3: IrpHandler (26) addr: 86840856

15:26:51:356 4432 DetectCureTDL3: All IRP handlers pointed to one addr: 86840856

15:26:51:356 4432 KLMD_ReadMem: Trying to ReadMemory 0x86840856[0x400]

15:26:51:356 4432 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 333, 121, 3, 109

15:26:51:356 4432 Driver "atapi" Irp handler infected by TDSS rootkit ... 15:26:51:357 4432 KLMD_WriteMem: Trying to WriteMemory 0x868408CF[0xD]

15:26:51:357 4432 cured

15:26:51:358 4432 KLMD_ReadMem: Trying to ReadMemory 0x86840701[0x400]

15:26:51:358 4432 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1

15:26:51:358 4432 Driver "atapi" StartIo handler infected by TDSS rootkit ... 15:26:51:359 4432 TDL3_StartIoHookCure: Number of patches 1

15:26:51:359 4432 KLMD_WriteMem: Trying to WriteMemory 0x8684080A[0x6]

15:26:51:359 4432 cured

15:26:51:359 4432 TDL3_FileDetect: Processing driver: atapi

15:26:51:360 4432 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\atapi.sys

15:26:51:360 4432 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\atapi.sys

15:26:51:373 4432 TDL3_FileDetect: C:\Windows\system32\DRIVERS\atapi.sys - Verdict: Infected

15:26:51:373 4432 File C:\Windows\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 15:26:51:373 4432 TDL3_FileCure: Processing driver file: C:\Windows\system32\DRIVERS\atapi.sys

15:26:53:028 4432 FileCallback: Backup candidate found: C:\Windows\system32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys:21584, checking..

15:26:53:042 4432 ValidateDriverFile: Stage 1 passed

15:26:53:044 4432 ValidateDriverFile: Stage 2 passed

15:26:53:144 4432 DigitalSignVerifyByHandle: Embedded DS result: 00000000

15:26:53:144 4432 ValidateDriverFile: Stage 3 passed

15:26:53:145 4432 FileCallback: File validated successfully, restore information prepared

15:26:54:951 4432 FindDriverFileBackup: Backup copy found in DriverStore

15:26:54:951 4432 TDL3_FileCure: Backup copy found, using it..

15:26:54:952 4432 TDL3_FileCure: Dumping cured buffer to file C:\Windows\system32\drivers\tskAF80.tmp

15:26:55:034 4432 TDL3_FileCure: New / Old Image paths: (system32\drivers\tskAF80.tmp, system32\drivers\atapi.sys)

15:26:55:035 4432 TDL3_FileCure: KLMD jobs schedule success

15:26:55:035 4432 will be cured on next reboot

15:26:55:036 4432 UtilityBootReinit: Reboot required for cure complete..

15:26:55:037 4432 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmdb.sys) returned status 00000000

15:26:55:042 4432 UtilityBootReinit: KLMD drop success

15:26:55:044 4432 KLMD_ApplyPendList: Pending buffer(3A78_225A, 616) dropped successfully

15:26:55:044 4432 UtilityBootReinit: Cure on reboot scheduled successfully

15:26:55:044 4432

15:26:55:045 4432 Completed

15:26:55:046 4432

15:26:55:047 4432 Results:

15:26:55:047 4432 Memory objects infected / cured / cured on reboot: 2 / 2 / 0

15:26:55:048 4432 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

15:26:55:049 4432 File objects infected / cured / cured on reboot: 1 / 0 / 1

15:26:55:050 4432

15:26:55:051 4432 UnloadDriverW: NtUnloadDriver error 1

15:26:55:051 4432 KLMD_Unload: UnloadDriverW(klmd21) error 1

15:26:55:052 4432 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000

15:26:55:053 4432 UtilityDeinit: KLMD(ARK) unloaded successfully

ComboFix 10-02-12.01 - Michael 02/13/2010 15:33:26.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2185 [GMT -5:00]

Running from: c:\users\Michael\Downloads\ComboFix.exe

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500

c:\recycler\S-1-5-21-3252328098-71414409-2463015037-501

c:\windows\jestertb.dll

c:\windows\system32\ndisapi.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Ndisrd

((((((((((((((((((((((((( Files Created from 2010-01-13 to 2010-02-13 )))))))))))))))))))))))))))))))

.

2010-02-13 20:40 . 2010-02-13 20:43 -------- d-----w- c:\users\Michael\AppData\Local\temp

2010-02-13 20:31 . 2010-02-13 20:32 -------- d-----w- C:\32788R22FWJFW

2010-02-12 03:44 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-02-12 03:18 . 2010-02-12 03:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-02-12 03:18 . 2010-02-12 03:19 -------- dc----w- c:\program files\Spybot - Search & Destroy

2010-02-12 03:14 . 2010-02-12 03:14 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2010-02-12 03:13 . 2010-02-12 03:13 -------- dc----w- c:\program files\Lavasoft

2010-02-12 02:33 . 2010-02-12 02:33 -------- dc----w- c:\users\Michael\AppData\Roaming\Malwarebytes

2010-02-12 02:33 . 2010-01-07 20:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-12 02:33 . 2010-02-12 02:33 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-12 02:33 . 2010-02-12 02:33 -------- d-----w- c:\programdata\Malwarebytes

2010-02-12 02:33 . 2010-01-07 20:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-08 02:30 . 2010-02-08 02:51 -------- d-----w- c:\programdata\Musicnotes

2010-02-08 02:29 . 2010-02-08 02:29 -------- dc----w- c:\program files\Musicnotes

2010-02-06 02:44 . 2010-02-06 02:44 -------- dc----w- c:\program files\Veetle

2010-02-06 02:14 . 2010-02-06 02:14 -------- dc----w- c:\program files\TrendMicro

2010-02-03 22:14 . 2010-02-08 01:35 -------- d-----w- c:\users\Michael\AppData\Local\Deployment

2010-02-02 21:42 . 2010-02-02 22:21 -------- d-----w- c:\programdata\RetroExp

2010-02-02 16:18 . 2010-02-02 16:18 -------- dc----w- c:\program files\Common Files\Memeo

2010-02-02 16:18 . 2010-02-02 16:18 -------- dc----w- c:\program files\WD

2010-02-01 22:39 . 2010-02-02 21:39 -------- d-----r- c:\windows\system32\config\systemprofile\Podcasts

2010-02-01 19:22 . 2010-02-01 19:29 -------- d-----w- c:\programdata\MemeoCommon

2010-02-01 19:16 . 2010-02-01 19:16 -------- dc----w- c:\users\Michael\AppData\Roaming\WD

2010-02-01 19:16 . 2010-02-01 19:16 -------- dc----w- c:\users\Michael\AppData\Roaming\Memeo

2010-02-01 19:04 . 2010-02-01 19:04 -------- dc----w- c:\program files\Memeo

2010-02-01 19:03 . 2010-02-01 19:04 -------- dc----w- c:\program files\Common Files\eSellerate

2010-02-01 19:02 . 2010-02-01 19:02 -------- dc----w- c:\program files\Western Digital Corporation

2010-02-01 19:02 . 2010-02-01 19:02 -------- dc----w- c:\program files\Western Digital

2010-01-30 19:00 . 2008-01-30 21:36 90112 ----a-w- c:\windows\unvise32.exe

2010-01-30 19:00 . 2010-01-30 19:00 -------- dc----w- c:\users\Michael\AppData\Roaming\Quicken WillMaker

2010-01-30 19:00 . 2010-01-30 19:00 -------- dc----w- c:\program files\Quicken WillMaker Plus 2010

2010-01-30 18:59 . 2010-01-30 18:59 -------- dc----w- c:\program files\Educated Investor

2010-01-30 18:43 . 2010-01-13 15:30 4199784 ----a-w- c:\windows\system32\cdintf400.dll

2010-01-30 01:24 . 2010-01-30 01:24 -------- dc----w- c:\program files\Stylet Click & Term 1.0

2010-01-27 22:48 . 2010-01-27 22:48 -------- dc----r- c:\users\Michael\Podcasts

2010-01-27 22:33 . 2010-01-27 22:33 547840 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2010-01-26 20:49 . 2010-01-27 01:45 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-01-26 20:49 . 2010-01-27 01:45 2614272 ----a-w- c:\windows\explorer.exe

2010-01-21 20:53 . 2010-01-21 21:03 977920 ----a-w- c:\windows\system32\wininet.dll

2010-01-18 12:03 . 2010-01-30 00:15 120 ----a-w- c:\users\Michael\AppData\Local\Wcomewejog.dat

2010-01-18 12:03 . 2010-01-30 00:15 0 ----a-w- c:\users\Michael\AppData\Local\Szeleqeluw.bin

2010-01-18 12:03 . 2010-01-18 12:03 -------- d-----w- c:\users\Michael\AppData\Local\{096C13FA-CD74-4FD9-A5D0-AD03A57C6A43}

2010-01-17 22:16 . 2010-01-17 22:16 -------- d-----w- c:\windows\Sun

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-13 20:42 . 2009-10-26 23:33 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2010-02-13 20:42 . 2009-10-26 23:52 56680 ----a-w- c:\windows\system32\rpcnet.dll

2010-02-13 20:29 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-02-12 22:00 . 2009-05-14 17:22 -------- dc----w- c:\programdata\Lx_cats

2010-02-12 21:13 . 2008-03-17 22:27 -------- dc----w- c:\users\Michael\AppData\Roaming\U3

2010-02-12 03:44 . 2010-02-12 03:44 862040 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-02-12 03:44 . 2010-02-12 03:44 206944 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll

2010-02-12 03:44 . 2010-02-12 03:44 15880 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe

2010-02-12 03:44 . 2010-02-12 03:44 390288 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll

2010-02-12 03:44 . 2010-02-12 03:44 537576 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll

2010-02-12 03:44 . 2010-02-12 03:44 389784 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2010-02-12 03:44 . 2010-02-12 03:44 163728 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll

2010-02-12 03:44 . 2010-02-12 03:43 6296864 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll

2010-02-12 03:43 . 2010-02-12 03:43 327000 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll

2010-02-12 03:43 . 2010-02-12 03:43 87496 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-02-12 03:43 . 2010-02-12 03:43 933120 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-02-12 03:43 . 2010-02-12 03:43 3803208 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

2010-02-12 03:43 . 2010-02-12 03:43 816784 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-02-12 03:43 . 2010-02-12 03:43 823928 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-02-12 03:43 . 2010-02-12 03:43 1643272 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-02-12 03:43 . 2010-02-12 03:43 788880 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-02-12 03:43 . 2010-02-12 03:43 1181328 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-02-12 03:13 . 2008-02-23 02:19 -------- dc----w- c:\programdata\Lavasoft

2010-02-11 03:15 . 2009-10-26 23:34 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2010-02-08 02:30 . 2009-10-27 01:02 143416 ----a-w- c:\users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-08 01:42 . 2008-02-23 15:45 -------- dc----w- c:\program files\Yahoo!

