I'm stuck.....

Status
Not open for further replies.
Okay can you go ahead and try running combofix again. Disable Spybot for the time being if it gets in the way.
 
I was able to get the log this time BUT I am now unable to pull up a browser (Ihave tried firefox and IE) so I am now using my daughter's net book (LOL forgive the typos - the keypadj is TINY!!) :)

ComboFix 10-01-04.01 - Medical Transcriptio 01/05/2010 17:31:27.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2002.960 [GMT -5:00]
Running from: c:\users\Medical Transcriptio\Desktop\Combo-Fix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Cheat Engine\dbk32.sys
c:\program files\MalwareRemovalBot\DataBase.ref
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\drivers\H8SRTrbhuwrcrha.sys
c:\windows\system32\H8SRTbpfvtxtpqo.dll
c:\windows\system32\H8SRTbusxguykxb.dll
c:\windows\system32\H8SRTipkipxlofj.dll
c:\windows\system32\H8SRTwxryoxvpgp.dat
c:\windows\system32\srcr.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 22:37 . 2010-01-05 22:37 -------- d-----w- c:\users\Russell\AppData\Local\temp
2010-01-05 22:37 . 2010-01-05 22:37 -------- d-----w- c:\users\Russ\AppData\Local\temp
2010-01-05 22:37 . 2010-01-05 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-05 22:37 . 2010-01-05 22:37 -------- d-----w- c:\users\Cassie\AppData\Local\temp
2010-01-05 18:24 . 2010-01-05 22:37 -------- d-----w- c:\users\Medical Transcriptio\AppData\Local\temp
2010-01-03 15:38 . 2010-01-03 15:38 -------- d-----w- c:\users\Medical Transcriptio\AppData\Local\Apps
2010-01-03 15:19 . 2010-01-03 15:19 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-02 01:20 . 2010-01-02 01:20 -------- dc----w- C:\91f3b0ea281e7577d7ff
2009-12-31 16:03 . 2009-12-31 16:03 -------- d-----w- c:\program files\Trend Micro
2009-12-31 14:43 . 2009-12-31 14:43 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 02:41 . 2009-12-31 02:41 -------- dc----w- C:\d36eaf4d68bef20749ed699a
2009-12-31 02:00 . 2005-12-13 15:38 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-12-31 02:00 . 2005-12-11 16:55 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-12-31 02:00 . 2005-10-21 20:56 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-12-31 02:00 . 2004-10-14 15:29 11904 ----a-w- c:\windows\system32\anio4.sys
2009-12-31 02:00 . 2009-12-31 02:00 -------- d-----w- c:\program files\ANI
2009-12-31 02:00 . 2006-07-21 20:14 196608 ----a-w- c:\windows\system32\WlanApp.dll
2009-12-31 02:00 . 2006-07-05 21:23 663552 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-12-31 02:00 . 2006-04-07 19:40 184320 ----a-w- c:\windows\system32\aIPH.dll
2009-12-31 02:00 . 2005-10-27 13:55 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-12-31 02:00 . 2005-10-19 23:19 57407 ----a-w- c:\windows\system32\ANICtl.dll
2009-12-31 02:00 . 2005-10-19 23:19 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-12-31 02:00 . 2005-10-19 23:19 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-12-31 00:05 . 2009-12-31 00:05 -------- d-----w- c:\program files\Alwil Software
2009-12-30 20:36 . 2009-12-30 20:36 -------- dc----w- C:\55ca3c2950db9fa8c1f60fb8ceba
2009-12-30 20:30 . 2009-12-30 22:10 -------- d-----w- c:\users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot
2009-12-30 02:28 . 2009-12-30 02:28 -------- dc----w- C:\0626a7d6b1686d3664116dc6b72f3d
2009-12-30 01:02 . 2009-12-30 01:02 -------- d-----w- c:\programdata\SiteAdvisor
2009-12-30 00:28 . 2009-12-30 00:28 -------- d-----w- c:\users\Medical Transcriptio\AppData\Roaming\Uniblue
2009-12-29 22:23 . 2009-12-29 22:23 -------- d-----w- c:\program files\SiteAdvisor
2009-12-29 22:22 . 2009-12-29 22:22 108 ----a-w- c:\users\Medical Transcriptio\AppData\Local\fusioncache.dat
2009-12-29 22:22 . 2009-12-31 01:58 -------- d-----w- c:\users\Medical Transcriptio\AppData\Local\ApplicationHistory
2009-12-29 22:19 . 2009-12-31 02:03 -------- d-----w- c:\program files\McAfee
2009-12-29 22:17 . 2009-11-04 21:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-29 22:11 . 2009-12-31 02:03 -------- d-----w- c:\programdata\McAfee
2009-12-29 21:16 . 2009-12-29 21:16 -------- d-----w- c:\users\Medical Transcriptio\AppData\Local\Tific
2009-12-29 21:16 . 2009-12-29 21:16 -------- d-----w- c:\users\Medical Transcriptio\AppData\Roaming\Tific
2009-12-29 21:15 . 2009-12-29 21:15 -------- d-----w- c:\users\Medical Transcriptio\AppData\Roaming\AVG8
