Page 1 of 5 12345 LastLast
Results 1 to 10 of 43

Thread: click.GiftLoad Removal

  1. #1
    Junior Member
    Join Date
    Mar 2011
    Posts
    25

    Default click.GiftLoad Removal

    Hello
    I'm unable to remove click.giftload and was hoping you might be able to help me remove it.

    I ran OTL as Admin
    I will post the otl.txt and extras.txt info into two seperate posts below.

    Thanks in advance for your help!
    John

  2. #2
    Junior Member
    Join Date
    Mar 2011
    Posts
    25

    Default

    attached is the otl.txt

  3. #3
    Junior Member
    Join Date
    Mar 2011
    Posts
    25

    Default

    otl.txt
    zipped....

  4. #4
    Junior Member
    Join Date
    Mar 2011
    Posts
    25

    Default

    extras.txt in zipped file attached.

  5. #5
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    If help still needed please run DDS as instructed in our BEFORE you POST (READ this Procedure BEFORE Requesting Assistance) topic and copy-paste contents of those logs back here
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #6
    Junior Member
    Join Date
    Mar 2011
    Posts
    25

    Default

    OK thank you much for your help.
    Below is the DDS.txt information....

    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by John at 12:25:08.85 on Thu 03/31/2011
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.1548 [GMT -4:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: McAfee® Total Protection™ Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee® Total Protection™ Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    FW: McAfee® Total Protection™ Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vcsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Prey\platform\windows\cronsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxcqcoms.exe
    C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
    C:\PROGRA~2\McAfee\MANAGE~1\VScan\McShield.exe
    C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
    C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DigitalPersona\Bin\DPAgent.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
    C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TK03GY23\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\ScriptSn.20100802144004.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    BHO: NitroPDFBHO Class: {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [OwelyQt] C:/Program Files (x86)/Owely/Owely.exe
    mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
    mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    uPolicies-system: WallpaperStyle = 2
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    dPolicies-system: WallpaperStyle = 2
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Save Page As PDF ... - file://C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    IE: {96538116-AB8C-4879-9F21-BD2BFE22A414} - {DC6169B9-3397-4D01-8639-07F1A34BAF99}
    IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //FWEvent.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files (x86)\CoreFTP\pftpns.dll
    LSA: Notification Packages = scecli DPPWDFLT
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
    BHO-X64: DigitalPersona Personal Extension - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\PROGRA~2\McAfee\MANAGE~1\VScan64\SCRIPT~1.DLL
    BHO-X64: scriptproxy - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    mRun-x64: [LXCQCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll,RunDLLEntry
    mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\b2bg0py3.default\
    FF - component: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
    FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\components\McFFPlg.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\John\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-3-25 69376]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-24 55024]
    R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-8-6 308296]
    R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/02 01:48:07];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-11-2 146928]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-11-2 89600]
    R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
    R2 EngineServer;EngineServer;C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe [2009-12-10 14144]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-3-24 1405384]
    R2 lxcq_device;lxcq_device;C:\Windows\system32\lxcqcoms.exe -service --> C:\Windows\system32\lxcqcoms.exe -service [?]
    R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-12-16 222528]
    R2 McShield;McShield;C:\PROGRA~2\McAfee\MANAGE~1\VScan\McShield.exe [2009-12-10 144704]
    R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2009-12-10 282824]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-12-21 1153368]
    R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-7-24 275840]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2009-7-13 1924400]
    R3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;C:\Windows\System32\drivers\AVerBDA716x_x64.sys [2009-11-2 1354880]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 228408]
