Malware: slow computer, not responding messages and redirected google searches

[mdurigan]

Hi,
I have followed all the steps in the malware removal process except the hijackthis.  When I clicked on the link for HJT, it just brought me to a page full of symbols.  I have posted the other two logs from the SuperAnti-Spyware and the mbam.  If anyone knows why the HJT is not working I would really appreciate it.
Thanks so much!

EDIT: I have copied and pasted the logs after reading the post about not attaching them... sorry about that!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/14/2011 at 11:11 PM

Application Version : 4.54.1000

Core Rules Database Version : 7265
Trace Rules Database Version: 5077

Scan type       : Complete Scan
Total Scan Time : 02:07:13

Memory items scanned      : 716
Memory threats detected   : 0
Registry items scanned    : 15079
Registry threats detected : 1
File items scanned        : 188376
File threats detected     : 0

Malware.Trace
   (x86) HKU\S-1-5-21-3516522728-1074828429-1479647880-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6859

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/14/2011 11:22:31 PM
mbam-log-2011-06-14 (23-22-31).txt

Scan type: Quick scan
Objects scanned: 162867
Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\programdata\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur.Gen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{AC5FE949-1AAE-DAEE-CEF7-E39DE3E1E785} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC5FE949-1AAE-DAEE-CEF7-E39DE3E1E785} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AC5FE949-1AAE-DAEE-CEF7-E39DE3E1E785} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{115C27E0-3974-4038-B8E6-33865CAA7A0f} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{115C27E0-3974-4038-B8E6-33865CAA7A0F} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{115C27E0-3974-4038-B8E6-33865CAA7A0F} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{115C27E0-3974-4038-B8E6-33865CAA7A0F} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur.Gen) -> Bad: (C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
   

[recovering disk space - old attachment deleted by admin]

[mdurigan]

I just read the post about not attaching logs sorry! I'll copy and paste the SUPERAnti-spyware log here and put the mbam log in the next reply


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/14/2011 at 11:11 PM

Application Version : 4.54.1000

Core Rules Database Version : 7265
Trace Rules Database Version: 5077

Scan type       : Complete Scan
Total Scan Time : 02:07:13

Memory items scanned      : 716
Memory threats detected   : 0
Registry items scanned    : 15079
Registry threats detected : 1
File items scanned        : 188376
File threats detected     : 0

Malware.Trace
   (x86) HKU\S-1-5-21-3516522728-1074828429-1479647880-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

[mdurigan]

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6859

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/14/2011 11:22:31 PM
mbam-log-2011-06-14 (23-22-31).txt

Scan type: Quick scan
Objects scanned: 162867
Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\programdata\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur.Gen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{AC5FE949-1AAE-DAEE-CEF7-E39DE3E1E785} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC5FE949-1AAE-DAEE-CEF7-E39DE3E1E785} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AC5FE949-1AAE-DAEE-CEF7-E39DE3E1E785} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{115C27E0-3974-4038-B8E6-33865CAA7A0f} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{115C27E0-3974-4038-B8E6-33865CAA7A0F} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{115C27E0-3974-4038-B8E6-33865CAA7A0F} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{115C27E0-3974-4038-B8E6-33865CAA7A0F} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur.Gen) -> Bad: (C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
******************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
******************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

[mdurigan]

Thank you sooo much for your help!!