2009-12-29 20:56 . 2009-12-29 21:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-29 20:55 . 2009-12-29 21:34 -------- d-----w- c:\programdata\Norton
2009-12-29 20:51 . 2009-12-29 20:57 -------- d-----w- c:\programdata\NortonInstaller
2009-12-29 18:56 . 2009-12-29 18:56 -------- dc----w- C:\8f769eca39453ab529768da9b6f60b2d
2009-12-29 17:56 . 2009-12-29 17:56 -------- dc----w- C:\34df1b089c6347b81781d7728f
2009-12-29 17:03 . 2009-12-29 17:03 -------- dc----w- C:\d240aec59b299a30ff68c9
2009-12-29 16:08 . 2009-12-29 16:09 -------- dc----w- C:\c891f66fbd98def760
2009-12-29 15:59 . 2009-12-31 02:42 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-12-29 15:59 . 2009-12-29 15:59 -------- dc----w- C:\5fa6c63c152843e01729cf3619a0e589
2009-12-29 15:36 . 2010-01-03 00:33 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-29 15:18 . 2009-12-29 15:18 -------- dc----w- C:\4281221f06b1cf30841743
2009-12-29 15:15 . 2009-12-29 15:15 -------- dc----w- C:\0be319f2efcd1b5e6d3413d7
2009-12-29 13:35 . 2009-12-29 13:35 -------- dc----w- C:\b3bf961c2f57de6aacf2a473
2009-12-29 10:04 . 2010-01-02 01:22 871 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-26 22:17 . 2009-12-26 22:17 -------- d-----w- c:\users\Medical Transcriptio\AppData\Roaming\Leadertech
2009-12-14 17:23 . 2009-12-14 17:23 -------- d-----w- c:\users\Medical Transcriptio\Library
2009-12-14 17:22 . 2009-12-14 17:22 -------- d-----w- c:\programdata\Titanium
2009-12-14 17:22 . 2009-12-14 17:22 -------- d-----w- c:\program files\Club Penguin Money Maker
2009-12-14 17:22 . 2009-12-14 17:22 -------- d-----w- c:\users\Medical Transcriptio\AppData\Roaming\Titanium
2009-12-11 08:01 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 08:01 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-11 08:01 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 22:04 . 2008-01-20 18:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-05 18:23 . 2009-04-27 13:48 -------- d-----w- c:\program files\Cheat Engine
2010-01-02 23:08 . 2008-02-29 19:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-31 15:44 . 2008-01-20 18:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-31 15:42 . 2007-12-29 23:56 -------- d-----w- c:\program files\DivX
2009-12-31 15:42 . 2007-12-29 23:56 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-12-31 15:00 . 2007-10-30 11:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 01:52 . 2008-12-20 15:25 -------- d-----w- c:\users\Medical Transcriptio\AppData\Roaming\CyberScrub
2009-12-23 09:31 . 2009-06-20 19:43 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-23 09:31 . 2009-11-25 09:29 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-23 09:31 . 2009-06-20 19:43 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-23 09:31 . 2009-06-20 19:43 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-23 09:31 . 2009-06-20 19:42 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-23 09:31 . 2009-06-20 19:43 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-23 09:30 . 2009-06-20 19:42 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-23 09:30 . 2009-06-20 19:42 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-23 09:30 . 2009-06-20 19:42 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-23 09:30 . 2009-06-20 19:42 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-23 09:30 . 2009-06-20 19:42 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-23 09:30 . 2009-06-20 19:42 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-23 09:30 . 2009-06-20 19:42 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-14 17:23 . 2008-05-11 20:52 -------- d-----w- c:\users\Medical Transcriptio\AppData\Roaming\Apple Computer
2009-12-10 08:05 . 2007-10-30 11:38 -------- d-----w- c:\programdata\Microsoft Help
2009-11-27 22:42 . 2009-11-27 22:42 -------- d-----w- c:\program files\Linksys
2009-11-26 06:59 . 2007-12-29 22:32 103936 ----a-w- c:\users\Russell\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-25 09:25 . 2009-11-25 09:25 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-25 08:12 . 2008-03-24 16:06 103936 ----a-w- c:\users\Medical Transcriptio\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-25 08:04 . 2007-10-30 11:40 -------- d-----w- c:\program files\Microsoft Works
2009-11-13 00:02 . 2009-02-26 23:25 -------- d-----w- c:\program files\Yahoo!
2009-11-12 23:42 . 2009-06-10 13:20 -------- d-----w- c:\program files\Coupons