    R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2010-12-16 21072]
    R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
    R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20 140712]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-3-24 17152]
    R3 MfeAVFK;McAfee Inc. MfeAVFK;C:\Windows\System32\drivers\mfeavfk.sys [2009-8-6 102472]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-6-26 83488]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
    S3 MfeRKDk;McAfee Inc. MfeRKDk;C:\Windows\System32\drivers\mferkdk.sys [2009-8-6 40904]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-11-2 5435904]
    S3 RoxMediaDB11;RoxMediaDB11;C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-5-20 1128944]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-13 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2011-03-31 03:06:25 -------- d-----w- C:\Users\John\AppData\Local\Apple
    2011-03-28 18:41:55 -------- d-----w- C:\Users\John\AppData\Local\Adobe
    2011-03-25 16:49:57 16432 ----a-w- C:\Windows\System32\lsdelete.exe
    2011-03-25 05:14:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-03-25 05:14:53 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-03-25 05:03:32 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    2011-03-25 05:01:41 -------- dc-h--w- C:\PROGRA~3\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
    2011-03-25 05:01:30 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2011-03-23 18:47:38 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-03-23 18:47:37 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-03-23 18:47:37 728024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-03-23 18:47:37 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
    2011-03-23 18:47:37 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2011-03-23 18:47:37 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    2011-03-23 18:47:37 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
    2011-03-23 18:47:37 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
    2011-03-23 18:47:36 1975768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
    2011-03-23 18:47:36 1893336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
    2011-03-23 17:39:05 -------- d-----w- C:\Users\John\AppData\Roaming\TheSage
    2011-03-23 15:30:09 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-03-23 15:06:30 -------- d-----w- C:\Program Files (x86)\Owely
    2011-03-23 14:52:21 -------- d-----w- C:\Users\John\AppData\Roaming\avidemux
    2011-03-23 14:52:03 -------- d-----w- C:\Program Files (x86)\Avidemux 2.5
    2011-03-14 04:20:46 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
    2011-03-14 04:17:12 -------- d-----w- C:\Prey
    2011-03-14 02:33:48 -------- d-----w- C:\Program Files (x86)\Pure Motion
    2011-03-14 02:33:47 -------- d-----w- C:\Program Files (x86)\Sonic Foundry
    2011-03-14 02:33:30 -------- d-----w- C:\Program Files (x86)\DebugMode
    2011-03-10 06:18:32 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2011-03-10 06:18:32 723968 ----a-w- C:\Windows\System32\EncDec.dll
    2011-03-10 06:18:29 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-03-10 06:18:24 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2011-03-10 06:18:22 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
    2011-03-10 06:18:19 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2011-03-10 06:18:14 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
    2011-03-10 06:18:12 1118720 ----a-w- C:\Windows\System32\sbe.dll
    2011-03-10 06:16:11 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2011-03-10 06:16:10 1097216 ----a-w- C:\Windows\System32\mstsc.exe
    2011-03-10 06:16:09 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2011-03-10 06:16:07 3138048 ----a-w- C:\Windows\System32\mstscax.dll
    2011-03-10 03:55:06 -------- d-----w- C:\Program Files\iPod
    2011-03-10 03:55:03 -------- d-----w- C:\Program Files\iTunes
    2011-03-10 03:55:03 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-03-03 03:53:13 -------- d-----w- C:\Users\John\AppData\Local\Sunbelt Software
    .
    ==================== Find3M ====================
    .
    2011-03-23 15:30:10 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2011-02-09 19:24:08 72080 ----a-w- C:\Users\John\g2mdlhlpx.exe
    2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 12:26:31.28 ===============

  7. #7
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Download aswMBR to your desktop. Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan

    On completion of the scan click save log, save it to your desktop and post in your next reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #8
    Junior Member
    Join Date
    Mar 2011
    Posts
    25

    Default

    ok it's attached

  9. #9
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #10
    Junior Member
    Join Date
    Mar 2011
    Posts
    25

    Default

    OK below is the ComboFix log file... And the new DDS.txt pasted below..
    I think I'm now clean (thanks to your help). I ran Spybot Search & Destroy and click.GiftLoad was not found.

