Inactive Need help removing Google redirect virus

[jkelly]

Hello everyone,

I've apparently picked up the google redirect virus and can't get rid of it. I have McAffee antivirus, but it isn't working correctly and won't scan. I tried Malwarebytes, but the scan won't complete. I ran TDSSKiller which finds rootkit problems and asks for a reboot, but the problems are still there. I tried manually deleting the files and registry entries found by TDSSKiller, but still no joy.

I tried to follow the five steps (tried in both normal and safe modes):

1 - McAffee won't complete a scan.
2 - I can download and install Malwarebytes, but the scan starts and then abruptly closes.
3 - GMER does the same as mbam. Downloads and installs, but the scan stops abruptly with no error message and no log.
4 - DDS did download and run (in safe mode). Logs pasted below.
5 - only DDS logs available

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_29
Run by J. Kelly at 11:57:02 on 2011-10-30
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WerFault.exe
C:\Windows\explorer.exe
C:\Users\J. Kelly\Desktop\dds.scr
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.wcc.net/~jkmccoy/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111011184415.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\j. kelly\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Skytel] Skytel.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [NPSStartup]
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [GrpConv] grpconv -o
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 97.64.209.36 97.64.168.13
TCP: Interfaces\{4938BCAC-4129-44A5-9EC6-36D5E96EF2A9} : DhcpNameServer = 97.64.209.36 97.64.168.13
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\j. kelly\appdata\roaming\mozilla\firefox\profiles\xdijt8qc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wcc.net/~jkmccoy/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\j. kelly\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\j. kelly\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\j. kelly\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R? 06846007;06846007
R? cfwids;McAfee Inc. cfwids
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? FontCache;Windows Font Cache Service
R? FsUsbExDisk;FsUsbExDisk
R? FsUsbExService;FsUsbExService
R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? hpsunidr;HPScanJet UniDriver
R? McMPFSvc;McAfee Personal Firewall Service
R? McNaiAnn;McAfee VirusScan Announcer
R? McProxy;McAfee Proxy Service
R? McShield;McAfee McShield
R? mfeavfk;McAfee Inc. mfeavfk
R? mfebopk;McAfee Inc. mfebopk
R? mfefire;McAfee Firewall Core Service
R? mfefirek;McAfee Inc. mfefirek
R? mfehidk;McAfee Inc. mfehidk
R? mfenlfk;McAfee NDIS Light Filter
R? mferkdet;McAfee Inc. mferkdet
R? mfevtp;McAfee Validation Trust Protection Service
R? mfewfpk;McAfee Inc. mfewfpk
R? motccgp;Motorola USB Composite Device Driver
R? motccgpfl;MotCcgpFlService
R? NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista
R? SASDIFSV;SASDIFSV
R? SASENUM;SASENUM
R? SASKUTIL;SASKUTIL
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
.
=============== Created Last 30 ================
.
2011-10-30 15:53:13 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5481cf2a-2367-467e-827a-d10a06f08d10}\offreg.dll
2011-10-29 13:25:32 402320 ----a-w- c:\programdata\hniYtlAmoTCQf.exe
2011-10-28 05:48:38 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5481cf2a-2367-467e-827a-d10a06f08d10}\mpengine.dll
2011-10-28 02:23:00 48016 --sha-w- c:\windows\system32\c_32630.nl_
2011-10-26 21:37:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-26 17:12:59 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-26 16:46:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-25 21:05:12 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-24 16:27:14 -------- d-sh--w- c:\users\j. kelly\appdata\local\46323d73
2011-10-13 21:59:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-10-13 21:57:57 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 21:57:56 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 21:57:56 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 21:57:56 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-11 22:44:15 28504 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2011-09-30 16:35:13 -------- d-sh--w- C:\found.000
.
==================== Find3M ====================
.
2011-10-30 15:52:49 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-30 15:25:25 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-10-30 15:18:29 35384 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2011-10-30 02:05:52 35840 ----a-w- c:\windows\system32\drivers\netbios.sys
2011-10-29 22:48:18 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-10-29 22:43:26 83456 ----a-w- c:\windows\system32\drivers\serial.sys
2011-10-29 22:33:35 44288 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2011-10-28 02:15:59 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-19 19:59:30 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-08-15 14:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 14:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 14:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-08-15 14:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 14:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 14:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 14:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 14:00:06 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-08-15 14:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
============= FINISH: 11:58:34.72 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/4/2008 7:20:51 PM
System Uptime: 10/30/2011 11:52:44 AM (0 hours ago)
.
Motherboard: ELITEGROUP | | MCP61PM-AM
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ | Socket AM2 | 3013/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 308.371 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 4.498 GiB free.
E: is CDROM ()
F: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Any FLV Player 2.0.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Avanquest update
Bonjour
CCScore
Compatibility Pack for the 2007 Office system
DHTML Editing Component
Digital Media Reader
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
fflink
File Uploader
Fish Tycoon
Fish Tycoon (remove only)
FlipShare
Gateway Connect
Gateway Games
Gateway Recovery Center Installer
Google Desktop
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HPScanjet
Hunting Unlimited 2008 1.0
Hunting Unlimited 2009
Inkscape 0.48.0
Ipswitch WS_FTP Home 2007
iTunes
IZArc 4.1
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) SE Runtime Environment 6 Update 1
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LabelPrint
LiveUpdate (Symantec Corporation)
Logitech Webcam Software
Logitech Webcam Software Driver Package
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Malwarebytes' Anti-Malware version 1.51.2.1300
Marvell Miniport Driver
McAfee AntiVirus Plus
McDougal Littell Biology
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
MobileMe Control Panel
Motorola Driver Installation 3.5.0
Motorola Phone Tattoos
