Can't turn McAfee on

by **Jan2011** on Tue 12 Apr 2011, 12:20 pm

Hello, This computer had some malware on it. I used MalwareBytes to get rid of it. I had to remove the proxy setting in Internet Explorer. Firefox won't connect to the Internet if 'No Proxy' is set. It needs to be set to 'Auto detect proxy'.

Another symptom I'm seeing is that McAfee gets turned off after starting at boot. If I try to turn it on, it just doesn't turn on.

Additionally, all the files in My Documents are now hidden. I have to enable 'show hidden files' in Folder and Search Options > View.

I ran Malwarebytes and an ESET on-line scan. Each found a few items. I don't know where to go from here. Please help.

Kenny has helped before. Hope he can again.

Thanks,
- Tony

The files were too long to post here so I included them as attachments.

by **Jan2011** on Tue 12 Apr 2011, 12:26 pm

Here's the OTL

OTL logfile created on: 4/11/2011 8:28:05 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Conti\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 71.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.48 Gb Total Space | 431.53 Gb Free Space | 74.21% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.70 Gb Free Space | 38.90% Space Free | Partition Type: NTFS

Computer Name: CONTI-PC | User Name: Conti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/11 20:26:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Conti\Desktop\OTL.com
PRC - [2010/09/21 17:59:15 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/09/21 17:59:15 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/16 22:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/12/16 22:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/01/31 14:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe

========== Modules (SafeList) ==========

MOD - [2011/04/11 20:26:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Conti\Desktop\OTL.com
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/13 22:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/10/13 22:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 21:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/08/24 14:57:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/02/24 00:49:22 | 000,901,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/17 21:54:02 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/09/21 17:59:15 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/08 07:31:46 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/16 22:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/13 22:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/10/13 22:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/10/13 22:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/09/21 17:59:38 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/03/12 06:19:44 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2009/02/24 00:49:28 | 004,598,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2009/02/24 00:49:28 | 004,598,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/05/05 01:40:20 | 007,172,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/09/10 20:19:24 | 000,103,992 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys -- (BrSerIf)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/11/04 19:16:40 | 000,028,152 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcd5srvc_x64.pkms -- (PCD5SRVC{048DBD20-445E8C82-05040104})

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52247

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52247
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4

FF - user.js..network.proxy.http: "127.0.0.1"
FF - user.js..network.proxy.http_port: 52247
FF - user.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/11 18:21:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/11 18:28:08 | 000,000,000 | ---D | M]

[2009/11/26 10:01:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Conti\AppData\Roaming\Mozilla\Extensions
[2010/03/28 02:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conti\AppData\Roaming\Mozilla\Firefox\Profiles\hedbn6rp.default\extensions
[2011/04/09 21:57:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Conti\AppData\Roaming\Mozilla\Firefox\Profiles\hedbn6rp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/11 18:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/11 18:28:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/11 18:30:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101104180818.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101104180818.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] File not found
O4 - Startup: C:\Users\Conti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7f5ba49f-a57e-11de-8c5a-0024e8103310}\Shell\AutoRun\command - "" = F:\wdsync.exe
O33 - MountPoints2\{f5763c71-71ce-11df-b8bb-0024e8103310}\Shell\AutoRun\command - "" = H:\PMB_P.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfevtp - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/04/11 20:26:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Conti\Desktop\OTL.com
[2011/04/11 19:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/04/11 18:30:02 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/04/11 18:30:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/04/11 18:30:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/04/11 18:28:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/11 18:28:08 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/04/11 18:05:11 | 000,000,000 | ---D | C] -- C:\Intel
[2011/04/11 17:59:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2011/04/11 17:59:00 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\Windows\SysWow64\igxpun.exe
[2011/04/11 17:59:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2011/04/11 17:58:58 | 000,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\difxapi.dll
[2011/04/11 17:58:58 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\difxapi.dll
[2011/04/11 16:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/04/11 15:51:36 | 000,000,000 | ---D | C] -- C:\Users\Conti\AppData\Roaming\Malwarebytes
[2011/04/11 15:51:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/11 15:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/11 15:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/11 15:51:24 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/11 15:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/09 22:19:56 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/04/09 22:19:56 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/04/09 22:19:56 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/04/09 22:19:56 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/04/09 22:19:47 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/04/09 22:19:47 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/04/09 22:19:46 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/04/09 22:19:46 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/04/09 22:19:36 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/04/09 22:19:35 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/04/09 22:19:35 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/04/09 22:19:35 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/04/09 22:19:35 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/04/09 22:19:35 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbeio.dll
[2011/04/09 22:19:35 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/04/09 22:19:35 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbeio.dll
[2011/03/19 23:27:45 | 000,000,000 | -H-D | C] -- C:\Users\Conti\AppData\Roaming\5012
[2011/03/19 23:27:36 | 000,000,000 | -H-D | C] -- C:\Users\Conti\AppData\Roaming\UAs
[2011/03/19 23:24:01 | 000,000,000 | -H-D | C] -- C:\Users\Conti\AppData\Roaming\xmldm
[2011/03/19 23:23:23 | 000,000,000 | -H-D | C] -- C:\Users\Conti\AppData\Roaming\kock
[2011/03/15 22:33:15 | 000,000,000 | -H-D | C] -- C:\Users\Conti\AppData\Local\Windows Live
[2009/12/10 08:31:09 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Conti\AppData\Roaming\DataSafeDotNet.exe
[2 C:\Users\Conti\AppData\Roaming\*.tmp files -> C:\Users\Conti\AppData\Roaming\*.tmp -> ]

