Dear SD,
Thank you for all your assistance. I ran the the two scans you requested and here are their results.
ComboFix 10-01-12.04 - Mary Kate 01/12/2010 21:43:30.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.415 [GMT -5:00]
Running from: c:\users\Mary Kate\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1448429526-2781183220-21410950-500
c:\users\Mary Kate\AppData\Local\ixuzazowemulule.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Apple Mobile Device
((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13 )))))))))))))))))))))))))))))))
.
2010-01-13 02:40 . 2010-01-13 02:40 -------- d-----w- C:\Temp
2010-01-13 02:28 . 2010-01-13 02:42 -------- d-----w- C:\32788R22FWJFW
2010-01-12 22:59 . 2010-01-12 22:59 -------- d-----w- c:\users\Mary Kate\AppData\Local\{6BAF7A6F-C530-45D9-9789-ECFAF9BFDDF2}
2010-01-11 18:09 . 2010-01-11 18:10 -------- d-----w- c:\users\Mary Kate\AppData\Local\{A8FFFAA9-FE10-424E-A3EB-69CCF85B4075}
2010-01-10 23:05 . 2007-08-29 03:06 542720 ----a-w- c:\windows\system32\sysmain.dll
2010-01-10 23:04 . 2007-09-11 02:20 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2010-01-10 23:04 . 2009-08-31 15:16 428032 ----a-w- c:\windows\system32\EncDec.dll
2010-01-10 23:04 . 2009-08-31 15:21 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-01-10 23:04 . 2009-08-31 15:17 1244672 ----a-w- c:\windows\system32\mcmde.dll
2010-01-10 23:04 . 2007-10-26 11:14 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-01-10 23:04 . 2008-01-19 05:08 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2010-01-10 23:04 . 2008-01-19 05:07 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-01-10 23:04 . 2008-01-19 05:06 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-10 23:04 . 2008-01-19 05:06 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-01-10 23:04 . 2008-01-19 03:06 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-01-10 23:04 . 2008-10-21 05:16 1645568 ----a-w- c:\windows\system32\connect.dll
2010-01-10 23:02 . 2009-08-29 03:41 1686528 ----a-w- c:\windows\system32\gameux.dll
2010-01-10 23:02 . 2009-08-29 03:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-10 23:02 . 2009-08-28 23:31 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-10 22:58 . 2007-01-26 03:00 974336 ----a-w- c:\windows\system32\crypt32.dll
2010-01-10 22:56 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-10 22:56 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-01-10 22:55 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-01-10 22:55 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-10 22:01 . 2010-01-10 22:01 -------- d-----w- c:\users\Mary Kate\AppData\Local\{C6E8522D-C5C1-4F4B-89A5-77A2C5760C1F}
2010-01-10 18:58 . 2010-01-10 18:58 -------- d-----w- c:\users\Mary Kate\AppData\Local\{9E06EAA5-533A-4F87-B916-9597182D73BE}
2010-01-10 12:49 . 2010-01-10 12:49 -------- d-----w- c:\users\Mary Kate\AppData\Local\{2FADB93F-5DB7-4BD9-A96D-E633F27F0DDF}
2010-01-10 06:36 . 2010-01-10 06:36 -------- d-----w- c:\users\Mary Kate\AppData\Local\{0B3977F2-E717-4456-BD6B-947A79D1F1E8}
2010-01-10 03:34 . 2010-01-10 03:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-10 03:33 . 2010-01-10 03:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-10 03:33 . 2010-01-10 03:33 -------- d-----w- c:\users\Mary Kate\AppData\Roaming\SUPERAntiSpyware.com
2010-01-10 03:31 . 2010-01-10 03:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-09 23:53 . 2010-01-09 23:53 -------- d-----w- c:\users\Mary Kate\AppData\Local\{478113E6-71FE-4C2A-AEC3-0AD2E4930CD7}
2010-01-09 21:09 . 2010-01-09 21:09 -------- d-----w- c:\users\Mary Kate\AppData\Local\{9B2F4782-907F-4245-B4EA-2B37CE798041}
2010-01-09 17:38 . 2010-01-09 17:38 -------- d-----w- c:\users\Mary Kate\AppData\Local\{F5FF984D-C90C-488B-B3E8-5FB4C604CA40}
2010-01-09 17:13 . 2010-01-09 17:13 -------- d-----w- c:\users\Mary Kate\AppData\Roaming\Malwarebytes
2010-01-09 17:13 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 17:12 . 2010-01-09 17:12 -------- d-----w- c:\programdata\Malwarebytes
2010-01-09 17:12 . 2010-01-09 17:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 17:12 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-09 16:20 . 2010-01-09 16:20 -------- d-----w- c:\users\Mary Kate\AppData\Local\{11C626D8-64DD-4B50-BE50-F6A91DD40781}