2009-11-11 13:11 . 2009-11-11 13:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-11-11 13:07 . 2009-11-11 13:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-11-11 13:07 . 2009-11-11 13:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-11 13:02 . 2008-01-16 15:32 -------- d-----w- c:\program files\Zune
2009-11-04 21:54 . 2009-11-04 21:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-03 01:42 . 2009-10-03 04:43 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-25 08:07 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20 . 2009-12-09 23:16 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-09 23:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55 . 2009-12-09 23:16 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-13 23:58 . 2009-10-13 23:58 241664 ----a-w- c:\programdata\Titanium\runtime\win32\0.7.0\template\kboot.exe
2009-10-13 23:58 . 2009-10-13 23:58 241664 ----a-w- c:\programdata\Titanium\runtime\win32\0.7.0\kboot.exe
2009-10-13 23:58 . 2009-10-13 23:58 610304 ----a-w- c:\programdata\Titanium\runtime\win32\0.7.0\installer\Installer.exe
2009-10-13 18:07 . 2009-10-13 18:07 5981184 ----a-w- c:\programdata\Titanium\runtime\win32\0.7.0\WebKit.dll
2009-10-13 17:47 . 2009-10-13 17:47 626688 ----a-w- c:\programdata\Titanium\runtime\win32\0.7.0\Microsoft.VC80.CRT\msvcr80.dll
2009-10-13 17:47 . 2009-10-13 17:47 626688 ----a-w- c:\programdata\Titanium\modules\win32\php\0.7.0\Microsoft.VC80.CRT\msvcr80.dll
2009-10-13 17:47 . 2009-10-13 17:47 548864 ----a-w- c:\programdata\Titanium\runtime\win32\0.7.0\Microsoft.VC80.CRT\msvcp80.dll
2009-10-13 17:47 . 2009-10-13 17:47 548864 ----a-w- c:\programdata\Titanium\modules\win32\php\0.7.0\Microsoft.VC80.CRT\msvcp80.dll
2009-10-13 17:47 . 2009-10-13 17:47 479232 ----a-w- c:\programdata\Titanium\runtime\win32\0.7.0\Microsoft.VC80.CRT\msvcm80.dll
2009-10-13 17:47 . 2009-10-13 17:47 479232 ----a-w- c:\programdata\Titanium\modules\win32\php\0.7.0\Microsoft.VC80.CRT\msvcm80.dll
2009-10-13 17:06 . 2009-10-13 17:06 790016 ----a-w- c:\programdata\Titanium\runtime\win32\0.7.0\JavaScriptCore.dll
2007-10-30 11:10 . 2007-10-30 11:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-05-02 1773568]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-07 408344]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-05-23 677408]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"SetRefresh"="c:\program files\HP\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"HostManager"="c:\program files\Common Files\AOL\1198686107\ee\AOLSoftware.exe" [2007-05-25 42032]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-25 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-25 129560]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-26 1261568]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-09-14 648488]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-01-07 705832]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-23 788880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [11/25/2009 4:30 AM 64288]
R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [10/9/2006 3:31 PM 44720]
R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [6/14/2007 6:22 PM 13184]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [4/18/2007 9:32 PM 39080]
R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [6/13/2007 7:53 PM 5808]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [9/30/2008 3:06 AM 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [9/30/2008 3:06 AM 21504]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [7/9/2007 7:03 PM 221184]
R2 IOPort;IOPort;c:\windows\System32\drivers\IOPORT.SYS [9/20/2004 11:00 AM 6144]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/30/2007 6:44 AM 540184]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [10/30/2007 6:31 AM 2521880]
R3 ndiszapu;IPortent LTD Zapu Service;c:\windows\System32\drivers\ndiszapu.sys [6/20/2009 11:38 PM 26000]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1181328]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\System32\drivers\A5AGU.sys [5/8/2006 6:10 PM 347648]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [11/2/2006 5:25 AM 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 14:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-05 c:\windows\Tasks\NeroLiveEpgUpdate-Christy-PC_Russell.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 17:51]