Motorola Phone Tools
Mozilla Firefox (3.6.23)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDSC2
Napster
Napster Burn Engine
netbrdg
Nikon Message Center
Nikon Transfer
NVIDIA Drivers
OfotoXMI
OGA Notifier 2.0.0048.0
PageBreeze Free HTML Editor
Paint.NET v3.36
Palm
PC Connectivity Solution
PhotoRescue Wizard PC 3.1.4.10864
Picture Control Utility
Power2Go 5.0
PS2 Multimedia Keyboard Driver
QuickTime
Realtek High Definition Audio Driver
RegCure
Safari
SAMSUNG Android USB Modem Software
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Download Driver Software
SAMSUNG Mobile USB Driver
SAMSUNG Mobile USB Modem 1.0 Software
Samsung Mobile USB Modem Device Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
SeaClear 2.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SFR
ShareIns
SHASTA
skin0001
SKINXSDK
Skype Toolbars
Skype™ 4.2
Soft Data Fax Modem with SmartCP
Spare Backup
staticcr
SUPERAntiSpyware Free Edition
SYSTAT 11
tooltips
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
ViewNX
VirtualCom driver
VoiceOver Kit
VPRINTOL
WildGames
WildTangent Web Driver
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
WIRELESS
Wizard101
.
==== Event Viewer Messages From Past Week ========
.
10/30/2011 9:35:06 AM, Error: EventLog [6008] - The previous system shutdown at 9:33:14 AM on 10/30/2011 was unexpected.
10/30/2011 9:17:24 AM, Error: EventLog [6008] - The previous system shutdown at 1:50:05 AM on 10/30/2011 was unexpected.
10/30/2011 11:57:18 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:55:10 AM, Error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: McAfee Services is not a valid Win32 application.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/30/2011 11:54:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/30/2011 11:54:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/30/2011 11:54:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/30/2011 11:53:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/30/2011 11:53:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/30/2011 11:50:18 AM, Error: Service Control Manager [7000] - The McAfee VirusScan Announcer service failed to start due to the following error: McAfee VirusScan Announcer is not a valid Win32 application.
10/30/2011 11:50:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "193" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
10/30/2011 11:49:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "193" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
10/30/2011 11:28:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Validation Trust Protection Service service to connect.
10/30/2011 11:28:17 AM, Error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:28:17 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2011 11:28:17 AM, Error: Service Control Manager [7000] - The McAfee Validation Trust Protection Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2011 11:28:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "193" attempting to start the service mcmscsvc with arguments "" in order to run the server: {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}
10/30/2011 11:26:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
10/30/2011 11:26:22 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2011 11:26:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
10/30/2011 11:26:18 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {D0B7C734-2D1B-461D-93C6-8264DA4F038B}. The error: "5" Happened while starting this command: C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe -Embedding
10/30/2011 11:26:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
10/30/2011 11:26:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.
10/30/2011 11:26:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
10/30/2011 11:26:13 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2011 11:26:13 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2011 11:26:13 AM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2011 11:26:13 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/29/2011 9:04:12 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 173.17.28.196 for the Network Card with network address 001E9015A8A6 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/29/2011 6:45:15 AM, Error: EventLog [6008] - The previous system shutdown at 1:52:54 AM on 10/29/2011 was unexpected.
10/29/2011 12:20:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
10/29/2011 12:17:32 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.
10/29/2011 12:17:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
10/28/2011 6:57:24 AM, Error: EventLog [6008] - The previous system shutdown at 2:14:59 AM on 10/28/2011 was unexpected.
10/28/2011 5:19:52 PM, Error: EventLog [6008] - The previous system shutdown at 5:18:12 PM on 10/28/2011 was unexpected.
10/28/2011 11:37:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.
10/27/2011 9:01:27 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.188.212.230 for the Network Card with network address 001E9015A8A6 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/27/2011 6:43:44 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 173.17.28.187 for the Network Card with network address 001E9015A8A6 has been denied by the DHCP server 97.64.180.224 (The DHCP Server sent a DHCPNACK message).
10/27/2011 6:43:39 AM, Error: EventLog [6008] - The previous system shutdown at 2:10:41 AM on 10/27/2011 was unexpected.
10/26/2011 6:34:37 PM, Error: EventLog [6008] - The previous system shutdown at 6:11:51 PM on 10/26/2011 was unexpected.
10/26/2011 6:08:51 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 173.17.28.187 for the Network Card with network address 001E9015A8A6 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/26/2011 6:06:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
10/26/2011 6:05:08 PM, Error: EventLog [6008] - The previous system shutdown at 5:52:45 PM on 10/26/2011 was unexpected.
10/26/2011 5:34:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows Vista.
10/26/2011 12:56:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Firewall Core Service service to connect.
10/26/2011 12:56:35 PM, Error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/26/2011 12:56:35 PM, Error: Service Control Manager [7000] - The McAfee Firewall Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/26/2011 12:54:31 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/26/2011 12:54:31 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/26/2011 12:54:31 PM, Error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: Access is denied.
10/26/2011 12:53:59 PM, Error: EventLog [6008] - The previous system shutdown at 12:51:50 PM on 10/26/2011 was unexpected.
10/26/2011 1:09:27 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
10/25/2011 4:40:10 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user JKelly-PC\Will SID (S-1-5-21-1132875369-1015598020-352595266-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/24/2011 12:28:22 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 AFD DfsC mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
.
==== End Of File ===========================