by **Jan2011** on Tue 12 Apr 2011, 12:26 pm

========== Files - Modified Within 30 Days ==========

[2011/04/11 20:26:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Conti\Desktop\OTL.com
[2011/04/11 19:42:50 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/11 19:42:50 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/11 19:42:50 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/11 19:36:31 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/11 19:36:30 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/11 19:36:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/11 19:36:22 | 2136,133,631 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/11 19:10:02 | 000,000,732 | ---- | M] () -- C:\Users\Conti\AppData\Local\d3d9caps64.dat
[2011/04/11 18:32:53 | 000,032,858 | ---- | M] () -- C:\Users\Conti\Desktop\Conti_Greg Dell Inspir 530S.rtf
[2011/04/11 18:11:44 | 000,625,664 | ---- | M] () -- C:\Users\Conti\Desktop\dds.scr
[2011/04/11 17:59:26 | 000,007,512 | ---- | M] () -- C:\Users\Conti\AppData\Local\d3d9caps.dat
[2011/04/11 15:51:27 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2 C:\Users\Conti\AppData\Roaming\*.tmp files -> C:\Users\Conti\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/11 19:36:22 | 2136,133,631 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/11 18:11:43 | 000,625,664 | ---- | C] () -- C:\Users\Conti\Desktop\dds.scr
[2011/04/11 17:57:46 | 000,000,732 | ---- | C] () -- C:\Users\Conti\AppData\Local\d3d9caps64.dat
[2011/04/11 15:55:20 | 000,032,858 | ---- | C] () -- C:\Users\Conti\Desktop\Conti_Greg Dell Inspir 530S.rtf
[2011/04/11 15:51:27 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/24 17:17:26 | 000,000,120 | -H-- | C] () -- C:\Users\Conti\AppData\Local\Vlunedokezezoco.dat
[2011/02/24 17:17:26 | 000,000,000 | -H-- | C] () -- C:\Users\Conti\AppData\Local\Qvicupehukuho.bin
[2009/12/10 08:00:50 | 000,581,872 | ---- | C] () -- C:\Windows\SysWow64\STRegistry64.dll
[2009/12/10 08:00:50 | 000,540,912 | ---- | C] () -- C:\Windows\SysWow64\STString64d.dll
[2009/12/10 08:00:50 | 000,385,264 | ---- | C] () -- C:\Windows\SysWow64\STFiles64.dll
[2009/12/10 08:00:50 | 000,172,784 | ---- | C] () -- C:\Windows\SysWow64\STLog64.dll
[2009/12/10 08:00:50 | 000,157,424 | ---- | C] () -- C:\Windows\SysWow64\STWmiM64.dll
[2009/12/10 08:00:50 | 000,152,816 | ---- | C] () -- C:\Windows\SysWow64\STNLS64.dll
[2009/12/10 08:00:50 | 000,132,848 | ---- | C] () -- C:\Windows\SysWow64\STPE64.dll
[2009/12/10 08:00:50 | 000,106,224 | ---- | C] () -- C:\Windows\SysWow64\STMsXml64.dll
[2009/12/10 08:00:50 | 000,092,400 | ---- | C] () -- C:\Windows\SysWow64\STEncryptableVol64.dll
