Solved *** 7 Steps *** Windows Explorer has stopped working over and over (logs included)

Status
Not open for further replies.

Tazer19Joey

Posts: 32   +0
Good evening,

Please help, whenever I boot my computer Windows opens up and then I get a message saying that Windows Explorer has Stopped Working - checking for a solution to the problem. As soon as that disappears I see another message stating that Windows Explorer is restarting... and then it goes on and on in this cycle for what seems like forever. Eventually if I hit cancel for long enough, 2 hours, it goes away for a little bit and I can use my computer. You guys were awesome in the past so I figured I would run this past you as well. Thanks in advance for all of your help.

Mbam Log

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

5/31/2011 6:34:16 PM
mbam-log-2011-05-31 (18-34-15).txt

Scan type: Quick scan
Objects scanned: 153678
Time elapsed: 25 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Gmer log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-05-31 18:43:18
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST980825AS rev.8.04
Running: hlh6x1u5.exe; Driver: C:\Users\George\AppData\Local\Temp\awliapob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x80710210]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0x807101D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0x807101E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8071023A]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x80710226]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x807101FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDS Log

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18904
Run by George at 18:45:02 on 2011-05-31
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.239 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Hauppauge\MceService\HcwMceSvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Tablet.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\system32\Tablet.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\dcmsvc\dcmsvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Users\George\Documents\RCA Detective\RCADetective.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\WerCon.exe
C:\Users\George\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110521160425.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellTransferAgent] "c:\programdata\dell\transferagent\TransferAgent.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dcmsvc] c:\program files\dcmsvc\dcmsvc.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\george\appdata\roaming\micros~1\windows\startm~1\programs\startup\rcadet~1.lnk - c:\users\george\documents\rca detective\RCADetective.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\george\appdata\roaming\mozilla\firefox\profiles\exi50g1f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-20 387480]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-20 64584]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-20 84200]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-11-2 22016]
R2 HcwMceSvc;Hauppauge MCE Service;c:\program files\hauppauge\mceservice\HcwMceSvc.exe [2011-3-25 76840]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-20 56064]
R3 hcw49swt;Hauppauge HD PVR Tuner Device;c:\windows\system32\drivers\hcw49swt.sys [2011-3-25 84608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-6 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-20 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-20 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-20 314088]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\drivers\hcwhdpvr.sys [2011-3-25 157568]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-20 84488]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
.
=============== Created Last 30 ================
.
2011-05-03 02:08:03 -------- d-----w- c:\users\george\appdata\roaming\WildTangent
.
==================== Find3M ====================
.
2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 19:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 19:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 19:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 19:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 19:01:38 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 19:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 19:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 19:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 19:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 19:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 19:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-03-21 18:02:03 3289 --sha-w- c:\windows\system32\mmf.sys
.
============= FINISH: 18:47:25.31 ===============


Attach.txt attached.
Thanks again!
 

Attachments

  • Attach 5-31-11.txt
    17.4 KB · Views: 1
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================

All logs have to be pasted.
Please, paste Attach.txt log into your next reply.

When done...

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


===================================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
 