    Please let me know if you see anything that doesnt look right.
    And thank you for helping with this! I sincerely appreciate your time and effort


    ComboFix 11-03-30.02 - John 03/31/2011 14:28:34.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2316 [GMT -4:00]
    Running from: c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIZ6K3MZ\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: McAfee® Total Protection™ Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee® Total Protection™ Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: McAfee® Total Protection™ Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Downloaded Installers
    c:\program files (x86)\Downloaded Installers\{DAFFF734-CAF9-4CBE-A6BE-C2E792058D04}\setup.msi
    c:\programdata\ntuser.dat
    c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
    c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
    c:\users\John\g2mdlhlpx.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-31 18:42 . 2011-03-31 18:42 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
    2011-03-31 18:42 . 2011-03-31 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-31 03:06 . 2011-03-31 03:06 -------- d-----w- c:\users\John\AppData\Local\Apple
    2011-03-28 18:41 . 2011-03-29 20:44 -------- d-----w- c:\users\John\AppData\Local\Adobe
    2011-03-27 17:57 . 2011-03-27 17:58 -------- d-----w- c:\programdata\WinZip
    2011-03-25 16:49 . 2011-03-24 08:03 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-03-25 05:15 . 2011-03-25 05:15 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-03-25 05:14 . 2011-02-03 01:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-03-25 05:14 . 2011-02-03 01:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-03-25 05:03 . 2011-03-24 08:03 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-03-25 05:01 . 2011-03-25 05:01 -------- dc-h--w- c:\programdata\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
    2011-03-25 05:01 . 2011-03-25 05:01 -------- d-----w- c:\program files (x86)\Lavasoft
    2011-03-23 18:47 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-03-23 18:47 . 2011-03-18 17:53 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
    2011-03-23 18:47 . 2011-03-18 17:53 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-03-23 18:47 . 2011-03-18 17:53 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
    2011-03-23 18:47 . 2011-03-18 17:53 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
    2011-03-23 18:47 . 2011-03-18 17:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
    2011-03-23 18:47 . 2011-03-18 17:53 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-03-23 18:47 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
    2011-03-23 18:47 . 2011-03-18 17:53 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
    2011-03-23 18:47 . 2011-03-18 17:53 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
    2011-03-23 17:39 . 2011-03-23 17:47 -------- d-----w- c:\users\John\AppData\Roaming\TheSage
    2011-03-23 15:30 . 2011-03-23 15:30 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2011-03-23 15:06 . 2011-03-23 15:06 -------- d-----w- c:\program files (x86)\Owely
    2011-03-23 14:52 . 2011-03-23 14:58 -------- d-----w- c:\users\John\AppData\Roaming\avidemux
    2011-03-23 14:52 . 2011-03-23 14:52 -------- d-----w- c:\program files (x86)\Avidemux 2.5
    2011-03-14 04:20 . 2011-03-31 18:45 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
    2011-03-14 04:17 . 2011-03-14 04:20 -------- d-----w- C:\Prey
    2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\Pure Motion
    2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\Sonic Foundry
    2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\DebugMode
    2011-03-10 06:18 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
    2011-03-10 06:18 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-10 06:18 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-03-10 06:18 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
    2011-03-10 06:18 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-10 06:18 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
    2011-03-10 06:18 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
    2011-03-10 06:18 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
    2011-03-10 06:16 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
    2011-03-10 06:16 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-10 06:16 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