2010-01-09 16:08 . 2010-01-09 16:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-09 14:39 . 2010-01-09 14:39 -------- d-----w- c:\users\Mary Kate\AppData\Local\{223AC774-2053-4D95-A2BA-19D17C2633F8}
2010-01-08 15:30 . 2010-01-08 15:30 -------- d-----w- c:\users\Mary Kate\AppData\Local\{63F192F2-6498-43DF-B8A6-A4F8D2DE063C}
2010-01-07 22:29 . 2010-01-07 22:29 -------- d-----w- c:\users\Mary Kate\AppData\Local\{2188F2C8-523D-42AB-BA98-DA8275A137E1}
2010-01-07 16:30 . 2010-01-07 22:21 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-07 01:39 . 2010-01-07 01:39 -------- d-----w- c:\users\Mary Kate\AppData\Local\{8B0F77DB-0DB8-4628-9DF8-C434ACC6443F}
2010-01-06 17:43 . 2010-01-06 18:09 -------- d-----w- c:\users\Mary Kate\AppData\Local\ElevatedDiagnostics
2010-01-06 17:38 . 2010-01-06 17:38 -------- d-----w- c:\program files\Microsoft ATS
2010-01-04 04:49 . 2010-01-04 04:49 -------- d-----w- c:\users\Mary Kate\AppData\Local\{17F531F5-BD41-438B-805F-EAD27BE2352D}
2010-01-03 04:16 . 2010-01-12 22:59 0 ----a-w- c:\users\Mary Kate\AppData\Local\Tkuki.bin
2010-01-03 04:16 . 2010-01-11 23:01 120 ----a-w- c:\users\Mary Kate\AppData\Local\Amupova.dat
2010-01-03 01:33 . 2010-01-03 01:33 -------- d-----w- c:\program files\Belkin
2010-01-03 01:32 . 2010-01-09 17:37 -------- d-----w- c:\windows\{D9FAE986-A4C1-4A2D-8B20-60F92F4222AD}
2009-12-20 00:20 . 2009-12-20 00:21 -------- d-----w- c:\users\Mary Kate\AppData\Roaming\GTek
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 02:40 . 2009-12-03 02:50 -------- d-----w- c:\program files\Trend Micro
2010-01-13 01:59 . 2007-05-28 01:12 25515 ----a-w- c:\users\Mary Kate\AppData\Roaming\nvModes.dat
2010-01-11 17:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-01-11 17:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-01-11 17:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-11 17:57 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-10 03:35 . 2010-01-10 03:35 52224 ----a-w- c:\users\Mary Kate\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-10 03:35 . 2010-01-10 03:35 117760 ----a-w- c:\users\Mary Kate\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-10 02:46 . 2007-06-04 21:59 -------- d-----w- c:\programdata\Viewpoint
2010-01-09 23:32 . 2010-01-09 23:31 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-09 23:31 . 2010-01-09 23:31 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-09 23:31 . 2010-01-09 23:31 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-09 23:31 . 2010-01-09 23:31 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-09 23:31 . 2010-01-09 23:31 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-09 23:31 . 2010-01-09 23:31 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-09 23:31 . 2010-01-09 23:31 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-09 23:31 . 2010-01-09 23:31 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-09 23:31 . 2010-01-09 23:31 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-09 23:31 . 2010-01-09 23:31 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-09 23:31 . 2010-01-09 23:30 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-09 23:30 . 2010-01-09 23:30 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-09 23:30 . 2010-01-09 23:30 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-09 16:07 . 2007-01-19 01:10 -------- d-----w- c:\program files\Java
2010-01-07 22:31 . 2007-05-27 15:11 92456 ----a-w- c:\users\Mary Kate\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-04 05:01 . 2010-01-04 05:01 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-03 01:34 . 2007-01-19 00:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-19 00:49 . 2008-11-04 03:46 1356 ----a-w- c:\users\Mary Kate\AppData\Local\d3d9caps.dat
2009-12-13 15:18 . 2007-06-04 20:40 20274 ----a-w- c:\users\Mary Kate\AppData\Roaming\wklnhst.dat
2009-12-12 23:30 . 2009-12-12 22:34 -------- d-----w- c:\programdata\Lavasoft
2009-12-12 22:35 . 2009-12-12 22:17 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-12 22:34 . 2009-12-12 22:34 -------- d-----w- c:\program files\Lavasoft