2010-02-07 19:56 . 2010-01-11 00:54 -------- dc----w- c:\users\Michael\AppData\Roaming\DYMO Stamps

2010-02-07 19:53 . 2008-02-20 23:54 -------- dc----w- c:\program files\DYMO Label

2010-02-07 19:49 . 2009-10-27 00:57 28029 ----a-w- c:\programdata\nvModes.dat

2010-02-07 19:44 . 2009-10-27 01:50 -------- d-----w- c:\programdata\avg9

2010-02-06 23:11 . 2008-02-22 00:44 -------- dc----w- c:\program files\RockStar Recipes

2010-02-06 02:14 . 2010-02-06 02:14 388096 -c--a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-02-02 22:59 . 2008-02-20 01:13 -------- dc-h--w- c:\program files\InstallShield Installation Information

2010-02-02 16:18 . 2010-02-02 16:18 20975272 -c--a-w- c:\users\Michael\AppData\Roaming\WD\WD Anywhere Backup\temp\5484_wd_ab_ALL_IN_ONE_setup.exe

2010-02-01 22:17 . 2008-02-23 02:19 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard

2010-02-01 01:56 . 2009-12-14 00:53 -------- dc----w- c:\program files\Mozilla Thunderbird

2010-01-31 22:57 . 2010-01-31 22:57 0 -c--a-w- c:\users\Michael\AppData\Roaming\Thunderbird\Profiles\4lgj8o0n.default\Mail\pop.bellsouth.net\RSS Feeds.sbd\RealCajunRecipes.com

2010-01-31 22:36 . 2010-01-31 22:57 0 -c--a-w- c:\users\Michael\AppData\Roaming\Thunderbird\Profiles\4lgj8o0n.default\Mail\Local Folders\Trash.sbd\RSS Feeds.sbd\RealCajunRecipes.com

2010-01-30 18:46 . 2010-01-30 18:46 7410688 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll

2010-01-30 18:45 . 2010-01-30 18:45 7032320 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll

2010-01-30 18:45 . 2010-01-30 18:45 6301696 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll

2010-01-30 18:44 . 2010-01-30 18:44 2776576 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll

2010-01-30 18:44 . 2010-01-30 18:44 241512 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE

2010-01-30 18:44 . 2010-01-30 18:44 230752 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll

2010-01-30 18:44 . 2010-01-30 18:44 956 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd

2010-01-30 18:43 . 2008-02-23 14:10 -------- dc----w- c:\program files\Quicken

2010-01-27 22:40 . 2008-02-20 00:57 -------- dc----w- c:\program files\Zune

2010-01-27 21:42 . 2010-01-27 21:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf

2010-01-27 21:42 . 2010-01-27 21:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf

2010-01-21 22:10 . 2010-01-24 16:10 52224 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll

2010-01-21 22:10 . 2010-01-24 16:10 101376 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll

2010-01-20 20:07 . 2008-03-03 23:42 -------- dc----w- c:\program files\Microsoft Silverlight

2010-01-20 17:17 . 2010-01-29 01:49 52224 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\FFExternalAlert.dll

2010-01-20 17:17 . 2010-01-29 01:49 101376 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\RadioWMPCore.dll

2010-01-17 23:01 . 2008-02-19 19:18 -------- dc----w- c:\program files\Common Files\Adobe

2010-01-17 20:09 . 2008-02-25 22:21 -------- dc----w- c:\users\Michael\AppData\Roaming\LimeWire

2010-01-17 01:09 . 2009-12-04 01:18 -------- dc----w- c:\program files\SopCast

2010-01-16 19:55 . 2008-02-21 00:39 -------- dc----w- c:\users\Michael\AppData\Roaming\uTorrent

2010-01-13 15:27 . 2010-01-30 18:43 26472 -c--a-w- c:\programdata\Intuit\Quicken\Sku\RPM\Custom\billmind.exe

2010-01-13 15:27 . 2010-01-30 18:43 26472 -c--a-w- c:\programdata\Intuit\Quicken\Sku\Premier\Custom\billmind.exe

2010-01-13 15:27 . 2010-01-30 18:43 26472 -c--a-w- c:\programdata\Intuit\Quicken\Sku\Hab\Custom\billmind.exe

2010-01-13 15:26 . 2010-01-13 15:26 91 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\Pnf\Pas\reg.bat

2010-01-13 03:14 . 2010-01-13 00:33 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-01-13 03:14 . 2010-01-13 00:33 108544 ----a-w- c:\windows\system32\t2embed.dll

2010-01-11 00:53 . 2008-03-23 17:31 -------- dc----w- c:\program files\DYMO Stamps

2010-01-09 13:13 . 2010-01-09 13:13 -------- dc----w- c:\program files\DataVault

2010-01-07 19:38 . 2010-01-07 19:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe

2010-01-07 19:22 . 2010-01-07 19:22 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll

2010-01-07 19:22 . 2010-01-07 19:22 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll

2010-01-07 19:22 . 2010-01-07 19:22 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll

2010-01-07 19:22 . 2010-01-07 19:22 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll

2010-01-07 19:22 . 2010-01-07 19:22 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll

2010-01-07 19:22 . 2010-01-07 19:22 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll

2010-01-05 20:57 . 2010-01-24 16:10 545280 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe

2010-01-05 20:57 . 2010-01-24 16:10 344064 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

2010-01-05 20:57 . 2010-01-24 16:10 153600 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

2010-01-05 20:57 . 2010-01-24 16:10 103424 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\libs\pixomatic.dll

2010-01-05 20:57 . 2010-01-24 16:10 57856 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

2010-01-05 20:57 . 2010-01-24 16:10 4725760 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\libs\cooliris192.dll

2009-12-23 17:31 . 2009-12-23 17:29 -------- dc----w- c:\users\SYSTEM\AppData\Roaming\7600 Series

2009-12-23 17:31 . 2009-05-14 18:12 -------- dc----w- c:\program files\Lexmark 7600 Series

2009-12-23 17:29 . 2009-12-23 17:28 -------- dc----w- c:\users\SYSTEM\AppData\Roaming\Coverpgs

2009-12-21 02:59 . 2009-12-19 20:55 -------- dc----w- c:\program files\Recovery Toolbox for Outlook

2009-12-20 20:24 . 2009-07-14 04:52 -------- dc----w- c:\program files\MSBuild

2009-12-19 21:17 . 2008-02-20 23:12 -------- dc----w- c:\program files\Google

2009-12-19 16:08 . 2008-02-23 01:47 -------- dc----w- c:\program files\Microsoft Works

2009-12-14 19:15 . 2009-12-14 19:15 2146304 -c--a-w- c:\windows\system32\GPhotos.scr

2009-12-13 22:42 . 2009-12-13 22:42 2048 ----a-w- c:\windows\system32\tzres.dll

2009-12-07 14:10 . 2010-02-12 03:14 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe

2009-12-02 03:28 . 2009-12-02 03:28 2274619 ----a-w- c:\programdata\SPL2D22.tmp

2009-07-22 17:54 . 2009-07-22 17:53 7929 -csha-r- c:\program files\uninstall.log

2007-01-26 21:10 . 2008-10-29 20:52 69632 -c--a-w- c:\program files\mozilla firefox\plugins\Application.DYMOAddIn.dll

2006-06-16 01:33 . 2008-03-07 13:21 233472 -c--a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll

2006-05-25 23:43 . 2008-03-07 13:21 204895 -c--a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll

2005-09-29 19:41 . 2008-03-07 13:21 77824 -c--a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll

2006-06-19 18:10 . 2008-03-07 13:21 426081 -c--a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll

2005-02-02 17:19 . 2008-03-07 13:21 458752 -c--a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll

2004-11-06 06:51 . 2008-10-29 20:52 3584 -c--a-w- c:\program files\mozilla firefox\plugins\Interop.AddrFx32COM.dll

2004-02-12 22:03 . 2008-10-29 20:52 7168 -c--a-w- c:\program files\mozilla firefox\plugins\Interop.Dymo.dll

2005-10-08 02:14 . 2008-10-29 20:52 4096 -c--a-w- c:\program files\mozilla firefox\plugins\Interop.DymoActFieldFormatter.dll

2004-08-04 08:56 . 2008-10-29 20:52 11776 -c--a-w- c:\program files\mozilla firefox\plugins\Interop.StdType.dll