attach.txt Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 4/12/2007 5:52:39 AM
System Uptime: 5/31/2011 4:34:35 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0KD882
Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | Microprocessor | 1833/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 62 GiB total, 0.277 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.214 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0005
Manufacturer: Microsoft
Name: isatap.hsd01.il.hsd1.il.comcast.net.
PNP Device ID: ROOT\*ISATAP\0005
Service: tunnel
.
==== System Restore Points ===================
.
RP958: 5/25/2011 6:40:27 PM - Scheduled Checkpoint
RP959: 5/27/2011 1:18:22 PM - Scheduled Checkpoint
RP960: 5/28/2011 1:29:25 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
AIM 7
AIM Toolbar
Akamai NetSession Interface
AOL Install
ArcSoft TotalMedia Extreme
Ask Toolbar
AVS Audio Editor version 5.2
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Banctec Service Agreement
Bing Bar
BitTorrent
Canon MP Navigator EX 1.0
Canon MP470 series
Canon MP470 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Cleopatra and VOTK Offline Patch
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro Photo XI
Corel Painter Essentials 2
Corel Snapfire Plus
dcmsvc 1.0
DDR - Memory Card Recovery(Demo) 4.0.1.6
Dell Games
Dell System Customization Wizard
Dell Wireless WLAN Card
DellSupport
Digital Line Detect
Documentation & Support Launcher
Download Updater (AOL LLC)
EarthLink Setup Files
Games, Music, & Photos Launcher
Google Desktop
Hauppauge HD PVR MCE Support
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Internet Service Offers Launcher
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) SE Runtime Environment 6
Launcher Patch
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee Security Scan Plus
McAfee SecurityCenter
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Diagnostic Tool
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mysteries of Cleopatra
NCH Toolbox
NetWaiting
NetZeroInstallers
nik Color Efex Pro 2.0 GE
OGA Notifier 2.0.0048.0
Out of the Park 10
Out of the Park Baseball 9
OutlookAddinSetup
PC Inspector smart recovery
PhotoRescue Wizard PC 3.1.11.12024
Pinnacle Systems USB-2 Device Drivers
PIXMA Extended Survey Program
QuickSet
RCA Detective™ 2.0.0.98
RCA Digital Voice Manager 5.0.3.1
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
ScanSoft OmniPage SE 4
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SigmaTel Audio
Slice Audio File Splitter
Sonic Activation Module
SopCast 1.1.2
StreamTorrent 1.0
Synaptics Pointing Device Driver
Tablet
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
URL Assistant
User's Guides
Veetle TV 0.9.18
Vegas Movie Studio 9.0
Vegas Movie Studio HD Platinum 10.0
vShare Plugin
Warner Bros. Digital Copy Manager
WavePad Sound Editor
WD SmartWare
WeatherBug
WinAce Archiver
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
XviD MPEG-4 Video Codec
Yahoo! Music Jukebox
YouTube Downloader 2.6.5
.
==== Event Viewer Messages From Past Week ========
.
5/29/2011 3:25:03 PM, Error: Service Control Manager [7022] - The McAfee Network Agent service hung on starting.
5/29/2011 12:04:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD archlp cdrom DfsC mfehidk mfenlfk mfetdi2k NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
5/29/2011 12:03:32 PM, Error: EventLog [6008] - The previous system shutdown at 12:01:55 PM on 5/29/2011 was unexpected.
5/29/2011 12:01:27 PM, Error: Service Control Manager [7022] - The McAfee VirusScan Announcer service hung on starting.
5/29/2011 11:47:58 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
5/29/2011 11:47:58 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/29/2011 11:43:44 AM, Error: EventLog [6008] - The previous system shutdown at 11:42:32 AM on 5/29/2011 was unexpected.
5/29/2011 11:38:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/29/2011 11:38:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/29/2011 11:30:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
5/29/2011 11:27:21 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD archlp DfsC mfehidk mfenlfk mfetdi2k NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2011 11:27:21 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2011 11:26:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/29/2011 11:26:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/29/2011 11:26:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/29/2011 11:26:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/29/2011 11:26:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/29/2011 10:37:05 PM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
5/29/2011 10:37:02 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/25/2011 5:54:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: archlp cdrom
5/24/2011 8:53:46 PM, Error: PlugPlayManager [12] - The device 'TSSTcorp DVD+-RW TS-L632D ATA Device' (IDE\CdRomTSSTcorp_DVD+-RW_TS-L632D_______________DE04____\5&36914d6e&0&1.0.0) disappeared from the system without first being prepared for removal.
5/24/2011 8:53:45 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
5/24/2011 8:53:10 PM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
5/24/2011 6:00:02 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
5/24/2011 5:57:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
5/24/2011 5:53:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: archlp
5/24/2011 5:53:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LicCtrl Service service to connect.
5/24/2011 5:53:35 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.
5/24/2011 5:53:35 PM, Error: Service Control Manager [7000] - The LicCtrl Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Running the other scans now.
 
Thanks again for your help.

MBR Log

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-01 18:02:50
-----------------------------
18:02:50.099 OS Version: Windows 6.0.6000
18:02:50.099 Number of processors: 2 586 0xF02
18:02:50.115 ComputerName: GEORGE-PC UserName: George
18:03:01.768 Initialize success
18:03:20.270 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:03:20.270 Disk 0 Vendor: ST980825AS 8.04 Size: 76319MB BusType: 3
18:03:22.298 Disk 0 MBR read successfully
18:03:22.298 Disk 0 MBR scan
18:03:22.298 Disk 0 unknown MBR code
18:03:24.310 Disk 0 scanning sectors +156299264
18:03:24.404 Disk 0 scanning C:\Windows\system32\drivers
18:03:31.985 Service scanning
18:03:34.154 Disk 0 trace - called modules:
18:03:34.247 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
18:03:34.247 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f40180]
18:03:34.247 3 ntkrnlpa.exe[824b07e2] -> nt!IofCallDriver -> [0x848be890]
18:03:34.247 5 acpi.sys[8046932a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x848e18b8]
18:03:34.263 Scan finished successfully
18:04:14.807 Disk 0 MBR has been saved successfully to "C:\Users\George\Desktop\MBR.dat"
18:04:14.901 The log file has been saved successfully to "C:\Users\George\Desktop\aswMBR.txt"

