*** 8 steps*** Excel.exe Application Error (0xc0000006) (Logs included)

Inactive
By Tazer19Joey
Jan 6, 2011
Topic Status:
Not open for further replies.
  1. Hi guys, I keep getting an application error when trying to open Microsoft Excel 2007 in Vista. This porblem seemed to crop up overnight, I have pasted the logs below, REALLY appreciate your time and help with this. Thanks!

    MBAM Log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5363

    Windows 6.0.6000
    Internet Explorer 8.0.6001.18904

    1/6/2011 7:15:07 PM
    mbam-log-2011-01-06 (19-15-07).txt

    Scan type: Quick scan
    Objects scanned: 138834
    Time elapsed: 5 minute(s), 27 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 26
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 7
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    GMER Log:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-06 19:31:13
    Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST980825AS rev.8.04
    Running: hlh6x1u5.exe; Driver: C:\Users\George\AppData\Local\Temp\awliapob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x807070E0]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0x807070A4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0x807070B8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8070710A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x807070F6]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x807070CC]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    DDM Log:

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by George at 19:33:31.70 on Thu 01/06/2011
    Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_23
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.202 [GMT -6:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Windows\runservice.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\PSIService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Tablet.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\WTablet\TabUserW.exe
    C:\Windows\system32\Tablet.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Windows\sttray.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\ProgramData\Dell\TransferAgent\TransferAgent.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Users\George\Documents\RCA Detective\RCADetective.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\George\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
    uWindow Title = Internet Explorer provided by Dell
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070412
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110106181439.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
    TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [DellTransferAgent] "c:\programdata\dell\transferagent\TransferAgent.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [SigmatelSysTrayApp] sttray.exe
    mRun: [<NO NAME>]
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
    mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\george\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\users\george\appdata\roaming\micros~1\windows\startm~1\programs\startup\rcadet~1.lnk - c:\users\george\documents\rca detective\RCADetective.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\george\appdata\roaming\mozilla\firefox\profiles\exi50g1f.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
    FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\SearchHelperExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============

    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-20 386840]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-20 64304]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-20 84072]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-11-2 22016]
    R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2007-11-29 2560]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-20 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-20 271480]
    R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-20 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-20 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-20 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-9-20 141792]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-20 55840]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-20 152960]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-20 313288]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\mcafee\siteadvisor\mcsacore.exe" --> c:\program files\mcafee\siteadvisor\McSACore.exe [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-1-6 38224]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-20 52104]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-20 84264]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]

    =============== Created Last 30 ================

    2011-01-07 00:16:55 -------- d-----w- c:\users\george\appdata\roaming\Malwarebytes
    2011-01-07 00:16:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-07 00:15:59 -------- d-----w- c:\progra~2\Malwarebytes
    2011-01-07 00:15:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-07 00:15:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-29 02:58:27 -------- d-----w- c:\program files\PhotoRescue Wizard PC 3.1.11.12024
    2010-12-29 02:39:47 67312 ----a-w- c:\windows\UnDeployV.exe
    2010-12-29 02:39:47 -------- d-----w- c:\program files\DDR - Memory Card Recovery(Demo)
    2010-12-29 02:33:04 44544 ----a-w- c:\windows\system32\Gif89.dll
    2010-12-29 02:33:04 28672 ----a-w- c:\windows\system32\DartWeb.oca
    2010-12-29 02:33:04 217088 ----a-w- c:\windows\system32\DartSock.dll
    2010-12-29 02:33:04 -------- d-----w- c:\program files\Convar
    2010-12-29 02:33:03 516784 ----a-r- c:\windows\system32\XceedCry.dll
    2010-12-29 02:33:03 118784 ----a-w- c:\windows\system32\DartWeb.dll
    2010-12-29 02:32:24 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
    2010-12-29 02:32:24 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
    2010-12-29 02:32:23 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
    2010-12-29 02:32:23 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
    2010-12-29 02:32:23 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
    2010-12-29 02:32:21 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
    2010-12-29 02:32:20 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
    2010-12-29 01:59:01 89360 ----a-w- c:\windows\system32\VB5DB.DLL
    2010-12-29 00:53:09 -------- d-----w- c:\users\george\Programs
    2010-12-10 01:46:01 -------- d-----w- c:\program files\common files\Akamai
    2010-12-09 00:41:42 749832 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll

    ==================== Find3M ====================

    2011-01-07 01:20:02 3289 --sha-w- c:\windows\system32\mmf.sys
    2010-11-13 00:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-14 03:28:54 141792 ----a-w- c:\windows\system32\mfevtps.exe

    ============= FINISH: 19:35:33.46 ===============



    Thanks again, I do have the attach.txt log if you need it.
  2. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    Yes, we do.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. Tazer19Joey

    Tazer19Joey Newcomer, in training Topic Starter Posts: 32

    I would like to take the time to once again thank you for taking the time and effort to help me out here. Please let me know if I'm putting everything out here the correct order and format so it's as "easy" as possible for you. Thanks again!!
    - George

    Attach.txt log:

    DDS (Ver_10-12-12.02)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 4/12/2007 5:52:39 AM
    System Uptime: 1/6/2011 7:18:51 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0KD882
    Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | Microprocessor | 1833/166mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 62 GiB total, 13.001 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.499 GiB free.
    F: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0005
    Manufacturer: Microsoft
    Name: isatap.hsd01.il.hsd1.il.comcast.net.
    PNP Device ID: ROOT\*ISATAP\0005
    Service: tunnel

    ==== System Restore Points ===================

    RP858: 12/28/2010 8:30:41 PM - Removed PC Inspector smart recovery
    RP860: 12/28/2010 8:32:42 PM - Installed PC Inspector smart recovery
    RP861: 12/28/2010 8:53:49 PM - Installed Don't Panic - Photo Edition - Lite
    RP862: 12/31/2010 10:21:54 PM - Scheduled Checkpoint
    RP863: 1/3/2011 12:24:52 AM - Scheduled Checkpoint
    RP864: 1/3/2011 10:59:35 PM - Installed Java(TM) 6 Update 23

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0.8
    AIM 7
    AIM Toolbar
    Akamai NetSession Interface
    AOL Install
    Ask Toolbar
    AVS Audio Editor version 5.2
    AVS Update Manager 1.0
    AVS4YOU Software Navigator 1.3
    Banctec Service Agreement
    BitTorrent
    Canon MP Navigator EX 1.0
    Canon MP470 series
    Canon MP470 series User Registration
    Canon My Printer
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Solution Menu
    Conexant HDA D110 MDC V.92 Modem
    Corel Paint Shop Pro Photo XI
    Corel Painter Essentials 2
    Corel Snapfire Plus
    DDR - Memory Card Recovery(Demo) 4.0.1.6
    Dell Games
    Dell System Customization Wizard
    Dell Wireless WLAN Card
    DellSupport
    Digital Line Detect
    Documentation & Support Launcher
    Download Updater (AOL LLC)
    EarthLink Setup Files
    Games, Music, & Photos Launcher
    Google Desktop
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Internet Service Offers Launcher
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) SE Runtime Environment 6
    Malwarebytes' Anti-Malware
    McAfee Security Scan Plus
    McAfee SecurityCenter
    MediaDirect
    Microsoft .NET Framework 3.5 SP1
    Microsoft Default Manager
    Microsoft MPEG-4 VKI Video Codec V1/V2/V3
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft UI Engine
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Modem Diagnostic Tool
    Mozilla Firefox (3.6.3)
    MSN Toolbar
    MSN Toolbar Platform
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NCH Toolbox
    NetWaiting
    NetZeroInstallers
    nik Color Efex Pro 2.0 GE
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    Out of the Park 10
    Out of the Park Baseball 9
    OutlookAddinSetup
    PC Inspector smart recovery
    PhotoRescue Wizard PC 3.1.11.12024
    Pinnacle Systems USB-2 Device Drivers
    PIXMA Extended Survey Program
    QuickSet
    RCA Detective™ 2.0.0.98
    RCA Digital Voice Manager 5.0.3.1
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    ScanSoft OmniPage SE 4
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SigmaTel Audio
    Slice Audio File Splitter
    Sonic Activation Module
    SopCast 1.1.2
    Stream Torrent 1.0
    Synaptics Pointing Device Driver
    Tablet
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    URL Assistant
    User's Guides
    Veetle TV 0.9.18
    Vegas Movie Studio 9.0
    vShare Plugin
    WavePad Sound Editor
    WD SmartWare
    WeatherBug
    WinAce Archiver
    Windows Live ID Sign-in Assistant
    XviD MPEG-4 Video Codec
    Yahoo! Music Jukebox
    YouTube Downloader 2.6.2