    2011-03-10 06:16 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-10 03:55 . 2011-03-10 03:55 -------- d-----w- c:\program files\iPod
    2011-03-10 03:55 . 2011-03-10 03:56 -------- d-----w- c:\program files\iTunes
    2011-03-10 03:55 . 2011-03-10 03:56 -------- d-----w- c:\program files (x86)\iTunes
    2011-03-03 03:53 . 2011-03-03 03:53 -------- d-----w- c:\users\John\AppData\Local\Sunbelt Software
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-14 16:16 . 2010-01-29 15:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2011-03-14 16:15 . 2010-02-15 06:07 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-03-14 16:14 . 2010-11-13 05:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-03-14 16:13 . 2009-12-26 00:19 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-03-11 16:47 . 2009-12-13 01:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-03-11 16:37 . 2009-12-13 01:23 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-03-11 16:36 . 2010-10-12 17:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-01-08 03:21 . 2011-01-08 03:21 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
    2011-01-08 03:21 . 2009-12-13 01:23 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-01-07 08:06 . 2011-02-09 16:34 46080 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 07:27 . 2011-02-09 16:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-01-07 05:49 . 2011-02-09 16:34 366080 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-07 05:33 . 2011-02-09 16:34 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
    2011-01-05 04:00 . 2011-02-09 16:34 3127808 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OwelyQt"="C:" [X]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
    "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "MVS Splash"="c:\program files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-07-24 476480]
    "DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "WallpaperStyle"= 2
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 135664]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 RoxMediaDB11;RoxMediaDB11;c:\program files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-05-20 1128944]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/02 01:48];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-24 04:45 146928]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
    S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
    S2 EngineServer;EngineServer;c:\program files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe [2009-12-15 14144]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-03-24 1405384]
    S2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe [2006-12-05 566192]
    S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-12-17 222528]
    S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2010-07-24 282824]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-25 275840]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-13 1924400]
    S3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;c:\windows\system32\DRIVERS\AVerBDA716x_x64.sys [x]
    S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 03:20]
    .
    2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 03:20]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF26184.cfxxe" [X]
    "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [N/A]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520]
    "LXCQCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll" [2006-11-21 31744]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Save Page As PDF ... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //FWEvent.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
    FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\b2bg0py3.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    AddRemove-MVS - c:\progra~2\McAfee\MANAGE~1\Agent\myinx
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\ManagedServices]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\VSCORE]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\progra~2\McAfee\MANAGE~1\VScan\McShield.exe
    c:\program files (x86)\McAfee\MPF\MPFSrv.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-31 15:00:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-31 19:00
    .
    Pre-Run: 168,521,539,584 bytes free
    Post-Run: 167,967,281,152 bytes free
    .
    - - End Of File - - 8D29FB6FDC25D88EBA60A5B7ED267DF6








