Inactive *** 8 steps*** Excel.exe Application Error (0xc0000006) (Logs included)

Status
Not open for further replies.
T

Tazer19Joey

Posts: 32   +0
Hi guys, I keep getting an application error when trying to open Microsoft Excel 2007 in Vista. This porblem seemed to crop up overnight, I have pasted the logs below, REALLY appreciate your time and help with this. Thanks!

MBAM Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

1/6/2011 7:15:07 PM
mbam-log-2011-01-06 (19-15-07).txt

Scan type: Quick scan
Objects scanned: 138834
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 26
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

GMER Log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-06 19:31:13
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST980825AS rev.8.04
Running: hlh6x1u5.exe; Driver: C:\Users\George\AppData\Local\Temp\awliapob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x807070E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0x807070A4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0x807070B8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8070710A]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x807070F6]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x807070CC]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDM Log:

DDS (Ver_10-12-12.02) - NTFSx86
Run by George at 19:33:31.70 on Thu 01/06/2011
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.202 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\runservice.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Tablet.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\system32\Tablet.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\George\Documents\RCA Detective\RCADetective.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\George\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070412
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110106181439.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellTransferAgent] "c:\programdata\dell\transferagent\TransferAgent.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [<NO NAME>]
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\george\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\george\appdata\roaming\micros~1\windows\startm~1\programs\startup\rcadet~1.lnk - c:\users\george\documents\rca detective\RCADetective.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\george\appdata\roaming\mozilla\firefox\profiles\exi50g1f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\SearchHelperExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-20 386840]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-20 64304]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-20 84072]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-11-2 22016]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2007-11-29 2560]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-20 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-20 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-20 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-20 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-20 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-9-20 141792]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-20 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-20 152960]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-20 313288]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\mcafee\siteadvisor\mcsacore.exe" --> c:\program files\mcafee\siteadvisor\McSACore.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-1-6 38224]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-20 52104]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-20 84264]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]

=============== Created Last 30 ================

2011-01-07 00:16:55 -------- d-----w- c:\users\george\appdata\roaming\Malwarebytes
2011-01-07 00:16:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-07 00:15:59 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-07 00:15:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-07 00:15:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-29 02:58:27 -------- d-----w- c:\program files\PhotoRescue Wizard PC 3.1.11.12024
2010-12-29 02:39:47 67312 ----a-w- c:\windows\UnDeployV.exe
2010-12-29 02:39:47 -------- d-----w- c:\program files\DDR - Memory Card Recovery(Demo)
2010-12-29 02:33:04 44544 ----a-w- c:\windows\system32\Gif89.dll
2010-12-29 02:33:04 28672 ----a-w- c:\windows\system32\DartWeb.oca
2010-12-29 02:33:04 217088 ----a-w- c:\windows\system32\DartSock.dll
2010-12-29 02:33:04 -------- d-----w- c:\program files\Convar
2010-12-29 02:33:03 516784 ----a-r- c:\windows\system32\XceedCry.dll
2010-12-29 02:33:03 118784 ----a-w- c:\windows\system32\DartWeb.dll
2010-12-29 02:32:24 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2010-12-29 02:32:24 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2010-12-29 02:32:23 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2010-12-29 02:32:23 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2010-12-29 02:32:23 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2010-12-29 02:32:21 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2010-12-29 02:32:20 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2010-12-29 01:59:01 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-12-29 00:53:09 -------- d-----w- c:\users\george\Programs
2010-12-10 01:46:01 -------- d-----w- c:\program files\common files\Akamai
2010-12-09 00:41:42 749832 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll

==================== Find3M ====================

2011-01-07 01:20:02 3289 --sha-w- c:\windows\system32\mmf.sys
2010-11-13 00:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-14 03:28:54 141792 ----a-w- c:\windows\system32\mfevtps.exe

============= FINISH: 19:35:33.46 ===============



Thanks again, I do have the attach.txt log if you need it.
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

I do have the attach.txt log if you need it.
Click to expand...
Yes, we do.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I would like to take the time to once again thank you for taking the time and effort to help me out here. Please let me know if I'm putting everything out here the correct order and format so it's as "easy" as possible for you. Thanks again!!
- George

Attach.txt log:

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 4/12/2007 5:52:39 AM
System Uptime: 1/6/2011 7:18:51 PM (0 hours ago)