    ==== End Of File ===========================

    MBRCheck.txt


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: (build 6000), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: MM061
    Logical Drives Mask: 0x0000002c

    Kernel Drivers (total 171):
    0x82400000 \SystemRoot\system32\ntkrnlpa.exe
    0x827A1000 \SystemRoot\system32\hal.dll
    0x802C6000 \SystemRoot\system32\kdcom.dll
    0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8025D000 \SystemRoot\system32\PSHED.dll
    0x80255000 \SystemRoot\system32\BOOTVID.dll
    0x8021A000 \SystemRoot\system32\CLFS.SYS
    0x8051F000 \SystemRoot\system32\CI.dll
    0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80461000 \SystemRoot\system32\drivers\acpi.sys
    0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
    0x80434000 \SystemRoot\system32\drivers\pci.sys
    0x80425000 \SystemRoot\system32\drivers\volmgr.sys
    0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8041B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8040B000 \SystemRoot\System32\drivers\mountmgr.sys
    0x80404000 \SystemRoot\system32\drivers\intelide.sys
    0x807F2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x807EB000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x807A1000 \SystemRoot\System32\drivers\volmgrx.sys
    0x80799000 \SystemRoot\system32\drivers\atapi.sys
    0x8077B000 \SystemRoot\system32\drivers\ataport.SYS
    0x8074A000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8073A000 \SystemRoot\system32\drivers\fileinfo.sys
    0x806DD000 \SystemRoot\system32\drivers\mfehidk.sys
    0x806C7000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
    0x806BE000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x822FC000 \SystemRoot\system32\drivers\ndis.sys
    0x80693000 \SystemRoot\system32\drivers\msrpc.sys
    0x8065A000 \SystemRoot\system32\drivers\NETIO.SYS
    0x82CF8000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x82292000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x80624000 \SystemRoot\system32\drivers\volsnap.sys
    0x8061C000 \SystemRoot\System32\Drivers\spldr.sys
    0x8060D000 \SystemRoot\System32\drivers\partmgr.sys
    0x82283000 \SystemRoot\System32\Drivers\mup.sys
    0x8225E000 \SystemRoot\System32\drivers\ecache.sys
    0x8224D000 \SystemRoot\system32\drivers\disk.sys
    0x8222C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x80604000 \SystemRoot\system32\drivers\crcdisk.sys
    0x87C45000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x87D95000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x87C37000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x87D9E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8642B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x89F52000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x89493000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x87C50000 \SystemRoot\System32\drivers\watchdog.sys
    0x87C25000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8940D000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x87C1A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x89F15000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x87C0C000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x895EF000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
    0x82EE0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x89F07000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x89EEF000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x89EE1000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x89ECD000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x89E7C000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x89E29000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x89DFE000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8653E000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x87C01000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x89402000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x86546000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0x89DE6000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x86552000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
    0x82EF0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x89530000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x86548000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
    0x89DBB000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x89D7B000 \SystemRoot\system32\DRIVERS\storport.sys
    0x895E4000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x89D64000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x89D59000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x89D36000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x82C79000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x89D23000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x89C74000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x86536000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x89C4A000 \SystemRoot\system32\DRIVERS\ks.sys
    0x89C1C000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