2006-04-10 23:35 . 2008-03-07 13:21 139264 -c--a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll

2005-11-09 16:10 . 2008-03-07 13:21 204800 -c--a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll

2005-11-09 16:42 . 2008-03-07 13:21 106496 -c--a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll

2006-01-04 16:22 . 2008-03-07 13:21 212992 -c--a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll

2006-01-04 16:21 . 2008-03-07 13:21 167936 -c--a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll

2008-03-07 13:21 . 2008-03-07 13:21 76 --sha-r- c:\windows\CT4CET.bin

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-11-18 16:58 333192 -c--a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-10-16 17:13 1115392 -c--a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-09-10 20:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-09-10 20:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-14 1688872]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-03 13552160]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-03 92704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-03 96800]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2009-06-13 55808]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-11 46632]

"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2008-09-10 676520]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-11 30248]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"PDF5 Registry Controller"="c:\program files\Nuance\PDF Create 5\RegistryController.exe" [2008-12-13 58656]

"PDFHook"="c:\program files\Nuance\PDF Create 5\pdfcreate5hook.exe" [2009-04-10 1277952]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-15 198160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-12-28 22486]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-26 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-04-17 03:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]

backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup

backupExtension=.CommonStartup

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LaunchU3.exe.lnk]

backup=c:\windows\pss\LaunchU3.exe.lnk.CommonStartup

backupExtension=.CommonStartup

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk

[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]

path=c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk

backup=c:\windows\pss\Yahoo! Widgets.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 13:58 40368 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DYMOFileMonitor]

2008-05-16 17:04 196608 -c--a-w- c:\program files\DYMO File\DYMOFileMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DymoQuickPrint]

2009-06-13 04:10 1882360 -c--a-w- c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 7600 Series Fax Server]

2008-09-10 10:15 311976 -c--a-w- c:\program files\Lexmark 7600 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdwamon]

2008-09-10 10:15 16040 -c--a-w- c:\program files\Lexmark 7600 Series\lxdwamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]

2008-11-06 18:20 144608 -c--a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-02-06 22:51 3885408 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance OmniPage 17-reminder]

2008-11-03 15:02 54560 -c--a-w- c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Converter 6-reminder]

2008-11-03 15:02 54560 -c--a-w- c:\program files\Nuance\PDF Converter 6\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF6 Registry Controller]

2009-06-30 20:48 111904 -c--a-w- c:\program files\Nuance\PDF Converter 6\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]

2006-11-16 15:01 35368 -c--a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]

2007-04-17 02:50 49168 -c--a-w- c:\program files\Fingerprint Reader Suite\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2009-07-08 17:31 236016 -c--a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 21:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 13:03 210472 -c--a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Anywhere Backup]

2009-04-17 17:51 197856 -c--a-w- c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Live Sync]

2009-10-23 02:18 1171784 -c--a-w- c:\program files\Windows Live\Sync\WindowsLiveSync.exe

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [10/26/2009 8:50 PM 161800]

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2/11/2010 10:44 PM 64288]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/26/2009 8:50 PM 333192]

R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/26/2009 8:50 PM 360584]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/26/2009 8:50 PM 285392]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]

R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]

R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdwserv.exe [5/16/2008 10:32 AM 98984]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [4/17/2009 12:51 PM 25824]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/11/2010 10:18 PM 1153368]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]

R3 netw5v32;Intel

[ad603ms]

Malwarebytes' Anti-Malware 1.44

Database version: 3739

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2/14/2010 1:29:07 PM

mbam-log-2010-02-14 (13-29-07).txt

Scan type: Quick Scan

Objects scanned: 126756

Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Sunday, February 14, 2010

Operating system: Microsoft Professional (build 7600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Sunday, February 14, 2010 19:25:58

Records in database: 3502396

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

Z:\

Scan statistics:

Objects scanned: 218792

Threats found: 1

Infected objects found: 1

Suspicious objects found: 0

Scan duration: 03:18:45

File name / Threat / Threats count

C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6bd6bfc6-3491a805 Infected: Exploit.OSX.Smid.c 1

Selected area has been scanned.

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

• Click on the update tab then click on Check for updates.
  
• If an update is found, it will download and install the latest version.
  
• Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
  
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
  
• This will start the program and scan your system.
  
• The scan will take a while, so be patient and let it run.
  
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post.
  

[kahdah]

1. Please open Notepad

• Click Start , then Start Search then type in notepad in the Start Search Box then hit Enter.
  

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\users\Michael\AppData\Local\Wcomewejog.dat
c:\users\Michael\AppData\Local\Szeleqeluw.bin
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6bd6bfc6-3491a805

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

• Combofix.txt
  

=============

[ad603ms]

ComboFix 10-02-12.01 - Michael 02/15/2010 15:34:43.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2098 [GMT -5:00]

Running from: c:\users\Michael\Downloads\ComboFix.exe

Command switches used :: c:\users\Michael\Desktop\CFScript.txt

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

FILE ::

"c:\users\Michael\AppData\Local\Szeleqeluw.bin"

"c:\users\Michael\AppData\Local\Wcomewejog.dat"

"c:\users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6bd6bfc6-3491a805"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Michael\AppData\Local\{096C13FA-CD74-4FD9-A5D0-AD03A57C6A43}

c:\users\Michael\AppData\Local\{096C13FA-CD74-4FD9-A5D0-AD03A57C6A43}\chrome.manifest

c:\users\Michael\AppData\Local\{096C13FA-CD74-4FD9-A5D0-AD03A57C6A43}\chrome\content\_cfg.js

c:\users\Michael\AppData\Local\{096C13FA-CD74-4FD9-A5D0-AD03A57C6A43}\chrome\content\overlay.xul

c:\users\Michael\AppData\Local\{096C13FA-CD74-4FD9-A5D0-AD03A57C6A43}\install.rdf

c:\users\Michael\AppData\Local\Szeleqeluw.bin

c:\users\Michael\AppData\Local\Wcomewejog.dat

c:\users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6bd6bfc6-3491a805

Z:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-01-15 to 2010-02-15 )))))))))))))))))))))))))))))))

.

2010-02-15 20:40 . 2010-02-15 20:40 -------- d-----w- c:\users\Michael\AppData\Local\temp

2010-02-15 20:40 . 2010-02-15 20:40 -------- dc----w- c:\users\SYSTEM\AppData\Local\temp

2010-02-15 20:40 . 2010-02-15 20:40 -------- dc----w- c:\users\Public\AppData\Local\temp

2010-02-15 20:40 . 2010-02-15 20:40 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2010-02-15 20:40 . 2010-02-15 20:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-02-15 20:33 . 2010-02-15 20:33 -------- d-----w- C:\32788R22FWJFW

2010-02-14 15:32 . 2010-02-14 15:32 -------- dc----w- c:\users\Michael\BACKUP

2010-02-14 14:48 . 2010-02-14 14:48 14160 -c--a-w- c:\users\Michael\QdataOFXLOG.DAT

2010-02-12 03:44 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-02-12 03:44 . 2010-02-12 03:44 862040 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-02-12 03:44 . 2010-02-12 03:44 206944 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll

2010-02-12 03:44 . 2010-02-12 03:44 15880 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe

2010-02-12 03:44 . 2010-02-12 03:44 390288 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll

2010-02-12 03:44 . 2010-02-12 03:44 537576 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll

2010-02-12 03:44 . 2010-02-12 03:44 389784 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2010-02-12 03:44 . 2010-02-12 03:44 163728 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll

2010-02-12 03:43 . 2010-02-12 03:44 6296864 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll

2010-02-12 03:43 . 2010-02-12 03:43 327000 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll

2010-02-12 03:43 . 2010-02-12 03:43 87496 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-02-12 03:43 . 2010-02-12 03:43 933120 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-02-12 03:43 . 2010-02-12 03:43 3803208 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

2010-02-12 03:43 . 2010-02-12 03:43 816784 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-02-12 03:43 . 2010-02-12 03:43 823928 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-02-12 03:43 . 2010-02-12 03:43 1643272 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-02-12 03:43 . 2010-02-12 03:43 788880 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-02-12 03:43 . 2010-02-12 03:43 1181328 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-02-12 03:18 . 2010-02-14 01:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-02-12 03:18 . 2010-02-12 03:19 -------- dc----w- c:\program files\Spybot - Search & Destroy

2010-02-12 03:14 . 2010-02-12 03:14 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2010-02-12 03:14 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe

2010-02-12 03:13 . 2010-02-12 03:13 -------- dc----w- c:\program files\Lavasoft

2010-02-12 02:33 . 2010-02-12 02:33 -------- dc----w- c:\users\Michael\AppData\Roaming\Malwarebytes

2010-02-12 02:33 . 2010-01-07 20:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-12 02:33 . 2010-02-12 02:33 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-12 02:33 . 2010-02-12 02:33 -------- d-----w- c:\programdata\Malwarebytes

2010-02-12 02:33 . 2010-01-07 20:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-08 02:30 . 2010-02-08 02:51 -------- d-----w- c:\programdata\Musicnotes

2010-02-08 02:29 . 2010-02-08 02:29 -------- dc----w- c:\program files\Musicnotes

2010-02-06 02:44 . 2010-02-06 02:44 -------- dc----w- c:\program files\Veetle

2010-02-06 02:14 . 2010-02-06 02:14 388096 -c--a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-02-06 02:14 . 2010-02-06 02:14 -------- dc----w- c:\program files\TrendMicro

2010-02-03 22:14 . 2010-02-08 01:35 -------- d-----w- c:\users\Michael\AppData\Local\Deployment