2010-01-05 c:\windows\Tasks\User_Feed_Synchronization-{287F291C-9DC6-46E8-97FD-FEF76861EFB0}.job
- c:\windows\system32\msfeedssync.exe [2008-09-30 07:33]

2010-01-05 c:\windows\Tasks\User_Feed_Synchronization-{467C3339-6B4F-4E8D-A30F-28B400872803}.job
- c:\windows\system32\msfeedssync.exe [2008-09-30 07:33]

2010-01-05 c:\windows\Tasks\User_Feed_Synchronization-{C5E9871D-6D60-4EB1-9DB8-48047F733DAC}.job
- c:\windows\system32\msfeedssync.exe [2008-09-30 07:33]

2010-01-05 c:\windows\Tasks\User_Feed_Synchronization-{ED685222-1AC4-4F25-AD9D-144AAE95E65F}.job
- c:\windows\system32\msfeedssync.exe [2008-09-30 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/web?o=14482&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Medical Transcriptio\AppData\Roaming\Mozilla\Firefox\Profiles\javw7hc6.default\
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-MSWUpdate - c:\users\Medical Transcriptio\AppData\Roaming\lsass.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-AltoMP3 Gold - c:\program files\AltoMP3 Gold\uninst.exe
AddRemove-Super Collapse! II - g:\docume~1\DOWNLO~1\SUPERC~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 17:37
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

[0] 0x45453D3D

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(652)
c:\windows\SbHpNp.dll

- - - - - - - > 'Explorer.exe'(2304)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
Completion time: 2010-01-05 17:38:58
ComboFix-quarantined-files.txt 2010-01-05 22:38

Pre-Run: 22,059,548,672 bytes free
Post-Run: 22,032,728,064 bytes free

- - End Of File - - D177A0703B2EFA90CB202676457B60A8
 
When trying to open either browser I get the error message:

Illegal operation attempted on a registry key that has been marked for deletion.
 
:) the reboot cleared up the browser loading problem......

Mom works for HP......they had a deal on the computer and MS Office....... LOL but it is a home machine.
 
Very good! :bigthumb:

Well it appears combofix took out the nasty rootkit that was blocking tools. But let's go back and try running GMER again to make sure nothing else is lurking. Instructions back at this post.
 
LOL I should have paid closer attention.......I ran DDS pretty quickly but waited to post until the 2nd one finished. It took forever and then hung up at the end....I'm going to rerun the program and then post the results......

I might not be able to post it until the morning -- it is close to bed time. Going back to work after a week off is kicking my butt! LOL
 
well.......I could only run the program in the safe mode -- otherwise it would crash. As a result it didn't scan nearly as many areas. Just the last 4. Here is what was saved:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-06 19:09:36
Windows 6.0.6001 Service Pack 1
Running: iw8jlrlj.exe; Driver: C:\Users\MEDICA~1\AppData\Local\Temp\kgtdafod.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----
 
Okay I think the rootkit is clear. Not sure what's blocking GMER.

