MyStart Incredibar and some other oddities

[ToasterOven]

I was basted with several infections today, most of which I think I have taken care of but I can't seem to get rid of the MyStart in my browsers. Additionally, now I can't turn my firewall on or even view the settings for it. I think the firewall thing is a result of Smart Fortress. Another interesting note is that I can't do a system restore. I can pick restore points but all of them fail. Any help would be greatly appreciated.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

Actiontec Gateway

Activation Assistant for the 2007 Microsoft Office suites

Ad-Aware

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Community Help

Adobe Creative Suite 5 Master Collection

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Help Center 1.0

Adobe Media Player

Adobe Photoshop CS2

Adobe Reader 8.3.1

Adobe Shockwave Player

Adobe Stock Photos 1.0

AIO_Scan

Amazon Kindle

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bing Bar

Bing Rewards Client Installer

BlackBerry Desktop Software 5.0.1

BlackBerry Device Software v5.0.0 for the BlackBerry 9700 smartphone

BlackBerry® Media Sync

Bonjour

Broadcom 802.11 Wireless LAN Adapter

BufferChm

C4200

C4200_doccd

c4200_Help

calibre

Cards_Calendar_OrderGift_DoMorePlugout

Celestia 1.6.0

Cisco Clean Access Agent

Compatibility Pack for the 2007 Office system

Copy

Coupon Printer for Windows

CustomerResearchQFolder

CyberLink YouCam

Defraggler

Destination Component

DeviceDiscovery

DeviceManagementQFolder

Diet Analysis Plus 8.0

DivX Converter

DivX Setup

DocProc

DocProcQFolder

DVD Suite

EA Link

eSupportQFolder

EZ Vinyl Converter 2.0.0 by MixMeister

ffdshow (remove only)

Galactic Civilizations II - Ultimate Edition

Google Chrome

Google Earth Plug-in

Google Update Helper

Graboid Video 1.71

Hauppauge MCE XP/Vista Software Encoder (2.0.25149)

Hewlett-Packard Active Check

Hewlett-Packard Asset Agent for Health Check

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hoyle Casino 2009

HP Active Support Library

HP Customer Experience Enhancements

HP Customer Participation Program 9.0

HP Deskjet 3050A J611 series Basic Device Software

HP Deskjet 3050A J611 series Help

HP Deskjet 3050A J611 series Product Improvement Study

HP Doc Viewer

HP Easy Setup - Frontend

HP Help and Support

HP Imaging Device Functions 9.0

HP OCR Software 9.0

HP Photo Creations

HP Photosmart All-In-One Software 9.0

HP Photosmart Essential 2.5

HP Quick Launch Buttons 6.30 E1

HP QuickPlay 3.6

HP QuickTouch 1.00 C4

HP Smart Web Printing

HP Solution Center 9.0

HP Total Care Advisor

HP Update

HP User Guides 0087

HP Wireless Assistant

HPNetworkAssistant

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabel_Tattoo

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotoSmartPhotobookHolidayPack1

HPPhotoSmartPhotobookModernPack1

HPPhotoSmartPhotobookPlayfulPack1

HPPhotoSmartPhotobookScrapbookPack1

HPPhotoSmartPhotobookWebPack1

HPProductAssistant

HPSSupply

ImageJ 1.42q

Impulse

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

iTunes

Java Auto Updater

Java 6 Update 2

Java 6 Update 20

LabelPrint

LightScribe System Software 1.10.13.1

LiveUpdate (Symantec Corporation)

Malwarebytes Anti-Malware version 1.61.0.1400

MarketResearch

McAfee Security Scan Plus

McAfee SiteAdvisor

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Motorola SM56 Data Fax Modem

Move Networks Media Player for Internet Explorer

Mozilla ActiveX Control v1.7.12

Mozilla Firefox 11.0 (x86 en-US)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.1

Notepad++

OGA Notifier 2.0.0048.0

PdaNet for Android 3.02

PDF Settings CS5

Power2Go

PowerDirector

PS_AIO_ProductContext

PS_AIO_Software

PS_AIO_Software_min

PSSWCORE

QuickConnect

QuickPlay SlingPlayer 0.4.6

QuickTime

Qwest Installer

Qwest QuickAssist Desktop Tools

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

Realtek High Definition Audio Driver

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Slingbox Flash Tour

SlingPlayer

SolutionCenter

Sony Picture Utility

Status

Synaptics Pointing Device Driver

The Sims™ Life Stories

Toolbox

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.6195

Veoh Web Player Beta

VideoToolkit01

Viewpoint Media Player

Vista Codec Package

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 1.0.1

WeatherBug Gadget

WebReg

Windows Media Player Firefox Plugin

WinRAR archiver

Xvid Video Codec

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20

Run by Owner at 22:58:04 on 2012-05-17

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: H - No File

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: MRI_DISABLED - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"

uRun: [sidebar] "c:\program files\windows sidebar\Sidebar.exe" /autorun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [AdobeBridge]

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [iCMScanner] "c:\users\owner\appdata\local\icm\ICMScanner.exe" /f

mRun: [Malwarebytes' Anti-Malware] "c:\program files\goodbye\mbamgui.exe" /starttray

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{1C11AE53-28A5-4AC7-BA9F-CD4109D7856C} : DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{370220A1-0B7D-4A2E-9D41-2CBA13208D82} : DhcpNameServer = 192.168.0.1 205.171.3.25