 

[Bobbye]

Welcome o TechSpot! I'll help with the malware. It's not good to run random programs such as for rootkits, when you don't know or suspect what the malware is.
=================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
I'd like you to run the scan in Normal Mode, so do the following, in the order given:

Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 3 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

• Rkill.com
• Rkill.scr
• Rkill.exe
  
• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

Please download exeHelper by Raktor and save it to your desktop.

• Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
• A black window should pop up, press any key to close once the fix is completed.
• A log file called exehelperlog.txt will be created and should open at the end of the scan)
• A copy of that log will also be saved in the directory where you ran exeHelper.com
• Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
========================================
Do not reboot after running these programs. Instead, go right on and see if Malwarebytes will scan (allow update), then run DDS in Normal Mode.
=======================================
Follow with: Download CKScanner and save to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
• When the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

=================================
Follow with

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
================================
If the scan still won't work, please tell me specifically what happens when you try and give me message that comes up, if any.
================================
Please leave logs in next reply

Question: Do you have another language besides English on the system?

 

[jkelly]

Bobbye,

Thanks for the help. I've tried to follow your directions. Results are below...

I ran Rkill. It didn't find any processes to stop.

I ran Exehelper. Log is:

exeHelper by Raktor
Build 20100414
Run at 13:04:08 on 10/30/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Malwarebytes still would not run. I proceeded with the rest of your directions.