Use ATF Cleaner to remove temp files, cookies, cache, ect...
Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply along with a DDS log.

Let me know how it's running too please.
 
Here is the Malwarebytes log and I'll run DDS next......

Malwarebytes' Anti-Malware 1.43
Database version: 3505
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

1/6/2010 7:59:41 PM
mbam-log-2010-01-06 (19-59-41).txt

Scan type: Quick Scan
Objects scanned: 135840
Time elapsed: 22 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dd140a75-b643-4124-97c5-82ba9de5ee99} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\malwareremovalbot\(default) (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\QuarantineW (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\QuarantineW\2009-02-25 23-22-200 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\QuarantineW\2009-02-25 23-22-200 (Rogue.ErrorFix) -> Files: 553 -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot\Log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot\Settings (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Program Files\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Medical Transcriptio\downloads\WinProtectionUpdate_10.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\resultsw.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-25 23-21-010.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-26 12-00-000.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-26 12-00-001.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-26 23-45-150.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-27 01-04-180.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-27 12-00-000.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-27 12-00-001.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-28 08-36-390.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-28 12-00-000.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\ErrorFix\Logs\2009-02-28 12-00-001.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot\rs.dat (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot\Log\2009 Dec 30 - 03_30_48 PM_711.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot\Log\2009 Dec 30 - 05_04_18 PM_892.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot\Log\2009 Dec 30 - 05_04_27 PM_379.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot\Log\2009 Dec 30 - 05_06_24 PM_146.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Users\Medical Transcriptio\AppData\Roaming\MalwareRemovalBot\Settings\ScanResults.pie (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\windows\System32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
 
Here is the DDS:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Medical Transcriptio at 20:03:42.01 on Wed 01/06/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2002.770 [GMT -5:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Common Files\aol\1198686107\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\windows\System32\igfxtray.exe
C:\windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\ifxuagui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Medical Transcriptio\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/web?o=14482&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [SetRefresh] c:\program files\hp\setrefresh\SetRefresh.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [HostManager] c:\program files\common files\aol\1198686107\ee\AOLSoftware.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = SbHpNp scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\medica~1\appdata\roaming\mozilla\firefox\profiles\javw7hc6.default\
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-25 64288]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-6-14 13184]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-4-18 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-6-13 5808]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-9-30 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-9-30 21504]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-7-9 221184]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [2004-9-20 6144]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-10-30 540184]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-10-30 2521880]
R3 ndiszapu;IPortent LTD Zapu Service;c:\windows\system32\drivers\ndiszapu.sys [2009-6-20 26000]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-5-8 347648]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-29 34248]

=============== Created Last 30 ================

2010-01-07 00:33:59 0 d-----w- c:\users\medica~1\appdata\roaming\Malwarebytes
2010-01-07 00:33:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 00:33:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 00:33:52 0 d-----w- c:\programdata\Malwarebytes
2010-01-07 00:33:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 21:56:29 293376 ----a-w- C:\iw8jlrlj.exe
2010-01-06 11:37:25 225614 ----a-w- c:\users\medical transcriptio\orderform.pdf
2010-01-06 01:28:31 93056 -c--a-w- C:\kgtdafod.sys
2010-01-05 22:38:31 0 dcsh--w- C:\$RECYCLE.BIN
2010-01-05 22:30:28 0 dc----w- C:\Combo-Fix
2010-01-05 18:09:27 98816 ----a-w- c:\windows\sed.exe
2010-01-05 18:09:27 77312 ----a-w- c:\windows\MBR.exe
2010-01-05 18:09:27 261632 ----a-w- c:\windows\PEV.exe
2010-01-05 18:09:27 161792 ----a-w- c:\windows\SWREG.exe
2010-01-03 15:19:43 0 d-----w- c:\programdata\Office Genuine Advantage
2010-01-02 01:20:34 0 dc----w- C:\91f3b0ea281e7577d7ff
2009-12-31 16:03:18 0 d-----w- c:\program files\Trend Micro
2009-12-31 14:43:49 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 02:41:51 0 dc----w- C:\d36eaf4d68bef20749ed699a
2009-12-31 02:00:36 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-12-31 02:00:36 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-12-31 02:00:36 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-12-31 02:00:36 16997 ----a-w- c:\windows\system32\ANIO.VXD
2009-12-31 02:00:36 11904 ----a-w- c:\windows\system32\anio4.sys
2009-12-31 02:00:24 663552 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-12-31 02:00:24 57407 ----a-w- c:\windows\system32\ANICtl.dll
2009-12-31 02:00:24 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-12-31 02:00:24 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-12-31 02:00:24 196608 ----a-w- c:\windows\system32\WlanApp.dll
2009-12-31 02:00:24 184320 ----a-w- c:\windows\system32\aIPH.dll
2009-12-31 02:00:24 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-12-31 02:00:24 0 d-----w- c:\program files\ANI
2009-12-30 20:36:35 0 dc----w- C:\55ca3c2950db9fa8c1f60fb8ceba
2009-12-30 02:28:57 0 dc----w- C:\0626a7d6b1686d3664116dc6b72f3d
2009-12-30 01:02:19 0 d-----w- c:\programdata\SiteAdvisor
2009-12-30 00:28:08 0 d-----w- c:\users\medica~1\appdata\roaming\Uniblue
2009-12-29 22:23:46 0 d-----w- c:\program files\SiteAdvisor
2009-12-29 22:19:48 0 d-----w- c:\program files\McAfee
2009-12-29 22:17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-29 22:11:06 0 d-----w- c:\programdata\McAfee
2009-12-29 21:16:25 0 d-----w- c:\users\medica~1\appdata\roaming\Tific
2009-12-29 21:15:28 0 d-----w- c:\users\medica~1\appdata\roaming\AVG8
2009-12-29 20:56:21 0 d-----w- c:\program files\common files\Symantec Shared
2009-12-29 20:55:55 0 d-----w- c:\programdata\Norton
2009-12-29 20:51:04 0 d-----w- c:\programdata\NortonInstaller
2009-12-29 18:56:31 0 dc----w- C:\8f769eca39453ab529768da9b6f60b2d
2009-12-29 17:56:59 0 dc----w- C:\34df1b089c6347b81781d7728f
2009-12-29 17:03:50 0 dc----w- C:\d240aec59b299a30ff68c9
2009-12-29 16:08:59 0 dc----w- C:\c891f66fbd98def760
2009-12-29 15:59:40 0 d-----w- c:\program files\Microsoft Security Essentials
2009-12-29 15:59:28 0 dc----w- C:\5fa6c63c152843e01729cf3619a0e589
2009-12-29 15:18:13 0 dc----w- C:\4281221f06b1cf30841743
2009-12-29 15:15:33 0 dc----w- C:\0be319f2efcd1b5e6d3413d7
2009-12-29 13:35:48 0 dc----w- C:\b3bf961c2f57de6aacf2a473
2009-12-14 17:23:01 0 d-----w- c:\users\medical transcriptio\Library
2009-12-14 17:22:30 0 d-----w- c:\programdata\Titanium
2009-12-14 17:22:21 0 d-----w- c:\program files\Club Penguin Money Maker
2009-12-14 17:22:01 0 d-----w- c:\users\medica~1\appdata\roaming\Titanium
2009-12-11 08:01:09 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 08:01:03 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 08:01:03 31232 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2009-11-25 09:29:52 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-25 09:29:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-11 13:11:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-11-11 13:07:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-11-11 13:07:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-11 13:02:41 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-11 13:02:41 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-11 13:02:40 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20:19 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2008-10-28 22:56:35 174 --sha-w- c:\program files\desktop.ini
2008-10-28 22:46:49 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-12-26 15:57:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007122620071227\index.dat
2007-12-26 15:57:42 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2007-12-26 15:57:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2007-12-26 15:57:42 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2007-10-30 11:10:46 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:06:05.37 ===============
 
I think one more scan is in order.