2010-02-02 21:42 . 2010-02-02 22:21 -------- d-----w- c:\programdata\RetroExp

2010-02-02 16:18 . 2010-02-02 16:18 -------- dc----w- c:\program files\Common Files\Memeo

2010-02-02 16:18 . 2010-02-02 16:18 -------- dc----w- c:\program files\WD

2010-02-02 16:18 . 2010-02-02 16:18 20975272 -c--a-w- c:\users\Michael\AppData\Roaming\WD\WD Anywhere Backup\temp\5484_wd_ab_ALL_IN_ONE_setup.exe

2010-02-01 22:39 . 2010-02-02 21:39 -------- d-----r- c:\windows\system32\config\systemprofile\Podcasts

2010-02-01 19:22 . 2010-02-01 19:29 -------- d-----w- c:\programdata\MemeoCommon

2010-02-01 19:16 . 2010-02-01 19:16 -------- dc----w- c:\users\Michael\AppData\Roaming\WD

2010-02-01 19:16 . 2010-02-01 19:16 -------- dc----w- c:\users\Michael\AppData\Roaming\Memeo

2010-02-01 19:04 . 2010-02-01 19:04 -------- dc----w- c:\program files\Memeo

2010-02-01 19:03 . 2010-02-01 19:04 -------- dc----w- c:\program files\Common Files\eSellerate

2010-02-01 19:02 . 2010-02-01 19:02 -------- dc----w- c:\program files\Western Digital Corporation

2010-02-01 19:02 . 2010-02-01 19:02 -------- dc----w- c:\program files\Western Digital

2010-01-31 22:57 . 2010-01-31 22:36 0 -c--a-w- c:\users\Michael\AppData\Roaming\Thunderbird\Profiles\4lgj8o0n.default\Mail\Local Folders\Trash.sbd\RSS Feeds.sbd\RealCajunRecipes.com

2010-01-31 22:57 . 2010-01-31 22:57 0 -c--a-w- c:\users\Michael\AppData\Roaming\Thunderbird\Profiles\4lgj8o0n.default\Mail\pop.bellsouth.net\RSS Feeds.sbd\RealCajunRecipes.com

2010-01-30 19:00 . 2008-01-30 21:36 90112 ----a-w- c:\windows\unvise32.exe

2010-01-30 19:00 . 2010-01-30 19:00 -------- dc----w- c:\users\Michael\AppData\Roaming\Quicken WillMaker

2010-01-30 19:00 . 2010-01-30 19:00 -------- dc----w- c:\program files\Quicken WillMaker Plus 2010

2010-01-30 18:59 . 2010-01-30 18:59 -------- dc----w- c:\program files\Educated Investor

2010-01-30 18:46 . 2010-01-30 18:46 7410688 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll

2010-01-30 18:45 . 2010-01-30 18:45 7032320 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll

2010-01-30 18:45 . 2010-01-30 18:45 6301696 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll

2010-01-30 18:44 . 2010-01-30 18:44 2776576 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll

2010-01-30 18:44 . 2010-01-30 18:44 241512 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE

2010-01-30 18:44 . 2010-01-30 18:44 230752 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll

2010-01-30 18:44 . 2010-01-30 18:44 956 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd

2010-01-30 18:43 . 2010-01-13 15:30 4199784 ----a-w- c:\windows\system32\cdintf400.dll

2010-01-30 18:43 . 2010-01-13 15:27 26472 -c--a-w- c:\programdata\Intuit\Quicken\Sku\RPM\Custom\billmind.exe

2010-01-30 18:43 . 2010-01-13 15:27 26472 -c--a-w- c:\programdata\Intuit\Quicken\Sku\Premier\Custom\billmind.exe

2010-01-30 18:43 . 2010-01-13 15:27 26472 -c--a-w- c:\programdata\Intuit\Quicken\Sku\Hab\Custom\billmind.exe

2010-01-30 01:24 . 2010-01-30 01:24 -------- dc----w- c:\program files\Stylet Click & Term 1.0

2010-01-29 01:49 . 2010-01-20 17:17 52224 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\FFExternalAlert.dll

2010-01-29 01:49 . 2010-01-20 17:17 101376 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\RadioWMPCore.dll

2010-01-27 22:48 . 2010-01-27 22:48 -------- dc----r- c:\users\Michael\Podcasts

2010-01-27 22:33 . 2010-01-27 22:33 547840 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2010-01-26 20:49 . 2010-01-27 01:45 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-01-26 20:49 . 2010-01-27 01:45 2614272 ----a-w- c:\windows\explorer.exe

2010-01-24 16:10 . 2010-01-21 22:10 52224 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll

2010-01-24 16:10 . 2010-01-21 22:10 101376 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll

2010-01-24 16:10 . 2010-01-05 20:57 545280 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe

2010-01-24 16:10 . 2010-01-05 20:57 344064 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

2010-01-24 16:10 . 2010-01-05 20:57 153600 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

2010-01-24 16:10 . 2010-01-05 20:57 103424 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\libs\pixomatic.dll

2010-01-24 16:10 . 2010-01-05 20:57 57856 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

2010-01-24 16:10 . 2010-01-05 20:57 4725760 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\libs\cooliris192.dll

2010-01-21 20:53 . 2010-01-21 21:03 977920 ----a-w- c:\windows\system32\wininet.dll

2010-01-17 22:16 . 2010-01-17 22:16 -------- d-----w- c:\windows\Sun

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-15 19:58 . 2009-10-26 23:33 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2010-02-15 19:58 . 2009-10-26 23:52 56680 ----a-w- c:\windows\system32\rpcnet.dll

2010-02-15 01:40 . 2009-05-14 17:22 -------- dc----w- c:\programdata\Lx_cats

2010-02-15 01:30 . 2009-10-27 00:57 28029 ----a-w- c:\programdata\nvModes.dat

2010-02-14 16:05 . 2008-03-17 22:27 -------- dc----w- c:\users\Michael\AppData\Roaming\U3

2010-02-13 20:29 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-02-12 03:13 . 2008-02-23 02:19 -------- dc----w- c:\programdata\Lavasoft

2010-02-11 03:15 . 2009-10-26 23:34 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2010-02-08 02:30 . 2009-10-27 01:02 143416 ----a-w- c:\users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-08 01:42 . 2008-02-23 15:45 -------- dc----w- c:\program files\Yahoo!

2010-02-07 19:56 . 2010-01-11 00:54 -------- dc----w- c:\users\Michael\AppData\Roaming\DYMO Stamps

2010-02-07 19:53 . 2008-02-20 23:54 -------- dc----w- c:\program files\DYMO Label

2010-02-07 19:44 . 2009-10-27 01:50 -------- d-----w- c:\programdata\avg9

2010-02-06 23:11 . 2008-02-22 00:44 -------- dc----w- c:\program files\RockStar Recipes

2010-02-02 22:59 . 2008-02-20 01:13 -------- dc-h--w- c:\program files\InstallShield Installation Information

2010-02-01 22:17 . 2008-02-23 02:19 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard

2010-02-01 01:56 . 2009-12-14 00:53 -------- dc----w- c:\program files\Mozilla Thunderbird

2010-01-30 18:43 . 2008-02-23 14:10 -------- dc----w- c:\program files\Quicken

2010-01-27 22:40 . 2008-02-20 00:57 -------- dc----w- c:\program files\Zune

2010-01-27 21:42 . 2010-01-27 21:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf

2010-01-27 21:42 . 2010-01-27 21:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf

2010-01-20 20:07 . 2008-03-03 23:42 -------- dc----w- c:\program files\Microsoft Silverlight

2010-01-17 23:01 . 2008-02-19 19:18 -------- dc----w- c:\program files\Common Files\Adobe

2010-01-17 20:09 . 2008-02-25 22:21 -------- dc----w- c:\users\Michael\AppData\Roaming\LimeWire

2010-01-17 01:09 . 2009-12-04 01:18 -------- dc----w- c:\program files\SopCast

2010-01-16 19:55 . 2008-02-21 00:39 -------- dc----w- c:\users\Michael\AppData\Roaming\uTorrent

2010-01-13 15:26 . 2010-01-13 15:26 91 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\Pnf\Pas\reg.bat

2010-01-13 03:14 . 2010-01-13 00:33 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-01-13 03:14 . 2010-01-13 00:33 108544 ----a-w- c:\windows\system32\t2embed.dll

2010-01-11 00:53 . 2008-03-23 17:31 -------- dc----w- c:\program files\DYMO Stamps

2010-01-09 13:13 . 2010-01-09 13:13 -------- dc----w- c:\program files\DataVault

2010-01-07 19:38 . 2010-01-07 19:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe

2010-01-07 19:22 . 2010-01-07 19:22 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll

2010-01-07 19:22 . 2010-01-07 19:22 70656 ----a-w- c:\windows\system32\ZuneIPTransport.dll

2010-01-07 19:22 . 2010-01-07 19:22 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll

2010-01-07 19:22 . 2010-01-07 19:22 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll

2010-01-07 19:22 . 2010-01-07 19:22 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll

2010-01-07 19:22 . 2010-01-07 19:22 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll

2010-01-07 19:22 . 2010-01-07 19:22 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll

2009-12-23 17:31 . 2009-12-23 17:29 -------- dc----w- c:\users\SYSTEM\AppData\Roaming\7600 Series

2009-12-23 17:31 . 2009-05-14 18:12 -------- dc----w- c:\program files\Lexmark 7600 Series

2009-12-23 17:29 . 2009-12-23 17:28 -------- dc----w- c:\users\SYSTEM\AppData\Roaming\Coverpgs

2009-12-21 02:59 . 2009-12-19 20:55 -------- dc----w- c:\program files\Recovery Toolbox for Outlook