RKUnhooker Report

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6000
Number of processors #2
==============================================
>Drivers
==============================================
0x89D51000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7008256 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82400000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)
0x82400000 PnpManager 3805184 bytes
0x82400000 RAW 3805184 bytes
0x82400000 WMIxWDM 3805184 bytes
0x93000000 Win32k 2097152 bytes
0x93000000 C:\Windows\System32\win32k.sys 2097152 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x82CF8000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)
0x822FC000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8B8FD000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8051F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)
0xAA8A2000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8BB2B000 C:\Windows\System32\drivers\tcpip.sys 872448 bytes (Microsoft Corporation, TCP/IP Driver)
0x8AE1A000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8AF5D000 C:\Windows\system32\drivers\stwrt.sys 667648 bytes (SigmaTel, Inc., NDRC)
0x89CB4000 C:\Windows\System32\drivers\dxgkrnl.sys 643072 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0xA7E12000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)
0x8977A000 C:\Windows\system32\DRIVERS\bcmwl6.sys 548864 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x804A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x82292000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xA9797000 C:\Windows\system32\drivers\HTTP.sys 430080 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x80266000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x806DD000 C:\Windows\system32\drivers\mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0x89693000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xAA56F000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x8BD95000 C:\Windows\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0x807A1000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8BAE4000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80461000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)
0x89C1F000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8AECE000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8973D000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8021A000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)
0x8BA96000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA9658000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8065A000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)
0x80624000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x827A1000 ACPI_HAL 212992 bytes
0x827A1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8A655000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8B835000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8074A000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8A689000 C:\Windows\system32\DRIVERS\MarvinBus.sys 188416 bytes (Pinnacle Systems GmbH, Pinnacle Marvin Discrete Bus Enumerator)
0x8AF30000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89C5F000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x80693000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xA7F95000 C:\Windows\system32\DRIVERS\nwifi.sys 176128 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x89655000 C:\Windows\system32\DRIVERS\SynTP.sys 176128 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x89C8A000 C:\Windows\system32\drivers\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8BC39000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8AF0B000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8225E000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80434000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8BA1B000 C:\Windows\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xA9622000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8A7D2000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8222C000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8B8DC000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA96AF000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8077B000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA9691000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA75E5000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA973C000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)
0xA9723000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8B8A3000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x89627000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA6E00000 C:\Windows\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)
0x89706000 C:\Windows\system32\DRIVERS\sdbus.sys 98304 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8BA3F000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)
0xA7508000 C:\Windows\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0x89C08000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8BC61000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xA751F000 C:\Windows\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0x806C7000 C:\Windows\System32\Drivers\DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xAE04A000 C:\Windows\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0x8B81F000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x89612000 C:\Windows\system32\drivers\hcw49swt.sys 86016 bytes (Hauppauge Computer Works, Inc., Hauppauge HD PVR Software Tuner Driver)
0x8B87B000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)
0xA96CF000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x896E4000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8B867000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x89680000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8B890000 C:\Windows\system32\drivers\mfetdi2k.sys 77824 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x8A6CF000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA89AD000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8BAD1000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8940E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xA9646000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8972C000 C:\Windows\system32\DRIVERS\bcm4sbxp.sys 69632 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0x8224D000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8073A000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x82EA0000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x82C61000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8040B000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x82EB0000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)
0x82E90000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8A6F1000 C:\Windows\system32\DRIVERS\mfenlfk.sys 61440 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0x8A73C000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x82283000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8060D000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x82C79000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8A6E2000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)
0x80425000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8971E000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xA5410000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x86409000 C:\Windows\system32\DRIVERS\intelppm.sys 57344 bytes (Microsoft Corporation, Processor Device Driver)
0x8B805000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8AE00000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x807F2000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x896F8000 C:\Windows\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0x89400000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8AB30000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8A6B7000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x86421000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8020D000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8BC91000 C:\Windows\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0x8BC9D000 C:\Windows\system32\drivers\mfebopk.sys 49152 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x8AE0E000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xA75B9000 C:\Users\George\AppData\Local\Temp\aswMBR.sys 45056 bytes
0xA7535000 C:\Windows\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0x8963F000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8964A000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8A6C4000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8A7F5000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA7561000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x89607000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8643D000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x86523000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8041B000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8BC2F000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x86417000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA7F7A000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8AA00000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA7F34000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8948C000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x80604000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x894A7000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8947A000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8025D000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x806BE000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x82C88000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA5400000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8943B000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x89444000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x80204000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x86454000 C:\Windows\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft(R) ASPI Shell)
0x80799000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80255000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x802C6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8649C000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x80459000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8647C000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x86484000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8061C000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x864A4000 C:\Windows\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0xA569F000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x894F5000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x89542000 C:\Windows\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x8953B000 C:\Windows\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x89526000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80404000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x894EE000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x807EB000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x895EE000 C:\Windows\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0x89591000 C:\Windows\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)
0x864DD000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA6FA8000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xAA9DC000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x894DA000 C:\Windows\system32\drivers\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0x80201000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x86548000 C:\Windows\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0x8BDF8000 C:\Windows\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)
0x8BDF4000 C:\Program Files\DellSupport\Drivers\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0x86560000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x86556000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x86558000 C:\Windows\system32\DRIVERS\wacomvhid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
0x86546000 C:\Windows\system32\DRIVERS\WacomVKHid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
0x8BC21000 C:\Windows\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
==============================================
>Stealth
==============================================
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix Log, thanks!