Motherboard: Dell Inc. | | 0KD882
Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | Microprocessor | 1833/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 62 GiB total, 13.001 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.499 GiB free.
F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0005
Manufacturer: Microsoft
Name: isatap.hsd01.il.hsd1.il.comcast.net.
PNP Device ID: ROOT\*ISATAP\0005
Service: tunnel

==== System Restore Points ===================

RP858: 12/28/2010 8:30:41 PM - Removed PC Inspector smart recovery
RP860: 12/28/2010 8:32:42 PM - Installed PC Inspector smart recovery
RP861: 12/28/2010 8:53:49 PM - Installed Don't Panic - Photo Edition - Lite
RP862: 12/31/2010 10:21:54 PM - Scheduled Checkpoint
RP863: 1/3/2011 12:24:52 AM - Scheduled Checkpoint
RP864: 1/3/2011 10:59:35 PM - Installed Java(TM) 6 Update 23

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
AIM 7
AIM Toolbar
Akamai NetSession Interface
AOL Install
Ask Toolbar
AVS Audio Editor version 5.2
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Banctec Service Agreement
BitTorrent
Canon MP Navigator EX 1.0
Canon MP470 series
Canon MP470 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro Photo XI
Corel Painter Essentials 2
Corel Snapfire Plus
DDR - Memory Card Recovery(Demo) 4.0.1.6
Dell Games
Dell System Customization Wizard
Dell Wireless WLAN Card
DellSupport
Digital Line Detect
Documentation & Support Launcher
Download Updater (AOL LLC)
EarthLink Setup Files
Games, Music, & Photos Launcher
Google Desktop
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Internet Service Offers Launcher
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) SE Runtime Environment 6
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee SecurityCenter
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Diagnostic Tool
Mozilla Firefox (3.6.3)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH Toolbox
NetWaiting
NetZeroInstallers
nik Color Efex Pro 2.0 GE
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
Out of the Park 10
Out of the Park Baseball 9
OutlookAddinSetup
PC Inspector smart recovery
PhotoRescue Wizard PC 3.1.11.12024
Pinnacle Systems USB-2 Device Drivers
PIXMA Extended Survey Program
QuickSet
RCA Detective™ 2.0.0.98
RCA Digital Voice Manager 5.0.3.1
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
ScanSoft OmniPage SE 4
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SigmaTel Audio
Slice Audio File Splitter
Sonic Activation Module
SopCast 1.1.2
Stream Torrent 1.0
Synaptics Pointing Device Driver
Tablet
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
URL Assistant
User's Guides
Veetle TV 0.9.18
Vegas Movie Studio 9.0
vShare Plugin
WavePad Sound Editor
WD SmartWare
WeatherBug
WinAce Archiver
Windows Live ID Sign-in Assistant
XviD MPEG-4 Video Codec
Yahoo! Music Jukebox
YouTube Downloader 2.6.2

