I did the 8 steps to the best of my abilities, I am getting these google redirects after i search, which then starts all these internet explorer pop ups, which is weird because I don't use internet explorer.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5291
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/10/2010 11:13:16 PM
mbam-log-2010-12-10 (23-13-16).txt
Scan type: Quick scan
Objects scanned: 154133
Time elapsed: 10 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-----------------------------------------------------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-10 23:22:10
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST980825 rev.3.12
Running: GMER.exe; Driver: C:\DOCUME~1\Katie\LOCALS~1\Temp\uxkyakoc.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xF72747B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xF7274610]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF7274624]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF727468C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF72746B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF7274726]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF7274710]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xF727473C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF72747F8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF7274766]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7274662]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF72745D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF72745E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF72747CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xF72747A2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF72746FA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF72746E4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF72746A2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xF727478E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xF727477A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xF727464E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF727463A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7274827]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF727480E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF72747E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-12-05.01) - NTFSx86
Run by Katie at 23:23:17.84 on Fri 12/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.331 [GMT -5:00]
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
============== Running Processes ===============
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Katie\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Credential Manager for ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hpq\iam\bin\ItIeAddIN.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\katie\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hpq\iam\bin\AsTsVcc.dll,RegisterModule
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Sec] switchwiz.exe
dRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181924125796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: IfxWlxEN - IfxWlxEN.dll
Notify: igfxcui - igfxdev.dll
Notify: OneCard - c:\program files\hpq\iam\bin\AsWlnPkg.dll
AppInit_DLLs: APSHook.dll perfman.dll comext.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli AsWlnPkg
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\katie\applic~1\mozilla\firefox\profiles\2yug7ubw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=02-07-2010&tb_mrud=02-07-2010
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=02-07-2010&tb_mrud=02-07-2010&query=
FF - component: c:\documents and settings\katie\application data\mozilla\firefox\profiles\2yug7ubw.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\katie\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\katie\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\katie\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPInfotl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\katie\application data\Move Networks
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\katie\applic~1\mozilla\firefox\profiles\2yug7ubw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - c:\docume~1\katie\applic~1\mozilla\firefox\profiles\2yug7ubw.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-10 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-3 343920]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-11-29 36768]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-3-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-10-15 120128]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-3-25 147472]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-3-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-26 70728]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-24 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-6-15 36352]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-3 91832]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-3 43288]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2007-6-15 33024]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-26 66600]
=============== Created Last 30 ================
2010-12-11 03:46:42 -------- d-----w- c:\docume~1\katie\applic~1\Malwarebytes
2010-12-11 03:46:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-11 03:46:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-11 03:46:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-11 03:46:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-11 02:07:45 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-10 23:49:50 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-10 23:49:43 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-10 23:40:45 -------- d-----w- c:\docume~1\katie\locals~1\applic~1\Sunbelt Software
2010-12-10 23:31:25 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-10 21:01:41 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{5edb12c1-4be8-45e8-8b5d-864dd3819694}\mpengine.dll
2010-12-10 19:49:11 477184 --sh--w- c:\windows\system32\perfman.dll
2010-12-10 19:49:02 62464 --sh--w- c:\windows\system32\comext.dll
2010-11-22 16:17:17 -------- d-----w- C:\Quarantine
2010-11-18 02:36:46 -------- d-----w- c:\program files\iPod
2010-11-18 02:36:33 -------- d-----w- c:\program files\iTunes
2010-11-16 13:05:10 -------- d-sh--w- C:\found.001
2010-11-12 20:51:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-12 20:41:55 -------- d-----w- c:\program files\Bonjour
==================== Find3M ====================
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
============= FINISH: 23:25:00.85 ===============
I'm not sure if I was supposed to post the log 'Attach' or not.
Thank you in advance for any help.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5291
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/10/2010 11:13:16 PM
mbam-log-2010-12-10 (23-13-16).txt
Scan type: Quick scan
Objects scanned: 154133
Time elapsed: 10 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-----------------------------------------------------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-10 23:22:10
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST980825 rev.3.12
Running: GMER.exe; Driver: C:\DOCUME~1\Katie\LOCALS~1\Temp\uxkyakoc.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xF72747B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xF7274610]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF7274624]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF727468C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF72746B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF7274726]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF7274710]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xF727473C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF72747F8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF7274766]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7274662]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF72745D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF72745E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF72747CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xF72747A2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF72746FA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF72746E4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF72746A2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xF727478E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xF727477A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xF727464E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF727463A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7274827]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF727480E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF72747E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-12-05.01) - NTFSx86
Run by Katie at 23:23:17.84 on Fri 12/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.331 [GMT -5:00]
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
============== Running Processes ===============
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Katie\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Credential Manager for ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hpq\iam\bin\ItIeAddIN.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\katie\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hpq\iam\bin\AsTsVcc.dll,RegisterModule
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Sec] switchwiz.exe
dRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181924125796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: IfxWlxEN - IfxWlxEN.dll
Notify: igfxcui - igfxdev.dll
Notify: OneCard - c:\program files\hpq\iam\bin\AsWlnPkg.dll
AppInit_DLLs: APSHook.dll perfman.dll comext.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli AsWlnPkg
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\katie\applic~1\mozilla\firefox\profiles\2yug7ubw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=02-07-2010&tb_mrud=02-07-2010
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=02-07-2010&tb_mrud=02-07-2010&query=
FF - component: c:\documents and settings\katie\application data\mozilla\firefox\profiles\2yug7ubw.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\katie\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\katie\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\katie\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPInfotl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\katie\application data\Move Networks
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\katie\applic~1\mozilla\firefox\profiles\2yug7ubw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - c:\docume~1\katie\applic~1\mozilla\firefox\profiles\2yug7ubw.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-10 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-3 343920]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-11-29 36768]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-3-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-10-15 120128]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-3-25 147472]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-3-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-26 70728]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-24 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-6-15 36352]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-3 91832]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-3 43288]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2007-6-15 33024]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-26 66600]
=============== Created Last 30 ================
2010-12-11 03:46:42 -------- d-----w- c:\docume~1\katie\applic~1\Malwarebytes
2010-12-11 03:46:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-11 03:46:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-11 03:46:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-11 03:46:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-11 02:07:45 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-10 23:49:50 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-10 23:49:43 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-10 23:40:45 -------- d-----w- c:\docume~1\katie\locals~1\applic~1\Sunbelt Software
2010-12-10 23:31:25 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-10 21:01:41 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{5edb12c1-4be8-45e8-8b5d-864dd3819694}\mpengine.dll
2010-12-10 19:49:11 477184 --sh--w- c:\windows\system32\perfman.dll
2010-12-10 19:49:02 62464 --sh--w- c:\windows\system32\comext.dll
2010-11-22 16:17:17 -------- d-----w- C:\Quarantine
2010-11-18 02:36:46 -------- d-----w- c:\program files\iPod
2010-11-18 02:36:33 -------- d-----w- c:\program files\iTunes
2010-11-16 13:05:10 -------- d-sh--w- C:\found.001
2010-11-12 20:51:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-12 20:41:55 -------- d-----w- c:\program files\Bonjour
==================== Find3M ====================
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
============= FINISH: 23:25:00.85 ===============
I'm not sure if I was supposed to post the log 'Attach' or not.
Thank you in advance for any help.