[2009/12/10 08:00:50 | 000,089,328 | ---- | C] () -- C:\Windows\SysWow64\STProcessDLL64.dll
[2009/12/10 08:00:50 | 000,089,328 | ---- | C] () -- C:\Windows\SysWow64\STProcess64.dll
[2009/12/10 08:00:50 | 000,000,060 | ---- | C] () -- C:\Windows\SysWow64\winpeshl.ini
[2009/12/10 08:00:50 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\ST_LOG.INI
[2009/12/10 08:00:49 | 002,303,728 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2009/12/10 08:00:49 | 001,372,672 | ---- | C] () -- C:\Windows\SysWow64\Restore7.exe
[2009/12/10 08:00:49 | 000,619,760 | ---- | C] () -- C:\Windows\SysWow64\STBackupEngine.dll
[2009/12/10 08:00:49 | 000,334,576 | ---- | C] () -- C:\Windows\SysWow64\RestoreLauncher.exe
[2009/12/10 08:00:49 | 000,134,384 | ---- | C] () -- C:\Windows\SysWow64\PSTVdsDisk64.dll
[2009/12/10 08:00:49 | 000,127,728 | ---- | C] () -- C:\Windows\SysWow64\STCrypto64.dll
[2009/12/10 08:00:49 | 000,052,464 | ---- | C] () -- C:\Windows\SysWow64\STCoreXml64.dll
[2009/12/10 08:00:48 | 000,578,288 | ---- | C] () -- C:\Windows\SysWow64\BackupApi.dll
[2009/12/10 08:00:48 | 000,108,272 | ---- | C] () -- C:\Windows\FixBCD.exe
[2009/12/10 08:00:48 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\abort.dat
[2009/12/02 21:12:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/02 21:12:00 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/02 21:11:42 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/20 10:05:20 | 000,040,448 | ---- | C] () -- C:\Users\Conti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/13 20:04:45 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/09/13 20:04:45 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7340.DAT
[2009/09/13 20:03:48 | 000,000,218 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/09/13 20:03:48 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/09/13 20:01:39 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2009/09/13 20:01:17 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009/09/13 20:01:16 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2009/09/13 20:01:16 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/09/13 19:58:48 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/09/12 18:27:07 | 000,007,512 | ---- | C] () -- C:\Users\Conti\AppData\Local\d3d9caps.dat
[2009/07/08 10:02:09 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2009/07/08 10:02:09 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2009/07/08 10:02:09 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2009/07/08 09:52:25 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009/07/08 07:11:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/24 23:58:05 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Custom Scans ==========