    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by John at 15:28:47.07 on Thu 03/31/2011
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2032 [GMT -4:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: McAfee® Total Protection™ Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee® Total Protection™ Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    FW: McAfee® Total Protection™ Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vcsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Prey\platform\windows\cronsvc.exe
    C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxcqcoms.exe
    C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
    C:\PROGRA~2\McAfee\MANAGE~1\VScan\McShield.exe
    C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
    C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\DigitalPersona\Bin\DPAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X53JYIGV\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\ScriptSn.20100802144004.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    BHO: NitroPDFBHO Class: {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [OwelyQt] C:/Program Files (x86)/Owely/Owely.exe
    mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
    mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    dPolicies-system: WallpaperStyle = 2
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Save Page As PDF ... - file://C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    IE: {96538116-AB8C-4879-9F21-BD2BFE22A414} - {DC6169B9-3397-4D01-8639-07F1A34BAF99}
    IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //FWEvent.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files (x86)\CoreFTP\pftpns.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
    BHO-X64: DigitalPersona Personal Extension - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\PROGRA~2\McAfee\MANAGE~1\VScan64\SCRIPT~1.DLL
    BHO-X64: scriptproxy - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    mRun-x64: [LXCQCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll,RunDLLEntry
    mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\b2bg0py3.default\
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\John\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-3-25 69376]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-24 55024]
    R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-8-6 308296]
    R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/02 01:48:07];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-11-2 146928]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-11-2 89600]
    R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
    R2 EngineServer;EngineServer;C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe [2009-12-10 14144]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-3-24 1405384]
    R2 lxcq_device;lxcq_device;C:\Windows\system32\lxcqcoms.exe -service --> C:\Windows\system32\lxcqcoms.exe -service [?]
    R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-12-16 222528]
    R2 McShield;McShield;C:\PROGRA~2\McAfee\MANAGE~1\VScan\McShield.exe [2009-12-10 144704]
    R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2009-12-10 282824]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-12-21 1153368]
    R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-7-24 275840]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2009-7-13 1924400]
    R3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;C:\Windows\System32\drivers\AVerBDA716x_x64.sys [2009-11-2 1354880]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 228408]
    R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2010-12-16 21072]
    R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
    R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20 140712]
    R3 MfeAVFK;McAfee Inc. MfeAVFK;C:\Windows\System32\drivers\mfeavfk.sys [2009-8-6 102472]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-6-26 83488]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
    S3 MfeRKDk;McAfee Inc. MfeRKDk;C:\Windows\System32\drivers\mferkdk.sys [2009-8-6 40904]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-11-2 5435904]
    S3 RoxMediaDB11;RoxMediaDB11;C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-5-20 1128944]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-13 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2011-03-31 18:46:07 -------- d-----w- C:\$RECYCLE.BIN
    2011-03-31 18:24:22 98816 ----a-w- C:\Windows\sed.exe
    2011-03-31 18:24:22 89088 ----a-w- C:\Windows\MBR.exe
    2011-03-31 18:24:22 256512 ----a-w- C:\Windows\PEV.exe
    2011-03-31 18:24:22 161792 ----a-w- C:\Windows\SWREG.exe
    2011-03-31 03:06:25 -------- d-----w- C:\Users\John\AppData\Local\Apple
    2011-03-28 18:41:55 -------- d-----w- C:\Users\John\AppData\Local\Adobe
    2011-03-25 16:49:57 16432 ----a-w- C:\Windows\System32\lsdelete.exe
    2011-03-25 05:14:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-03-25 05:14:53 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-03-25 05:03:32 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    2011-03-25 05:01:41 -------- dc-h--w- C:\PROGRA~3\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
    2011-03-25 05:01:30 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2011-03-23 18:47:38 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-03-23 18:47:37 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-03-23 18:47:37 728024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-03-23 18:47:37 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
    2011-03-23 18:47:37 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2011-03-23 18:47:37 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    2011-03-23 18:47:37 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
    2011-03-23 18:47:37 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
    2011-03-23 18:47:36 1975768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
    2011-03-23 18:47:36 1893336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
    2011-03-23 17:39:05 -------- d-----w- C:\Users\John\AppData\Roaming\TheSage
    2011-03-23 15:30:09 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-03-23 15:06:30 -------- d-----w- C:\Program Files (x86)\Owely
    2011-03-23 14:52:21 -------- d-----w- C:\Users\John\AppData\Roaming\avidemux
    2011-03-23 14:52:03 -------- d-----w- C:\Program Files (x86)\Avidemux 2.5
    2011-03-14 04:20:46 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
    2011-03-14 04:17:12 -------- d-----w- C:\Prey
    2011-03-14 02:33:48 -------- d-----w- C:\Program Files (x86)\Pure Motion
    2011-03-14 02:33:47 -------- d-----w- C:\Program Files (x86)\Sonic Foundry
    2011-03-14 02:33:30 -------- d-----w- C:\Program Files (x86)\DebugMode
    2011-03-10 06:18:32 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2011-03-10 06:18:32 723968 ----a-w- C:\Windows\System32\EncDec.dll
    2011-03-10 06:18:29 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-03-10 06:18:24 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2011-03-10 06:18:22 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
    2011-03-10 06:18:19 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2011-03-10 06:18:14 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
    2011-03-10 06:18:12 1118720 ----a-w- C:\Windows\System32\sbe.dll
    2011-03-10 06:16:11 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2011-03-10 06:16:10 1097216 ----a-w- C:\Windows\System32\mstsc.exe
    2011-03-10 06:16:09 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2011-03-10 06:16:07 3138048 ----a-w- C:\Windows\System32\mstscax.dll
    2011-03-10 03:55:06 -------- d-----w- C:\Program Files\iPod
    2011-03-10 03:55:03 -------- d-----w- C:\Program Files\iTunes
    2011-03-10 03:55:03 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-03-03 03:53:13 -------- d-----w- C:\Users\John\AppData\Local\Sunbelt Software
    .
    ==================== Find3M ====================
    .
    2011-03-23 15:30:10 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 15:29:32.64 ===============

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •