All, I have read avidly all posts related to this damn google redirect malware. I have downloaded successfully and run antimalware in safe mode. I have also downloaded and installed Spy Sweeper, BitDefender Anti-Virus 2009, SpyS&D, and Hijackthis. I have also checked using devmgmt.msc. I have also unloaded all Java and installed the most uptodate Java. I am still having problems and would be so very grateful if somebody would mind helping me. Thanks so much in advance!!!! Regards, Darren PS: I am using my laptop for this post but can access the log files to post if required.

This may suspend the redirecting: Click on Start, click Run, and then type devmgmt.msc and click OK On the View menu click on Show hidden devices Browse to Non-Plug and Play Drivers and click the + sign to the left, you should see something like TDSSserv.sys in that list. Highlight that driver and right click on it and select DISABLE - NOT uninstall. Now RESTART your computer. If that did not work boot into Safe Mode with Networking. Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select Safe Mode with Networking, then press "Enter". Choose your usual account. Please download Malwarebytes' Anti-Malware from one of these sites: MalwareBytes1 MalwareBytes2 Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save. 1. Double Click tool.exe to install the application. 2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. 3. If an update is found, it will download and install the latest version. 4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. 5. When the scan is complete, click OK, then Show Results to view the results. 6. Make sure that everything found is checked, and click Remove Selected. 7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. 8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. 9. Copy&Paste the entire report in your next reply. Please download and install the latest version of HijackThis v2.0.2: Download the "HijackThis" Installer from this link: Hijack This 1. Save " HJTInstall.exe" to your desktop. 2. Double click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Thanks so much for your help - I had cleaned before with Anti-Malware and have also added this log file. Malwarebytes' Anti-Malware 1.31 Database version: 1614 Windows 5.1.2600 Service Pack 3 5/01/2009 10:18:35 AM mbam-log-2009-01-05 (10-18-35).txt Scan type: Full Scan (C:\|) Objects scanned: 198645 Time elapsed: 1 hour(s), 39 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: (No malicious items detected) Malwarebytes' Anti-Malware 1.32 Database version: 1616 Windows 5.1.2600 Service Pack 3 5/01/2009 1:25:46 PM mbam-log-2009-01-05 (13-25-46).txt Scan type: Quick Scan Objects scanned: 66791 Time elapsed: 5 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:27:01 PM, on 5/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe C:\WINDOWS\Explorer.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcrobatInfo.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/sam... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin... R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/res... O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- End of file - 9984 bytes

Please download ComboFix to the desktop from one of the following links: Link1 Link 2 Link 3 Combofix is a powerful tool so follow the instructions exactly or you could damage your computer. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results". Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. In your case to run Combofix do the following: 1. Go offline turn off your BitDefender antivirus, Spybot, SpySweeper, Windows Defender and any other antispyware that you may have. 2. Run Combofix and save its log. 3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned. 4. Post the Combofix log. Remember to re-enable the protection again afterwards before connecting to the Internet. Double-click combofix.exe Follow the prompts. (Don't click on the window while the program is running or move the mouse, it will cause your system to hang.) Please post the log it produces.

Jabuck, I followed the recommendations and disabled/removed all the anti-virus and spyware. Everything seemed to be going well until Preparing the Log Report when an Exception Error came up: Preparing Log Report Do not use any programs until ComboFix has finished. Exception Processing Message c00000013 Windows-No Disk Parameters 75b6bf7c 75b6bf7c 75b6bf7c Please help!! DarrenD It asks whether to Cancel Try Again Continue.

Cancel it then navigate to C:\Combofix.txt and see if there is a log. It may be listed as C:\Tool.txt. If not uninstall combofix then redownload it and run it again. Go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Jabuck, I have enclosed the ComboFix file as below. I had to Cancel it a few times but it went out OK without a reload. ComboFix 09-01-02.01 - Dr Darren Delaney 2009-01-05 14:31:23.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.569 [GMT 10:00] Running from: c:\documents and settings\Dr Darren Delaney\My Documents\Personal\ComboFix.exe AV: BitDefender Antivirus *On-access scanning disabled* (Updated) FW: Webroot Internet Security Essentials *disabled* * Created a new restore point [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . [i] ADS - WINDOWS: deleted 0 bytes in 1 streams. [/i] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\INSTALL.LOG c:\windows\IE4 Error Log.txt c:\windows\system32\wdmaud.sys . ((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 ))))))))))))))))))))))))))))))) . 2009-01-05 14:00 . 2009-01-05 13:59 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-05 14:00 . 2009-01-05 13:59 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-05 13:54 . 2009-01-05 13:54 0 --a------ c:\windows\system32\REN2C.tmp 2009-01-05 13:54 . 2009-01-05 13:54 0 --a------ c:\windows\system32\REN2B.tmp 2009-01-05 13:26 . 2009-01-05 13:26 <DIR> d-------- c:\program files\Trend Micro 2009-01-05 11:53 . 2009-01-05 14:08 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-01-05 11:53 . 2009-01-05 14:08 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-05 11:33 . 2009-01-05 11:36 <DIR> d-------- c:\documents and settings\Dr Darren Delaney\.housecall6.6 2009-01-05 11:33 . 2009-01-05 11:33 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-01-05 11:26 . 2009-01-05 11:26 0 --a------ c:\windows\nsreg.dat 2009-01-05 08:21 . 2009-01-05 11:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-05 08:21 . 2009-01-05 08:21 <DIR> d-------- c:\documents and settings\Dr Darren Delaney\Application Data\Malwarebytes 2009-01-05 08:21 . 2009-01-05 08:21 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-05 08:21 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-05 08:21 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-05 00:26 . 2009-01-05 00:26 <DIR> d-------- c:\program files\Webroot 2009-01-05 00:26 . 2009-01-05 00:26 <DIR> d-------- c:\documents and settings\Dr Darren Delaney\Application Data\Webroot 2009-01-05 00:26 . 2009-01-05 00:30 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Webroot 2009-01-05 00:26 . 2008-11-13 17:11 1,553,272 --a------ c:\windows\WRSetup.dll 2009-01-05 00:25 . 2009-01-05 00:55 164 --a--c--- C:\install.dat 2009-01-04 12:44 . 2009-01-04 12:44 <DIR> d-------- c:\program files\Windows Installer Clean Up 2009-01-04 11:25 . 2009-01-04 11:25 <DIR> d-------- c:\program files\Zinek 2009-01-02 17:32 . 2009-01-02 17:32 <DIR> d-------- c:\documents and settings\Dr Darren Delaney\Application Data\Windows Search 2009-01-02 17:25 . 2009-01-02 17:25 <DIR> d-------- c:\documents and settings\Dr Darren Delaney\Application Data\Windows Desktop Search 2009-01-02 17:21 . 2009-01-05 14:21 121 --a------ c:\windows\bdagent.INI 2009-01-02 15:19 . 2009-01-02 15:19 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-01-02 15:18 . 2009-01-02 15:18 <DIR> d-------- c:\windows\system32\GroupPolicy 2009-01-02 15:16 . 2008-03-08 03:02 192,000 --------- c:\windows\system32\dllcache\offfilt.dll 2009-01-02 15:16 . 2008-03-08 03:02 98,304 --------- c:\windows\system32\dllcache\nlhtml.dll 2009-01-02 15:16 . 2008-03-08 03:02 29,696 --------- c:\windows\system32\dllcache\mimefilt.dll 2009-01-02 14:30 . 2009-01-02 14:30 850 --a------ c:\windows\system32\ProductTweaks.xml 2009-01-02 14:30 . 2009-01-02 14:30 385 --a------ c:\windows\system32\user_gensett.xml 2009-01-02 14:26 . 2009-01-02 14:26 <DIR> d-------- c:\program files\BitDefender 2009-01-02 14:26 . 2009-01-02 14:30 <DIR> d----c--- c:\documents and settings\All Users\Application Data\BitDefender 2009-01-02 14:25 . 2009-01-05 14:22 <DIR> d-------- c:\program files\Common Files\BitDefender 2008-12-31 23:59 . 2008-12-31 23:59 24,872 --a------ c:\windows\system32\drivers\ElbyCDIO.sys 2008-12-31 09:53 . 2008-12-31 09:53 103,360 --a------ c:\windows\system32\drivers\AnyDVD.sys 2008-12-31 09:37 . 2008-12-31 09:40 <DIR> d-------- c:\program files\Tansee iPod Transfer 2008-12-06 15:31 . 2008-12-06 15:31 <DIR> d-------- c:\program files\iTunes 2008-12-06 15:31 . 2008-12-06 15:31 <DIR> d-------- c:\program files\iPod 2008-12-06 15:31 . 2008-12-06 15:31 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-06 15:30 . 2008-12-06 15:30 <DIR> d-------- c:\program files\Bonjour . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-05 03:59 --------- d-----w c:\program files\Java 2009-01-05 00:50 --------- dc----w c:\documents and settings\All Users\Application Data\GTek 2009-01-04 14:29 --------- d-----w c:\program files\LogMeIn 2009-01-04 13:45 --------- d-----w c:\program files\Google 2009-01-04 02:43 --------- d-----w c:\program files\MSECache 2009-01-04 02:06 --------- dc----w c:\documents and settings\All Users\Application Data\WinZip 2009-01-02 05:22 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-02 05:18 --------- d-----w c:\program files\Windows Desktop Search 2008-12-28 06:43 --------- d-----w c:\program files\Microsoft Encarta 2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-12-09 22:33 --------- d-----w c:\program files\LogMeIn Ignition 2008-12-06 05:30 --------- d-----w c:\program files\QuickTime 2008-11-24 06:16 --------- d-----w c:\program files\Windows Live 2008-11-22 22:46 --------- d-----w c:\program files\Real 2008-11-22 22:46 --------- d-----w c:\program files\Common Files\xing shared 2008-11-22 22:46 --------- d-----w c:\program files\Common Files\Real 2008-11-19 17:21 93,128 ----a-w c:\windows\system32\ElbyCDIO.dll 2008-11-12 06:02 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys 2008-11-12 06:02 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys 2008-11-12 06:02 170,608 ----a-w c:\windows\system32\drivers\ssidrv.sys 2008-11-09 06:59 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-11-09 06:55 --------- dc----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-11-07 04:23 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys 2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll 2008-10-17 22:22 87,352 ----a-w c:\windows\system32\LMIinit.dll 2008-10-17 22:22 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll 2008-10-17 22:22 28,984 ----a-w c:\windows\system32\LMIport.dll 2008-10-17 22:22 23,736 ----a-w c:\windows\system32\LMImirr.dll 2008-10-17 22:22 10,040 ----a-w c:\windows\system32\LMImirr2.dll 2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-10-16 04:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 04:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 04:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 04:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 04:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 04:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 04:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 04:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 04:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 04:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 04:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 04:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 04:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 04:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 04:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 04:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 04:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe 2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll 2008-09-16 05:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091620080917\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId] @="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}" [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}] 2008-11-13 17:04 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-01 2489280] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-23 185872] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600] "SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2008-11-13 6273400] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-18 08:22 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= wdmaud.sys [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\I:\[u]0[/u]autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 7.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 7.0 Tray Icon.lnk backup=c:\windows\pss\AOL 7.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk backup=c:\windows\pss\Service Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --------- 2008-04-23 02:08 483328 c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2] -----c--- 2005-04-04 18:58 856064 c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] --a------ 2009-01-01 01:24 2489280 c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arucer] --a------ 2007-05-10 08:58 28672 c:\windows\system32\Arucer.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] -----c--- 2005-08-05 23:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 10:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --------- 2005-05-15 04:04 332800 c:\program files\Dell Support\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] -----c--- 2005-05-31 05:33 122941 c:\windows\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] -----c--- 2005-01-27 03:02 86016 c:\program files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2006-04-06 10:51 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] -----c--- 2005-06-17 09:56 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] --a------ 2006-03-01 18:23 40960 c:\program files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-02-28 18:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --------- 2004-07-27 18:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --------- 2004-07-27 18:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXO Auto Loader] --a--c--- 2006-10-02 22:39 94208 c:\windows\MXOALDR.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-02-18 17:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-04-28 17:14 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] --a--c--- 2003-05-08 11:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] --a------ 2006-03-01 18:22 36864 c:\program files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2008-11-23 08:46 214536 c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] -ra------ 2003-10-14 10:22 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-11-23 08:46 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] -----c--- 2005-03-23 02:20 339968 c:\windows\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Fetch\\jre\\bin\\javaw.exe"= "c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.exe"= "c:\\Program Files\\LogMeIn Ignition\\LMIIgnition.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808] R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-06-01 47640] R4 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-01-05 1086840] S3 Navcar;Navman In-car Navigator USB Driver Service;c:\windows\system32\drivers\Navcar.sys [2006-04-24 30329] S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2006-10-06 12192] S3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\drivers\UCharger.sys [2007-05-15 13765] S4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-09-12 12856] S4 LMIRfsClientNP;LMIRfsClientNP; [x] S4 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef086bc1-c3be-11dc-b668-00038a000015}] \Shell\AutoRun\command - i:\logmeinignition\LMIIgnition.exe *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2009-01-04 c:\windows\Tasks\wrSpySweeper_LA07EE87845E444169B3BEFA504C8DD33.job - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11] 2009-01-04 c:\windows\Tasks\wrSpySweeper_LA07EE87845E444169B3BEFA504C8DD33.job - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11] 2009-01-04 c:\windows\Tasks\wrSpySweeper_LA07EE87845E444169B3BEFA504C8DD33.job - a:\","c:\","d:\","e:\","f:\","g:\","H:\" [] . - - - - ORPHANS REMOVED - - - - HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.exe MSConfigStartUp-MaxtorOneTouch - c:\program files\Maxtor\OneTouch\utils\Onetouch.exe MSConfigStartUp-MXOBG - c:\documents and settings\Dr Darren Delaney\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.exe MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6253\SiteAdv.exe MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.au/ uInternet Settings,ProxyOverride = *.local IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html Trusted Zone: *.internet Trusted Zone: *.mcafee.com FF - ProfilePath - c:\documents and settings\Dr Darren Delaney\Application Data\Mozilla\Firefox\Profiles\uurtulkj.default\ FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-05 14:34:30 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\LMIinit.dll . Completion time: 2009-01-05 14:50:50 ComboFix-quarantined-files.txt 2009-01-05 04:50:47 Pre-Run: 150,818,770,944 bytes free Post-Run: 150,998,016,000 bytes free 320 --- E O F --- 2008-12-27 09:37:33