< %systemroot%\Fonts\*.com >
[2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/12/08 18:10:36 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/09/29 18:12:55 | 000,000,286 | -HS- | M] () -- C:\Users\Conti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/04/11 18:20:59 | 000,122,328 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2011/04/11 18:21:00 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2011/04/11 18:21:02 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/09/12 18:03:50 | 000,000,402 | -HS- | M] () -- C:\Users\Conti\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2011/04/11 19:36:20 | 000,065,788 | ---- | M] () -- C:\aaw7boot.log
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/06/24 20:22:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2009/07/08 10:02:20 | 000,004,122 | RH-- | M] () -- C:\dell.sdr
[2011/04/11 19:36:22 | 2136,133,631 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/04/11 19:36:20 | 2449,752,063 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2009/09/13 22:54:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2009/12/01 22:11:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Amazon
[2009/09/20 10:30:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2009/07/08 07:24:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2009/09/20 10:31:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2009/09/13 20:03:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Brother
[2009/07/08 07:31:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Citrix
[2010/01/27 22:25:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2009/07/08 07:32:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2009/07/08 07:38:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell
[2011/03/30 20:31:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell DataSafe Local Backup
[2009/09/20 10:09:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Remote Access
[2009/07/08 07:34:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Support Center
[2009/07/08 07:29:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Video Chat
[2011/04/11 16:53:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ESET
[2010/02/17 18:10:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/02/10 04:20:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2009/09/20 15:05:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iPhone Configuration Utility
[2010/02/09 22:06:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2011/04/11 18:29:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2009/10/30 17:42:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lavasoft
[2011/04/11 15:51:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/03 14:57:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee
[2010/09/08 19:46:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee.com
[2010/04/15 03:36:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Merge
[2009/07/08 07:36:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2009/07/08 07:28:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011/04/09 21:57:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/07/08 07:37:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2009/07/08 07:38:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2009/10/14 03:02:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/06/25 03:01:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/04/11 18:21:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2006/11/02 11:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2009/09/15 03:00:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/07/30 22:08:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars
[2011/04/09 21:57:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars.NET
[2010/02/09 22:04:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2006/11/02 11:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2009/07/08 07:31:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
[2009/09/13 19:58:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ScanSoft
[2010/04/15 03:36:31 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Sportsbook Poker
[2006/11/02 11:36:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/12/09 04:22:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar
[2008/01/20 23:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration
[2008/01/20 23:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/10/17 07:10:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2009/07/08 07:35:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/04/09 21:57:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/10/14 03:41:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2006/11/02 11:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/12/09 04:22:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery
[2009/12/10 04:21:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/12/09 04:22:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

< %appdata%\*.* >
[2011/03/19 23:27:47 | 000,000,065 | -H-- | M] () -- C:\Users\Conti\AppData\Roaming\AcroIEHelpe.txt
[2010/01/23 08:58:46 | 008,653,312 | ---- | M] (Dell, Inc. ) -- C:\Users\Conti\AppData\Roaming\DataSafeDotNet.exe
[2 C:\Users\Conti\AppData\Roaming\*.tmp files -> C:\Users\Conti\AppData\Roaming\*.tmp -> ]

< MD5 for: AGP440.SYS >
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/24 23:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009/04/24 23:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2008/01/20 22:46:53 | 000,068,664 | ---- | M] (Microsoft Corporation) MD5=2DC415FC05FB8A079F896CBBACB19324 -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_55e51d682c89f490\disk.sys
[2009/04/11 03:15:25 | 000,067,032 | ---- | M] (Microsoft Corporation) MD5=B0107E40ECDB5FA692EBF832F295D905 -- C:\Windows\SysNative\drivers\disk.sys
[2009/04/11 03:15:25 | 000,067,032 | ---- | M] (Microsoft Corporation) MD5=B0107E40ECDB5FA692EBF832F295D905 -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_57d0967429abbfdc\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/20 22:47:25 | 000,066,048 | ---- | M] (Microsoft Corporation) MD5=586D9876A4945779C8EEA926C0D16889 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_a4a4ea3a50308c79\USBSTOR.SYS
[2009/04/11 01:39:38 | 000,077,824 | ---- | M] (Microsoft Corporation) MD5=B854C1558FCA0C269A38663E8B59B581 -- C:\Windows\SysNative\drivers\USBSTOR.SYS
[2009/04/11 01:39:38 | 000,077,824 | ---- | M] (Microsoft Corporation) MD5=B854C1558FCA0C269A38663E8B59B581 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_a69063464d5257c5\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Sportsbook Poker:MID
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >

by **Belahzur** on Wed 13 Apr 2011, 8:54 am

Hello.