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxdev.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\vtyt5k7b.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb119?a=6PQq9dqtIR&i=26

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll

FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc - BRI/1

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQq9dqtIR&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 47f273ef000000000000002637bd3942

FF - user.js: extensions.incredibar_i.hardId - 47f273ef000000000000002637bd3942

FF - user.js: extensions.incredibar_i.instlDay - 15402

FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:40:04

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6PQq9dqtIR

FF - user.js: extensions.incredibar_i.upn2n - 92542473871657649

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10606

FF - user.js: extensions.incredibar_i.ppd - 48

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-05-18 04:52:12 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{47c70d3a-fbdf-4fd2-beb6-d7670e06bccd}\offreg.dll

2012-05-18 03:20:28 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{345c1258-4ff9-4399-9595-9c2b6c19c259}\gapaengine.dll

2012-05-18 03:20:10 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{47c70d3a-fbdf-4fd2-beb6-d7670e06bccd}\mpengine.dll

2012-05-18 03:18:47 -------- d-----w- c:\program files\Microsoft Security Client

2012-05-18 01:53:12 -------- d-----w- c:\users\owner\appdata\local\{2D5DCE10-A08C-11E1-826F-B8AC6F996F26}

2012-05-18 01:53:11 -------- d-----w- c:\users\owner\appdata\local\{2D5D9BAE-A08C-11E1-826F-B8AC6F996F26}

2012-05-17 22:59:35 -------- d-----w- c:\programdata\F4D55F3E00018363000C11D3570F1C8B

2012-05-17 22:59:34 -------- d-----w- c:\users\owner\appdata\local\ICM

2012-04-19 09:02:27 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-04-19 09:02:27 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

.

==================== Find3M ====================

.

2012-05-18 02:21:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-18 02:21:23 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-04 21:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys

2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-03-21 02:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 02:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-03-01 14:46:01 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-01 14:46:01 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll

2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 14:08:47 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-02-29 13:44:50 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-02-29 13:41:40 1069056 ----a-w- c:\windows\system32\DWrite.dll

2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 22:58:46.33 ===============

[Maniac]

Hello ToasterOven and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Please generate your log file in Normal mode, not in Safe Mode.

[ToasterOven]

Thank you Maniac. As far as I am aware, the logs that I posted were generated in normal operating mode. The ones I am posting below were done just prior to this post and were definitely not generated in safe mode. If it is the absence of information in the first few headings (ie. processes, partitions etc.), I noticed that too and am puzzled.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20

Run by Owner at 7:43:56 on 2012-05-18

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: H - No File

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: MRI_DISABLED - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"

uRun: [sidebar] "c:\program files\windows sidebar\Sidebar.exe" /autorun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [AdobeBridge]

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [iCMScanner] "c:\users\owner\appdata\local\icm\ICMScanner.exe" /f

mRun: [Malwarebytes' Anti-Malware] "c:\program files\goodbye\mbamgui.exe" /starttray

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{1C11AE53-28A5-4AC7-BA9F-CD4109D7856C} : DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{370220A1-0B7D-4A2E-9D41-2CBA13208D82} : DhcpNameServer = 192.168.0.1 205.171.3.25

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxdev.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\vtyt5k7b.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb119?a=6PQq9dqtIR&i=26

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll

FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc - BRI/1

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQq9dqtIR&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 47f273ef000000000000002637bd3942

FF - user.js: extensions.incredibar_i.hardId - 47f273ef000000000000002637bd3942

FF - user.js: extensions.incredibar_i.instlDay - 15402

FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:40:04

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6PQq9dqtIR

FF - user.js: extensions.incredibar_i.upn2n - 92542473871657649

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10606

FF - user.js: extensions.incredibar_i.ppd - 48

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-05-18 11:09:03 388096 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-05-18 11:09:00 -------- d-----w- c:\program files\Trend Micro

2012-05-18 04:58:46 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{47c70d3a-fbdf-4fd2-beb6-d7670e06bccd}\MpKsla4cb55df.sys

2012-05-18 04:52:12 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{47c70d3a-fbdf-4fd2-beb6-d7670e06bccd}\offreg.dll

2012-05-18 03:20:28 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{345c1258-4ff9-4399-9595-9c2b6c19c259}\gapaengine.dll

2012-05-18 03:20:10 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{47c70d3a-fbdf-4fd2-beb6-d7670e06bccd}\mpengine.dll

2012-05-18 03:18:47 -------- d-----w- c:\program files\Microsoft Security Client

2012-05-18 01:53:12 -------- d-----w- c:\users\owner\appdata\local\{2D5DCE10-A08C-11E1-826F-B8AC6F996F26}

2012-05-18 01:53:11 -------- d-----w- c:\users\owner\appdata\local\{2D5D9BAE-A08C-11E1-826F-B8AC6F996F26}

2012-05-17 22:59:35 -------- d-----w- c:\programdata\F4D55F3E00018363000C11D3570F1C8B

2012-05-17 22:59:34 -------- d-----w- c:\users\owner\appdata\local\ICM

2012-04-19 09:02:27 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-04-19 09:02:27 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

.

==================== Find3M ====================

.