==== End Of File ===========================

MBRCheck.txt

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: MM061
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 171):
0x82400000 \SystemRoot\system32\ntkrnlpa.exe
0x827A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80461000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
0x80434000 \SystemRoot\system32\drivers\pci.sys
0x80425000 \SystemRoot\system32\drivers\volmgr.sys
0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8041B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8040B000 \SystemRoot\System32\drivers\mountmgr.sys
0x80404000 \SystemRoot\system32\drivers\intelide.sys
0x807F2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807EB000 \SystemRoot\system32\DRIVERS\pciide.sys
0x807A1000 \SystemRoot\System32\drivers\volmgrx.sys
0x80799000 \SystemRoot\system32\drivers\atapi.sys
0x8077B000 \SystemRoot\system32\drivers\ataport.SYS
0x8074A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8073A000 \SystemRoot\system32\drivers\fileinfo.sys
0x806DD000 \SystemRoot\system32\drivers\mfehidk.sys
0x806C7000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x806BE000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x822FC000 \SystemRoot\system32\drivers\ndis.sys
0x80693000 \SystemRoot\system32\drivers\msrpc.sys
0x8065A000 \SystemRoot\system32\drivers\NETIO.SYS
0x82CF8000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82292000 \SystemRoot\System32\Drivers\ksecdd.sys
0x80624000 \SystemRoot\system32\drivers\volsnap.sys
0x8061C000 \SystemRoot\System32\Drivers\spldr.sys
0x8060D000 \SystemRoot\System32\drivers\partmgr.sys
0x82283000 \SystemRoot\System32\Drivers\mup.sys
0x8225E000 \SystemRoot\System32\drivers\ecache.sys
0x8224D000 \SystemRoot\system32\drivers\disk.sys
0x8222C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80604000 \SystemRoot\system32\drivers\crcdisk.sys
0x87C45000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87D95000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87C37000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x87D9E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8642B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x89F52000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x89493000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x87C50000 \SystemRoot\System32\drivers\watchdog.sys
0x87C25000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8940D000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x87C1A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x89F15000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87C0C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x895EF000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x82EE0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x89F07000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x89EEF000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x89EE1000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x89ECD000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x89E7C000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x89E29000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x89DFE000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8653E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x87C01000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x89402000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x86546000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x89DE6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x86552000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x82EF0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x89530000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x86548000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
0x89DBB000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x89D7B000 \SystemRoot\system32\DRIVERS\storport.sys
0x895E4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x89D64000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x89D59000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x89D36000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x82C79000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x89D23000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x89C74000 \SystemRoot\system32\DRIVERS\termdd.sys
0x86536000 \SystemRoot\system32\DRIVERS\swenum.sys
0x89C4A000 \SystemRoot\system32\DRIVERS\ks.sys
0x89C1C000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0x89C83000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x87C6A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A7CC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x86504000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x86454000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x87D7A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x82E00000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8A719000 \SystemRoot\system32\drivers\stwrt.sys
0x8A639000 \SystemRoot\system32\drivers\portcls.sys
0x8A614000 \SystemRoot\system32\drivers\drmk.sys
0x8A6DC000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8A8FD000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8A849000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x87C77000 \SystemRoot\system32\drivers\modem.sys
0x87DA7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8953E000 \SystemRoot\System32\Drivers\Null.SYS
0x89545000 \SystemRoot\System32\Drivers\Beep.SYS
0x895D6000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x89C00000 \SystemRoot\System32\drivers\vga.sys
0x8B5DF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8646C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x86474000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B5D4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B5C6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x82C88000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B4F1000 \SystemRoot\System32\drivers\tcpip.sys
0x8B4D8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B4C5000 \SystemRoot\system32\drivers\mfetdi2k.sys
0x8B4B0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B49C000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B46A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B423000 \SystemRoot\system32\drivers\afd.sys
0x8B40D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B7F2000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x8B7E4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B7D1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8B796000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x89C8D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B77F000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B75B000 \SystemRoot\system32\drivers\mfeavfk.sys
0x8B6D0000 \SystemRoot\system32\drivers\mfefirek.sys
0x8B68D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x87CAB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x86522000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8649C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8B615000 \SystemRoot\System32\Drivers\fastfat.SYS
0x93C00000 \SystemRoot\System32\win32k.sys
0x89CB5000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C11F000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA4800000 \SystemRoot\System32\TSDDD.dll
0xA4810000 \SystemRoot\System32\cdd.dll
0xA58E5000 \SystemRoot\system32\drivers\luafv.sys
0x8C57C000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x8B646000 \SystemRoot\System32\DLA\DLADResM.SYS
0xA587C000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x87DE7000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x8653C000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x8955A000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x89561000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA5866000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA584F000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA9F72000 \SystemRoot\system32\drivers\spsys.sys
0x82EB0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA9E07000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x86518000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9EDF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAAF97000 \SystemRoot\system32\drivers\HTTP.sys
0xAAEFC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAAEA3000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAAE8F000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAAE6F000 \SystemRoot\system32\drivers\mrxdav.sys
0xAAE51000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAAE18000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAAE06000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAB1DC000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAB18B000 \SystemRoot\System32\DRIVERS\srv.sys
0xAB011000 \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys
0xA631C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAB8E2000 \SystemRoot\system32\drivers\peauth.sys
0x89CAB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8C571000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAB077000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x8CEB8000 \SystemRoot\system32\drivers\cfwids.sys
0xAB0E9000 \SystemRoot\system32\drivers\mfeapfk.sys
0x8C5DF000 \SystemRoot\system32\drivers\mfebopk.sys
0x77460000 \Windows\System32\ntdll.dll