2009-12-20 20:24 . 2009-07-14 04:52 -------- dc----w- c:\program files\MSBuild

2009-12-19 21:17 . 2008-02-20 23:12 -------- dc----w- c:\program files\Google

2009-12-19 16:08 . 2008-02-23 01:47 -------- dc----w- c:\program files\Microsoft Works

2009-12-14 19:15 . 2009-12-14 19:15 2146304 -c--a-w- c:\windows\system32\GPhotos.scr

2009-12-13 22:42 . 2009-12-13 22:42 2048 ----a-w- c:\windows\system32\tzres.dll

2009-12-02 03:28 . 2009-12-02 03:28 2274619 ----a-w- c:\programdata\SPL2D22.tmp

2009-07-22 17:54 . 2009-07-22 17:53 7929 -csha-r- c:\program files\uninstall.log

2007-01-26 21:10 . 2008-10-29 20:52 69632 -c--a-w- c:\program files\mozilla firefox\plugins\Application.DYMOAddIn.dll

2006-06-16 01:33 . 2008-03-07 13:21 233472 -c--a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll

2006-05-25 23:43 . 2008-03-07 13:21 204895 -c--a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll

2005-09-29 19:41 . 2008-03-07 13:21 77824 -c--a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll

2006-06-19 18:10 . 2008-03-07 13:21 426081 -c--a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll

2005-02-02 17:19 . 2008-03-07 13:21 458752 -c--a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll

2004-11-06 06:51 . 2008-10-29 20:52 3584 -c--a-w- c:\program files\mozilla firefox\plugins\Interop.AddrFx32COM.dll

2004-02-12 22:03 . 2008-10-29 20:52 7168 -c--a-w- c:\program files\mozilla firefox\plugins\Interop.Dymo.dll

2005-10-08 02:14 . 2008-10-29 20:52 4096 -c--a-w- c:\program files\mozilla firefox\plugins\Interop.DymoActFieldFormatter.dll

2004-08-04 08:56 . 2008-10-29 20:52 11776 -c--a-w- c:\program files\mozilla firefox\plugins\Interop.StdType.dll

2006-04-10 23:35 . 2008-03-07 13:21 139264 -c--a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll

2005-11-09 16:10 . 2008-03-07 13:21 204800 -c--a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll

2005-11-09 16:42 . 2008-03-07 13:21 106496 -c--a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll

2006-01-04 16:22 . 2008-03-07 13:21 212992 -c--a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll

2006-01-04 16:21 . 2008-03-07 13:21 167936 -c--a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll

2008-03-07 13:21 . 2008-03-07 13:21 76 --sha-r- c:\windows\CT4CET.bin

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-11-18 16:58 333192 -c--a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-10-16 17:13 1115392 -c--a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-09-10 20:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-09-10 20:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-14 1688872]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-03 13552160]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-03 92704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-03 96800]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2009-06-13 55808]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-11 46632]

"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2008-09-10 676520]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-11 30248]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"PDF5 Registry Controller"="c:\program files\Nuance\PDF Create 5\RegistryController.exe" [2008-12-13 58656]

"PDFHook"="c:\program files\Nuance\PDF Create 5\pdfcreate5hook.exe" [2009-04-10 1277952]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-15 198160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-12-28 22486]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-26 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-04-17 03:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]

backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup

backupExtension=.CommonStartup

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LaunchU3.exe.lnk]

backup=c:\windows\pss\LaunchU3.exe.lnk.CommonStartup

backupExtension=.CommonStartup

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk

[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]

path=c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk

backup=c:\windows\pss\Yahoo! Widgets.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 13:58 40368 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DYMOFileMonitor]

2008-05-16 17:04 196608 -c--a-w- c:\program files\DYMO File\DYMOFileMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DymoQuickPrint]

2009-06-13 04:10 1882360 -c--a-w- c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 7600 Series Fax Server]

2008-09-10 10:15 311976 -c--a-w- c:\program files\Lexmark 7600 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdwamon]

2008-09-10 10:15 16040 -c--a-w- c:\program files\Lexmark 7600 Series\lxdwamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]

2008-11-06 18:20 144608 -c--a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-02-06 22:51 3885408 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance OmniPage 17-reminder]

2008-11-03 15:02 54560 -c--a-w- c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Converter 6-reminder]

2008-11-03 15:02 54560 -c--a-w- c:\program files\Nuance\PDF Converter 6\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF6 Registry Controller]

2009-06-30 20:48 111904 -c--a-w- c:\program files\Nuance\PDF Converter 6\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]

2006-11-16 15:01 35368 -c--a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]

2007-04-17 02:50 49168 -c--a-w- c:\program files\Fingerprint Reader Suite\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2009-07-08 17:31 236016 -c--a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 21:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 13:03 210472 -c--a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Anywhere Backup]

2009-04-17 17:51 197856 -c--a-w- c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Live Sync]

2009-10-23 02:18 1171784 -c--a-w- c:\program files\Windows Live\Sync\WindowsLiveSync.exe

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [10/26/2009 8:50 PM 161800]

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2/11/2010 10:44 PM 64288]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/26/2009 8:50 PM 333192]

R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/26/2009 8:50 PM 360584]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/26/2009 8:50 PM 285392]

R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]

R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdwserv.exe [5/16/2008 10:32 AM 98984]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [4/17/2009 12:51 PM 25824]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/11/2010 10:18 PM 1153368]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\netw5v32.sys [6/10/2009 4:18 PM 4231168]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam.sys [7/10/2008 2:47 PM 11520]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [9/28/2009 9:22 AM 315392]

S2 gupdate1c9a4b67d3f4703;Google Update Service (gupdate1c9a4b67d3f4703);c:\program files\Google\Update\GoogleUpdate.exe [3/14/2009 10:06 AM 133104]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]

S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [5/28/2009 6:08 AM 55280]

S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 5:08 PM 533360]

.

Contents of the 'Scheduled Tasks' folder

2010-02-15 c:\windows\Tasks\Ad-Aware Update (Daily 1).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:43]

2010-02-15 c:\windows\Tasks\Ad-Aware Update (Daily 2).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:43]

2010-02-15 c:\windows\Tasks\Ad-Aware Update (Daily 3).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:43]

2010-02-15 c:\windows\Tasks\Ad-Aware Update (Daily 4).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:43]

2010-02-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:43]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 15:06]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 15:06]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://att.my.yahoo.com/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Converter 6\cnvres_eng.dll /100

IE: Save to DataVault - file://c:\program files\DataVault\iemenuext.htm

Trusted Zone: endicia.com\www

Trusted Zone: jamorama.com\www

Trusted Zone: motive.com\pattta.att

Trusted Zone: motive.com\patttbc.att

Trusted Zone: turbotax.com

DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\

FF - prefs.js: browser.search.defaulturl - 4.6.6.2

FF - prefs.js: browser.search.selectedEngine - 4.6.6.2

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT649865&SearchSource=13

FF - prefs.js: keyword.URL - 4.6.6.2

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll

FF - component: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll

FF - component: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll

FF - component: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

FF - component: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\FFExternalAlert.dll

FF - component: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\RadioWMPCore.dll

FF - component: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\Musicnotes\npmusicn.dll

FF - plugin: c:\program files\Musicnotes\NPSibelius.dll

FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll

FF - plugin: c:\program files\Veetle\Player\npvlc.dll

FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Michael\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\users\Michael\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.search.defaultenginename - 4.6.6.2

FF - user.js: browser.search.defaulturl - 4.6.6.2

FF - user.js: browser.search.selectedEngine - 4.6.6.2

FF - user.js: keyword.URL - 4.6.6.2

FF - user.js: keyword.enabled - true

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(512)

c:\windows\system32\psqlpwd.DLL

c:\program files\Fingerprint Reader Suite\homefus2.dll

c:\program files\Fingerprint Reader Suite\infra.dll

.

Completion time: 2010-02-15 15:42:32

ComboFix-quarantined-files.txt 2010-02-15 20:42

ComboFix2.txt 2010-02-13 20:48

Pre-Run: 119,550,291,968 bytes free

Post-Run: 119,643,062,272 bytes free

- - End Of File - - 9542A918E522D85F04D2BEAF7FE48947

1. Please open Notepad

• Click Start , then Start Search then type in notepad in the Start Search Box then hit Enter.
  

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\users\Michael\AppData\Local\Wcomewejog.dat
c:\users\Michael\AppData\Local\Szeleqeluw.bin
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6bd6bfc6-3491a805

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

• Combofix.txt
  

=============

[kahdah]

Great how are things running?

Please post a new DDs log please.