2012-05-18 02:21:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-18 02:21:23 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-04 21:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys

2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-03-21 02:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 02:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-03-01 14:46:01 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-01 14:46:01 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll

2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 14:08:47 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-02-29 13:44:50 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-02-29 13:41:40 1069056 ----a-w- c:\windows\system32\DWrite.dll

2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 7:44:14.16 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

Actiontec Gateway

Activation Assistant for the 2007 Microsoft Office suites

Ad-Aware

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Community Help

Adobe Creative Suite 5 Master Collection

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Help Center 1.0

Adobe Media Player

Adobe Photoshop CS2

Adobe Reader 8.3.1

Adobe Shockwave Player

Adobe Stock Photos 1.0

AIO_Scan

Amazon Kindle

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bing Bar

Bing Rewards Client Installer

BlackBerry Desktop Software 5.0.1

BlackBerry Device Software v5.0.0 for the BlackBerry 9700 smartphone

BlackBerry® Media Sync

Bonjour

Broadcom 802.11 Wireless LAN Adapter

BufferChm

C4200

C4200_doccd

c4200_Help

calibre

Cards_Calendar_OrderGift_DoMorePlugout

Celestia 1.6.0

Cisco Clean Access Agent

Compatibility Pack for the 2007 Office system

Copy

Coupon Printer for Windows

CustomerResearchQFolder

CyberLink YouCam

Defraggler

Destination Component

DeviceDiscovery

DeviceManagementQFolder

Diet Analysis Plus 8.0

DivX Converter

DivX Setup

DocProc

DocProcQFolder

DVD Suite

EA Link

eSupportQFolder

EZ Vinyl Converter 2.0.0 by MixMeister

ffdshow (remove only)

Galactic Civilizations II - Ultimate Edition

Google Chrome

Google Earth Plug-in

Google Update Helper

Graboid Video 1.71

Hauppauge MCE XP/Vista Software Encoder (2.0.25149)

Hewlett-Packard Active Check

Hewlett-Packard Asset Agent for Health Check

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hoyle Casino 2009

HP Active Support Library

HP Customer Experience Enhancements

HP Customer Participation Program 9.0

HP Deskjet 3050A J611 series Basic Device Software

HP Deskjet 3050A J611 series Help

HP Deskjet 3050A J611 series Product Improvement Study

HP Doc Viewer

HP Easy Setup - Frontend

HP Help and Support

HP Imaging Device Functions 9.0

HP OCR Software 9.0

HP Photo Creations

HP Photosmart All-In-One Software 9.0

HP Photosmart Essential 2.5

HP Quick Launch Buttons 6.30 E1

HP QuickPlay 3.6

HP QuickTouch 1.00 C4

HP Smart Web Printing

HP Solution Center 9.0

HP Total Care Advisor

HP Update

HP User Guides 0087

HP Wireless Assistant

HPNetworkAssistant

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabel_Tattoo

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotoSmartPhotobookHolidayPack1

HPPhotoSmartPhotobookModernPack1

HPPhotoSmartPhotobookPlayfulPack1

HPPhotoSmartPhotobookScrapbookPack1

HPPhotoSmartPhotobookWebPack1

HPProductAssistant

HPSSupply

ImageJ 1.42q

Impulse

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

iTunes

Java Auto Updater

Java 6 Update 2

Java 6 Update 20

LabelPrint

LightScribe System Software 1.10.13.1

LiveUpdate (Symantec Corporation)

Malwarebytes Anti-Malware version 1.61.0.1400

MarketResearch

McAfee Security Scan Plus

McAfee SiteAdvisor

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Motorola SM56 Data Fax Modem

Move Networks Media Player for Internet Explorer

Mozilla ActiveX Control v1.7.12

Mozilla Firefox 11.0 (x86 en-US)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.1

Notepad++

OGA Notifier 2.0.0048.0

PdaNet for Android 3.02

PDF Settings CS5

Power2Go

PowerDirector

PS_AIO_ProductContext

PS_AIO_Software

PS_AIO_Software_min

PSSWCORE

QuickConnect

QuickPlay SlingPlayer 0.4.6

QuickTime

Qwest Installer

Qwest QuickAssist Desktop Tools

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

Realtek High Definition Audio Driver

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Slingbox Flash Tour

SlingPlayer

SolutionCenter

Sony Picture Utility

Status

Synaptics Pointing Device Driver

The Sims™ Life Stories

Toolbox

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.6195

Veoh Web Player Beta

VideoToolkit01

Viewpoint Media Player

Vista Codec Package

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 1.0.1

WeatherBug Gadget

WebReg

Windows Media Player Firefox Plugin

WinRAR archiver

Xvid Video Codec

.

==== End Of File ===========================

[Maniac]

Thanks!

Step 1

I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

• 
  
• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  

Step 2

Please follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=107384

Post the Malwarebytes' Anti-Malware log file in your next reply.

Step 3

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
    

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• OTL log with Extras.txt

[ToasterOven]

Step 1 and 2, check. I can't get OTL to run. When I double click the icon, windows asks for permission, I say allow, and I get the "OTL has stopped working, Windows is checking for a solution. I've tried a fresh download of the program as well to no avail.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.18.09

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

Protection: Enabled

5/18/2012 5:47:38 PM

mbam-log-2012-05-18 (17-47-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 207878

Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[Maniac]

Try with one of those:

http://oldtimer.geekstogo.com/OTL.com

http://oldtimer.geekstogo.com/OTL.scr

[ToasterOven]

The second link doesn't do anything for me except open a blank tab. The first has the same problem as the OTL I already tried. "OTL has stopped working, Windows is checking for a solution."

