gdwill

Thank you! So far, running well in all profiles!

OK- Nothing detected Here's the log, Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5707 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/7/2011 8:33:37 PM mbam-log-2011-02-07 (20-33-37).txt Scan type: Quick scan Objects scanned: 236302 Time elapsed: 7 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

OK, was able to get it to run in C: Here's text ( also sent as attachment, not sure which way you wanted it) ComboFix 11-02-06.02 - Mark 02/07/2011 16:57:35.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.593 [GMT -5:00] Running from: C:\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((( Files Created from 2011-01-07 to 2011-02-07 ))))))))))))))))))))))))))))))) . 2011-02-07 14:07 . 2011-02-07 14:07 -------- d-----w- c:\documents and settings\Mom\Application Data\Sonic 2011-02-07 14:07 . 2011-02-07 14:26 89680 ----a-w- c:\documents and settings\Mom\MSSSerif120.fon 2011-02-07 14:07 . 2011-02-07 14:07 -------- d-----w- c:\documents and settings\Mom\Application Data\Leadertech 2011-02-06 20:34 . 2011-02-06 20:34 -------- d-----w- c:\program files\ESET 2011-02-06 18:24 . 2011-02-06 18:24 -------- d-----w- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com 2011-02-06 18:06 . 2011-02-06 18:06 -------- d-----w- c:\documents and settings\Dad\Application Data\Malwarebytes 2011-02-06 17:31 . 2011-02-06 17:31 -------- d-----w- C:\New Folder 2011-02-06 16:17 . 2011-02-06 16:17 -------- d-----w- c:\documents and settings\Paul\Application Data\SUPERAntiSpyware.com 2011-02-06 15:56 . 2011-02-06 15:56 -------- d-----w- c:\documents and settings\Paul\Application Data\Malwarebytes 2011-02-06 14:40 . 2011-02-06 14:44 -------- d-----w- c:\documents and settings\Kevin\Application Data\HPAppData 2011-02-06 06:55 . 2011-02-06 06:55 -------- d-----w- c:\documents and settings\Kevin\Application Data\Malwarebytes 2011-02-06 06:29 . 2011-02-06 06:29 -------- d-----w- c:\documents and settings\Michelle\Application Data\Malwarebytes 2011-02-06 02:47 . 2011-02-06 02:47 -------- d-----w- c:\documents and settings\Mark\Application Data\Malwarebytes 2011-02-06 01:08 . 2011-02-06 01:08 -------- d-----w- c:\program files\Common Files\Java 2011-02-06 01:02 . 2011-02-06 01:02 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-06 01:02 . 2011-02-06 01:02 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-06 01:02 . 2011-02-06 01:02 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-02-05 18:04 . 2011-02-05 18:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-02-05 15:14 . 2011-02-05 15:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-02-05 15:11 . 2011-02-05 15:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-02-05 15:06 . 2011-02-05 15:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo! 2011-02-05 15:00 . 2011-02-05 18:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2011-02-05 14:59 . 2011-02-06 01:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData 2011-02-03 20:39 . 2011-02-03 20:39 -------- d-----w- c:\documents and settings\Mark\Application Data\Yahoo! 2011-02-03 20:37 . 2011-02-07 21:50 -------- d-----w- c:\documents and settings\Mark\Application Data\HPAppData 2011-01-31 19:06 . 2011-01-31 19:06 -------- d-----w- c:\program files\MSECache 2011-01-29 04:18 . 2011-01-29 04:20 -------- d-----w- c:\program files\Readiris Pro 12 2011-01-29 03:25 . 2011-01-29 03:25 -------- d-----w- c:\documents and settings\Mom\Application Data\Yahoo! 2011-01-29 03:25 . 2011-02-06 00:55 -------- d-----w- c:\program files\Yahoo! 2011-01-29 03:22 . 2011-01-30 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2011-01-29 03:19 . 2009-11-20 13:35 81920 ----a-r- c:\windows\system32\mvusbews.dll 2011-01-29 03:19 . 2009-11-20 13:35 17408 ----a-r- c:\windows\system32\drivers\mvusbews.sys 2011-01-29 03:19 . 2009-11-20 10:49 1112288 ----a-r- c:\windows\system32\WdfCoInstaller01007.dll 2011-01-29 03:15 . 2009-12-04 06:49 99896 ----a-r- c:\windows\system32\HPSIsvc.exe 2011-01-29 03:13 . 2009-11-20 13:41 284160 ----a-r- c:\windows\system32\mvhlewsi.dll 2011-01-29 03:13 . 2009-11-20 10:43 316416 ----a-r- c:\windows\system32\Difxapi.dll 2011-01-29 02:52 . 2011-01-29 02:52 -------- d-----w- c:\documents and settings\Mom\Application Data\HP 2011-01-20 13:10 . 