Processes (total 85):
0 System Idle Process
4 System
536 C:\Windows\System32\smss.exe
612 csrss.exe
652 C:\Windows\System32\wininit.exe
664 csrss.exe
696 C:\Windows\System32\services.exe
708 C:\Windows\System32\lsass.exe
716 C:\Windows\System32\lsm.exe
784 C:\Windows\System32\winlogon.exe
904 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\audiodg.exe
1316 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\SLsvc.exe
1376 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\wisptis.exe
1504 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
1596 C:\Windows\System32\svchost.exe
1720 C:\Windows\System32\WLTRYSVC.EXE
1732 C:\Windows\System32\BCMWLTRY.EXE
1812 C:\Windows\System32\spoolsv.exe
1880 C:\Windows\System32\svchost.exe
604 C:\Windows\System32\svchost.exe
1076 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
1584 C:\Windows\Runservice.exe
776 C:\Windows\System32\mfevtps.exe
1456 C:\Windows\System32\svchost.exe
1496 C:\Windows\System32\PSIService.exe
420 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
2016 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1296 C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
2112 C:\Windows\System32\svchost.exe
2128 C:\Windows\System32\Tablet.exe
2160 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
2176 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2244 C:\Windows\System32\svchost.exe
2264 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2304 C:\Windows\System32\SearchIndexer.exe
2340 C:\Windows\System32\drivers\XAudio.exe
2356 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2384 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2480 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
3024 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3476 C:\Windows\System32\taskeng.exe
3496 C:\Windows\System32\wisptis.exe
3524 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
3624 C:\Windows\System32\WTablet\TabUserW.exe
3696 C:\Windows\System32\Tablet.exe
3712 C:\Windows\System32\dwm.exe
3756 C:\Windows\explorer.exe
2368 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3148 C:\Windows\System32\hkcmd.exe
2436 C:\Windows\System32\igfxpers.exe
2312 C:\Windows\System32\WLTRAY.EXE
1412 C:\Windows\sttray.exe
3036 C:\Program Files\Dell\MediaDirect\PCMService.exe
4012 C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
3472 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1116 C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
184 C:\Program Files\McAfee.com\Agent\mcagent.exe
3704 C:\Program Files\Windows Sidebar\sidebar.exe
3072 C:\Windows\ehome\ehtray.exe
2792 C:\ProgramData\Dell\TransferAgent\TransferAgent.exe
4084 C:\Program Files\Windows Media Player\wmpnscfg.exe
3008 C:\Program Files\Digital Line Detect\DLG.exe
1932 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2224 C:\Users\George\Documents\RCA Detective\RCADetective.exe
3460 C:\Windows\ehome\ehmsas.exe
2284 C:\Program Files\Windows Media Player\wmpnetwk.exe
5264 C:\Program Files\Internet Explorer\iexplore.exe
5276 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
5360 C:\Windows\System32\taskeng.exe
5400 C:\Program Files\Internet Explorer\iexplore.exe
5668 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
4108 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
5512 C:\Windows\System32\wuauclt.exe
3436 C:\Program Files\Internet Explorer\iexplore.exe
4220 taskeng.exe
5544 C:\Windows\System32\SearchProtocolHost.exe
5820 C:\Windows\System32\SearchFilterHost.exe
3520 C:\Users\George\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive0 Model Number: ST980825AS, Rev: 8.04

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

ComboFix.txt

ComboFix 11-01-07.01 - George 01/07/2011 13:46:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.329 [GMT -6:00]
Running from: c:\users\George\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.2.inf
c:\windows\system32\logs

.
((((((((((((((((((((((((( Files Created from 2010-12-07 to 2011-01-07 )))))))))))))))))))))))))))))))
.