Could it be connected to a service that might have been altered similar to that of my firewall service?

Just to add some more info, here's a hijackthis log. I know you didn't ask for it but I figure that it can't hurt. FYI, another interesting note is that when I run hijackthis, it thinks that its being run from a read-only device like a CD or a locked floppy.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:53:14 AM, on 5/19/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: (no name) - MRI_DISABLED - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)

O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1684606704-2567105136-2924944818-1000\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun (User '?')

O4 - HKUS\S-1-5-21-1684606704-2567105136-2924944818-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')

O4 - HKUS\S-1-5-21-1684606704-2567105136-2924944818-1000\..\Run: [AdobeBridge] (User '?')

O4 - HKUS\S-1-5-21-1684606704-2567105136-2924944818-1000\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\goodbye\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 8059 bytes

[Maniac]

Boot your system in Safe Mode with Networking and try again with OTL:

http://windows.microsoft.com/en-us/windows-vista/start-your-computer-in-safe-mode

[ToasterOven]

Same problems launching OTC but after I close the window that says it won't run I get a message "error reading Diskpartitioninfo1.active"

[Maniac]

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[ToasterOven]

Sorry for taking so long to get back with this. The wife kinda went into labor and now I'm the proud owner of a little human female.

ComboFix 12-05-22.02 - Owner 05/22/2012 20:27:13.1.2 - x86

Running from: c:\users\Owner\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Owner\AppData\Roaming\MSA

c:\users\Owner\AppData\Roaming\MSA\userid.dat

c:\users\Owner\GoToAssistDownloadHelper.exe

c:\windows\system32\AutoRun.inf

c:\windows\system32\KBL.LOG

c:\windows\system32\SET2B28.tmp

c:\windows\XSxS

.

.

((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))

.

.

2012-05-18 11:09 . 2012-05-18 11:09 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-18 11:09 . 2012-05-18 11:09 -------- d-----w- c:\program files\Trend Micro

2012-05-18 03:18 . 2012-05-18 03:18 -------- d-----w- c:\program files\Microsoft Security Client

2012-05-18 01:53 . 2012-05-18 01:53 -------- d-----w- c:\users\Owner\AppData\Local\{2D5DCE10-A08C-11E1-826F-B8AC6F996F26}

2012-05-18 01:53 . 2012-05-18 01:53 -------- d-----w- c:\users\Owner\AppData\Local\{2D5D9BAE-A08C-11E1-826F-B8AC6F996F26}

2012-05-17 22:59 . 2012-05-18 23:43 -------- d-----w- c:\users\Owner\AppData\Local\ICM

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-18 02:21 . 2012-04-15 13:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-18 02:21 . 2011-08-11 13:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-04 21:56 . 2011-02-21 21:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-21 02:44 . 2012-03-21 02:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 02:44 . 2012-03-21 02:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-03 05:41 . 2012-03-03 05:41 18944 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe

2012-02-29 15:11 . 2012-04-11 09:11 5120 ----a-w- c:\windows\system32\wmi.dll

2012-02-29 15:11 . 2012-04-11 09:11 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 15:09 . 2012-04-11 09:11 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 13:32 . 2012-04-11 09:11 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-02-28 01:18 . 2012-04-11 09:13 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11 . 2012-04-11 09:13 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11 . 2012-04-11 09:13 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03 . 2012-04-11 09:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-03-13 04:39 . 2011-06-16 06:48 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Clean Access Agent.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Clean Access Agent.lnk

backup=c:\windows\pss\Clean Access Agent.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk

backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]

path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

backup=c:\windows\pss\PdaNet Desktop.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]

path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk

backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 03:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 09:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-02-22 10:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2010-03-11 04:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-10-26 07:29 136176 ----atw- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Deskjet 3050A J611 series (NET)]

2011-06-09 01:15 1804648 ----a-w- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-12 04:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-01-06 20:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2007-08-23 23:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2012-04-04 21:56 462408 ----a-w- c:\program files\goodbye\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2012-03-26 23:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-06 00:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QwestTouchPointAgent]

2010-08-27 03:59 45992 ----a-w- c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 17:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2007-08-17 06:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2008-12-16 17:07 3528440 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL60ADD802

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-08-23 23:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-07 14:22]

.

2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-07 14:22]

.

2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1684606704-2567105136-2924944818-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-26 07:29]

.

2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1684606704-2567105136-2924944818-1000UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-26 07:29]

.