2010-10-14 03:28 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-01-20 13:10 . 2010-10-14 03:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll 2011-01-20 13:10 . 2010-10-14 03:28 141792 ----a-w- c:\windows\system32\mfevtps.exe 2011-01-20 13:10 . 2010-10-14 03:28 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-01-20 13:10 . 2010-10-14 03:28 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-01-20 13:10 . 2010-10-14 03:28 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-01-20 13:10 . 2010-10-14 03:28 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-01-20 13:10 . 2010-10-14 03:28 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-01-20 13:10 . 2010-10-14 03:28 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-01-20 13:10 . 2010-10-14 03:28 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-01-20 13:10 . 2010-10-14 03:28 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-01-20 13:10 . 2010-10-14 03:28 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-01-18 02:59 . 2011-01-18 02:59 -------- d-----w- c:\documents and settings\Mom\Application Data\SUPERAntiSpyware.com 2011-01-18 02:59 . 2011-01-18 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-01-18 02:48 . 2011-01-18 02:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-01-13 20:30 . 2011-01-13 20:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2011-01-12 19:45 . 2011-01-12 19:45 -------- d-----w- C:\SBS 2011-01-09 05:41 . 2011-01-09 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2011-01-08 22:49 . 2011-01-09 02:13 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2011-01-08 22:49 . 2011-01-17 01:19 -------- d-----w- c:\program files\World of Warcraft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 23:09 . 2010-03-24 17:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 23:08 . 2010-03-24 17:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-18 18:12 . 2004-08-10 12:00 81920 ------w- c:\windows\system32\isign32.dll 2010-10-14 03:28 . 2011-01-20 13:10 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-07 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363] "HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112] "SoundMan"="SOUNDMAN.EXE" [2004-10-13 77824] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-04-22 180269] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848] "HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-10-15 30264] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\documents and settings\Paul\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\Mark\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk backup=c:\windows\pss\Status Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] 2004-06-14 14:28 851968 ------w- c:\program files\Brother\ControlCenter2\brctrcen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2007-08-14 07:44 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2004-04-14 19:46 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] 2007-08-24 19:52 240112 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] 2004-05-25 14:16 49152 ------w- c:\program files\Brother\Brmfl04a\BrStDvPt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-07-07 01:22 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2005-04-22 01:55 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "HPHUPD06"=c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "AlcWzrd"=ALCWZRD.EXE "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "IndexSearch"=c:\program files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUPnPRenderer10.exe"= "c:\\Program Files\\Roxio\\Creator Classic 10\\Creator10.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/19/2009 11:05 PM 64160] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/20/2011 8:10 AM 84072] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656] R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [10/15/2009 11:13 AM 136192] R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [11/20/2009 2:14 PM 245760] R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [1/28/2011 10:15 PM 99896] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/12/2010 9:44 PM 203280] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/20/2011 8:09 AM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/20/2011 8:09 