2009-12-11 02:17 . 2009-12-11 02:17 -------- dc----w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-11 01:30 . 2009-12-11 01:30 -------- d-----w- c:\programdata\AVP 2009
2009-12-07 14:10 . 2009-12-12 22:35 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-03 02:34 . 2008-08-28 17:17 -------- d-----w- c:\programdata\avg8
2009-12-02 13:19 . 2009-12-12 23:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-02 13:19 . 2009-12-13 07:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-17 01:47 . 2010-01-06 18:11 65264 ----a-w- c:\windows\AppPatch\MATSShim.DLL
2009-11-09 13:34 . 2009-12-11 03:12 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:30 . 2009-12-11 03:11 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:17 . 2009-12-11 03:11 396800 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-03 01:42 . 2009-10-02 20:48 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:59 . 2009-12-02 04:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 15:05 . 2009-12-11 02:35 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 15:01 . 2009-12-11 02:35 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-10-27 15:01 . 2009-12-11 02:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 15:01 . 2009-12-11 02:35 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2009-10-27 14:59 . 2009-12-11 02:35 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-27 12:27 . 2009-12-11 02:35 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-27 10:56 . 2009-12-11 02:35 48128 ----a-w- c:\windows\system32\mshtmler.dll
2007-06-28 20:43 . 2007-06-28 20:43 774144 ----a-w- c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-15 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-01-17 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-27 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-27 7757824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-03 167936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe [2007-1-18 34520]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2007-04-03 13:54 753664 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-06-02 15:13 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 14:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-01-19 01:11 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-06-15 23:11 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2009-09-04 17:16 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [12/12/2009 6:30 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [4/5/2007 10:29 AM 208896]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [3/22/2007 6:04 PM 9728]
R2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 3:29 AM 29178224]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [1/29/2007 8:56 PM 451072]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]
S3 rcmirror;rcmirror;c:\windows\System32\drivers\rcmirror.sys [12/14/2007 12:48 PM 5120]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\System32\drivers\TM_CFW.sys [4/20/2007 5:44 PM 307984]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Mary Kate\AppData\Roaming\Mozilla\Firefox\Profiles\8eegdjyd.default\
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\users\Mary Kate\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\Mary Kate\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
HKCU-Run-Bditikolake - c:\users\Mary Kate\AppData\Local\ixuzazowemulule.dll
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-12 21:57
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Zune\ZuneNss.exe
.
**************************************************************************
.
Completion time: 2010-01-12 22:05:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-13 03:04
Pre-Run: 35,802,632,192 bytes free
Post-Run: 35,325,259,776 bytes free
- - End Of File - - D9CF8986599BD383F93D0C182B023210
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:09 PM, on 1/12/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 4887 bytes
Also, after running these scans I am unable to use any programs unless I select "run as administator."
For exaple when trying to run internet explorer or firefox a box pops up: "Illegal operation on registry key that has been marked for deletion"
Thank you for all your help, I really appreciate it!