I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Please do a scan with Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition
    files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run. (At times it may appear to stall)
    * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/B...ng/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419

In your next reply post:
Kaspersky log
New DDS log taken after the above scan has run
 
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, January 7, 2010
Operating system: Microsoft Windows Vista Business Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, January 07, 2010 01:51:48
Records in database: 3331725
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 163081
Threats found: 5
Infected objects found: 6
Suspicious objects found: 1
Scan duration: 02:11:58


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\windows\System32\H8SRTbusxguykxb.dll.vir Infected: Packed.Win32.TDSS.aa 1
C:\Qoobox\Quarantine\C\windows\System32\H8SRTipkipxlofj.dll.vir Infected: Trojan.Win32.FraudPack.ajss 1
C:\Users\Christy\AppData\Local\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Medical Transcriptio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\650996da-5d146537 Infected: Trojan-Downloader.Java.Agent.ab 1
C:\Users\Medical Transcriptio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\12a49b83-76c33ae4 Infected: Trojan-Downloader.Java.OpenStream.ad 1
C:\Users\Medical Transcriptio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\38c12a4-27ce0356 Infected: Trojan-Downloader.Java.OpenStream.ad 1
C:\Users\Medical Transcriptio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\38c12a4-3ed689a2 Infected: Trojan-Downloader.Java.OpenStream.ad 1

Selected area has been scanned.
 
And here is the DDS. :) Thank you so much for your help!


DDS (Ver_09-12-01.01) - NTFSx86
Run by Medical Transcriptio at 5:12:48.20 on Thu 01/07/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2002.838 [GMT -5:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Common Files\aol\1198686107\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\windows\System32\igfxtray.exe
C:\windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\ifxuagui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Medical Transcriptio\AppData\Local\temp\jkos-Medical Transcriptio\binaries\ScanningProcess.exe
C:\Users\Medical Transcriptio\AppData\Local\temp\jkos-Medical Transcriptio\binaries\ScanningProcess.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\aol\1198686107\ee\anotify.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Medical Transcriptio\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/web?o=14482&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [SetRefresh] c:\program files\hp\setrefresh\SetRefresh.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [HostManager] c:\program files\common files\aol\1198686107\ee\AOLSoftware.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Search - ?p=ZNfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = SbHpNp scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\medica~1\appdata\roaming\mozilla\firefox\profiles\javw7hc6.default\
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-25 64288]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-6-14 13184]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-4-18 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-6-13 5808]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-9-30 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-9-30 21504]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-7-9 221184]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [2004-9-20 6144]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-10-30 540184]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-10-30 2521880]
R3 ndiszapu;IPortent LTD Zapu Service;c:\windows\system32\drivers\ndiszapu.sys [2009-6-20 26000]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-5-8 347648]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-29 34248]