ComboFix 11-06-02.02 - George 06/02/2011 16:06:59.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.244 [GMT -5:00]
Running from: c:\users\George\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\invokesi.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-06-02 21:28 . 2011-06-02 21:29 -------- d-----w- c:\users\George\AppData\Local\temp
2011-06-02 21:28 . 2011-06-02 21:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-06-02 21:28 . 2011-06-02 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 14:11 . 2011-01-07 00:16 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2011-01-07 00:15 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 19:01 . 2010-09-20 21:21 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 19:01 . 2010-09-20 21:21 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-14 19:01 . 2010-09-20 21:21 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 19:01 . 2010-09-20 21:21 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 19:01 . 2010-09-20 21:21 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 19:01 . 2010-09-20 21:21 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 19:01 . 2010-09-20 21:21 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 19:01 . 2010-09-20 21:21 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 19:01 . 2010-09-20 21:21 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 19:01 . 2010-09-20 21:21 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 19:01 . 2010-09-20 21:21 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 19:01 . 2010-09-20 21:21 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-30 03:55 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-30 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DellTransferAgent"="c:\programdata\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-10-13 184320]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\users\George\Documents\RCA Detective\RCADetective.exe [2010-2-10 1069056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-12 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^George^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^George^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^swarmcast.lnk]
path=c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\swarmcast.lnk
backup=c:\windows\pss\swarmcast.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^George^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warner Bros.lnk]
path=c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk
backup=c:\windows\pss\Warner Bros.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-03-05 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-04-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Painter Essentials 21a]
2004-03-18 19:38 733184 ----a-w- c:\program files\Corel\Corel Painter Essentials 2\registration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-11-12 07:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-04-18 00:29 220160 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-05-29 14:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2011-04-05 16:50 1195408 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2007-08-29 16:55 1347584 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [x]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2007-11-30 2560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys [2010-06-23 157568]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
R3 vidcap;vidcap;c:\windows\system32\DRIVERS\vidcap.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-04-14 84200]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 HcwMceSvc;Hauppauge MCE Service;c:\program files\Hauppauge\MceService\HcwMceSvc.exe [2010-09-28 76840]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 98304]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
S3 hcw49swt;Hauppauge HD PVR Tuner Device;c:\windows\system32\drivers\hcw49swt.sys [2010-09-28 84608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
FF - ProfilePath - c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\exi50g1f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-02 16:29
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-06-02 16:42:30
ComboFix-quarantined-files.txt 2011-06-02 21:42
.
Pre-Run: 593,997,824 bytes free
Post-Run: 1,629,233,152 bytes free
.
- - End Of File - - C58063C24E7FADCEB9CA183EB9CD350A
 
Uninstall Ask Toolbar, known foistware.

Combofix log looks fine.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
In the process of doing the OTL stuff, I would uninstall ask toolbar if I could get to my control panel, but I'm still getting the same error over and over and can't open any folders. I will post the OTL log shortly.
 
We may be not dealing with any infection there, because, so far, all seems to be clean.
Post OTL log though...
 
Tried to post the OTL log, and I'm getting this message... Can I attach?

1.The text that you have entered is too long (53240 characters). Please shorten it to 50000 characters long.
 