2012-05-23 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = <local>

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vtyt5k7b.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb119?a=6PQq9dqtIR&i=26

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 4

FF - user.js: general.useragent.extra.brc - BRI/1

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQq9dqtIR&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 47f273ef000000000000002637bd3942

FF - user.js: extensions.incredibar_i.hardId - 47f273ef000000000000002637bd3942

FF - user.js: extensions.incredibar_i.instlDay - 15402

FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:40

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6PQq9dqtIR

FF - user.js: extensions.incredibar_i.upn2n - 92542473871657649

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10606

FF - user.js: extensions.incredibar_i.ppd - 48

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-AdobeBridge - (no file)

MSConfigStartUp-AntiVirus 2010 - c:\users\Owner\AppData\Roaming\AntiVirus 2010\AntiVirus_Studio_2010.exe

MSConfigStartUp-apron - c:\users\Owner\AppData\Local\Temp\apron.dll

MSConfigStartUp-dcarl - c:\users\Owner\AppData\Local\Temp\dcarl.dll

MSConfigStartUp-dso32 - c:\users\Owner\AppData\Local\Temp\dsoqq.exe

MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

MSConfigStartUp-ISTray - c:\program files\PC Tools Security\pctsGui.exe

MSConfigStartUp-miifvlly - c:\users\Owner\AppData\Local\Temp\shkncjmhn\tgtghhdsika.exe

MSConfigStartUp-o7g1cwwrt8oq - c:\users\Owner\AppData\Roaming\MSA\bbzzkzz16.exe

MSConfigStartUp-SecurityCenter - c:\users\Owner\AppData\Roaming\AntiVirus 2010\securitycenter.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-22 20:37

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2228)

c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\progra~1\mcafee\SITEAD~1\mcsacore.exe

c:\windows\system32\rundll32.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Common Files\supportsoft\bin\sprtlisten.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\goodbye\mbamservice.exe

.

**************************************************************************

.

Completion time: 2012-05-22 20:44:00 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-23 02:43

.

Pre-Run: 73,366,753,280 bytes free

Post-Run: 83,696,230,400 bytes free

.

- - End Of File - - F7393955395B38F0456D3281FE393123

[Maniac]

Congratulations! I wish to you she to be very healthy and make you very happy to you and your wife.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FireFox::
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vtyt5k7b.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb119?a=6PQq9dqtIR&i=26
FF - prefs.js: network.proxy.type - 4
FF - user.js: general.useragent.extra.brc - BRI/1
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQq9dqtIR&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 47f273ef000000000000002637bd3942
FF - user.js: extensions.incredibar_i.hardId - 47f273ef000000000000002637bd3942
FF - user.js: extensions.incredibar_i.instlDay - 15402
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:40
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6PQq9dqtIR
FF - user.js: extensions.incredibar_i.upn2n - 92542473871657649
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 48

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[ToasterOven]

FYI, when ComboFix launched it updated and after it started, it said that Microsoft SE was still running even though I disabled it so I uninstalled it before continuing.

ComboFix 12-05-23.05 - Owner 05/23/2012 18:18:16.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1245 [GMT -6:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

Command switches used :: c:\users\Owner\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))

.

.

2012-05-24 00:25 . 2012-05-24 00:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-18 11:09 . 2012-05-18 11:09 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-18 11:09 . 2012-05-18 11:09 -------- d-----w- c:\program files\Trend Micro

2012-05-18 01:53 . 2012-05-18 01:53 -------- d-----w- c:\users\Owner\AppData\Local\{2D5DCE10-A08C-11E1-826F-B8AC6F996F26}

2012-05-18 01:53 . 2012-05-18 01:53 -------- d-----w- c:\users\Owner\AppData\Local\{2D5D9BAE-A08C-11E1-826F-B8AC6F996F26}

2012-05-17 22:59 . 2012-05-18 23:43 -------- d-----w- c:\users\Owner\AppData\Local\ICM

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-18 02:21 . 2012-04-15 13:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-18 02:21 . 2011-08-11 13:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-04 21:56 . 2011-02-21 21:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-03 05:41 . 2012-03-03 05:41 18944 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe

2012-02-29 15:11 . 2012-04-11 09:11 5120 ----a-w- c:\windows\system32\wmi.dll

2012-02-29 15:11 . 2012-04-11 09:11 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 15:09 . 2012-04-11 09:11 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 13:32 . 2012-04-11 09:11 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-02-28 01:18 . 2012-04-11 09:13 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11 . 2012-04-11 09:13 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11 . 2012-04-11 09:13 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03 . 2012-04-11 09:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-03-13 04:39 . 2011-06-16 06:48 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Clean Access Agent.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Clean Access Agent.lnk

backup=c:\windows\pss\Clean Access Agent.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk

backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]

path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

backup=c:\windows\pss\PdaNet Desktop.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]

path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk

backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 03:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 09:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-02-22 10:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2010-03-11 04:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-10-26 07:29 136176 ----atw- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Deskjet 3050A J611 series (NET)]

2011-06-09 01:15 1804648 ----a-w- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-12 04:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-01-06 20:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2007-08-23 23:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2012-04-04 21:56 462408 ----a-w- c:\program files\goodbye\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-06 00:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QwestTouchPointAgent]

2010-08-27 03:59 45992 ----a-w- c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 17:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2007-08-17 06:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2008-12-16 17:07 3528440 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-08-23 23:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-07 14:22]

.

2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-07 14:22]

.

2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1684606704-2567105136-2924944818-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-26 07:29]

.

2012-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1684606704-2567105136-2924944818-1000UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-26 07:29]

.

2012-05-24 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = <local>

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vtyt5k7b.default\

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-23 18:26

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2872)

c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\progra~1\mcafee\SITEAD~1\mcsacore.exe

c:\windows\system32\rundll32.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Common Files\supportsoft\bin\sprtlisten.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\windows\ehome\ehmsas.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\program files\goodbye\mbamservice.exe

.

**************************************************************************

.

Completion time: 2012-05-23 18:33:21 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-24 00:33

ComboFix2.txt 2012-05-23 02:44

.