 Results of screen317's Security Check version 0.99.13 
 Windows 7  (UAC is enabled)
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 McAfee VirusScan Enterprise   
 McAfee Agent     
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Ad-Aware
 Malwarebytes' Anti-Malware   
 Java(TM) 6 Update 26 
Flash Player Out of Date!
 Adobe Flash Player    10.2.152.32 
Adobe Reader 9.2 MUI
Out of date Adobe Reader installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Ad-Aware AAWService.exe
 Ad-Aware AAWTray.exe
 Malwarebytes' Anti-Malware mbamservice.exe 
 Malwarebytes' Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbam.exe 
 McAfee VirusScan Enterprise shstat.exe 
``````````End of Log````````````


.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 1.6.0_26
Run by Meagan at 19:38:40 on 2011-06-15
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3894.1651 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\lxddcoms.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Meagan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\warner bros. digital copy manager\warner bros. digital copy manager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Meagan\Downloads\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gsn.com/
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
mWinlogon: Userinit=userinit.exe,
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: 1e8c8d2e: {ec97d746-1e60-a644-32e6-71cfe38a9d3d} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Meagan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Meagan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Meagan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Meagan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WARNER~1.LNK - C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
uPolicies-explorer: NoLogOff = 1 (0x1)
uPolicies-explorer: NoClose = 1 (0x1)
uPolicies-system: DisableChangePassword = 1 (0x1)
uPolicies-system: DisableLockWorkstation = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: UseDefaultTile = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab
DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab
DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
TCP: Interfaces\{6F13EB45-3292-4B67-8119-8A522FB5A34D} : DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{6F13EB45-3292-4B67-8119-8A522FB5A34D}\44D2C496E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6F13EB45-3292-4B67-8119-8A522FB5A34D}\45F6475637 : DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{6F13EB45-3292-4B67-8119-8A522FB5A34D}\B4B434 : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
BHO-X64:     Freecorder - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: 1e8c8d2e: {EC97D746-1E60-A644-32E6-71CFE38A9D3D} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB-X64: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\hbc3gcv1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Special:Randompage
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: C:\Users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\hbc3gcv1.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCore.dll
FF - component: C:\Users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\hbc3gcv1.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\hbc3gcv1.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: C:\Users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\hbc3gcv1.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - component: C:\Users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\hbc3gcv1.default\extensions\[email protected]\components\RadioWMPCore.dll
FF - component: C:\Users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\hbc3gcv1.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Meagan\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-3-3 89600]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-2-8 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 2151128]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe -service --> C:\Windows\system32\lxddcoms.exe -service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-14 366640]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2010-8-25 20792]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-9-22 103744]
R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2010-8-25 181480]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2010-8-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe --> C:\Windows\system32\mfevtps.exe [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-20 136176]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxddserv.exe [2007-5-25 34224]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-20 136176]
S3 hpdoccardsvc;HP Documention Flash Card Detection Service;C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-3-24 83240]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-06-15 20:56:41   --------   d-----w-   C:\e752f75827fa9336f2ee0f787b109425
2011-06-15 03:38:39   976896   ----a-w-   C:\Windows\System32\inetcomm.dll
2011-06-15 03:38:38   740864   ----a-w-   C:\Windows\SysWow64\inetcomm.dll
2011-06-15 03:31:29   8718160   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A1A62A6-175D-41B4-82BD-CE753941671B}\mpengine.dll
2011-06-15 03:17:11   --------   d-----w-   C:\Users\Meagan\AppData\Roaming\Malwarebytes
2011-06-15 03:17:03   39984   ----a-w-   C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-15 03:17:01   --------   d-----w-   C:\ProgramData\Malwarebytes
2011-06-15 03:16:58   25912   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-06-15 03:16:57   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-15 01:00:11   --------   d-----w-   C:\Users\Meagan\AppData\Roaming\SUPERAntiSpyware.com
2011-06-15 01:00:11   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2011-06-15 01:00:07   --------   d-----w-   C:\ProgramData\!SASCORE
2011-06-15 01:00:02   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2011-06-15 00:50:42   --------   d-----w-   C:\Program Files\CCleaner
2011-05-24 22:16:41   27008   ----a-w-   C:\Windows\System32\drivers\Diskdump.sys
2011-05-24 22:07:51   142336   ----a-w-   C:\Windows\System32\poqexec.exe
2011-05-24 22:07:51   123904   ----a-w-   C:\Windows\SysWow64\poqexec.exe
2011-05-23 21:02:52   8507392   ----a-w-   C:\Windows\System32\drivers\NETwNs64.sys
2011-05-23 21:02:52   799232   ----a-w-   C:\Windows\System32\NETwNc64.dll
2011-05-23 21:02:52   2750464   ----a-w-   C:\Windows\System32\NETwNr64.dll
2011-05-23 15:53:23   --------   d-----w-   C:\Users\Meagan\AppData\Roaming\com.amazon.music.uploader