DDS ran. Logs:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_29
Run by J. Kelly at 13:11:01 on 2011-10-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1568 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\1933390406:3117269644.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
"C:\Windows\system32\svchost.exe"
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.wcc.net/~jkmccoy/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111011184415.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\j. kelly\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Skytel] Skytel.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [NPSStartup]
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\j7803~1.kel\appdata\roaming\micros~1\windows\startm~1\programs\startup\palmre~1.lnk - c:\program files\palm\register.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 97.64.209.36 97.64.168.13
TCP: Interfaces\{4938BCAC-4129-44A5-9EC6-36D5E96EF2A9} : DhcpNameServer = 97.64.209.36 97.64.168.13
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\j. kelly\appdata\roaming\mozilla\firefox\profiles\xdijt8qc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wcc.net/~jkmccoy/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\j. kelly\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\j. kelly\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\j. kelly\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-9 461864]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-9 64712]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-9 164776]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 68168]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-8 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-7-8 238952]
R2 hpsunidr;HPScanJet UniDriver;c:\windows\system32\drivers\hpsunidr.sys [2007-3-26 5376]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-7-8 36608]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-9 180072]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-9 338040]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-26 41272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-25 135664]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-9 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-9 214904]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-9 214904]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-9 166024]
S2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-9 160344]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-9 148520]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-9 57432]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-4 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-25 135664]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-9 59288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-9 87808]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-7-21 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-7-21 7680]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-30 16:02:08 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5481cf2a-2367-467e-827a-d10a06f08d10}\offreg.dll
2011-10-29 13:25:32 402320 ----a-w- c:\programdata\hniYtlAmoTCQf.exe
2011-10-28 05:48:38 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5481cf2a-2367-467e-827a-d10a06f08d10}\mpengine.dll
2011-10-28 02:23:00 48016 --sha-w- c:\windows\system32\c_32630.nl_
2011-10-26 21:37:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-26 17:12:59 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-26 16:46:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-25 21:05:12 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-24 16:27:14 -------- d-sh--w- c:\users\j. kelly\appdata\local\46323d73
2011-10-13 21:59:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-10-13 21:57:57 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 21:57:56 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 21:57:56 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 21:57:56 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-11 22:44:15 28504 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
.
==================== Find3M ====================
.
2011-10-30 15:52:49 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-30 15:25:25 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-10-30 15:18:29 35384 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2011-10-30 02:05:52 35840 ----a-w- c:\windows\system32\drivers\netbios.sys
2011-10-29 22:48:18 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-10-29 22:43:26 83456 ----a-w- c:\windows\system32\drivers\serial.sys
2011-10-29 22:33:35 44288 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2011-10-28 02:15:59 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-19 19:59:30 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-08-15 14:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 14:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 14:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-08-15 14:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 14:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 14:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 14:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 14:00:06 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-08-15 14:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
============= FINISH: 13:11:28.57 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/4/2008 7:20:51 PM
System Uptime: 10/30/2011 12:01:49 PM (1 hours ago)
.
Motherboard: ELITEGROUP | | MCP61PM-AM
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ | Socket AM2 | 3000/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 305.394 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 4.498 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Any FLV Player 2.0.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Avanquest update
Bonjour
CCScore
Compatibility Pack for the 2007 Office system
DHTML Editing Component
Digital Media Reader
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
fflink
File Uploader
Fish Tycoon
Fish Tycoon (remove only)
FlipShare
Gateway Connect
Gateway Games
Gateway Recovery Center Installer
Google Desktop
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HPScanjet
Hunting Unlimited 2008 1.0
Hunting Unlimited 2009
Inkscape 0.48.0
Ipswitch WS_FTP Home 2007
iTunes
IZArc 4.1
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) SE Runtime Environment 6 Update 1
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LabelPrint
LiveUpdate (Symantec Corporation)
Logitech Webcam Software
Logitech Webcam Software Driver Package
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Malwarebytes' Anti-Malware version 1.51.1.1800
Marvell Miniport Driver
McAfee AntiVirus Plus
McDougal Littell Biology
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
MobileMe Control Panel
Motorola Driver Installation 3.5.0
Motorola Phone Tattoos
Motorola Phone Tools
Mozilla Firefox (3.6.23)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDSC2
Napster
Napster Burn Engine
netbrdg
Nikon Message Center
Nikon Transfer
NVIDIA Drivers
OfotoXMI
OGA Notifier 2.0.0048.0
PageBreeze Free HTML Editor
Paint.NET v3.36