    0x89C83000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x87C6A000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8A7CC000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x86504000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x86454000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
    0x87D7A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x82E00000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8A719000 \SystemRoot\system32\drivers\stwrt.sys
    0x8A639000 \SystemRoot\system32\drivers\portcls.sys
    0x8A614000 \SystemRoot\system32\drivers\drmk.sys
    0x8A6DC000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x8A8FD000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8A849000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x87C77000 \SystemRoot\system32\drivers\modem.sys
    0x87DA7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8953E000 \SystemRoot\System32\Drivers\Null.SYS
    0x89545000 \SystemRoot\System32\Drivers\Beep.SYS
    0x895D6000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
    0x89C00000 \SystemRoot\System32\drivers\vga.sys
    0x8B5DF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8646C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x86474000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8B5D4000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8B5C6000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x82C88000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8B4F1000 \SystemRoot\System32\drivers\tcpip.sys
    0x8B4D8000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8B4C5000 \SystemRoot\system32\drivers\mfetdi2k.sys
    0x8B4B0000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8B49C000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8B46A000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8B423000 \SystemRoot\system32\drivers\afd.sys
    0x8B40D000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8B7F2000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
    0x8B7E4000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8B7D1000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8B796000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x89C8D000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8B77F000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8B75B000 \SystemRoot\system32\drivers\mfeavfk.sys
    0x8B6D0000 \SystemRoot\system32\drivers\mfefirek.sys
    0x8B68D000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x87CAB000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x86522000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8649C000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x8B615000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x93C00000 \SystemRoot\System32\win32k.sys
    0x89CB5000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8C11F000 \SystemRoot\system32\DRIVERS\monitor.sys
    0xA4800000 \SystemRoot\System32\TSDDD.dll
    0xA4810000 \SystemRoot\System32\cdd.dll
    0xA58E5000 \SystemRoot\system32\drivers\luafv.sys
    0x8C57C000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0x8B646000 \SystemRoot\System32\DLA\DLADResM.SYS
    0xA587C000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0x87DE7000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0x8653C000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0x8955A000 \SystemRoot\System32\DLA\DLABMFSM.SYS
    0x89561000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0xA5866000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0xA584F000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0xA9F72000 \SystemRoot\system32\drivers\spsys.sys
    0x82EB0000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0xA9E07000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x86518000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA9EDF000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xAAF97000 \SystemRoot\system32\drivers\HTTP.sys
    0xAAEFC000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xAAEA3000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xAAE8F000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xAAE6F000 \SystemRoot\system32\drivers\mrxdav.sys
    0xAAE51000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xAAE18000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xAAE06000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xAB1DC000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xAB18B000 \SystemRoot\System32\DRIVERS\srv.sys
    0xAB011000 \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys
    0xA631C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xAB8E2000 \SystemRoot\system32\drivers\peauth.sys
    0x89CAB000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x8C571000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xAB077000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0x8CEB8000 \SystemRoot\system32\drivers\cfwids.sys
    0xAB0E9000 \SystemRoot\system32\drivers\mfeapfk.sys
    0x8C5DF000 \SystemRoot\system32\drivers\mfebopk.sys
    0x77460000 \Windows\System32\ntdll.dll