2011-05-19 16:30:36   1397248   ----a-w-   C:\Windows\SysWow64\utilman.exe
2011-05-17 15:49:31   1402880   ----a-w-   C:\Windows\System32\utilman.exe
.
==================== Find3M  ====================
.
2011-05-04 08:52:22   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2011-04-09 06:45:48   5509504   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06   3957632   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06   3901824   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2011-03-29 03:32:44   343040   ----a-w-   C:\Windows\System32\drivers\usbhub.sys
2011-03-29 03:32:29   99328   ----a-w-   C:\Windows\System32\drivers\usbccgp.sys
2011-03-29 03:32:20   324608   ----a-w-   C:\Windows\System32\drivers\usbport.sys
2011-03-29 03:32:16   52224   ----a-w-   C:\Windows\System32\drivers\usbehci.sys
2011-03-29 03:32:16   25600   ----a-w-   C:\Windows\System32\drivers\usbohci.sys
2011-03-29 03:32:13   30720   ----a-w-   C:\Windows\System32\drivers\usbuhci.sys
2011-03-29 03:32:09   7936   ----a-w-   C:\Windows\System32\drivers\usbd.sys
.
============= FINISH: 19:40:38.97 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/8/2010 6:39:16 PM
System Uptime: 6/15/2011 4:58:15 PM (3 hours ago)
.
Motherboard: Hewlett-Packard |  | 144C
Processor: Intel(R) Core(TM) i5 CPU       M 450  @ 2.40GHz | CPU | 1464/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 444 GiB total, 372.248 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 3.059 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.083 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP152: 5/31/2011 12:57:26 PM - Windows Update
RP153: 6/3/2011 5:28:10 PM - Windows Update
RP154: 6/7/2011 5:26:33 PM - Windows Update
RP155: 6/10/2011 6:02:16 PM - Windows Update
RP156: 6/14/2011 8:31:10 PM - Removed Hosaka TN3270
RP157: 6/14/2011 8:36:04 PM - Configured PhotoNow
RP158: 6/14/2011 8:37:11 PM - Configured PowerDirector
RP159: 6/14/2011 8:47:08 PM - Configured Power2Go
RP160: 6/14/2011 11:30:33 PM - Windows Update
RP161: 6/14/2011 11:35:01 PM - Installed Java(TM) 6 Update 26
RP162: 6/15/2011 4:54:00 PM - Windows Update
RP163: 6/15/2011 5:03:41 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
ActiveCheck component for HP Active Support Library
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2 MUI
Adobe Shockwave Player
Amazon MP3 Downloader 1.0.12
Amazon MP3 Uploader
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Blasterball 3
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Dropbox
DVD Menu Pack for HP MediaSmart Video
Escape Rosecliff Island
ESU for Microsoft Windows 7
Faerie Solitaire
FATE
Freecorder
Freecorder Toolbar
Google Chrome
Google Update Helper
HP Advisor
HP Customer Experience Enhancements
HP DVB-T TV Tuner 8.0.64.43
HP ENVY Document Card Utilities
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Photo Creations
HP QuickWeb Installer
HP Setup
HP Software Framework
HP Support Assistant
HP Update
HP User Guides 0176
HPAsset component for HP Active Support Library
Hulu Desktop
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 26
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
Lexis® for Microsoft® Office
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee Agent
McAfee VirusScan Enterprise
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The New York Fortune
Penguins!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SofTest
Switch Sound File Converter
TextTwist 2
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (KB982305)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Virtual Families
Virtual Villagers - The Secret City
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warner Bros. Digital Copy Manager
Wheel of Fortune 2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
6/15/2011 5:48:03 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
6/15/2011 5:48:03 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/15/2011 4:58:49 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the lxddCATSCustConnectService service to connect.
6/15/2011 4:58:49 PM, Error: Service Control Manager [7000]  - The lxddCATSCustConnectService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/14/2011 9:01:14 PM, Error: Service Control Manager [7034]  - The Thread Ordering Server  service terminated unexpectedly.  It has done this 1 time(s).
6/10/2011 6:21:05 AM, Error: Service Control Manager [7034]  - The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================


Let me know if you need anything else... I really appreciate your time and help!

[SuperDave]

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
***************************************************
The log shows that you have two AV programs on your computer which is a no-no. Either Lavasoft Ad-Watch Live! Anti-Virus or McAfee VirusScan Enterprise will have to be disabled/uninstalled

*************************************************
Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: 1e8c8d2e: {ec97d746-1e60-a644-32e6-71cfe38a9d3d} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun: [<NO NAME>]
BHO-X64:     Freecorder - No File
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: 1e8c8d2e: {EC97D746-1E60-A644-32E6-71CFE38A9D3D} - C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
*******************************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[mdurigan]

 ComboFix 11-06-15.03 - Meagan 06/15/2011  23:54:39.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3894.2145 [GMT -4:00]
Running from: c:\users\Meagan\Downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\hbc3gcv1.default\extensions\{24d0a73b-ba37-43ed-aa90-eaf537d5892a}
c:\users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\hbc3gcv1.default\extensions\{24d0a73b-ba37-43ed-aa90-eaf537d5892a}\chrome.manifest
c:\users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\hbc3gcv1.default\extensions\{24d0a73b-ba37-43ed-aa90-eaf537d5892a}\chrome\xulcache.jar
c:\users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\hbc3gcv1.default\extensions\{24d0a73b-ba37-43ed-aa90-eaf537d5892a}\defaults\preferences\xulcache.js
c:\users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\hbc3gcv1.default\extensions\{24d0a73b-ba37-43ed-aa90-eaf537d5892a}\install.rdf
c:\users\Public\invokesi.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-05-16 to 2011-06-16  )))))))))))))))))))))))))))))))
.
.
2011-06-16 04:07 . 2011-06-16 04:07   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-06-16 03:51 . 2011-06-16 03:52   --------   d-----w-   C:\32788R22FWJFW