Attachments

  • OTL.Txt
    103.9 KB · Views: 1
OTL Part 1

OTL logfile created on: 6/4/2011 1:01:53 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\George\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.82 Mb Total Physical Memory | 190.36 Mb Available Physical Memory | 18.78% Memory free
2.22 Gb Paging File | 0.90 Gb Available in Paging File | 40.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 62.48 Gb Total Space | 0.48 Gb Free Space | 0.78% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.50 Gb Free Space | 54.97% Space Free | Partition Type: NTFS
Drive E: | 393.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GEORGE-PC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/04 12:59:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/04/13 21:22:09 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/28 11:28:08 | 000,076,840 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\Hauppauge\MceService\HcwMceSvc.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/10/14 15:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 10:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/04/07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2008/07/21 12:59:10 | 001,069,056 | ---- | M] (Audiovox Electronics Corp.) -- C:\Users\George\Documents\RCA Detective\RCADetective.exe
PRC - [2007/11/13 16:46:00 | 000,135,168 | ---- | M] ( ) -- C:\ProgramData\Dell\TransferAgent\TransferAgent.exe
PRC - [2007/06/04 09:53:00 | 000,132,656 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\TabUserW.exe
PRC - [2007/06/04 09:52:20 | 001,197,616 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Tablet.exe
PRC - [2007/03/14 10:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/02/08 00:11:04 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/02/08 00:11:00 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006/11/17 16:19:46 | 000,017,920 | ---- | M] ( ) -- C:\DELL\E-Center\EULALauncher.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006/10/13 11:31:34 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe


========== Modules (SafeList) ==========

MOD - [2011/06/04 12:59:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/21 13:20:34 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/09/28 11:28:08 | 000,076,840 | ---- | M] (Hauppauge Computer Works, Inc.) [Auto | Running] -- C:\Program Files\Hauppauge\MceService\HcwMceSvc.exe -- (HcwMceSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/14 15:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 10:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2007/11/29 20:40:52 | 000,002,560 | ---- | M] () [Auto | Stopped] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2007/06/04 09:52:20 | 001,197,616 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Tablet.exe -- (TabletService)
SRV - [2007/04/17 18:38:26 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/14 10:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/02/08 00:11:00 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2006/11/07 13:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/09/28 11:29:40 | 000,084,608 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw49swt.sys -- (hcw49swt)
DRV - [2010/06/23 09:21:30 | 000,157,568 | ---- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcwhdpvr.sys -- (hcwhdpvr)
DRV - [2009/02/13 13:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 10:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2007/02/09 00:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/08 00:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/12 12:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/29 00:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/11/20 14:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 14:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 14:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/11 18:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/12/21 10:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 10:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 10:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/24 00:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-645146629-4150631623-2147835597-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-645146629-4150631623-2147835597-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim&ncid=snsusaimc00000001
IE - HKU\S-1-5-21-645146629-4150631623-2147835597-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-645146629-4150631623-2147835597-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\S-1-5-21-645146629-4150631623-2147835597-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-645146629-4150631623-2147835597-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/22 21:49:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/21 16:04:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/07 19:54:01 | 000,000,000 | ---D | M]

[2010/02/05 20:34:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Extensions
[2010/12/04 13:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\exi50g1f.default\extensions
[2010/02/05 20:39:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\exi50g1f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/17 12:53:01 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\exi50g1f.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/02/10 18:50:07 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\exi50g1f.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/04/17 18:02:06 | 000,002,267 | ---- | M] () -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\exi50g1f.default\searchplugins\aim-search.xml
[2011/01/04 00:02:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/26 20:15:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/05 14:18:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/28 16:11:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/04 00:02:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/06/22 21:49:32 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/02 16:28:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110521160425.dll (McAfee, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-645146629-4150631623-2147835597-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKU\S-1-5-21-645146629-4150631623-2147835597-1000..\Run: [DellTransferAgent] C:\ProgramData\Dell\TransferAgent\TransferAgent.exe ( )
O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Users\George\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 [2011/03/26 17:41:52 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2011/03/26 17:41:52 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2011/03/26 17:41:52 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2011/03/26 17:41:52 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2011/03/26 17:41:52 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2011/03/26 17:41:52 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2011/03/26 17:41:52 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2011/03/26 17:41:52 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2011/03/26 17:41:52 | 000,000,000 | ---D | M]
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-645146629-4150631623-2147835597-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-645146629-4150631623-2147835597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-645146629-4150631623-2147835597-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\George\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\George\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/13 08:46:19 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2007/08/14 09:29:44 | 000,000,055 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.HFYU - huffyuv.dll File not found
Drivers32: VIDC.I420 - C:\Windows\System32\emYUV.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
OTL Part 2

========== Files/Folders - Created Within 30 Days ==========

[2011/06/04 12:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/02 20:02:46 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
[2011/06/02 16:43:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/02 16:42:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/02 16:42:47 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\temp
[2011/06/02 15:58:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/06/02 15:53:02 | 004,111,594 | R--- | C] (Swearware) -- C:\Users\George\Desktop\ComboFix.exe
[2011/06/01 18:02:25 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\George\Desktop\aswMBR.exe
[2011/05/31 17:58:32 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\George\Desktop\dds.scr