Pre-Run: 82,842,882,048 bytes free

Post-Run: 83,399,217,152 bytes free

.

- - End Of File - - 82ABFB3D714DFD485DD36EEF4EC83195

[Maniac]

Very good! Don't forget to install it again.

How are things now?

[ToasterOven]

I still have the incredibar in chrome only. Both IE and FF go straight to my homepage.

[Maniac]

Please try again to re-run OTL and post the log file if you can.

[ToasterOven]

OTL worked this time. Oh Joy!

OTL logfile created on: 5/25/2012 10:21:16 AM - Run 1

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Owner\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.67% Memory free

6.20 Gb Paging File | 4.95 Gb Available in Paging File | 79.86% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 221.18 Gb Total Space | 76.77 Gb Free Space | 34.71% Space Free | Partition Type: NTFS

Drive D: | 11.71 Gb Total Space | 2.03 Gb Free Space | 17.33% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/18 18:01:25 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\goodbye\mbamservice.exe

PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE

PRC - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008/01/20 20:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe

PRC - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe

PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2010/11/08 09:15:40 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll

MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2007/12/19 20:27:04 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\goodbye\mbamservice.exe -- (MBAMService)

SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2008/05/18 12:03:04 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)

SRV - [2008/01/08 12:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)

SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/08/23 13:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)

SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/07/19 11:28:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth)

DRV - [2011/01/12 21:15:08 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2009/04/10 22:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)

DRV - [2007/09/17 17:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007/07/11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)

DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007/03/21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/01/17 07:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

DRV - [2006/11/02 01:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKLM\..\SearchScopes,DefaultScope = {98C5ECE9-8E95-48C4-B2AA-8202E3547581}

IE - HKLM\..\SearchScopes\{7C9B2C5A-9AE0-4DD1-BF28-38E27DA72F33}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKLM\..\SearchScopes\{98C5ECE9-8E95-48C4-B2AA-8202E3547581}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000\..\SearchScopes,DefaultScope = {98C5ECE9-8E95-48C4-B2AA-8202E3547581}

IE - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000\..\SearchScopes\{7C9B2C5A-9AE0-4DD1-BF28-38E27DA72F33}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000\..\SearchScopes\{7D08E343-1F33-418C-8A53-657227F4D4BF}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000\..\SearchScopes\{98C5ECE9-8E95-48C4-B2AA-8202E3547581}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQq9dqtIR&i=26

IE - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006

FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )

FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/27 08:33:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/25 23:13:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/19 03:02:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/10 00:02:07 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008/12/18 02:39:52 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{2D5D9BAE-A08C-11E1-826F-B8AC6F996F26}: C:\Users\Owner\AppData\Local\{2D5D9BAE-A08C-11E1-826F-B8AC6F996F26}\ [2012/05/17 19:53:11 | 000,000,000 | ---D | M]

[2008/12/05 03:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions

[2011/12/30 23:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vtyt5k7b.default\extensions

[2010/10/20 15:20:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vtyt5k7b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/12/30 23:28:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vtyt5k7b.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009/03/27 03:16:05 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vtyt5k7b.default\extensions\moveplayer@movenetworks.com

[2012/03/02 23:39:55 | 000,002,203 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vtyt5k7b.default\searchplugins\MyStart Search.xml

[2012/04/19 03:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/02/27 08:33:17 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

[2012/05/17 19:53:11 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\OWNER\APPDATA\LOCAL\{2D5D9BAE-A08C-11E1-826F-B8AC6F996F26}

[2012/03/12 22:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2010/04/23 17:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

[2012/03/12 22:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/03/02 23:40:34 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

[2012/03/12 22:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)

CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb119/?loc=IB_DS&search={searchTerms}&a=6PQq9dqtIR&i=26

CHR - default_search_provider: suggest_url =

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll

CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: SiteAdvisor = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/23 18:26:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C11AE53-28A5-4AC7-BA9F-CD4109D7856C}: DhcpNameServer = 192.168.0.1 205.171.3.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{370220A1-0B7D-4A2E-9D41-2CBA13208D82}: DhcpNameServer = 192.168.0.1 205.171.3.25

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Owner\Pictures\Alaska 08\pics\DSC00130.JPG

O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\Alaska 08\pics\DSC00130.JPG

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/02/18 00:28:10 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/23 18:33:23 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/05/23 18:26:39 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/05/23 18:14:31 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/05/22 21:20:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Baby

[2012/05/22 20:24:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/05/22 20:24:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/05/22 20:24:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/05/22 20:24:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/05/22 20:24:11 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/05/22 20:14:32 | 004,525,103 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe

[2012/05/19 07:45:00 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com

[2012/05/18 18:01:32 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2012/05/18 05:09:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012/05/18 05:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012/05/17 22:54:41 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com

[2012/05/17 19:53:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2D5DCE10-A08C-11E1-826F-B8AC6F996F26}

[2012/05/17 19:53:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2D5D9BAE-A08C-11E1-826F-B8AC6F996F26}

[2012/05/17 19:44:46 | 000,883,616 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Owner\Desktop\FixExec.exe

[2012/05/17 16:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E00018363000C11D3570F1C8B

[2012/05/17 16:59:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ICM

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/25 10:19:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/25 10:18:08 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1684606704-2567105136-2924944818-1000UA.job