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

by **Jan2011** on Wed 13 Apr 2011, 9:39 am

Hello and thank you. Here's the log:

ComboFix 11-04-12.01 - Conti 04/12/2011 18:13:17.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6141.4592 [GMT -4:00]
Running from: c:\users\Conti\Desktop\commy.exe
Command switches used :: /stepdel
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Conti\AppData\Local\{A7CD2F84-87B7-487A-9F98-EDFC14CB1E22}
c:\users\Conti\AppData\Local\{A7CD2F84-87B7-487A-9F98-EDFC14CB1E22}\chrome\content\overlay.xul
c:\users\Conti\AppData\Local\{A7CD2F84-87B7-487A-9F98-EDFC14CB1E22}\install.rdf
c:\windows\system32\arp.exe . . . . Failed to delete
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
c:\windows\SysWow64\arp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-12 to 2011-04-12 )))))))))))))))))))))))))))))))
.
.
2011-04-12 22:09 . 2011-04-12 22:10 -------- d-----w- C:\32788R22FWJFW
2011-04-11 22:33 . 2011-03-23 14:11 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B1AA5CA-D3B1-4782-956D-E8162E5DFDB2}\mpengine.dll
2011-04-11 22:33 . 2011-02-02 22:11 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-04-11 22:28 . 2011-04-11 22:28 -------- d-----w- c:\windows\Sun
2011-04-11 22:28 . 2011-02-03 01:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-11 22:28 . 2011-02-03 01:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-11 22:05 . 2011-04-11 22:05 -------- d-----w- C:\Intel
2011-04-11 21:59 . 2011-04-11 21:59 -------- d-----w- c:\windows\SysWow64\Lang
2011-04-11 21:59 . 2011-04-11 21:59 -------- d-----w- c:\windows\SysWow64\x64
2011-04-11 21:59 . 2008-05-05 05:40 920088 ----a-w- c:\windows\SysWow64\igxpun.exe
2011-04-11 21:58 . 2008-05-05 05:40 525792 ----a-w- c:\windows\system32\difxapi.dll
2011-04-11 21:58 . 2008-05-05 05:40 319456 ----a-w- c:\windows\SysWow64\difxapi.dll
2011-04-11 20:53 . 2011-04-11 20:53 -------- d-----w- c:\program files (x86)\ESET
2011-04-11 19:51 . 2011-04-11 19:51 -------- d-----w- c:\users\Conti\AppData\Roaming\Malwarebytes
2011-04-11 19:51 . 2011-04-11 19:51 -------- d-----w- c:\programdata\Malwarebytes
2011-04-11 19:51 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-11 19:51 . 2011-04-11 19:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-11 19:51 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-20 03:27 . 2011-03-20 03:27 -------- d--h--w- c:\users\Conti\AppData\Roaming\5012
2011-03-20 03:27 . 2011-03-20 03:27 112 ---ha-w- c:\users\Conti\AppData\Roaming\srvblck2.tmp
2011-03-20 03:27 . 2011-03-20 03:28 -------- d--h--w- c:\users\Conti\AppData\Roaming\UAs
2011-03-20 03:24 . 2011-03-20 03:32 -------- d--h--w- c:\users\Conti\AppData\Roaming\xmldm
2011-03-20 03:24 . 2011-03-20 03:24 0 ---ha-w- c:\users\Conti\AppData\Roaming\hedbn6rp.default.tmp
2011-03-20 03:23 . 2011-03-20 03:25 -------- d--h--w- c:\users\Conti\AppData\Roaming\kock
2011-03-16 02:33 . 2011-03-16 02:33 -------- d--h--w- c:\users\Conti\AppData\Local\Windows Live
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-27 08:26 . 2011-02-24 21:17 0 ---ha-w- c:\users\Conti\AppData\Local\Qvicupehukuho.bin
2011-01-20 16:46 . 2011-02-10 03:07 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:17 . 2011-02-10 03:07 366592 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:17 . 2011-02-10 03:07 625152 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:16 . 2011-02-10 03:07 287232 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:16 . 2011-02-10 03:07 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:16 . 2011-02-10 03:07 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:16 . 2011-02-10 03:07 1268224 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:16 . 2011-02-10 03:07 748544 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:16 . 2011-02-10 03:07 47104 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:16 . 2011-02-10 03:07 3548672 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:16 . 2011-02-10 03:07 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:14 . 2011-02-10 03:07 278528 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:14 . 2011-02-10 03:07 195072 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:08 . 