========== Files - Modified Within 30 Days ==========

[2011/06/04 12:59:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
[2011/06/04 12:58:45 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/06/04 12:47:21 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/04 12:47:21 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/04 12:47:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/04 12:47:14 | 1063,718,912 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/02 16:28:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/02 15:53:09 | 004,111,594 | R--- | M] (Swearware) -- C:\Users\George\Desktop\ComboFix.exe
[2011/06/01 19:07:30 | 000,006,149 | -HS- | M] () -- C:\Users\George\Desktop\Folder.jpg
[2011/06/01 19:07:30 | 000,006,149 | -HS- | M] () -- C:\Users\George\Desktop\AlbumArt_{1D9160FC-FC87-420C-BC9B-D72074B56062}_Large.jpg
[2011/06/01 19:07:29 | 000,001,902 | -HS- | M] () -- C:\Users\George\Desktop\AlbumArtSmall.jpg
[2011/06/01 19:07:29 | 000,001,902 | -HS- | M] () -- C:\Users\George\Desktop\AlbumArt_{1D9160FC-FC87-420C-BC9B-D72074B56062}_Small.jpg
[2011/06/01 18:59:39 | 012,561,459 | ---- | M] () -- C:\Users\George\Desktop\MetamorphosisTwo.mp3
[2011/06/01 18:04:44 | 000,139,264 | ---- | M] () -- C:\Users\George\Desktop\RKUnhookerLE.EXE
[2011/06/01 18:04:14 | 000,000,512 | ---- | M] () -- C:\Users\George\Desktop\MBR.dat
[2011/06/01 18:02:25 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\George\Desktop\aswMBR.exe
[2011/05/31 18:07:29 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 17:58:38 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\George\Desktop\dds.scr
[2011/05/30 12:13:11 | 000,033,310 | ---- | M] () -- C:\Users\George\Desktop\memorialday.jpg
[2011/05/30 12:10:14 | 000,114,395 | ---- | M] () -- C:\Users\George\Desktop\memorialday2011.jpg
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/21 18:07:19 | 181,687,374 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011/06/04 12:46:13 | 1063,718,912 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/02 15:31:13 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/06/01 19:07:32 | 000,006,149 | -HS- | C] () -- C:\Users\George\Desktop\AlbumArt_{1D9160FC-FC87-420C-BC9B-D72074B56062}_Large.jpg
[2011/06/01 19:07:32 | 000,001,902 | -HS- | C] () -- C:\Users\George\Desktop\AlbumArt_{1D9160FC-FC87-420C-BC9B-D72074B56062}_Small.jpg
[2011/06/01 18:59:29 | 012,561,459 | ---- | C] () -- C:\Users\George\Desktop\MetamorphosisTwo.mp3
[2011/06/01 18:04:36 | 000,139,264 | ---- | C] () -- C:\Users\George\Desktop\RKUnhookerLE.EXE
[2011/06/01 18:04:14 | 000,000,512 | ---- | C] () -- C:\Users\George\Desktop\MBR.dat
[2011/05/30 12:13:18 | 000,033,310 | ---- | C] () -- C:\Users\George\Desktop\memorialday.jpg
[2011/05/30 12:11:10 | 000,114,395 | ---- | C] () -- C:\Users\George\Desktop\memorialday2011.jpg
[2011/03/21 18:00:13 | 000,010,858 | -HS- | C] () -- C:\Users\George\AppData\Local\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2011/03/21 18:00:13 | 000,010,858 | -HS- | C] () -- C:\ProgramData\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2011/01/07 14:41:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/07 14:41:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/07 14:41:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/07 14:41:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/07 14:41:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/28 21:33:04 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/10/04 19:13:33 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/04/07 22:15:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/01/18 15:17:16 | 001,936,528 | ---- | C] () -- C:\Windows\System32\ltmm15.dll
[2007/11/29 20:40:53 | 000,003,289 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2007/11/29 20:40:52 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2007/11/29 20:40:52 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2007/07/08 16:29:52 | 000,004,892 | ---- | C] () -- C:\Users\George\AppData\Local\d3d9caps.dat
[2007/04/18 19:04:52 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\182D889119.sys
[2007/04/18 19:04:51 | 000,001,942 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/04/17 19:05:36 | 000,065,024 | ---- | C] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/17 18:56:49 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/04/17 18:56:48 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/04/12 13:46:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2007/04/12 13:46:09 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/04/12 13:46:09 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/04/12 13:45:56 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/04/12 13:45:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/04/12 06:00:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/04/12 06:00:23 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2006/12/12 11:13:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2006/12/12 10:02:50 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/10 08:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,310,208 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,618,648 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,024 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/01 01:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/01 01:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2010/04/17 12:55:20 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\acccore