2011-06-16 03:23 . 2011-06-16 03:23   --------   d-----w-   C:\_OTL
2011-06-15 23:52 . 2011-06-15 23:52   --------   d-----w-   c:\programdata\ConeXware
2011-06-15 23:52 . 2011-06-15 23:52   --------   d-----w-   c:\program files (x86)\PatchBeam
2011-06-15 23:51 . 2011-06-15 23:52   --------   d-----w-   c:\program files (x86)\PowerArchiver
2011-06-15 20:56 . 2011-06-15 20:56   --------   d-----w-   C:\e752f75827fa9336f2ee0f787b109425
2011-06-15 03:40 . 2011-04-29 05:47   1110528   ----a-w-   c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-15 03:40 . 2011-04-29 05:08   759296   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-15 03:40 . 2011-04-25 05:32   1896832   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-06-15 03:40 . 2011-04-25 02:44   499712   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-06-15 03:40 . 2011-04-27 02:57   102400   ----a-w-   c:\windows\system32\drivers\dfsc.sys
2011-06-15 03:40 . 2011-05-04 02:51   287744   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 03:40 . 2011-05-04 02:51   126464   ----a-w-   c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 03:40 . 2011-05-04 02:51   157696   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 03:40 . 2011-05-28 03:07   3133952   ----a-w-   c:\windows\system32\win32k.sys
2011-06-15 03:38 . 2011-04-29 03:13   461312   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-06-15 03:38 . 2011-04-29 03:12   399872   ----a-w-   c:\windows\system32\drivers\srv2.sys
2011-06-15 03:38 . 2011-04-29 03:12   161792   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2011-06-15 03:38 . 2010-12-18 06:13   861184   ----a-w-   c:\windows\system32\oleaut32.dll
2011-06-15 03:38 . 2010-12-18 05:31   571904   ----a-w-   c:\windows\SysWow64\oleaut32.dll
2011-06-15 03:38 . 2011-05-03 05:21   976896   ----a-w-   c:\windows\system32\inetcomm.dll
2011-06-15 03:38 . 2011-05-03 04:50   740864   ----a-w-   c:\windows\SysWow64\inetcomm.dll
2011-06-15 03:37 . 2011-06-15 03:37   --------   d-----w-   c:\program files (x86)\Common Files\Java
2011-06-15 03:31 . 2011-05-09 22:00   8718160   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A1A62A6-175D-41B4-82BD-CE753941671B}\mpengine.dll
2011-06-15 03:17 . 2011-06-15 03:17   --------   d-----w-   c:\users\Meagan\AppData\Roaming\Malwarebytes
2011-06-15 03:17 . 2011-05-29 13:11   39984   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-15 03:17 . 2011-06-15 03:17   --------   d-----w-   c:\programdata\Malwarebytes
2011-06-15 03:16 . 2011-05-29 13:11   25912   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-06-15 03:16 . 2011-06-15 03:17   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-15 01:00 . 2011-06-15 01:00   --------   d-----w-   c:\users\Meagan\AppData\Roaming\SUPERAntiSpyware.com
2011-06-15 01:00 . 2011-06-15 01:00   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-06-15 01:00 . 2011-06-15 01:00   --------   d-----w-   c:\programdata\!SASCORE
2011-06-15 01:00 . 2011-06-15 01:00   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-06-15 00:50 . 2011-06-15 00:50   --------   d-----w-   c:\program files\CCleaner
2011-05-24 22:16 . 2011-04-22 20:18   27008   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2011-05-24 22:07 . 2011-04-09 06:58   142336   ----a-w-   c:\windows\system32\poqexec.exe
2011-05-24 22:07 . 2011-04-09 05:56   123904   ----a-w-   c:\windows\SysWow64\poqexec.exe
2011-05-23 21:02 . 2011-05-23 21:02   8507392   ----a-w-   c:\windows\system32\drivers\NETwNs64.sys
2011-05-23 21:02 . 2011-05-23 21:02   2750464   ----a-w-   c:\windows\system32\NETwNr64.dll
2011-05-23 21:02 . 2011-05-23 21:02   799232   ----a-w-   c:\windows\system32\NETwNc64.dll
2011-05-23 15:53 . 2011-05-23 15:53   --------   d-----w-   c:\users\Meagan\AppData\Roaming\com.amazon.music.uploader
2011-05-19 16:30 . 2009-07-14 01:14   1397248   ----a-w-   c:\windows\SysWow64\utilman.exe
2011-05-17 15:49 . 2009-07-14 01:39   1402880   ----a-w-   c:\windows\system32\utilman.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 08:52 . 2010-08-24 04:09   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-04-09 06:45 . 2011-05-11 13:38   5509504   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 13:38   3957632   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 13:38   3901824   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2011-03-29 03:32 . 2011-05-11 13:38   343040   ----a-w-   c:\windows\system32\drivers\usbhub.sys
2011-03-29 03:32 . 2011-05-11 13:38   99328   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2011-03-29 03:32 . 2011-05-11 13:38   324608   ----a-w-   c:\windows\system32\drivers\usbport.sys
2011-03-29 03:32 . 2011-05-11 13:38   52224   ----a-w-   c:\windows\system32\drivers\usbehci.sys
2011-03-29 03:32 . 2011-05-11 13:38   25600   ----a-w-   c:\windows\system32\drivers\usbohci.sys
2011-03-29 03:32 . 2011-05-11 13:38   30720   ----a-w-   c:\windows\system32\drivers\usbuhci.sys
2011-03-29 03:32 . 2011-05-11 13:38   7936   ----a-w-   c:\windows\system32\drivers\usbd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 14:54   175912   ----a-w-   c:\program files (x86)\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 17:51   3911776   ----a-w-   c:\program files (x86)\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Meagan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Meagan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Meagan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-01-28 1712184]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Envy Guides AutoPlay"="c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe" [2010-03-24 76584]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-09-22 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-26 124224]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Meagan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Meagan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Warner Bros.lnk - c:\program files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2011-4-28 142848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
"DisableLockWorkstation"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]
R2 THREADORDER32;Thread Ordering Server ;c:\windows\system32\api-ms-win-service-management-l1-1-032.exe

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
R3 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys

R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys

S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 567216]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2010-08-26 20792]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe

S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 06:35]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 06:35]
.
2011-06-15 c:\windows\Tasks\HPCeeScheduleForMeagan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Meagan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Meagan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Meagan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-17 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2009-04-27 291496]
"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2009-04-27 25256]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gsn.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
FF - ProfilePath - c:\users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\hbc3gcv1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Special:Randompage
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{EC97D746-1E60-A644-32E6-71CFE38A9D3D} - c:\programdata\api-ms-win-core-misc-l1-1-032.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-06-16  00:30:50 - machine was rebooted
ComboFix-quarantined-files.txt  2011-06-16 04:30
.
Pre-Run: 400,289,812,480 bytes free
Post-Run: 399,964,712,960 bytes free
.
- - End Of File - - F23CF26C91CDD8803F686A2F19C2C86D

[SuperDave]

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\windows\system32\api-ms-win-service-management-l1-1-032.exe 
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
*****************************************************
Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  DirLook::
  C:\e752f75827fa9336f2ee0f787b109425
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

[mdurigan]

Hi,
I'm sorry it's taken me so long to respond.  The file that you was in the code box does not exist on my computer.  I scanned the closest match: c:\windows\system32\api-ms-win-service-management-l1-1-0.dll
Here is the link from that scan: http://virusscan.jotti.org/en/scanresult/ed5a05961bdd9e1b4122f96709c8aaf7828104c4/4e4821b1
f224780584cc67146f58fa7dc49c494d

The log from the second combo fix:
ComboFix 11-06-17.04 - Meagan 06/19/2011  21:42:23.5.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3894.2290 [GMT -4:00]
Running from: c:\users\Meagan\Downloads\ComboFix.exe
Command switches used :: c:\users\Meagan\Documents\CFScript.txt
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2011-05-20 to 2011-06-20  )))))))))))))))))))))))))))))))
.
.
2011-06-20 01:53 . 2011-06-20 01:53   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-06-17 18:07 . 2011-05-09 22:00   8718160   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{248821D2-06B9-416B-B63D-53B5416E3208}\mpengine.dll
2011-06-16 21:22 . 2011-06-17 19:07   --------   d-----w-   c:\programdata\WorldWinner
2011-06-16 20:26 . 2011-06-16 20:26   --------   d-----w-   c:\program files (x86)\Common Files\Adobe
2011-06-16 03:23 . 2011-06-16 03:23   --------   d-----w-   C:\_OTL
2011-06-15 23:52 . 2011-06-15 23:52   --------   d-----w-   c:\programdata\ConeXware
2011-06-15 23:52 . 2011-06-15 23:52   --------   d-----w-   c:\program files (x86)\PatchBeam
2011-06-15 23:51 . 2011-06-15 23:52   --------   d-----w-   c:\program files (x86)\PowerArchiver
2011-06-15 20:56 . 2011-06-15 20:56   --------   d-----w-   C:\e752f75827fa9336f2ee0f787b109425
2011-06-15 03:40 . 2011-04-29 05:47   1110528   ----a-w-   c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-15 03:40 . 2011-04-29 05:08   759296   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-15 03:40 . 2011-04-25 05:32   1896832   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-06-15 03:40 . 2011-04-25 02:44   499712   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-06-15 03:40 . 2011-04-27 02:57   102400   ----a-w-   c:\windows\system32\drivers\dfsc.sys
2011-06-15 03:40 . 2011-05-04 02:51   287744   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 03:40 . 2011-05-04 02:51   126464   ----a-w-   c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 03:40 . 2011-05-04 02:51   157696   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 03:40 . 2011-05-28 03:07   3133952   ----a-w-   c:\windows\system32\win32k.sys
2011-06-15 03:38 . 2011-04-29 03:13   461312   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-06-15 03:38 . 2011-04-29 03:12   399872   ----a-w-   c:\windows\system32\drivers\srv2.sys
2011-06-15 03:38 . 2011-04-29 03:12   161792   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2011-06-15 03:38 . 2010-12-18 06:13   861184   ----a-w-   c:\windows\system32\oleaut32.dll
2011-06-15 03:38 . 2010-12-18 05:31   571904   ----a-w-   c:\windows\SysWow64\oleaut32.dll
2011-06-15 03:38 . 2011-05-03 05:21   976896   ----a-w-   c:\windows\system32\inetcomm.dll
2011-06-15 03:38 . 2011-05-03 04:50   740864   ----a-w-   c:\windows\SysWow64\inetcomm.dll
2011-06-15 03:37 . 2011-06-15 03:37   --------   d-----w-   c:\program files (x86)\Common Files\Java
2011-06-15 03:17 . 2011-06-15 03:17   --------   d-----w-   c:\users\Meagan\AppData\Roaming\Malwarebytes
2011-06-15 03:17 . 2011-05-29 13:11   39984   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-15 03:17 . 2011-06-15 03:17   --------   d-----w-   c:\programdata\Malwarebytes
2011-06-15 03:16 . 2011-05-29 13:11   25912   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-06-15 03:16 . 2011-06-15 03:17   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-15 01:00 . 2011-06-15 01:00   --------   d-----w-   c:\users\Meagan\AppData\Roaming\SUPERAntiSpyware.com
2011-06-15 01:00 . 2011-06-15 01:00   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-06-15 01:00 . 2011-06-15 01:00   --------   d-----w-   c:\programdata\!SASCORE
2011-06-15 01:00 . 2011-06-15 01:00   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-06-15 00:50 . 2011-06-15 00:50   --------   d-----w-   c:\program files\CCleaner
2011-06-06 16:55 . 2011-06-06 16:55   183696   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-05-24 22:16 . 2011-04-22 20:18   27008   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2011-05-24 22:07 . 2011-04-09 06:58   142336   ----a-w-   c:\windows\system32\poqexec.exe
2011-05-24 22:07 . 2011-04-09 05:56   123904   ----a-w-   c:\windows\SysWow64\poqexec.exe
2011-05-23 21:02 . 2011-05-23 21:02   8507392   ----a-w-   c:\windows\system32\drivers\NETwNs64.sys
2011-05-23 21:02 . 2011-05-23 21:02   2750464   ----a-w-   c:\windows\system32\NETwNr64.dll
2011-05-23 21:02 . 2011-05-23 21:02   799232   ----a-w-   c:\windows\system32\NETwNc64.dll