Palm
PC Connectivity Solution
PhotoRescue Wizard PC 3.1.4.10864
Picture Control Utility
Power2Go 5.0
PS2 Multimedia Keyboard Driver
QuickTime
Realtek High Definition Audio Driver
RegCure
Safari
SAMSUNG Android USB Modem Software
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Download Driver Software
SAMSUNG Mobile USB Driver
SAMSUNG Mobile USB Modem 1.0 Software
Samsung Mobile USB Modem Device Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
SeaClear 2.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SFR
ShareIns
SHASTA
skin0001
SKINXSDK
Skype Toolbars
Skype™ 4.2
Soft Data Fax Modem with SmartCP
Spare Backup
staticcr
SUPERAntiSpyware Free Edition
SYSTAT 11
tooltips
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
ViewNX
VirtualCom driver
VoiceOver Kit
VPRINTOL
WildGames
WildTangent Web Driver
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
WIRELESS
Wizard101
.
==== Event Viewer Messages From Past Week ========
.
10/30/2011 9:35:06 AM, Error: EventLog [6008] - The previous system shutdown at 9:33:14 AM on 10/30/2011 was unexpected.
10/30/2011 9:17:24 AM, Error: EventLog [6008] - The previous system shutdown at 1:50:05 AM on 10/30/2011 was unexpected.
10/30/2011 12:06:48 PM, Error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: McAfee Services is not a valid Win32 application.
10/30/2011 12:04:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "193" attempting to start the service mcmscsvc with arguments "" in order to run the server: {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}
10/30/2011 12:04:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Validation Trust Protection Service service to connect.
10/30/2011 12:04:42 PM, Error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 12:04:42 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2011 12:04:42 PM, Error: Service Control Manager [7000] - The McAfee Validation Trust Protection Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2011 12:04:40 PM, Error: Service Control Manager [7000] - The McAfee VirusScan Announcer service failed to start due to the following error: McAfee VirusScan Announcer is not a valid Win32 application.
10/30/2011 12:02:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
10/30/2011 12:02:52 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2011 12:02:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
10/30/2011 12:02:49 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {D0B7C734-2D1B-461D-93C6-8264DA4F038B}. The error: "5" Happened while starting this command: C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe -Embedding
10/30/2011 12:02:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
10/30/2011 12:02:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
10/30/2011 12:02:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.
10/30/2011 12:02:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
10/30/2011 12:02:38 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 12:02:38 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 12:02:38 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2011 12:02:38 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2011 12:02:38 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2011 12:02:38 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2011 11:57:18 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:45 AM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2011 11:54:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/30/2011 11:54:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/30/2011 11:54:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/30/2011 11:54:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/30/2011 11:53:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/30/2011 11:53:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/30/2011 11:50:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "193" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
10/30/2011 11:49:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "193" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
10/29/2011 9:04:12 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 173.17.28.196 for the Network Card with network address 001E9015A8A6 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/29/2011 6:45:15 AM, Error: EventLog [6008] - The previous system shutdown at 1:52:54 AM on 10/29/2011 was unexpected.
10/29/2011 12:20:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
10/29/2011 12:17:32 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.
10/29/2011 12:17:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
10/28/2011 6:57:24 AM, Error: EventLog [6008] - The previous system shutdown at 2:14:59 AM on 10/28/2011 was unexpected.
10/28/2011 5:19:52 PM, Error: EventLog [6008] - The previous system shutdown at 5:18:12 PM on 10/28/2011 was unexpected.
10/28/2011 11:37:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.
10/27/2011 9:01:27 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.188.212.230 for the Network Card with network address 001E9015A8A6 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/27/2011 6:43:44 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 173.17.28.187 for the Network Card with network address 001E9015A8A6 has been denied by the DHCP server 97.64.180.224 (The DHCP Server sent a DHCPNACK message).
10/27/2011 6:43:39 AM, Error: EventLog [6008] - The previous system shutdown at 2:10:41 AM on 10/27/2011 was unexpected.
10/26/2011 6:34:37 PM, Error: EventLog [6008] - The previous system shutdown at 6:11:51 PM on 10/26/2011 was unexpected.
10/26/2011 6:08:51 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 173.17.28.187 for the Network Card with network address 001E9015A8A6 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/26/2011 6:06:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
10/26/2011 6:05:08 PM, Error: EventLog [6008] - The previous system shutdown at 5:52:45 PM on 10/26/2011 was unexpected.
10/26/2011 5:34:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows Vista.
10/26/2011 12:56:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Firewall Core Service service to connect.
10/26/2011 12:56:35 PM, Error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/26/2011 12:56:35 PM, Error: Service Control Manager [7000] - The McAfee Firewall Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/26/2011 12:54:31 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/26/2011 12:54:31 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/26/2011 12:54:31 PM, Error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: Access is denied.
10/26/2011 12:53:59 PM, Error: EventLog [6008] - The previous system shutdown at 12:51:50 PM on 10/26/2011 was unexpected.
10/26/2011 1:09:27 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
10/25/2011 4:40:10 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user JKelly-PC\Will SID (S-1-5-21-1132875369-1015598020-352595266-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/24/2011 12:28:22 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 Smb
06846007 AFD DfsC mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
.
==== End Of File ===========================