[2010/04/17 23:22:36 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\BitTorrent
[2008/10/04 21:28:44 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Canon
[2011/01/13 19:14:56 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2009/01/31 17:07:47 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\muvee Technologies
[2010/03/14 18:35:02 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\NCH Swift Sound
[2009/06/06 14:37:30 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Out of the Park Developments
[2009/02/01 19:44:46 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Publish Providers
[2008/10/04 19:13:18 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\ScanSoft
[2011/04/02 11:18:50 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Sony
[2007/11/29 20:55:06 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Sports Interactive
[2009/08/27 18:10:53 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\StreamTorrent
[2010/02/10 18:50:02 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\WeatherBug
[2010/01/15 19:50:14 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Western Digital
[2011/05/02 21:08:03 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\WildTangent
[2011/06/02 20:08:53 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 04:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2006/11/10 08:22:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/06/02 16:42:37 | 000,018,647 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/04/12 13:46:17 | 000,004,602 | RH-- | M] () -- C:\dell.sdr
[2011/03/25 22:35:24 | 000,004,614 | ---- | M] () -- C:\hcwDriverInstall.txt
[2011/06/04 12:47:14 | 1063,718,912 | -HS- | M] () -- C:\hiberfil.sys
[2008/01/18 22:10:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/17 12:52:11 | 000,000,347 | -H-- | M] () -- C:\IPH.PH
[2011/03/26 19:17:29 | 000,000,087 | ---- | M] () -- C:\mpegError.log
[2008/01/18 22:10:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/06/04 12:46:11 | 1377,644,544 | -HS- | M] () -- C:\pagefile.sys
[2007/04/12 06:27:32 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 04:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.DLL
[2007/03/03 00:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD8U.DLL
[2007/03/03 00:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP8U.DLL
[2006/11/02 04:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\prtprocs\w32x86\EP0NPP01.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/12/11 22:09:41 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/17 18:20:49 | 000,000,377 | -HS- | M] () -- C:\Users\George\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/06/01 18:02:25 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\George\Desktop\aswMBR.exe
[2011/02/01 17:38:47 | 025,197,816 | ---- | M] (Acresso Software Inc. ) -- C:\Users\George\Desktop\Cleo-N-VOTK-OffPatch-12292010.exe
[2011/06/02 15:53:09 | 004,111,594 | R--- | M] (Swearware) -- C:\Users\George\Desktop\ComboFix.exe
[2011/01/13 19:07:35 | 000,505,064 | ---- | M] (Warner Bros.) -- C:\Users\George\Desktop\DigitalCopy.exe
[2011/01/06 19:50:01 | 000,296,448 | ---- | M] () -- C:\Users\George\Desktop\hlh6x1u5.exe
[2011/04/15 18:07:40 | 000,453,424 | ---- | M] (Microsoft Corporation) -- C:\Users\George\Desktop\IE9-WindowsVista-x86-enu.exe
[2010/04/17 12:51:03 | 007,374,760 | ---- | M] (AOL Inc.) -- C:\Users\George\Desktop\Install_AIM.exe
[2011/01/07 13:57:25 | 000,080,384 | ---- | M] () -- C:\Users\George\Desktop\MBRCheck.exe
[2011/04/02 11:11:44 | 153,184,264 | ---- | M] (Sony Creative Software Inc.) -- C:\Users\George\Desktop\moviestudiope10.exe
[2011/06/04 12:59:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
[2011/06/01 18:04:44 | 000,139,264 | ---- | M] () -- C:\Users\George\Desktop\RKUnhookerLE.EXE
[2011/01/06 16:28:57 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\TFC.exe
[2011/03/25 23:14:36 | 058,774,520 | ---- | M] (ArcSoft ) -- C:\Users\George\Desktop\totalmediatheatre_5.0.1.80_5.0.1.87_update_all.exe
[2011/02/01 17:39:20 | 013,874,270 | ---- | M] (Acresso Software Inc. ) -- C:\Users\George\Desktop\Updated-Launcher.exe
[2011/02/12 19:40:03 | 004,562,491 | ---- | M] () -- C:\Users\George\Desktop\YouTubeDownloaderSetup265.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/08/30 21:41:13 | 000,000,402 | -HS- | M] () -- C:\Users\George\Favorites\desktop.ini
[2011/05/30 12:05:23 | 000,000,236 | ---- | M] () -- C:\Users\George\Favorites\NCH Audio and Telephony Software.lnk
[2011/05/30 12:05:23 | 000,000,228 | ---- | M] () -- C:\Users\George\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/03/21 18:03:42 | 000,010,858 | -HS- | M] () -- C:\ProgramData\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:7F4E393D

< End of report >
 
Drive C: | 62.48 Gb Total Space | 0.48 Gb Free Space | 0.78% Space Free
You're running extremely low on C drive free space!
It may be a reason for your Explorer trouble.
You must start moving stuff out of drive C immediately, or next time around, your computer may not boot at all.