[ad603ms]

So far, so good. No redirects and no Pakes.AW notifications. DDS log follows:

DDS (Ver_09-12-01.01) - NTFSx86

Run by Michael at 20:54:35.94 on Mon 02/15/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.1895 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Fingerprint Reader Suite\upeksvr.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdwserv.exe

C:\Windows\system32\lxdwcoms.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\DYMO\DYMO Label Software\DLSService.exe

C:\Program Files\Lexmark 7600 Series\lxdwmon.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Nuance\PDF Create 5\PdfCreate5Hook.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\ProgramData\U3\U3Launcher\LaunchU3.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\rpcnet.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Zune\ZuneNss.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Windows Media Player\wmprph.exe

C:\Windows\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Michael\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll

BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll

TB: DataVault Bar: {0d792cb2-2654-4e99-a597-7fc317f04d61} - c:\program files\datavault\ie.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

mRun: [DLSService] "c:\program files\dymo\dymo label software\DLSService.exe"

mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"

mRun: [lxdwmon.exe] "c:\program files\lexmark 7600 series\lxdwmon.exe"

mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf create 5\RegistryController.exe

mRun: [PDFHook] c:\program files\nuance\pdf create 5\pdfcreate5hook.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Open with Nuance PDF Converter 6.0 - c:\program files\nuance\pdf converter 6\cnvres_eng.dll /100

IE: Save to DataVault - file://c:\program files\datavault\iemenuext.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: endicia.com\www

Trusted Zone: jamorama.com\www

Trusted Zone: motive.com\pattta.att

Trusted Zone: motive.com\patttbc.att

Trusted Zone: turbotax.com

DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll

Notify: psfus - c:\windows\system32\psqlpwd.dll

AppInit_DLLs: c:\windows\system32\avgrsstx.dll

LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\

FF - prefs.js: browser.search.defaulturl - 4.6.6.2

FF - prefs.js: browser.search.selectedEngine - 4.6.6.2

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT649865&SearchSource=13

FF - prefs.js: keyword.URL - 4.6.6.2

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll

FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll

FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll

FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll

FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\FFExternalAlert.dll

FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\RadioWMPCore.dll

FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\musicnotes\npmusicn.dll

FF - plugin: c:\program files\musicnotes\NPSibelius.dll

FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\michael\appdata\roaming\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\9tkheovi.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\users\michael\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: browser.search.defaultenginename - 4.6.6.2

FF - user.js: browser.search.defaulturl - 4.6.6.2

FF - user.js: browser.search.selectedEngine - 4.6.6.2

FF - user.js: keyword.URL - 4.6.6.2

FF - user.js: keyword.enabled - true

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-10-26 161800]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-11 64288]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-26 333192]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-26 28424]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-26 360584]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-26 285392]

R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]

R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [2008-5-16 98984]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2009-4-17 25824]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-11 1153368]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]

S2 gupdate1c9a4b67d3f4703;Google Update Service (gupdate1c9a4b67d3f4703);c:\program files\google\update\GoogleUpdate.exe [2009-3-14 133104]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-5-28 55280]

S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-7-10 11520]

=============== Created Last 30 ================

2010-02-15 20:42:35 0 d-sh--w- C:\$RECYCLE.BIN

2010-02-15 20:33:51 0 d-----w- C:\ComboFix

2010-02-15 01:34:42 69 ----a-w- c:\windows\NeroDigital.ini

2010-02-14 15:32:18 0 dc----w- c:\users\michael\BACKUP

2010-02-14 14:48:20 14160 -c--a-w- c:\users\michael\QdataOFXLOG.DAT

2010-02-13 20:32:51 98816 ----a-w- c:\windows\sed.exe

2010-02-13 20:32:51 77312 ----a-w- c:\windows\MBR.exe

2010-02-13 20:32:51 261632 ----a-w- c:\windows\PEV.exe

2010-02-13 20:32:51 161792 ----a-w- c:\windows\SWREG.exe

2010-02-12 23:27:12 0 -c--a-w- c:\users\michael\defogger_reenable

2010-02-12 03:44:22 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-02-12 03:18:10 0 dc----w- c:\program files\Spybot - Search & Destroy

2010-02-12 03:18:10 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-02-12 03:14:05 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2010-02-12 03:13:52 0 dc----w- c:\program files\Lavasoft

2010-02-12 02:33:14 0 dc----w- c:\users\michael\appdata\roaming\Malwarebytes

2010-02-12 02:33:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-12 02:33:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-12 02:33:07 0 dc----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-12 02:33:07 0 d-----w- c:\programdata\Malwarebytes

2010-02-11 00:35:29 524288 --sha-w- c:\users\michael\ntuser.dat{49c29523-16a5-11df-b8cb-001e4ce1ecfe}.TMContainer00000000000000000002.regtrans-ms

2010-02-11 00:35:29 524288 --sha-w- c:\users\michael\ntuser.dat{49c29523-16a5-11df-b8cb-001e4ce1ecfe}.TMContainer00000000000000000001.regtrans-ms

2010-02-11 00:35:28 65536 --sha-w- c:\users\michael\ntuser.dat{49c29523-16a5-11df-b8cb-001e4ce1ecfe}.TM.blf

2010-02-10 01:52:39 65536 --sha-w- c:\users\michael\ntuser.dat{d9f03683-15e6-11df-914d-001e4ce1ecfe}.TM.blf

2010-02-10 01:52:39 524288 --sha-w- c:\users\michael\ntuser.dat{d9f03683-15e6-11df-914d-001e4ce1ecfe}.TMContainer00000000000000000002.regtrans-ms

2010-02-10 01:52:39 524288 --sha-w- c:\users\michael\ntuser.dat{d9f03683-15e6-11df-914d-001e4ce1ecfe}.TMContainer00000000000000000001.regtrans-ms

2010-02-08 02:30:02 0 d-----w- c:\programdata\Musicnotes

2010-02-08 02:29:12 0 dc----w- c:\program files\Musicnotes

2010-02-07 18:47:00 61116576 -c--a-w- c:\users\michael\Qdata.QDF

2010-02-06 02:44:51 0 dc----w- c:\program files\Veetle

2010-02-06 02:14:56 0 dc----w- c:\program files\TrendMicro

2010-02-02 21:42:23 0 d-----w- c:\programdata\RetroExp

2010-02-02 16:18:49 0 dc----w- c:\program files\common files\Memeo

2010-02-02 16:18:48 0 dc----w- c:\program files\WD

2010-02-01 19:22:36 0 d-----w- c:\programdata\MemeoCommon

2010-02-01 19:16:30 0 dc----w- c:\users\michael\appdata\roaming\WD

2010-02-01 19:16:30 0 dc----w- c:\users\michael\appdata\roaming\Memeo

2010-02-01 19:04:37 0 dc----w- c:\program files\Memeo

2010-02-01 19:03:15 0 dc----w- c:\program files\common files\eSellerate

2010-02-01 19:02:30 0 dc----w- c:\program files\Western Digital Corporation

2010-02-01 19:02:09 0 dc----w- c:\program files\Western Digital

2010-01-30 19:00:55 90112 ----a-w- c:\windows\unvise32.exe

2010-01-30 19:00:54 0 dc----w- c:\users\michael\appdata\roaming\Quicken WillMaker

2010-01-30 19:00:51 0 dc----w- c:\program files\Quicken WillMaker Plus 2010

2010-01-30 18:59:54 0 dc----w- c:\program files\Educated Investor

2010-01-30 18:43:58 4199784 ----a-w- c:\windows\system32\cdintf400.dll

2010-01-30 01:24:58 0 dc----w- c:\program files\Stylet Click & Term 1.0

2010-01-27 22:48:14 0 dc----r- c:\users\michael\Podcasts

2010-01-27 22:33:49 547840 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2010-01-27 21:42:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf

2010-01-27 21:42:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf

2010-01-26 20:49:58 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-01-26 20:49:58 2614272 ----a-w- c:\windows\explorer.exe

2010-01-21 20:53:52 977920 ----a-w- c:\windows\system32\wininet.dll

==================== Find3M ====================

2010-02-15 19:58:26 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2010-02-15 19:58:24 56680 ----a-w- c:\windows\system32\rpcnet.dll

2010-02-15 01:30:42 28029 ----a-w- c:\programdata\nvModes.dat

2010-02-13 20:29:24 21584 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-02-11 03:15:01 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2010-01-13 03:14:21 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-01-13 03:14:21 108544 ----a-w- c:\windows\system32\t2embed.dll

2010-01-07 19:38:18 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe

2010-01-07 19:22:04 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll

2010-01-07 19:22:04 70656 ----a-w- c:\windows\system32\ZuneIPTransport.dll

2010-01-07 19:22:04 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll

2010-01-07 19:22:04 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll

2010-01-07 19:22:04 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll

2010-01-07 19:22:04 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll

2010-01-07 19:22:04 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll

2009-12-14 19:15:14 2146304 -c--a-w- c:\windows\system32\GPhotos.scr

2009-12-13 22:42:52 2048 ----a-w- c:\windows\system32\tzres.dll

2009-07-22 17:54:15 7929 -csha-r- c:\program files\uninstall.log

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2008-03-07 13:21:35 76 --sha-r- c:\windows\CT4CET.bin

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:54:53.11 ===============

ComboFix 10-02-12.01 - Michael 02/15/2010 15:34:43.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2098 [GMT -5:00]

Running from: c:\users\Michael\Downloads\ComboFix.exe

Command switches used :: c:\users\Michael\Desktop\CFScript.txt

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

FILE ::

"c:\users\Michael\AppData\Local\Szeleqeluw.bin"

"c:\users\Michael\AppData\Local\Wcomewejog.dat"

"c:\users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6bd6bfc6-3491a805"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Michael\AppData\Local\{096C13FA-CD74-4FD9-A5D0-AD03A57C6A43}

c:\users\Michael\AppData\Local\{096C13FA-CD74-4FD9-A5D0-AD03A57C6A43}\chrome.manifest

c:\users\Michael\AppData\Local\{096C13FA-CD74-4FD9-A5D0-AD03A57C6A43}\chrome\content\_cfg.js

c:\users\Michael\AppData\Local\{096C13FA-CD74-4FD9-A5D0-AD03A57C6A43}\chrome\content\overlay.xul

c:\users\Michael\AppData\Local\{096C13FA-CD74-4FD9-A5D0-AD03A57C6A43}\install.rdf

c:\users\Michael\AppData\Local\Szeleqeluw.bin

c:\users\Michael\AppData\Local\Wcomewejog.dat

c:\users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6bd6bfc6-3491a805

Z:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-01-15 to 2010-02-15 )))))))))))))))))))))))))))))))

.