2011-02-10 03:07 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2011-01-20 16:08 . 2011-02-10 03:07 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-10 03:07 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2011-01-20 16:08 . 2011-02-10 03:07 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-01-20 16:08 . 2011-02-10 03:07 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2011-01-20 16:07 . 2011-02-10 03:07 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2011-01-20 16:07 . 2011-02-10 03:07 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2011-01-20 16:06 . 2011-02-10 03:07 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2011-01-20 16:04 . 2011-02-10 03:07 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2011-01-20 16:04 . 2011-02-10 03:07 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2011-01-20 15:01 . 2011-02-10 03:07 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 15:01 . 2011-02-10 03:07 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:59 . 2011-02-10 03:07 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:58 . 2011-02-10 03:07 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:57 . 2011-02-10 03:07 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:42 . 2011-02-10 03:07 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:41 . 2011-02-10 03:07 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:40 . 2011-02-10 03:07 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:40 . 2011-02-10 03:07 34304 ----a-w- c:\windows\system32\mfpmp.exe
2011-01-20 14:40 . 2011-02-10 03:07 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:37 . 2011-02-10 03:07 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:35 . 2011-02-10 03:07 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 14:28 . 2011-02-10 03:07 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
2011-01-20 14:27 . 2011-02-10 03:07 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-20 14:25 . 2011-02-10 03:07 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
2011-01-20 14:24 . 2011-02-10 03:07 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-10 03:07 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-10 03:07 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-10 03:07 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2011-01-20 14:14 . 2011-02-10 03:07 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-10 03:07 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-01-20 14:11 . 2011-02-10 03:07 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2011-01-20 14:06 . 2011-02-10 03:07 834048 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:47 . 2011-02-10 03:07 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2008-12-17 206064]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1484856]
.
c:\users\Conti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-04 28152]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-09-21 1352832]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-14 149032]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6453760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-05 137240]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-05 202264]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-05 165400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:52247
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files (x86)\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Conti\AppData\Roaming\Mozilla\Firefox\Profiles\hedbn6rp.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52247
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see [You must be registered and logged in to see this link.]
*/
FF - user.js: network.proxy.http - 127.0.0.1
FF - user.js: network.proxy.http_port - 52247
FF - user.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
HKLM-Run-Skytel - Skytel.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\Brother\Brmfcmon\BrMfcmon.exe
c:\program files (x86)\Windows Live\Contacts\wlcomm.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-04-12 18:28:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-12 22:28
.
Pre-Run: 463,039,070,208 bytes free
Post-Run: 463,091,539,968 bytes free
.
- - End Of File - - D04C00B90FFF0B8926D13FFEC2C1B220