I ran CKScanner. Log:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\gateway games\bejeweled 2 deluxe\sounds\firecrackle.ogg
c:\program files\gateway games\blasterball 3\data\art\bitmaps\enemies\boss2_crack.jpg.wkz
c:\program files\gateway games\phoenix assault\data\full\art\actors\resources\asteroid3cracks.wsbm
c:\program files\gateway games\scuba in aruba\data\sound\bubble_crack.ogg
c:\program files\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.py
scanner sequence 3.EM.11.CRNAHD
----- EOF -----

ESET scanner hung partway through the scan. The log is below:

C:\Downloads\pro-bass-fishing-2003[1].exe a variant of Win32/Adware.Trymedia application
C:\Program Files\Bonjour\mDNSResponder.exe Win32/Patched.HN trojan
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Win32/Patched.HN trojan
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe Win32/Patched.HN trojan
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Win32/Patched.HN trojan
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Win32/Patched.HN trojan
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe Win32/Patched.HN trojan
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE Win32/Patched.HN trojan
C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE Win32/Patched.HN trojan
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS Win32/Patched.HN trojan
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe Win32/Patched.HN trojan


Thanks,
Kelly

 

[jkelly]

still need help

I could still use some help with this problem.

Thanks,
Kelly

 

[Bobbye]

Sorry- got behind.

Regarding most of the entries found in the Eset scan:

Files detected as "Trojan.Win32.Patched" are usually Windows components that are patched by a malicious application. The purpose of patching varies. For example, certain malware patches system components in order to disable security, such as the Windows Safe File Check feature. Other malware can add parts of its code to a system component and then patch certain functions of the original file to point to an appended code. The most frequently patched components are:

winlogon.exe
wininet.dll
kernel32.dll
iexplore.exe

We can't just delete, rename or quarantine patched Windows components because it may affect system stability. Even though Windows locks its main files while it is active, it might be still possible to affect them.

All of the following programs have been patched:
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

Because so many programs were attacked, I am going to recommend that you do a reformat/reinstall. This should replace the infected Microsoft files and you can then reinstall the other programs. The programs are not working as they should now and McAfee isn't protecting the system. Adding to this suggestion is that fact that it appears you have entries from the Sality Family malware.
---------------------------------------------------
You will find excellent reformat/reinstall instructions here:
http://www.tech-101.com/support/ind...and-repair-xp-vista-7/page__p__5329#entry5329

I'm sorry the news isn't better.