[2012/05/25 10:17:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/25 10:17:55 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job

[2012/05/25 01:51:29 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/25 01:51:29 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/24 21:19:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/05/24 19:45:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1684606704-2567105136-2924944818-1000Core.job

[2012/05/23 22:21:13 | 000,604,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/05/23 22:21:13 | 000,104,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/05/23 22:15:27 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/23 18:26:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/05/23 18:15:42 | 004,525,103 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe

[2012/05/23 18:15:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/05/23 18:04:25 | 000,002,042 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk

[2012/05/23 18:04:25 | 000,002,004 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/05/23 01:33:07 | 000,169,984 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/05/19 07:56:20 | 000,002,483 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk

[2012/05/19 07:44:56 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com

[2012/05/18 18:01:25 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2012/05/17 22:54:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com

[2012/05/17 22:45:22 | 001,402,880 | ---- | M] () -- C:\Users\Owner\Desktop\HijackThis.msi

[2012/05/17 19:44:39 | 000,883,616 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Owner\Desktop\FixExec.exe

[2012/05/17 17:19:29 | 000,006,648 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat

[2012/05/13 03:42:09 | 003,666,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/05/13 03:18:20 | 002,476,250 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/22 20:24:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/05/22 20:24:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/05/22 20:24:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/05/22 20:24:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/05/22 20:24:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/05/19 09:19:41 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys

[2012/05/18 05:09:02 | 000,002,483 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk

[2012/05/17 22:45:23 | 001,402,880 | ---- | C] () -- C:\Users\Owner\Desktop\HijackThis.msi

[2011/12/07 08:53:24 | 004,770,816 | ---- | C] () -- C:\Windows\System32\x264vfw.dll

[2011/07/12 16:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2011/06/08 15:57:22 | 001,929,576 | ---- | C] () -- C:\Windows\System32\HPScanTRDrv_DJ3050A_J611.dll

[2011/03/14 05:26:34 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011/03/14 05:26:34 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011/02/18 21:05:48 | 000,009,622 | -HS- | C] () -- C:\Users\Owner\AppData\Local\m8vi0xb7s6a7oayasu67dcm6rw3l2ey1ta275

[2011/01/04 14:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== LOP Check ==========

[2012/02/11 00:33:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\calibre

[2008/05/19 08:43:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CiscoCAA

[2009/09/06 01:15:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hoyle

[2009/09/05 23:03:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hoyle FaceCreator

[2011/03/02 22:48:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Notepad++

[2009/07/31 21:44:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera

[2009/12/18 17:11:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion

[2009/09/14 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Stardock

[2009/11/30 15:36:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template

[2012/01/12 00:46:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VistaCodecs

[2012/05/23 18:25:17 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DD6DC9BD

< End of report >

[Maniac]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE - HKLM\..\SearchScopes\{7C9B2C5A-9AE0-4DD1-BF28-38E27DA72F33}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
  IE - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000\..\SearchScopes\{7C9B2C5A-9AE0-4DD1-BF28-38E27DA72F33}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
  IE - HKU\S-1-5-21-1684606704-2567105136-2924944818-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQq9dqtIR&i=26
  FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
  [2012/03/02 23:39:55 | 000,002,203 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vtyt5k7b.default\searchplugins\MyStart Search.xml
  CHR - default_search_provider: MyStart Search (Enabled)
  CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb119/?loc=IB_DS&search={searchTerms}&a=6PQq9dqtIR&i=26
  CHR - default_search_provider: suggest_url =
  O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
  
  :Commands
  [emptytemp]
  [clearallrestorepoints]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Please post the OTL fix log in your next reply.
  

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[ToasterOven]

still have incredibar

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7C9B2C5A-9AE0-4DD1-BF28-38E27DA72F33}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C9B2C5A-9AE0-4DD1-BF28-38E27DA72F33}\ not found.

Registry key HKEY_USERS\S-1-5-21-1684606704-2567105136-2924944818-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7C9B2C5A-9AE0-4DD1-BF28-38E27DA72F33}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C9B2C5A-9AE0-4DD1-BF28-38E27DA72F33}\ not found.

Registry key HKEY_USERS\S-1-5-21-1684606704-2567105136-2924944818-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.

Prefs.js: "MyStart Search" removed from browser.search.defaultenginename

File C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vtyt5k7b.default\searchplugins\MyStart Search.xml not found.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Owner

->Temp folder emptied: 1101054316 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 89890823 bytes

->Flash cache emptied: 3555 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 12176 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,136.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.0 log created on 05272012_164945

Files\Folders moved on Reboot...

C:\Users\Owner\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

[LDTate]

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have XP SP3, use the XP SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[LDTate]

Do you still need help with this?

[ToasterOven]

yup, still need the help. The computer seems to be running fine.

ComboFix 12-05-30.04 - Owner 05/30/2012 13:52:35.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.2003 [GMT -6:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))

.

.