AM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/20/2011 8:10 AM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/20/2011 8:10 AM 141792] R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 2:52 PM 166384] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/20/2011 8:10 AM 55840] R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [1/28/2011 10:20 PM 13824] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/20/2011 8:10 AM 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/20/2011 8:10 AM 88544] R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [1/28/2011 10:19 PM 17408] R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [8/11/2010 3:57 PM 453120] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 7:35 PM 135664] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 2:53 PM 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 2:52 PM 309744] S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [11/5/2003 1:11 PM 17920] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/20/2011 8:10 AM 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/20/2011 8:10 AM 84264] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 2:53 PM 72176] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 2:52 PM 1083888] --- Other Services/Drivers In Memory --- *Deregistered* - mfeavfk01 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2011-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] 2011-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 00:35] 2011-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 00:35] 2011-02-07 c:\windows\Tasks\User_Feed_Synchronization-{0B7B97B6-9006-4B05-88C6-072708A98218}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://att.net mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: {A8BC5EDF-FB4E-4453-B759-4AF3281FDE02} - hxxps://s2.ebridge-solutions.com/ebridge/3.0/retrieve/eBridgeViewer.CAB FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\fqg82241.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-07 17:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-270226397-3807691631-2548794811-1010\Software\SecuROM\License information*] "datasecu"=hex:cc,9a,3a,f7,53,f6,b5,72,04,72,b1,2c,6e,db,56,3d,ca,10,40,97,c4, 32,bf,e2,1c,04,51,92,e2,ed,b5,15,a4,4e,b7,af,52,95,a7,bf,bc,94,2b,bb,85,0e,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 [HKEY_USERS\S-1-5-21-270226397-3807691631-2548794811-1012\Software\SecuROM\License information*] "datasecu"=hex:c0,3f,d1,95,2a,5a,b5,97,da,cf,40,56,05,cd,84,5c,96,75,bc,2b,4a, 27,16,ef,54,7e,5f,21,9f,88,a0,b3,5f,27,73,a2,82,59,19,79,65,e6,88,e3,e7,86,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1220) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\program files\McAfee\SiteAdvisor\saHook.dll - - - - - - - > 'explorer.exe'(3088) c:\windows\system32\WININET.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2011-02-07 17:12:30 ComboFix-quarantined-files.txt 2011-02-07 22:12 Pre-Run: 75,571,499,008 bytes free Post-Run: 75,611,070,464 bytes free - - End Of File - - 0BCA04FCD992CB6215B00E37DD98196D comboFix_log.txt

Instructions were had to be run as administrator- I ended up changing user profile to allow administrator priveleges , to run as admnistrator . (I probably could have done that to get ComcoFix to run?) Sorry for delay ( scan took 2 hours!) Here's the log, nothing reported to be found on final screen martInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=87ebb99ef978c7418f9c66f6000ac17f # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-02-06 10:48:05 # local_time=2011-02-06 05:48:05 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5121 16777189 100 75 568117 9601450 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=171011 # found=0 # cleaned=0 # scan_time=7769

Will not allow me to move ComboFix to C: drive- in this user account. Also, will not show C: in address bar, as it does in pic on your post. " Access denied"

OK- tried running combo fix When running as this user, would not allow program to run- Tried again, and chose the option in the message box to run (in that user profile)and log in as administrator. Program started, but stopped after a few seconds with message: " Were you trying to run CF script? The name, CF script, appears to be incorrectly spelt" I clicked OK, box closed, but so did the program.