2010-02-15 20:40 . 2010-02-15 20:40 -------- d-----w- c:\users\Michael\AppData\Local\temp

2010-02-15 20:40 . 2010-02-15 20:40 -------- dc----w- c:\users\SYSTEM\AppData\Local\temp

2010-02-15 20:40 . 2010-02-15 20:40 -------- dc----w- c:\users\Public\AppData\Local\temp

2010-02-15 20:40 . 2010-02-15 20:40 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2010-02-15 20:40 . 2010-02-15 20:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-02-15 20:33 . 2010-02-15 20:33 -------- d-----w- C:\32788R22FWJFW

2010-02-14 15:32 . 2010-02-14 15:32 -------- dc----w- c:\users\Michael\BACKUP

2010-02-14 14:48 . 2010-02-14 14:48 14160 -c--a-w- c:\users\Michael\QdataOFXLOG.DAT

2010-02-12 03:44 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-02-12 03:44 . 2010-02-12 03:44 862040 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-02-12 03:44 . 2010-02-12 03:44 206944 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll

2010-02-12 03:44 . 2010-02-12 03:44 15880 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe

2010-02-12 03:44 . 2010-02-12 03:44 390288 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll

2010-02-12 03:44 . 2010-02-12 03:44 537576 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll

2010-02-12 03:44 . 2010-02-12 03:44 389784 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2010-02-12 03:44 . 2010-02-12 03:44 163728 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll

2010-02-12 03:43 . 2010-02-12 03:44 6296864 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll

2010-02-12 03:43 . 2010-02-12 03:43 327000 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll

2010-02-12 03:43 . 2010-02-12 03:43 87496 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-02-12 03:43 . 2010-02-12 03:43 933120 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-02-12 03:43 . 2010-02-12 03:43 3803208 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

2010-02-12 03:43 . 2010-02-12 03:43 816784 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-02-12 03:43 . 2010-02-12 03:43 823928 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-02-12 03:43 . 2010-02-12 03:43 1643272 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-02-12 03:43 . 2010-02-12 03:43 788880 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-02-12 03:43 . 2010-02-12 03:43 1181328 -c--a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-02-12 03:18 . 2010-02-14 01:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-02-12 03:18 . 2010-02-12 03:19 -------- dc----w- c:\program files\Spybot - Search & Destroy

2010-02-12 03:14 . 2010-02-12 03:14 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2010-02-12 03:14 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe

2010-02-12 03:13 . 2010-02-12 03:13 -------- dc----w- c:\program files\Lavasoft

2010-02-12 02:33 . 2010-02-12 02:33 -------- dc----w- c:\users\Michael\AppData\Roaming\Malwarebytes

2010-02-12 02:33 . 2010-01-07 20:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-12 02:33 . 2010-02-12 02:33 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-12 02:33 . 2010-02-12 02:33 -------- d-----w- c:\programdata\Malwarebytes

2010-02-12 02:33 . 2010-01-07 20:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-08 02:30 . 2010-02-08 02:51 -------- d-----w- c:\programdata\Musicnotes

2010-02-08 02:29 . 2010-02-08 02:29 -------- dc----w- c:\program files\Musicnotes

2010-02-06 02:44 . 2010-02-06 02:44 -------- dc----w- c:\program files\Veetle

2010-02-06 02:14 . 2010-02-06 02:14 388096 -c--a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-02-06 02:14 . 2010-02-06 02:14 -------- dc----w- c:\program files\TrendMicro

2010-02-03 22:14 . 2010-02-08 01:35 -------- d-----w- c:\users\Michael\AppData\Local\Deployment

2010-02-02 21:42 . 2010-02-02 22:21 -------- d-----w- c:\programdata\RetroExp

2010-02-02 16:18 . 2010-02-02 16:18 -------- dc----w- c:\program files\Common Files\Memeo

2010-02-02 16:18 . 2010-02-02 16:18 -------- dc----w- c:\program files\WD

2010-02-02 16:18 . 2010-02-02 16:18 20975272 -c--a-w- c:\users\Michael\AppData\Roaming\WD\WD Anywhere Backup\temp\5484_wd_ab_ALL_IN_ONE_setup.exe

2010-02-01 22:39 . 2010-02-02 21:39 -------- d-----r- c:\windows\system32\config\systemprofile\Podcasts

2010-02-01 19:22 . 2010-02-01 19:29 -------- d-----w- c:\programdata\MemeoCommon

2010-02-01 19:16 . 2010-02-01 19:16 -------- dc----w- c:\users\Michael\AppData\Roaming\WD

2010-02-01 19:16 . 2010-02-01 19:16 -------- dc----w- c:\users\Michael\AppData\Roaming\Memeo

2010-02-01 19:04 . 2010-02-01 19:04 -------- dc----w- c:\program files\Memeo

2010-02-01 19:03 . 2010-02-01 19:04 -------- dc----w- c:\program files\Common Files\eSellerate

2010-02-01 19:02 . 2010-02-01 19:02 -------- dc----w- c:\program files\Western Digital Corporation

2010-02-01 19:02 . 2010-02-01 19:02 -------- dc----w- c:\program files\Western Digital

2010-01-31 22:57 . 2010-01-31 22:36 0 -c--a-w- c:\users\Michael\AppData\Roaming\Thunderbird\Profiles\4lgj8o0n.default\Mail\Local Folders\Trash.sbd\RSS Feeds.sbd\RealCajunRecipes.com

2010-01-31 22:57 . 2010-01-31 22:57 0 -c--a-w- c:\users\Michael\AppData\Roaming\Thunderbird\Profiles\4lgj8o0n.default\Mail\pop.bellsouth.net\RSS Feeds.sbd\RealCajunRecipes.com

2010-01-30 19:00 . 2008-01-30 21:36 90112 ----a-w- c:\windows\unvise32.exe

2010-01-30 19:00 . 2010-01-30 19:00 -------- dc----w- c:\users\Michael\AppData\Roaming\Quicken WillMaker

2010-01-30 19:00 . 2010-01-30 19:00 -------- dc----w- c:\program files\Quicken WillMaker Plus 2010

2010-01-30 18:59 . 2010-01-30 18:59 -------- dc----w- c:\program files\Educated Investor

2010-01-30 18:46 . 2010-01-30 18:46 7410688 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll

2010-01-30 18:45 . 2010-01-30 18:45 7032320 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll

2010-01-30 18:45 . 2010-01-30 18:45 6301696 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll

2010-01-30 18:44 . 2010-01-30 18:44 2776576 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll

2010-01-30 18:44 . 2010-01-30 18:44 241512 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE

2010-01-30 18:44 . 2010-01-30 18:44 230752 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll

2010-01-30 18:44 . 2010-01-30 18:44 956 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd

2010-01-30 18:43 . 2010-01-13 15:30 4199784 ----a-w- c:\windows\system32\cdintf400.dll

2010-01-30 18:43 . 2010-01-13 15:27 26472 -c--a-w- c:\programdata\Intuit\Quicken\Sku\RPM\Custom\billmind.exe

2010-01-30 18:43 . 2010-01-13 15:27 26472 -c--a-w- c:\programdata\Intuit\Quicken\Sku\Premier\Custom\billmind.exe

2010-01-30 18:43 . 2010-01-13 15:27 26472 -c--a-w- c:\programdata\Intuit\Quicken\Sku\Hab\Custom\billmind.exe

2010-01-30 01:24 . 2010-01-30 01:24 -------- dc----w- c:\program files\Stylet Click & Term 1.0

2010-01-29 01:49 . 2010-01-20 17:17 52224 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\FFExternalAlert.dll

2010-01-29 01:49 . 2010-01-20 17:17 101376 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}\components\RadioWMPCore.dll

2010-01-27 22:48 . 2010-01-27 22:48 -------- dc----r- c:\users\Michael\Podcasts

2010-01-27 22:33 . 2010-01-27 22:33 547840 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2010-01-26 20:49 . 2010-01-27 01:45 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-01-26 20:49 . 2010-01-27 01:45 2614272 ----a-w- c:\windows\explorer.exe

2010-01-24 16:10 . 2010-01-21 22:10 52224 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll

2010-01-24 16:10 . 2010-01-21 22:10 101376 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll

2010-01-24 16:10 . 2010-01-05 20:57 545280 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe

2010-01-24 16:10 . 2010-01-05 20:57 344064 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

2010-01-24 16:10 . 2010-01-05 20:57 153600 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

2010-01-24 16:10 . 2010-01-05 20:57 103424 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\libs\pixomatic.dll

2010-01-24 16:10 . 2010-01-05 20:57 57856 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

2010-01-24 16:10 . 2010-01-05 20:57 4725760 -c--a-w- c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9tkheovi.default\extensions\piclens@cooliris.com\libs\cooliris192.dll

2010-01-21 20:53 . 2010-01-21 21:03 977920 ----a-w- c:\windows\system32\wininet.dll

2010-01-17 22:16 . 2010-01-17 22:16 -------- d-----w- c:\windows\Sun

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-15 19:58 . 2009-10-26 23:33 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2010-02-15 19:58 . 2009-10-26 23:52 56680 ----a-w- c:\windows\system32\rpcnet.dll

2010-02-15 01:40 . 2009-05-14 17:22 -------- dc----w- c:\programdata\Lx_cats

2010-02-15 01:30 . 2009-10-27 00:57 28029 ----a-w- c:\programdata\nvModes.dat

2010-02-14 16:05 . 2008-03-17 22:27 -------- dc----w- c:\users\Michael\AppData\Roaming\U3

2010-02-13 20:29 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-02-12 03:13 . 2008-02-23 02:19 -------- dc----w- c:\programdata\Lavasoft

2010-02-11 03:15 . 2009-10-26 23:34 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2010-02-08 02:30 . 2009-10-27 01:02 143416 ----a-w- c:\users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-08 01:42 . 2008-02-23 15:45 -------- dc----w- c:\program files\Yahoo!