2011-01-07 20:00 . 2011-01-07 20:00 -------- d-----w- c:\users\George\AppData\Local\temp
2011-01-07 19:37 . 2011-01-07 19:40 -------- d-----w- C:\32788R22FWJFW
2011-01-07 00:16 . 2011-01-07 00:16 -------- d-----w- c:\users\George\AppData\Roaming\Malwarebytes
2011-01-07 00:16 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-07 00:15 . 2011-01-07 00:15 -------- d-----w- c:\programdata\Malwarebytes
2011-01-07 00:15 . 2011-01-07 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-07 00:15 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-29 02:58 . 2010-12-29 02:58 -------- d-----w- c:\program files\PhotoRescue Wizard PC 3.1.11.12024
2010-12-29 02:39 . 2010-12-29 02:39 -------- d-----w- c:\program files\DDR - Memory Card Recovery(Demo)
2010-12-29 02:39 . 2010-07-01 09:32 67312 ----a-w- c:\windows\UnDeployV.exe
2010-12-29 02:33 . 2010-12-29 02:33 -------- d-----w- c:\program files\Convar
2010-12-29 02:33 . 2002-04-12 19:19 28672 ----a-w- c:\windows\system32\DartWeb.oca
2010-12-29 02:33 . 2002-02-28 15:46 217088 ----a-w- c:\windows\system32\DartSock.dll
2010-12-29 02:33 . 1998-06-14 04:53 44544 ----a-w- c:\windows\system32\Gif89.dll
2010-12-29 02:33 . 2003-07-18 19:58 516784 ----a-r- c:\windows\system32\XceedCry.dll
2010-12-29 02:33 . 2002-02-21 16:12 118784 ----a-w- c:\windows\system32\DartWeb.dll
2010-12-29 02:32 . 2002-12-05 20:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-12-29 02:32 . 2002-12-02 19:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-12-29 02:32 . 2002-12-05 20:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-12-29 02:32 . 2002-12-02 21:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-12-29 02:32 . 2002-12-02 19:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-12-29 02:32 . 2010-12-29 02:32 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-12-29 02:32 . 2010-12-29 02:32 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-12-29 01:59 . 1998-06-18 06:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-12-29 00:53 . 2010-12-30 02:14 -------- d-----w- c:\users\George\Programs
2010-12-10 01:46 . 2011-01-07 19:33 -------- d-----w- c:\program files\Common Files\Akamai
2010-12-09 00:41 . 2010-12-09 00:41 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 00:53 . 2010-11-28 21:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-14 03:28 . 2010-09-20 21:21 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-14 03:28 . 2010-09-20 21:21 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-10-14 03:28 . 2010-09-20 21:21 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-14 03:28 . 2010-09-20 21:21 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-14 03:28 . 2010-09-20 21:21 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-14 03:28 . 2010-09-20 21:21 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-10-14 03:28 . 2010-09-20 21:21 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-14 03:28 . 2010-09-20 21:21 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-14 03:28 . 2010-09-20 21:21 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-10-14 03:28 . 2010-09-20 21:21 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-14 03:28 . 2010-09-20 21:21 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-14 04:28 . 2010-09-20 21:21 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-30 03:55 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-30 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-30 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DellTransferAgent"="c:\programdata\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-10-13 184320]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
RCA Detective.lnk - c:\users\George\Documents\RCA Detective\RCADetective.exe [2010-2-10 1069056]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-12 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^George^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^George^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^swarmcast.lnk]
path=c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\swarmcast.lnk
backup=c:\windows\pss\swarmcast.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-03-05 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-04-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Painter Essentials 21a]
2004-03-18 19:38 733184 ----a-w- c:\program files\Corel\Corel Painter Essentials 2\registration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-11-12 07:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-04-18 00:29 220160 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2010-09-30 18:10 1193848 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2007-08-29 16:55 1347584 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2007-11-30 2560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-21 38224]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 84264]
R3 vidcap;vidcap;c:\windows\system32\DRIVERS\vidcap.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-14 64304]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-14 84072]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-14 141792]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 98304]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 313288]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\exi50g1f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
AddRemove-HDMI - c:\windows\system32\igxpun.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\George\AppData\Roaming\Macromedia\Flash Player\



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-07 14:00
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-07 14:05:12
ComboFix-quarantined-files.txt 2011-01-07 20:05

Pre-Run: 13,714,526,208 bytes free
Post-Run: 14,002,835,456 bytes free

- - End Of File - - D5D97CD8B714AEA99A70607C98B325E3
 
I don't see anything malicious in your logs.

Did you try to reinstall Office?
 
I have not tried to re-install yet. I will do so once I have access to the office disk, everything looks good otherwise? Thanks.
 
I re installed Microsoft Office, and it looks like Excel is now working. However, when I uninstalled Microsoft Office I had to reboot. When I tried to reboot I got the dreaded blue screen. So I had to restart which I did, then I re installed office and it looks like it is functioning. Thanks!
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
836
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back