by **Jan2011** on Wed 13 Apr 2011, 11:10 am

The McAfee Security Center now reports that the AV is turning on and staying on. Yeah!!

However, I still have the problem with Firefox not keeping the setting to use no proxy.

Also, the files in My Documents are still only visible if I enable viewing of Hidden files. New files in the folder are ok. Maybe I just have to uncheck the Hidden attribute in Properties for all of them.

by **Belahzur** on Thu 14 Apr 2011, 8:51 am

Stay with me on this, lets kill it this round.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
File:: c:\users\Conti\AppData\Local\Qvicupehukuho.bin c:\users\Conti\AppData\Roaming\Mozilla\Firefox\Profiles\hedbn6rp.default\user.js DDS:: uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = uInternet Settings,ProxyServer = http=127.0.0.1:52247 Firefox:: FF - ProfilePath - c:\users\Conti\AppData\Roaming\Mozilla\Firefox\Profiles\hedbn6rp.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 52247 FF - prefs.js: network.proxy.type - 4
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

by **Jan2011** on Thu 14 Apr 2011, 9:39 am

The log was too long. I attached the txt file.

by **Jan2011** on Thu 14 Apr 2011, 9:50 am

Thank you.

Firefox is now working. I don't have to reset the network connection to No Proxy each time. The change is sticking.

I see that files in My Documents are still marked Hidden. Do you think I should simply uncheck that attribute for each file?

Also when starting I get a message that "Catalyst Control Center: Host appllicastion has stopped working." Should I download the drivers and reload or wait to get instructions from you?

Thanks again.
- TD

by **Belahzur** on Fri 15 Apr 2011, 9:08 am

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

by **Jan2011** on Fri 15 Apr 2011, 11:11 am

Thank you,

The ESET scanner found nothing.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

by **Belahzur** on Sat 16 Apr 2011, 12:11 pm

Hello.
One last thing I want to check.

Please download the current version of HijackThis from HERE

Double click and run the installer.
It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
After installing, you should get the user agreement, press accept and Hijack This will run.
When Hijack This opens, click "Open the Misc Tools section"
Then select "Open Uninstall Manager"
Click on "Save List..." (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

by **Jan2011** on Sat 16 Apr 2011, 2:15 pm

OK, here it is.

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.5
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
Bonjour
Brother MFL-Pro Suite
Dell DataSafe Local Backup
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Video Chat
Dell-eBay
ESET Online Scanner v3
GoToAssist 8.0.0.514
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iPhone Configuration Utility
Java(TM) 6 Update 24
Junk Mail filter update
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.18)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PokerStars
PokerStars.net
PowerDVD
QualXServ Service Agreement
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spelling Dictionaries Support For Adobe Reader 9
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer

by **Belahzur** on Sun 17 Apr 2011, 5:22 am

Hello.

Click Start >> Control Panel.
Under the Programs click Uninstall a Program
Highlight Adobe Reader 9.3.1
Click on the Uninstall/Change button at the top.

Okay just 2 updates to do.

Please download Firefox 4 and install it. It will install over version 3.6.13 you currently have installed, so you won't lose any bookmarked websites.

Then download and install Adobe Reader X

How is the machine running now?

by **Jan2011** on Sun 17 Apr 2011, 7:07 am

The machine is running nicely.

However,

1) I see that files in My Documents are still marked Hidden. Do you think I should simply uncheck that attribute for each file?

2) Also when starting I get a message that "Catalyst Control Center: Host appllicastion has stopped working." Should I download the drivers and reload or wait to get instructions from you?

3) I'm using IE to log into this site. I have it set to remember me when I log in. Unfortunately, it's not remembering me. I have to enter my User ID and password each time.

by **Belahzur** on Sun 17 Apr 2011, 9:49 pm

1) I see that files in My Documents are still marked Hidden. Do you think I should simply uncheck that attribute for each file?

Go for it.

2) Also when starting I get a message that "Catalyst Control Center: Host appllicastion has stopped working." Should I download the drivers and reload or wait to get instructions from you?

You can try a driver re-install, see if it works.

3) I'm using IE to log into this site. I have it set to remember me when I log in. Unfortunately, it's not remembering me. I have to enter my User ID and password each time.

It's IE, none of the techs here would recommend it, we would rather point users to Firefox/Chrome.

by **Jan2011** on Mon 18 Apr 2011, 12:07 am

1) I reset the attributes to uncheck Hidden on all the Documents, Music, Pictures, etc.

2) Downloading a fresh Catalyst Control Center didn't work. For now, I just turned it off in msconfig>startup.

3) I updated Firefox. I'll have to start using it.

Thank you

by Sponsored content Today at 2:40 am

Can't turn McAfee on

Can't turn McAfee on

Re: Can't turn McAfee on

Re: Can't turn McAfee on

Re: Can't turn McAfee on

Re: Can't turn McAfee on

Re: Can't turn McAfee on

Re: Can't turn McAfee on

Re: Can't turn McAfee on

Re: Can't turn McAfee on

Re: Can't turn McAfee on

Re: Can't turn McAfee on

Re: Can't turn McAfee on

Re: Can't turn McAfee on

Re: Can't turn McAfee on

Re: Can't turn McAfee on

Re: Can't turn McAfee on

Re: Can't turn McAfee on

Re: Can't turn McAfee on