Ran defooger program in that profile, message showed that "defogger ran to completion, but one or more errors showed occurred, see defogger disable log" Log below: defogger_disable by jpshortstuff (23.02.10.1) Log created at 23:59 on 05/02/2011 (Mark) Checking for autostart values... HKCU\~\Run values retrieved. Unable to open HKLM\~\Run key (5) HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Here is MBAM log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5684 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/5/2011 11:58:22 PM mbam-log-2011-02-05 (23-58-22).txt Scan type: Quick scan Objects scanned: 165937 Time elapsed: 6 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here is the DDS text DDS (Ver_10-12-12.02) - NTFSx86 Run by Mark at 0:04:43.93 on Sun 02/06/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.530 [GMT -5:00] AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* ============== Running Processes =============== svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\SOUNDMAN.EXE C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Documents and Settings\Mark\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://att.net uWindow Title = Windows Internet Explorer provided by Yahoo! uDefault_Page_URL = hxxp://att.net mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110120081025.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [HPHmon06] c:\windows\system32\hphmon06.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [PS2] c:\windows\system32\ps2.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [HPUsageTrackingLEDM] "c:\program files\hp\hp ut ledm\bin\hppusg.exe" "c:\program files\hp\hp ut ledm\" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\mark\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {A8BC5EDF-FB4E-4453-B759-4AF3281FDE02} - hxxps://s2.ebridge-solutions.com/ebridge/3.0/retrieve/eBridgeViewer.CAB DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxsrvc.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\mark\applic~1\mozilla\firefox\profiles\fqg82241.default\ FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - component: c:\program files\youtube downloader toolbar\ff\components\youtubedownloaderToolbarFF.dll FF - component: c:\program files\youtube downloader toolbar\ssff\components\SearchSettingsFF.dll FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-19 64160] R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-20 386840] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-20 84072] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-10-15 136192] R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\hp\hp laserjet m1210 mfp series\ReceiveFaxUtility.exe [2009-11-20 245760] R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-1-28 99896] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-8-12 203280] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-20 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-20 271480] R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-20 271480] R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-20 171168] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-20 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-20 141792] R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-20 55840] R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [2011-1-28 13824] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-20 152960] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-20 52104] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-20 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-20 88544] R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-1-28 17408] R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2010-8-11 453120] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744] S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [2003-11-5 17920] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-20 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-20 84264] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888] =============== Created Last 30 ================ 2011-02-06 02:47:23 -------- d-----w- c:\docume~1\mark\applic~1\Malwarebytes 2011-02-06 01:02:27 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-06 01:02:27 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-06 01:02:27 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-01-31 19:06:45 -------- d-----w- c:\program files\MSECache 2011-01-29 04:18:37 -------- d-----w- c:\program files\Readiris Pro 12 2011-01-29 03:25:02 -------- d-----w- c:\program files\Yahoo! 2011-01-29 03:19:38 81920 ----a-r- c:\windows\system32\mvusbews.dll 2011-01-29 03:19:38 17408 ----a-r- c:\windows\system32\drivers\mvusbews.sys 2011-01-29 03:19:38 1112288 ----a-r- c:\windows\system32\WdfCoInstaller01007.dll 2011-01-29 03:15:20 99896 ----a-r- c:\windows\system32\HPSIsvc.exe 2011-01-29 03:13:33 316416 ----a-r- c:\windows\system32\Difxapi.dll 2011-01-29 03:13:33 284160 ----a-r- c:\windows\system32\mvhlewsi.dll 2011-01-20 13:10:25 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-01-20 13:10:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll 2011-01-20 13:10:16 141792 ----a-w- c:\windows\system32\mfevtps.exe 2011-01-20 13:10:11 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-01-20 13:10:11 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-01-20 13:10:11 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-01-20 13:10:11 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-01-20 13:10:11 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-01-20 13:10:11 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-01-20 13:10:11 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-01-20 13:10:11 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-01-20 13:10:11 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-01-18 02:59:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2011-01-18 02:48:51 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-01-12 19:45:58 -------- d-----w- C:\SBS 2011-01-09 05:41:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment 2011-01-08 22:49:21 -------- d-----w- c:\program files\common files\Blizzard Entertainment 2011-01-08 22:49:16 -------- d-----w- c:\program files\World of Warcraft ==================== Find3M ==================== 2010-11-18 18:12:44 81920 ------w- c:\windows\system32\isign32.dll 2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll ============= FINISH: 0:06:15.21 ===============

OK- everything looked good in the administrator profile, where I ran all the changes discussed so far in the preceding messages- I logged into a different user account on the same computer (other family members), and ran malwarebyte, and it still shows infections with pup.delio will attach the log run from that user profile in next message

Thanks Kenny, Did all of your suggestions, updates, and setting changes. Plan to run scan again indifferent user profiles tomorrow, to be sure I'm not getting reinstalls ( thought I had it clean once yesterday) Will repost tomorrow (either for help, or to thank you again) I appreciate your help!!!

OK Ran ATF Then Malwarebyte No malicious items found, did not ask to reboot here's text of log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5684 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/5/2011 6:55:18 PM mbam-log-2011-02-05 (18-55-18).txt Scan type: Quick scan Objects scanned: 235291 Time elapsed: 6 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Not sure if meant to attach combo fix text or post in reply- here is the text ( I attached it to last reply just in case) ComboFix 11-02-05.01 - Administrator 02/05/2011 13:45:07.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.513 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Search Toolbar c:\program files\Search Toolbar\icon.ico c:\program files\Search Toolbar\SearchToolbarUninstall.exe c:\program files\Search Toolbar\SearchToolbarUpdater.exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 ))))))))))))))))))))))))))))))) . 2011-02-05 18:04 . 2011-02-05 18:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-02-05 15:14 . 2011-02-05 15:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-02-05 15:11 . 2011-02-05 15:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-02-05 15:06 . 2011-02-05 15:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo! 2011-02-05 15:00 . 2011-02-05 18:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2011-02-05 14:59 . 2011-02-05 18:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData 2011-02-03 20:39 . 2011-02-03 20:39 -------- d-----w- c:\documents and settings\Mark\Application Data\Yahoo! 2011-02-03 20:37 . 2011-02-03 20:44 -------- d-----w- c:\documents and settings\Mark\Application Data\HPAppData 2011-01-31 19:06 . 2011-01-31 19:06 -------- d-----w- c:\program files\MSECache 2011-01-29 04:18 . 2011-01-29 04:20 -------- d-----w- c:\program files\Readiris Pro 12 2011-01-29 03:25 . 2011-01-29 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2011-01-29 03:25 . 2011-01-29 03:25 -------- d-----w- c:\documents and settings\Mom\Application Data\Yahoo! 2011-01-29 03:25 . 2011-01-29 03:25 -------- d-----w- c:\program files\Yahoo! 2011-01-29 03:22 . 2011-01-30 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2011-01-29 03:19 . 2009-11-20 13:35 81920 ----a-r- c:\windows\system32\mvusbews.dll 2011-01-29 03:19 . 2009-11-20 13:35 17408 ----a-r- c:\windows\system32\drivers\mvusbews.sys 2011-01-29 03:19 . 2009-11-20 10:49 1112288 ----a-r- c:\windows\system32\WdfCoInstaller01007.dll 2011-01-29 03:15 . 2009-12-04 06:49 99896 ----a-r- c:\windows\system32\HPSIsvc.exe 2011-01-29 03:13 . 2009-11-20 13:41 284160 ----a-r- c:\windows\system32\mvhlewsi.dll 2011-01-29 03:13 . 2009-11-20 10:43 316416 ----a-r- c:\windows\system32\Difxapi.dll 2011-01-29 02:52 . 2011-01-29 02:52 -------- d-----w- c:\documents and settings\Mom\Application Data\HP 2011-01-20 13:10 . 2010-10-14 03:28 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-01-20 13:10 . 2010-10-14 03:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll 2011-01-20 13:10 . 2010-10-14 03:28 141792 ----a-w- c:\windows\system32\mfevtps.exe 2011-01-20 13:10 . 2010-10-14 03:28 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-01-20 13:10 . 2010-10-14 03:28 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-01-20 13:10 . 2010-10-14 03:28 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-01-20 13:10 . 2010-10-14 03:28 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-01-20 13:10 . 2010-10-14 03:28 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-01-20 13:10 . 2010-10-14 03:28 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-01-20 13:10 . 2010-10-14 03:28 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-01-20 13:10 . 2010-10-14 03:28 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-01-20 13:10 . 2010-10-14 03:28 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-01-18 02:59 . 2011-01-18 02:59 -------- d-----w- c:\documents and settings\Mom\Application Data\SUPERAntiSpyware.com 2011-01-18 02:59 . 2011-01-18 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-01-18 02:48 . 2011-01-18 02:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-01-13 20:30 . 2011-01-13 20:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2011-01-12 19:45 . 2011-01-12 19:45 -------- d-----w- C:\SBS 2011-01-09 05:41 . 2011-01-09 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2011-01-08 22:49 . 2011-01-09 02:13 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2011-01-08 22:49 . 2011-01-17 01:19 -------- d-----w- c:\program files\World of Warcraft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 23:09 . 2010-03-24 17:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 23:08 . 2010-03-24 17:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-18 18:12 . 2004-08-10 12:00 81920 ------w- c:\windows\system32\isign32.dll 2010-11-09 14:52 . 2004-08-10 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-10-14 03:28 . 2011-01-20 13:10 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-07 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363] "HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112] "SoundMan"="SOUNDMAN.EXE" [2004-10-13 77824] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-04-22 180269] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848] "HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-10-15 30264] c:\documents and settings\Paul\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\Mark\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk backup=c:\windows\pss\Status Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] 2004-06-14 14:28 851968 ------w- c:\program files\Brother\ControlCenter2\brctrcen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2007-08-14 07:44 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2004-04-14 19:46 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] 2007-08-24 19:52 240112 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] 2004-05-25 14:16 49152 ------w- c:\program files\Brother\Brmfl04a\BrStDvPt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-11-10 10:43 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-07-07 01:22 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2005-04-22 01:55 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "HPHUPD06"=c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "AlcWzrd"=ALCWZRD.EXE "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "IndexSearch"=c:\program files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUPnPRenderer10.exe"= "c:\\Program Files\\Roxio\\Creator Classic 10\\Creator10.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/19/2009 11:05 PM 64160] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/20/2011 8:10 AM 84072] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656] R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [10/15/2009 11:13 AM 136192] R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [11/20/2009 2:14 PM 245760] R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [1/28/2011 10:15 PM 99896] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/12/2010 9:44 PM 203280] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/20/2011 8:09 AM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/20/2011 8:09 AM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/20/2011 8:10 AM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/20/2011 8:10 AM 141792] R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 2:52 PM 166384] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/20/2011 8:10 AM 55840] R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [1/28/2011 10:20 PM 13824] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/20/2011 8:10 AM 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/20/2011 8:10 AM 88544] R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [1/28/2011 10:19 PM 17408] R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [8/11/2010 3:57 PM 453120] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 7:35 PM 135664] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 2:53 PM 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 2:52 PM 309744] S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [11/5/2003 1:11 PM 17920] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/20/2011 8:10 AM 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/20/2011 8:10 AM 84264] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 2:53 PM 72176] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 2:52 PM 1083888] --- Other Services/Drivers In Memory --- *Deregistered* - klmd25 *Deregistered* - mfeavfk01 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2011-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] 2011-02-05 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2008-04-26 17:22] 2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 00:35] 2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 00:35] 2011-02-05 c:\windows\Tasks\User_Feed_Synchronization-{0B7B97B6-9006-4B05-88C6-072708A98218}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html DPF: {A8BC5EDF-FB4E-4453-B759-4AF3281FDE02} - hxxps://s2.ebridge-solutions.com/ebridge/3.0/retrieve/eBridgeViewer.CAB FF - ProfilePath - . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-SearchSettings - c:\program files\YouTube Downloader Toolbar\SearchSettings.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-05 13:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-270226397-3807691631-2548794811-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,36,af,c6,da,90,5d,4a,81,ae,92,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,36,af,c6,da,90,5d,4a,81,ae,92,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,36,af,c6,da,90,5d,4a,81,ae,92,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1220) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\igfxsrvc.dll c:\windows\system32\hccutils.DLL . Completion time: 2011-02-05 13:58:53 ComboFix-quarantined-files.txt 2011-02-05 18:58 Pre-Run: 69,136,801,792 bytes free Post-Run: 70,561,226,752 bytes free - - End Of File - - D0CD0A3F650AA9005E2CA2B8A5F21607

Thanks, Kenny Ran combo fix as instructed. Partway through, a message screen came up: "PEV.exe has encountered a problem and needs to close..." I ignored it, as the combo fix program continued to run. I'm attaching the log as text. I don't know if it matters, but computer did not reboot or prompt me to reboot after combofix ran. (I did notice the as the program was running it indicated it deleted some files with "search" in name) Await further instructions. Gdwill combofix_results.txt