2012-05-30 19:59 . 2012-05-30 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-18 11:09 . 2012-05-18 11:09 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-18 11:09 . 2012-05-18 11:09 -------- d-----w- c:\program files\Trend Micro

2012-05-18 01:53 . 2012-05-18 01:53 -------- d-----w- c:\users\Owner\AppData\Local\{2D5DCE10-A08C-11E1-826F-B8AC6F996F26}

2012-05-18 01:53 . 2012-05-18 01:53 -------- d-----w- c:\users\Owner\AppData\Local\{2D5D9BAE-A08C-11E1-826F-B8AC6F996F26}

2012-05-17 22:59 . 2012-05-18 23:43 -------- d-----w- c:\users\Owner\AppData\Local\ICM

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-18 02:21 . 2012-04-15 13:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-18 02:21 . 2011-08-11 13:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-04 21:56 . 2011-02-21 21:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-03 05:41 . 2012-03-03 05:41 18944 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe

2012-03-13 04:39 . 2011-06-16 06:48 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Clean Access Agent.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Clean Access Agent.lnk

backup=c:\windows\pss\Clean Access Agent.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk

backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]

path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

backup=c:\windows\pss\PdaNet Desktop.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]

path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk

backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 03:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 09:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-02-22 10:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2010-03-11 04:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-10-26 07:29 136176 ----atw- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Deskjet 3050A J611 series (NET)]

2011-06-09 01:15 1804648 ----a-w- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-12 04:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-01-06 20:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2007-08-23 23:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2012-04-04 21:56 462408 ----a-w- c:\program files\goodbye\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-06 00:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QwestTouchPointAgent]

2010-08-27 03:59 45992 ----a-w- c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 17:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2007-08-17 06:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2008-12-16 17:07 3528440 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-08-23 23:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-07 14:22]

.

2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-07 14:22]

.

2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1684606704-2567105136-2924944818-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-26 07:29]

.

2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1684606704-2567105136-2924944818-1000UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-26 07:29]

.

2012-05-30 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = <local>

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vtyt5k7b.default\

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-30 13:59

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1824)

c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll

.

Completion time: 2012-05-30 14:01:44

ComboFix-quarantined-files.txt 2012-05-30 20:01

ComboFix2.txt 2012-05-24 00:33

ComboFix3.txt 2012-05-23 02:44

.

Pre-Run: 85,356,589,056 bytes free

Post-Run: 86,680,276,992 bytes free

.

- - End Of File - - 2F22A6C5563C43BEE97CC80E481B58E6

[LDTate]

c:\users\Owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe

That's a new bad guy.

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\users\Owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

[LDTate]

We need to get a copy of it

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

http://forums.malwarebytes.org/index.php?showtopic=110039&st=20

Collect::
c:\users\Owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

[ToasterOven]

I'll keep trying to perform a scan at one of the links you posted but, I'm having issues because I can't see the appdata folder in the owner folder to get further on in the directory tree.

ComboFix 12-05-30.04 - Owner 05/30/2012 17:11:00.4.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1683 [GMT -6:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

Command switches used :: c:\users\Owner\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))

.

.

2012-05-30 23:15 . 2012-05-30 23:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-26 18:08 . 2012-05-26 18:08 -------- d-----w- C:\_OTL

2012-05-18 11:09 . 2012-05-18 11:09 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-18 11:09 . 2012-05-18 11:09 -------- d-----w- c:\program files\Trend Micro

2012-05-18 01:53 . 2012-05-18 01:53 -------- d-----w- c:\users\Owner\AppData\Local\{2D5DCE10-A08C-11E1-826F-B8AC6F996F26}

2012-05-18 01:53 . 2012-05-18 01:53 -------- d-----w- c:\users\Owner\AppData\Local\{2D5D9BAE-A08C-11E1-826F-B8AC6F996F26}

2012-05-17 22:59 . 2012-05-18 23:43 -------- d-----w- c:\users\Owner\AppData\Local\ICM

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-18 02:21 . 2012-04-15 13:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-18 02:21 . 2011-08-11 13:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-04 21:56 . 2011-02-21 21:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-03 05:41 . 2012-03-03 05:41 18944 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe

2012-03-13 04:39 . 2011-06-16 06:48 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Clean Access Agent.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Clean Access Agent.lnk

backup=c:\windows\pss\Clean Access Agent.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk

backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]

path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

backup=c:\windows\pss\PdaNet Desktop.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]

path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk

backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 03:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 09:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-02-22 10:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2010-03-11 04:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-10-26 07:29 136176 ----atw- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Deskjet 3050A J611 series (NET)]

2011-06-09 01:15 1804648 ----a-w- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-12 04:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-01-06 20:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2007-08-23 23:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2012-04-04 21:56 462408 ----a-w- c:\program files\goodbye\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-06 00:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QwestTouchPointAgent]

2010-08-27 03:59 45992 ----a-w- c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 17:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2007-08-17 06:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2008-12-16 17:07 3528440 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-08-23 23:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-07 14:22]

.

2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-07 14:22]

.

2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1684606704-2567105136-2924944818-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-26 07:29]

.

2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1684606704-2567105136-2924944818-1000UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-26 07:29]

.

2012-05-30 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = <local>

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vtyt5k7b.default\

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-30 17:15

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4840)

c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll

.

Completion time: 2012-05-30 17:16:40

ComboFix-quarantined-files.txt 2012-05-30 23:16

ComboFix2.txt 2012-05-30 20:01

ComboFix3.txt 2012-05-24 00:33

ComboFix4.txt 2012-05-23 02:44

.

Pre-Run: 86,714,413,056 bytes free

Post-Run: 86,155,476,992 bytes free

.

- - End Of File - - 07B8CC830B7E5795A31E570F49F699CB