2010-02-07 19:56 . 2010-01-11 00:54 -------- dc----w- c:\users\Michael\AppData\Roaming\DYMO Stamps

2010-02-07 19:53 . 2008-02-20 23:54 -------- dc----w- c:\program files\DYMO Label

2010-02-07 19:44 . 2009-10-27 01:50 -------- d-----w- c:\programdata\avg9

2010-02-06 23:11 . 2008-02-22 00:44 -------- dc----w- c:\program files\RockStar Recipes

2010-02-02 22:59 . 2008-02-20 01:13 -------- dc-h--w- c:\program files\InstallShield Installation Information

2010-02-01 22:17 . 2008-02-23 02:19 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard

2010-02-01 01:56 . 2009-12-14 00:53 -------- dc----w- c:\program files\Mozilla Thunderbird

2010-01-30 18:43 . 2008-02-23 14:10 -------- dc----w- c:\program files\Quicken

2010-01-27 22:40 . 2008-02-20 00:57 -------- dc----w- c:\program files\Zune

2010-01-27 21:42 . 2010-01-27 21:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf

2010-01-27 21:42 . 2010-01-27 21:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf

2010-01-20 20:07 . 2008-03-03 23:42 -------- dc----w- c:\program files\Microsoft Silverlight

2010-01-17 23:01 . 2008-02-19 19:18 -------- dc----w- c:\program files\Common Files\Adobe

2010-01-17 20:09 . 2008-02-25 22:21 -------- dc----w- c:\users\Michael\AppData\Roaming\LimeWire

2010-01-17 01:09 . 2009-12-04 01:18 -------- dc----w- c:\program files\SopCast

2010-01-16 19:55 . 2008-02-21 00:39 -------- dc----w- c:\users\Michael\AppData\Roaming\uTorrent

2010-01-13 15:26 . 2010-01-13 15:26 91 -c--a-w- c:\programdata\Intuit\Quicken\Inet\Common\Pnf\Pas\reg.bat

2010-01-13 03:14 . 2010-01-13 00:33 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-01-13 03:14 . 2010-01-13 00:33 108544 ----a-w- c:\windows\system32\t2embed.dll

2010-01-11 00:53 . 2008-03-23 17:31 -------- dc----w- c:\program files\DYMO Stamps

2010-01-09 13:13 . 2010-01-09 13:13 -------- dc----w- c:\program files\DataVault

2010-01-07 19:38 . 2010-01-07 19:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe

2010-01-07 19:22 . 2010-01-07 19:22 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll

2010-01-07 19:22 . 2010-01-07 19:22 70656 ----a-w- c:\windows\system32\ZuneIPTransport.dll

2010-01-07 19:22 . 2010-01-07 19:22 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll

2010-01-07 19:22 . 2010-01-07 19:22 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll

2010-01-07 19:22 . 2010-01-07 19:22 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll

2010-01-07 19:22 . 2010-01-07 19:22 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll

2010-01-07 19:22 . 2010-01-07 19:22 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll

2009-12-23 17:31 . 2009-12-23 17:29 -------- dc----w- c:\users\SYSTEM\AppData\Roaming\7600 Series

2009-12-23 17:31 . 2009-05-14 18:12 -------- dc----w- c:\program files\Lexmark 7600 Series

2009-12-23 17:29 . 2009-12-23 17:28 -------- dc----w- c:\users\SYSTEM\AppData\Roaming\Coverpgs

2009-12-21 02:59 . 2009-12-19 20:55 -------- dc----w- c:\program files\Recovery Toolbox for Outlook

2009-12-20 20:24 . 2009-07-14 04:52 -------- dc----w- c:\program files\MSBuild

2009-12-19 21:17 . 2008-02-20 23:12 -------- dc----w- c:\program files\Google

2009-12-19 16:08 . 2008-02-23 01:47 -------- dc----w- c:\program files\Microsoft Works

2009-12-14 19:15 . 2009-12-14 19:15 2146304 -c--a-w- c:\windows\system32\GPhotos.scr

2009-12-13 22:42 . 2009-12-13 22:42 2048 ----a-w- c:\windows\system32\tzres.dll

2009-12-02 03:28 . 2009-12-02 03:28 2274619 ----a-w- c:\programdata\SPL2D22.tmp

2009-07-22 17:54 . 2009-07-22 17:53 7929 -csha-r- c:\program files\uninstall.log

2007-01-26 21:10 . 2008-10-29 20:52 69632 -c--a-w- c:\program files\mozilla firefox\plugins\Application.DYMOAddIn.dll

2006-06-16 01:33 . 2008-03-07 13:21 233472 -c--a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll

2006-05-25 23:43 . 2008-03-07 13:21 204895 -c--a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll

2005-09-29 19:41 . 2008-03-07 13:21 77824 -c--a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll

2006-06-19 18:10 . 2008-03-07 13:21 426081 -c--a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll

2005-02-02 17:19 . 2008-03-07 13:21 458752 -c--a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll

2004-11-06 06:51 . 2008-10-29 20:52 3584 -c--a-w- c:\program files\mozilla firefox\plugins\Interop.AddrFx32COM.dll

2004-02-12 22:03 . 2008-10-29 20:52 7168 -c--a-w- c:\program files\mozilla firefox\plugins\Interop.Dymo.dll

2005-10-08 02:14 . 2008-10-29 20:52 4096 -c--a-w- c:\program files\mozilla firefox\plugins\Interop.DymoActFieldFormatter.dll

2004-08-04 08:56 . 2008-10-29 20:52 11776 -c--a-w- c:\program files\mozilla firefox\plugins\Interop.StdType.dll

2006-04-10 23:35 . 2008-03-07 13:21 139264 -c--a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll

2005-11-09 16:10 . 2008-03-07 13:21 204800 -c--a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll

2005-11-09 16:42 . 2008-03-07 13:21 106496 -c--a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll

2006-01-04 16:22 . 2008-03-07 13:21 212992 -c--a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll

2006-01-04 16:21 . 2008-03-07 13:21 167936 -c--a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll

2008-03-07 13:21 . 2008-03-07 13:21 76 --sha-r- c:\windows\CT4CET.bin

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-11-18 16:58 333192 -c--a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-10-16 17:13 1115392 -c--a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-09-10 20:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-09-10 20:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-14 1688872]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-03 13552160]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-03 92704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-03 96800]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2009-06-13 55808]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-11 46632]

"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2008-09-10 676520]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-11 30248]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"PDF5 Registry Controller"="c:\program files\Nuance\PDF Create 5\RegistryController.exe" [2008-12-13 58656]

"PDFHook"="c:\program files\Nuance\PDF Create 5\pdfcreate5hook.exe" [2009-04-10 1277952]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-15 198160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-12-28 22486]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-26 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-04-17 03:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]

backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup

backupExtension=.CommonStartup

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LaunchU3.exe.lnk]

backup=c:\windows\pss\LaunchU3.exe.lnk.CommonStartup

backupExtension=.CommonStartup

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk

[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]

path=c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk

backup=c:\windows\pss\Yahoo! Widgets.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 13:58 40368 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DYMOFileMonitor]

2008-05-16 17:04 196608 -c--a-w- c:\program files\DYMO File\DYMOFileMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DymoQuickPrint]

2009-06-13 04:10 1882360 -c--a-w- c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 7600 Series Fax Server]

2008-09-10 10:15 311976 -c--a-w- c:\program files\Lexmark 7600 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdwamon]

2008-09-10 10:15 16040 -c--a-w- c:\program files\Lexmark 7600 Series\lxdwamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]

2008-11-06 18:20 144608 -c--a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-02-06 22:51 3885408 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance OmniPage 17-reminder]

2008-11-03 15:02 54560 -c--a-w- c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Converter 6-reminder]

2008-11-03 15:02 54560 -c--a-w- c:\program files\Nuance\PDF Converter 6\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF6 Registry Controller]

2009-06-30 20:48 111904 -c--a-w- c:\program files\Nuance\PDF Converter 6\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]

2006-11-16 15:01 35368 -c--a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]

2007-04-17 02:50 49168 -c--a-w- c:\program files\Fingerprint Reader Suite\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2009-07-08 17:31 236016 -c--a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 21:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 13:03 210472 -c--a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Anywhere Backup]

2009-04-17 17:51 197856 -c--a-w- c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Live Sync]

2009-10-23 02:18 1171784 -c--a-w- c:\program files\Windows Live\Sync\WindowsLiveSync.exe

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [10/26/2009 8:50 PM 161800]

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2/11/2010 10:44 PM 64288]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/26/2009 8:50 PM 333192]

R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/26/2009 8:50 PM 360584]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/26/2009 8:50 PM 285392]

R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]

R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdwserv.exe [5/16/2008 10:32 AM 98984]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [4/17/2009 12:51 PM 25824]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/11/2010 10:18 PM 1153368]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]

R3 netw5v32;Intel

[kahdah]

=======Cleanup=======

• Click START then RUN
  
• Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  
• Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 18...allows end-users to run Java applications".
  
• Click the "Download" button to the right.
  
• Select your Platform: "Windows".
  
• Select your Language: "Multi-language".
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• Click Continue and the page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
  

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set.

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

[ad603ms]

I think that does it. I will make a donation. Thank you very much for your help.

[kahdah]

Thanks for the donation very much appreciated and you are welcome.