=============== Created Last 30 ================

2010-01-07 00:33:59 0 d-----w- c:\users\medica~1\appdata\roaming\Malwarebytes
2010-01-07 00:33:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 00:33:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 00:33:52 0 d-----w- c:\programdata\Malwarebytes
2010-01-07 00:33:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 21:56:29 293376 ----a-w- C:\iw8jlrlj.exe
2010-01-06 11:37:25 225614 ----a-w- c:\users\medical transcriptio\orderform.pdf
2010-01-06 01:28:31 93056 -c--a-w- C:\kgtdafod.sys
2010-01-05 22:38:31 0 dcsh--w- C:\$RECYCLE.BIN
2010-01-05 22:30:28 0 dc----w- C:\Combo-Fix
2010-01-05 18:09:27 98816 ----a-w- c:\windows\sed.exe
2010-01-05 18:09:27 77312 ----a-w- c:\windows\MBR.exe
2010-01-05 18:09:27 261632 ----a-w- c:\windows\PEV.exe
2010-01-05 18:09:27 161792 ----a-w- c:\windows\SWREG.exe
2010-01-03 15:19:43 0 d-----w- c:\programdata\Office Genuine Advantage
2010-01-02 01:20:34 0 dc----w- C:\91f3b0ea281e7577d7ff
2009-12-31 16:03:18 0 d-----w- c:\program files\Trend Micro
2009-12-31 14:43:49 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 02:41:51 0 dc----w- C:\d36eaf4d68bef20749ed699a
2009-12-31 02:00:36 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-12-31 02:00:36 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-12-31 02:00:36 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-12-31 02:00:36 16997 ----a-w- c:\windows\system32\ANIO.VXD
2009-12-31 02:00:36 11904 ----a-w- c:\windows\system32\anio4.sys
2009-12-31 02:00:24 663552 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-12-31 02:00:24 57407 ----a-w- c:\windows\system32\ANICtl.dll
2009-12-31 02:00:24 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-12-31 02:00:24 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-12-31 02:00:24 196608 ----a-w- c:\windows\system32\WlanApp.dll
2009-12-31 02:00:24 184320 ----a-w- c:\windows\system32\aIPH.dll
2009-12-31 02:00:24 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-12-31 02:00:24 0 d-----w- c:\program files\ANI
2009-12-30 20:36:35 0 dc----w- C:\55ca3c2950db9fa8c1f60fb8ceba
2009-12-30 02:28:57 0 dc----w- C:\0626a7d6b1686d3664116dc6b72f3d
2009-12-30 01:02:19 0 d-----w- c:\programdata\SiteAdvisor
2009-12-30 00:28:08 0 d-----w- c:\users\medica~1\appdata\roaming\Uniblue
2009-12-29 22:23:46 0 d-----w- c:\program files\SiteAdvisor
2009-12-29 22:19:48 0 d-----w- c:\program files\McAfee
2009-12-29 22:17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-29 22:11:06 0 d-----w- c:\programdata\McAfee
2009-12-29 21:16:25 0 d-----w- c:\users\medica~1\appdata\roaming\Tific
2009-12-29 21:15:28 0 d-----w- c:\users\medica~1\appdata\roaming\AVG8
2009-12-29 20:56:21 0 d-----w- c:\program files\common files\Symantec Shared
2009-12-29 20:55:55 0 d-----w- c:\programdata\Norton
2009-12-29 20:51:04 0 d-----w- c:\programdata\NortonInstaller
2009-12-29 18:56:31 0 dc----w- C:\8f769eca39453ab529768da9b6f60b2d
2009-12-29 17:56:59 0 dc----w- C:\34df1b089c6347b81781d7728f
2009-12-29 17:03:50 0 dc----w- C:\d240aec59b299a30ff68c9
2009-12-29 16:08:59 0 dc----w- C:\c891f66fbd98def760
2009-12-29 15:59:40 0 d-----w- c:\program files\Microsoft Security Essentials
2009-12-29 15:59:28 0 dc----w- C:\5fa6c63c152843e01729cf3619a0e589
2009-12-29 15:18:13 0 dc----w- C:\4281221f06b1cf30841743
2009-12-29 15:15:33 0 dc----w- C:\0be319f2efcd1b5e6d3413d7
2009-12-29 13:35:48 0 dc----w- C:\b3bf961c2f57de6aacf2a473
2009-12-14 17:23:01 0 d-----w- c:\users\medical transcriptio\Library
2009-12-14 17:22:30 0 d-----w- c:\programdata\Titanium
2009-12-14 17:22:21 0 d-----w- c:\program files\Club Penguin Money Maker
2009-12-14 17:22:01 0 d-----w- c:\users\medica~1\appdata\roaming\Titanium
2009-12-11 08:01:09 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 08:01:03 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 08:01:03 31232 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2009-11-25 09:29:52 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-25 09:29:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-11 13:11:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-11-11 13:07:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-11-11 13:07:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-11 13:02:41 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-11 13:02:41 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-11 13:02:40 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20:19 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2008-10-28 22:56:35 174 --sha-w- c:\program files\desktop.ini
2008-10-28 22:46:49 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-12-26 15:57:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007122620071227\index.dat
2007-12-26 15:57:42 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2007-12-26 15:57:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2007-12-26 15:57:42 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2007-10-30 11:10:46 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 5:14:04.23 ===============
 
Status
Not open for further replies.
Back
Top