2011-05-23 15:53 . 2011-05-23 15:53   --------   d-----w-   c:\users\Meagan\AppData\Roaming\com.amazon.music.uploader
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 08:52 . 2010-08-24 04:09   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-04-09 06:45 . 2011-05-11 13:38   5509504   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 13:38   3957632   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 13:38   3901824   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2011-03-29 03:32 . 2011-05-11 13:38   343040   ----a-w-   c:\windows\system32\drivers\usbhub.sys
2011-03-29 03:32 . 2011-05-11 13:38   99328   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2011-03-29 03:32 . 2011-05-11 13:38   324608   ----a-w-   c:\windows\system32\drivers\usbport.sys
2011-03-29 03:32 . 2011-05-11 13:38   52224   ----a-w-   c:\windows\system32\drivers\usbehci.sys
2011-03-29 03:32 . 2011-05-11 13:38   25600   ----a-w-   c:\windows\system32\drivers\usbohci.sys
2011-03-29 03:32 . 2011-05-11 13:38   30720   ----a-w-   c:\windows\system32\drivers\usbuhci.sys
2011-03-29 03:32 . 2011-05-11 13:38   7936   ----a-w-   c:\windows\system32\drivers\usbd.sys
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\e752f75827fa9336f2ee0f787b109425 ----
.
2011-06-15 20:56 . 2011-06-15 20:56   788   ---ha-w-   c:\e752f75827fa9336f2ee0f787b109425\$shtdwn$.req
2011-03-25 13:19 . 2011-03-25 13:19   36738   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1046\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   37656   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1049\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   36020   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1053\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   36274   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1055\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   27922   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\2052\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   37404   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\2070\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   37314   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\3082\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   36050   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1030\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   38050   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1031\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   38958   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1032\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   36030   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1035\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   37832   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1036\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   32912   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1037\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   37822   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1038\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   37192   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1040\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   31108   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1041\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   30194   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1042\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   36962   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1043\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   36514   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1044\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   37222   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1045\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   34086   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1025\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   27950   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1028\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   36822   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1029\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   27950   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\3076\LocalizedData.xml
2011-03-25 13:19 . 2011-03-25 13:19   65160   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\ParameterInfo.xml
2011-03-25 13:16 . 2011-03-25 13:16   5135872   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\NDP40-KB2478663.msp
2011-03-25 12:34 . 2011-03-25 12:34   3628   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\header.bmp
2011-03-25 12:34 . 2011-03-25 12:34   196662   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\SplashScreen.bmp
2011-03-25 12:34 . 2011-03-25 12:34   13606   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Strings.xml
2011-03-25 12:34 . 2011-03-25 12:34   36180   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\UiInfo.xml
2011-03-25 12:34 . 2011-03-25 12:34   104072   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\watermark.bmp
2011-03-25 12:34 . 2011-03-25 12:34   123035   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1025\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   128333   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1028\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   101146   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1029\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   109464   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1030\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   91719   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1031\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   102048   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1032\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   138595   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1033\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   111176   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1035\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   133172   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1036\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   125351   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1037\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   110879   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1038\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   124974   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1040\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   111958   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1041\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   149503   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1042\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   35285   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1043\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   36083   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1044\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   126541   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1045\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   109574   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1046\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   49319   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1049\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   125073   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1053\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   112947   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1055\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   110754   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\2052\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   125196   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\2070\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   2060   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\3076\eula.rtf
2011-03-25 12:34 . 2011-03-25 12:34   108174   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\3082\eula.rtf
2011-03-23 17:19 . 2011-03-23 17:19   35802   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1033\LocalizedData.xml
2011-03-22 15:48 . 2011-03-22 15:48   18264   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\2070\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   18264   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\3082\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   13656   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\2052\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   18264   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1049\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   17240   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1053\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   17240   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1055\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   17752   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1045\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   17752   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1046\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   14680   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1042\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   18776   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1043\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   17240   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1044\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   18264   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1038\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   17752   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1040\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   15192   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1041\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   18264   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1036\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   16216   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1037\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   18776   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1032\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   16728   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1033\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   17752   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1035\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   18264   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1031\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   17752   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1030\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   13656   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1028\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   17752   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1029\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   13656   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\3076\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   295248   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\SetupUi.dll
2011-03-22 15:48 . 2011-03-22 15:48   16728   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\1025\SetupResources.dll
2011-03-22 15:48 . 2011-03-22 15:48   809304   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\SetupEngine.dll
2011-03-22 15:48 . 2011-03-22 15:48   78152   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Setup.exe
2011-03-22 15:35 . 2011-03-22 15:35   16118   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\DHtmlHeader.html
2011-03-22 15:35 . 2011-03-22 15:35   30120   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\SetupUi.xsd
2011-03-22 15:35 . 2011-03-22 15:35   144416   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\sqmapi.dll
2011-03-22 15:31 . 2011-03-22 15:31   1150   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Graphics\Print.ico
2011-03-22 15:31 . 2011-03-22 15:31   894   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Graphics\Rotate1.ico
2011-03-22 15:31 . 2011-03-22 15:31   894   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Graphics\Rotate2.ico
2011-03-22 15:31 . 2011-03-22 15:31   894   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Graphics\Rotate3.ico
2011-03-22 15:31 . 2011-03-22 15:31   894   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Graphics\Rotate4.ico
2011-03-22 15:31 . 2011-03-22 15:31   894   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Graphics\Rotate5.ico
2011-03-22 15:31 . 2011-03-22 15:31   894   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Graphics\Rotate6.ico
2011-03-22 15:31 . 2011-03-22 15:31   894   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Graphics\Rotate7.ico
2011-03-22 15:31 . 2011-03-22 15:31   894   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Graphics\Rotate8.ico
2011-03-22 15:31 . 2011-03-22 15:31   1150   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Graphics\Save.ico
2011-03-22 15:31 . 2011-03-22 15:31   36710   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Graphics\Setup.ico
2011-03-22 15:31 . 2011-03-22 15:31   10134   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Graphics\stop.ico
2011-03-22 15:31 . 2011-03-22 15:31   1150   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Graphics\SysReqMet.ico
2011-03-22 15:31 . 2011-03-22 15:31   1150   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Graphics\SysReqNotMet.ico
2011-03-22 15:31 . 2011-03-22 15:31   10134   ----a-w-   c:\e752f75827fa9336f2ee0f787b109425\Graphics\warn.ico
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-06-16_04.10.16   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-17 00:55 . 2011-06-20 01:57   56718              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-20 01:57   38100              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-09 17:40 . 2011-06-20 01:57   12856              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3516522728-1074828429-1479647880-1000_UserData.bin
- 2010-08-08 21:29 . 2011-06-16 04:10   16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-08 21:29 . 2011-06-20 01:52   16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-08 21:29 . 2011-06-16 04:10   32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-08 21:29 . 2011-06-20 01:52   32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-16 04:10   16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-20 01:52   16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-30 03:14 . 2011-06-16 03:30   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-30 03:14 . 2011-06-20 01:14   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-06-16 04:16   78552              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-08-30 03:14 . 2011-06-20 01:14   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-30 03:14 . 2011-06-16 03:30   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-30 03:14 . 2011-06-16 03:30   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-30 03:14 . 2011-06-20 01:14   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-08 22:35 . 2011-06-16 04:06   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-08 22:35 . 2011-06-20 01:14   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-08 22:35 . 2011-06-16 04:06   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-08 22:35 . 2011-06-20 01:14   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-16 04:08 . 2011-06-16 04:08   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-20 01:55 . 2011-06-20 01:55   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-16 04:08 . 2011-06-16 04:08   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-20 01:55 . 2011-06-20 01:55   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-25 21:29 . 2011-06-17 17:55   231008              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-08-16 02:50 . 2011-06-20 01:25   315436              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2011-06-16 04:08   392604              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-06-20 01:54   392604              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-06 20:45 . 2011-06-06 20:45   2318848              c:\windows\Installer\37f0246.msi
+ 2009-07-14 02:34 . 2011-06-20 01:35   10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-06-16 03:42   10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-08-09 05:44 . 2011-06-20 01:54   20143328              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3516522728-1074828429-1479647880-1000-8192.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 14:54   175912   ----a-w-   c:\program files (x86)\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 17:51   3911776   ----a-w-   c:\program files (x86)\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EC97D746-1E60-A644-32E6-71CFE38A9D3D}]
c:\programdata\api-ms-win-core-misc-l1-1-032.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Meagan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Meagan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Meagan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-01-28 1712184]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Envy Guides AutoPlay"="c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe" [2010-03-24 76584]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-09-22 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-26 124224]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\Meagan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Meagan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Warner Bros.lnk - c:\program files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2011-4-28 142848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
"DisableLockWorkstation"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]
R2 THREADORDER32;Thread Ordering Server ;c:\windows\system32\api-ms-win-service-management-l1-1-032.exe

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
R3 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys

R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys

S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 567216]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2010-08-26 20792]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe

S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 06:35]
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 06:35]
.
2011-06-15 c:\windows\Tasks\HPCeeScheduleForMeagan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Meagan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Meagan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Meagan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-17 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2009-04-27 291496]
"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2009-04-27 25256]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gsn.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
FF - ProfilePath - c:\users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\hbc3gcv1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Special:Randompage
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-06-19  22:19:16 - machine was rebooted
ComboFix-quarantined-files.txt  2011-06-20 02:19
ComboFix2.txt  2011-06-17 04:37
ComboFix3.txt  2011-06-16 04:31
.
Pre-Run: 401,341,190,144 bytes free
Post-Run: 401,286,074,368 bytes free
.
- - End Of File - - 5A372DED6954FD1E12323E169DE825A8

[SuperDave]

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.