=======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    [2011/03/21 18:00:13 | 000,010,858 | -HS- | C] () -- C:\Users\George\AppData\Local\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
    [2011/03/21 18:00:13 | 000,010,858 | -HS- | C] () -- C:\ProgramData\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
    [2007/04/18 19:04:52 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\182D889119.sys
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:7F4E393D
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I noticed the memory issue last night too, and I have no clue how it got that high, and I always run TFC as well.

Here is the security check log, I ran the OTL fix and did not get a log, but I did reboot.

of screen317's Security Check version 0.99.7
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
McAfee Security Scan Plus
McAfee SecurityCenter
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Java(TM) SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player 10.0.42.34
Adobe Reader 7.0.8
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````
 
You don't have memory (RAM) issue, but C drive free space issue.
Running TFC won't do. You need to move some other stuff, so you have at least 5-6 GB free.
...and you have to do it really soon.
That's very important for two reason:
- your computer may not boot next time around
- we need to install Service Pack 2 and other updates, which are missing.

===================================================================

Uninstall Java(TM) SE Runtime Environment 6 .

===================================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

....and Eset...
 
okay, I will run eset now, I went through once I was able to calm the system down enough to open some windows and got about 11 GB free by transferring materials to a external hard drive. Thanks for the heads up, I will install the things you mentioned and post the new logs...

I did end up getting an OTL run fix log

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\George\AppData\Local\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q moved successfully.
C:\ProgramData\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q moved successfully.
C:\Windows\System32\182D889119.sys moved successfully.
ADS C:\ProgramData\TEMP:7F4E393D deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Default
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Flash cache emptied: 0 bytes

User: George
->Temp folder emptied: 140857 bytes
-> No Temporary Internet Files cache folder defined!
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1604 bytes

User: Public
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 217404 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33505 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: George
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06052011_153526

Files\Folders moved on Reboot...
File\Folder C:\Users\George\AppData\Local\Temp\~DFB1C2.tmp not found!
File\Folder C:\Users\George\AppData\Local\Temp\~DFB25B.tmp not found!
File\Folder C:\Users\George\AppData\Local\Temp\~DFB2B7.tmp not found!
File\Folder C:\Users\George\AppData\Local\Temp\~DFB2D1.tmp not found!
File\Folder C:\Users\George\AppData\Local\Temp\~DFB40B.tmp not found!
File\Folder C:\Users\George\AppData\Local\Temp\~DFB46A.tmp not found!

Registry entries deleted on Reboot...
 
Don't get ahead of yourself :)

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Here is the final OTL log, starting the clean up process now.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Default
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Flash cache emptied: 0 bytes

User: George
->Temp folder emptied: 1842448 bytes
-> No Temporary Internet Files cache folder defined!
->Java cache emptied: 0 bytes
->Flash cache emptied: 58483 bytes

User: Public
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 217404 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: George
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.23.0 log created on 06072011_190301

Files\Folders moved on Reboot...
File\Folder C:\Users\George\AppData\Local\Temp\~DF606.tmp not found!
File\Folder C:\Users\George\AppData\Local\Temp\~DF63E.tmp not found!
File\Folder C:\Users\George\AppData\Local\Temp\~DF7CF.tmp not found!
File\Folder C:\Users\George\AppData\Local\Temp\~DF7DB.tmp not found!
File\Folder C:\Users\George\AppData\Local\Temp\~DF826.tmp not found!
File\Folder C:\Users\George\AppData\Local\Temp\~DF832.tmp not found!

Registry entries deleted on Reboot...
 
I have been trying to install the most recent windows updates but I keep getting errors... The update downloads fine, but the install is a different story. I'm trying to install service pack 1.
 
You don't have to install Service Pack 1. You can go straight for Service Pack 2.
If any problems, I need to know exactly what's happening.
 
Whenever I go to updates and search for an update to install it comes up with service pack 1, is there a way to completely bypass that and install service pack 2?
 
Excellent, thank you. When I tried to d/l and install, it said that I had to install service pack 1 before updating to service pack 2. So I used the same link to download service pack 1, that was successful, then I followed that up with service pack 2. Both updates were successful.
 
Status
Not open for further replies.
Back