    Processes (total 85):
    0 System Idle Process
    4 System
    536 C:\Windows\System32\smss.exe
    612 csrss.exe
    652 C:\Windows\System32\wininit.exe
    664 csrss.exe
    696 C:\Windows\System32\services.exe
    708 C:\Windows\System32\lsass.exe
    716 C:\Windows\System32\lsm.exe
    784 C:\Windows\System32\winlogon.exe
    904 C:\Windows\System32\svchost.exe
    984 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1148 C:\Windows\System32\svchost.exe
    1180 C:\Windows\System32\svchost.exe
    1280 C:\Windows\System32\audiodg.exe
    1316 C:\Windows\System32\svchost.exe
    1344 C:\Windows\System32\SLsvc.exe
    1376 C:\Windows\System32\svchost.exe
    1488 C:\Windows\System32\wisptis.exe
    1504 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    1596 C:\Windows\System32\svchost.exe
    1720 C:\Windows\System32\WLTRYSVC.EXE
    1732 C:\Windows\System32\BCMWLTRY.EXE
    1812 C:\Windows\System32\spoolsv.exe
    1880 C:\Windows\System32\svchost.exe
    604 C:\Windows\System32\svchost.exe
    1076 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    1584 C:\Windows\Runservice.exe
    776 C:\Windows\System32\mfevtps.exe
    1456 C:\Windows\System32\svchost.exe
    1496 C:\Windows\System32\PSIService.exe
    420 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    2016 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1296 C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
    2112 C:\Windows\System32\svchost.exe
    2128 C:\Windows\System32\Tablet.exe
    2160 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    2176 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    2244 C:\Windows\System32\svchost.exe
    2264 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2304 C:\Windows\System32\SearchIndexer.exe
    2340 C:\Windows\System32\drivers\XAudio.exe
    2356 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    2384 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    2480 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    3024 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3476 C:\Windows\System32\taskeng.exe
    3496 C:\Windows\System32\wisptis.exe
    3524 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    3624 C:\Windows\System32\WTablet\TabUserW.exe
    3696 C:\Windows\System32\Tablet.exe
    3712 C:\Windows\System32\dwm.exe
    3756 C:\Windows\explorer.exe
    2368 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3148 C:\Windows\System32\hkcmd.exe
    2436 C:\Windows\System32\igfxpers.exe
    2312 C:\Windows\System32\WLTRAY.EXE
    1412 C:\Windows\sttray.exe
    3036 C:\Program Files\Dell\MediaDirect\PCMService.exe
    4012 C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    3472 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1116 C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
    184 C:\Program Files\McAfee.com\Agent\mcagent.exe
    3704 C:\Program Files\Windows Sidebar\sidebar.exe
    3072 C:\Windows\ehome\ehtray.exe
    2792 C:\ProgramData\Dell\TransferAgent\TransferAgent.exe
    4084 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3008 C:\Program Files\Digital Line Detect\DLG.exe
    1932 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    2224 C:\Users\George\Documents\RCA Detective\RCADetective.exe
    3460 C:\Windows\ehome\ehmsas.exe
    2284 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5264 C:\Program Files\Internet Explorer\iexplore.exe
    5276 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    5360 C:\Windows\System32\taskeng.exe
    5400 C:\Program Files\Internet Explorer\iexplore.exe
    5668 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    4108 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    5512 C:\Windows\System32\wuauclt.exe
    3436 C:\Program Files\Internet Explorer\iexplore.exe
    4220 taskeng.exe
    5544 C:\Windows\System32\SearchProtocolHost.exe
    5820 C:\Windows\System32\SearchFilterHost.exe
    3520 C:\Users\George\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