Computer infected with whitesmoke toolbar, other trojans. I run malwarebytes, shows programs are removed, but after rebooting, other malware reinstalls ( delio, pup). Have tried instructions in "I'm infected..." The most recent MBAM log is attached ( changes everytime I reboot and run again) Made it though the defogger and DDS steps, but when running gmer, program shut down with message: " A problem has been detected and windows has been shutdown. PFN_LIST_CORRUPT etc below is text file from DDS: DDS (Ver_10-12-12.02) - NTFSx86 Run by Administrator at 11:31:11.43 on Sat 02/05/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.558 [GMT -5:00] AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe C:\WINDOWS\system32\HPSIsvc.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wwSecure.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Canon\CAL\CALMAIN.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCMTR.EXE C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Documents and Settings\Administrator\Desktop\Defogger.exe C:\Documents and Settings\Administrator\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110120081025.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [HPHmon06] c:\windows\system32\hphmon06.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [PS2] c:\windows\system32\ps2.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [<NO NAME>] mRun: [HPUsageTrackingLEDM] "c:\program files\hp\hp ut ledm\bin\hppusg.exe" "c:\program files\hp\hp ut ledm\" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {A8BC5EDF-FB4E-4453-B759-4AF3281FDE02} - hxxps://s2.ebridge-solutions.com/ebridge/3.0/retrieve/eBridgeViewer.CAB DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxsrvc.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-19 64160] R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-20 386840] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-20 84072] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-10-15 136192] R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\hp\hp laserjet m1210 mfp series\ReceiveFaxUtility.exe [2009-11-20 245760] R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-1-28 99896] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-8-12 203280] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-20 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-20 271480] R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-20 271480] R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-20 171168] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-20 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-20 141792] R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-20 55840] R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [2011-1-28 13824] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-20 152960] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-20 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-20 88544] R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-1-28 17408] R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2010-8-11 453120] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744] S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [2003-11-5 17920] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-20 52104] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-20 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-20 84264] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888] =============== Created Last 30 ================ 2011-02-05 15:14:40 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes 2011-02-05 15:11:42 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE 2011-02-05 15:00:06 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Google 2011-01-31 19:06:45 -------- d-----w- c:\program files\MSECache 2011-01-29 04:18:37 -------- d-----w- c:\program files\Readiris Pro 12 2011-01-29 03:25:02 -------- d-----w- c:\program files\Yahoo! 2011-01-29 03:19:38 81920 ----a-r- c:\windows\system32\mvusbews.dll 2011-01-29 03:19:38 17408 ----a-r- c:\windows\system32\drivers\mvusbews.sys 2011-01-29 03:19:38 1112288 ----a-r- c:\windows\system32\WdfCoInstaller01007.dll 2011-01-29 03:15:20 99896 ----a-r- c:\windows\system32\HPSIsvc.exe 2011-01-29 03:13:33 316416 ----a-r- c:\windows\system32\Difxapi.dll 2011-01-29 03:13:33 284160 ----a-r- c:\windows\system32\mvhlewsi.dll 2011-01-20 13:10:25 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-01-20 13:10:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll 2011-01-20 13:10:16 141792 ----a-w- c:\windows\system32\mfevtps.exe 2011-01-20 13:10:11 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-01-20 13:10:11 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-01-20 13:10:11 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-01-20 13:10:11 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-01-20 13:10:11 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-01-20 13:10:11 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-01-20 13:10:11 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-01-20 13:10:11 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-01-20 13:10:11 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-01-18 02:59:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2011-01-18 02:48:51 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-01-12 19:45:58 -------- d-----w- C:\SBS 2011-01-09 05:41:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment 2011-01-08 22:49:21 -------- d-----w- c:\program files\common files\Blizzard Entertainment 2011-01-08 22:49:16 -------- d-----w- c:\program files\World of Warcraft ==================== Find3M ==================== 2010-11-18 18:12:44 81920 ------w- c:\windows\system32\isign32.dll 2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll ============= FINISH: 11:32:27.84 =============== DDS.txt Attach.txt mbam_log_2011_02_05__10_22_29_.txt