    PhysicalDrive0 Model Number: ST980825AS, Rev: 8.04

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!

    ComboFix.txt

    ComboFix 11-01-07.01 - George 01/07/2011 13:46:11.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.329 [GMT -6:00]
    Running from: c:\users\George\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.2.inf
    c:\windows\system32\logs

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-07 to 2011-01-07 )))))))))))))))))))))))))))))))
    .

    2011-01-07 20:00 . 2011-01-07 20:00 -------- d-----w- c:\users\George\AppData\Local\temp
    2011-01-07 19:37 . 2011-01-07 19:40 -------- d-----w- C:\32788R22FWJFW
    2011-01-07 00:16 . 2011-01-07 00:16 -------- d-----w- c:\users\George\AppData\Roaming\Malwarebytes
    2011-01-07 00:16 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-07 00:15 . 2011-01-07 00:15 -------- d-----w- c:\programdata\Malwarebytes
    2011-01-07 00:15 . 2011-01-07 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-07 00:15 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-29 02:58 . 2010-12-29 02:58 -------- d-----w- c:\program files\PhotoRescue Wizard PC 3.1.11.12024
    2010-12-29 02:39 . 2010-12-29 02:39 -------- d-----w- c:\program files\DDR - Memory Card Recovery(Demo)
    2010-12-29 02:39 . 2010-07-01 09:32 67312 ----a-w- c:\windows\UnDeployV.exe
    2010-12-29 02:33 . 2010-12-29 02:33 -------- d-----w- c:\program files\Convar
    2010-12-29 02:33 . 2002-04-12 19:19 28672 ----a-w- c:\windows\system32\DartWeb.oca
    2010-12-29 02:33 . 2002-02-28 15:46 217088 ----a-w- c:\windows\system32\DartSock.dll
    2010-12-29 02:33 . 1998-06-14 04:53 44544 ----a-w- c:\windows\system32\Gif89.dll
    2010-12-29 02:33 . 2003-07-18 19:58 516784 ----a-r- c:\windows\system32\XceedCry.dll
    2010-12-29 02:33 . 2002-02-21 16:12 118784 ----a-w- c:\windows\system32\DartWeb.dll
    2010-12-29 02:32 . 2002-12-05 20:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
    2010-12-29 02:32 . 2002-12-02 19:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
    2010-12-29 02:32 . 2002-12-05 20:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
    2010-12-29 02:32 . 2002-12-02 21:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
    2010-12-29 02:32 . 2002-12-02 19:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
    2010-12-29 02:32 . 2010-12-29 02:32 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
    2010-12-29 02:32 . 2010-12-29 02:32 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
    2010-12-29 01:59 . 1998-06-18 06:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
    2010-12-29 00:53 . 2010-12-30 02:14 -------- d-----w- c:\users\George\Programs
    2010-12-10 01:46 . 2011-01-07 19:33 -------- d-----w- c:\program files\Common Files\Akamai
    2010-12-09 00:41 . 2010-12-09 00:41 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-13 00:53 . 2010-11-28 21:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-14 03:28 . 2010-09-20 21:21 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2010-10-14 03:28 . 2010-09-20 21:21 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2010-10-14 03:28 . 2010-09-20 21:21 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2010-10-14 03:28 . 2010-09-20 21:21 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2010-10-14 03:28 . 2010-09-20 21:21 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2010-10-14 03:28 . 2010-09-20 21:21 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2010-10-14 03:28 . 2010-09-20 21:21 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2010-10-14 03:28 . 2010-09-20 21:21 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2010-10-14 03:28 . 2010-09-20 21:21 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2010-10-14 03:28 . 2010-09-20 21:21 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2010-10-14 03:28 . 2010-09-20 21:21 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2010-10-14 04:28 . 2010-09-20 21:21 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-10-30 03:55 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-30 333192]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-30 333192]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
    "DellTransferAgent"="c:\programdata\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
    "SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-10-13 184320]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
    "USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

    c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    RCA Detective.lnk - c:\users\George\Documents\RCA Detective\RCADetective.exe [2010-2-10 1069056]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-12 50688]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
    backup=c:\windows\pss\QuickSet.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
    backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
    backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^George^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
    path=c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
    backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^George^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^swarmcast.lnk]
    path=c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\swarmcast.lnk
    backup=c:\windows\pss\swarmcast.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2007-03-05 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2007-04-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Painter Essentials 21a]
    2004-03-18 19:38 733184 ----a-w- c:\program files\Corel\Corel Painter Essentials 2\registration.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2006-11-12 07:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2007-04-18 00:29 220160 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
    2010-09-30 18:10 1193848 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
    2007-08-29 16:55 1347584 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2007-11-30 2560]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-21 38224]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 84264]
    R3 vidcap;vidcap;c:\windows\system32\DRIVERS\vidcap.sys [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-14 64304]
    S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-14 84072]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-14 141792]
    S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 98304]
    S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 55840]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 313288]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - mfeavfk01

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    FF - ProfilePath - c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\exi50g1f.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
    FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
    AddRemove-HDMI - c:\windows\system32\igxpun.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\George\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-07 14:00
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-01-07 14:05:12
    ComboFix-quarantined-files.txt 2011-01-07 20:05

    Pre-Run: 13,714,526,208 bytes free
    Post-Run: 14,002,835,456 bytes free

    - - End Of File - - D5D97CD8B714AEA99A70607C98B325E3
  4. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    I don't see anything malicious in your logs.

    Did you try to reinstall Office?
  5. Tazer19Joey

    Tazer19Joey Newcomer, in training Topic Starter Posts: 32

    I have not tried to re-install yet. I will do so once I have access to the office disk, everything looks good otherwise? Thanks.
  6. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Sure thing :)
  7. Tazer19Joey

    Tazer19Joey Newcomer, in training Topic Starter Posts: 32

    I re installed Microsoft Office, and it looks like Excel is now working. However, when I uninstalled Microsoft Office I had to reboot. When I tried to reboot I got the dreaded blue screen. So I had to restart which I did, then I re installed office and it looks like it is functioning. Thanks!
  8. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Sure thing :)

    Good luck :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.