Just today, something has taken over my system and I cannot even get to your site without rebooting in Safe Mode. Here is my Hijackthis log. Please help!!!!


AC3File 0.6b
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Adobe SVG Viewer 3.0
AMDAway INF
BlackBerry Desktop Software 4.3
BlackBerry Desktop Software 4.3
BlackBerry Media Sync
BlackBerry® Media Sync
Bonjour
Browser Address Error Redirector
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCScore
Cheetah DVD Burner
Conexant D850 PCI V.92 Modem
Creative MediaSource
Creative MuVo N200 Media Explorer
Dassault Systemes Software Prerequisites x86
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Digital Line Detect
Dirt Alert
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
EPSON Print CD
EPSON Printer Software
EPSON R280 User's Guide
EPSON Web-To-Page
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Free Window Registry Repair
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.480
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImageMixer3
Internet Service Offers Launcher
iTunes
Java(TM) 6 Update 10
Java(TM) SE Runtime Environment 6
Kodak EasyShare software
LEGO Digital Designer
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Works
Modem Diagnostic Tool
Mouse Suite for Desktop Computers
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Music, Photos & Videos Launcher
MuVo Driver
netbrdg
NetWaiting
NVIDIA Drivers
NVIDIA Stereoscopic 3D Driver
NVIDIANetworkDiagnostic
OfotoXMI
OGA Notifier 2.0.0048.0
PCsync
Photosynth 2.0.1403.5
Picasa 3
Product Documentation Launcher
QuickTime
Realtek High Definition Audio Driver
Rhapsody Player Engine
RocketDock 1.3.5
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SFR
SHASTA
skin0001
SKINXSDK
Sonic Activation Module
Spybot - Search & Destroy
staticcr
Super DX-Ball v1.1
System Requirements Lab
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb975960)
User's Guides
VC80CRTRedist - 8.0.50727.4053
VPRINTOL
VZAccess Manager for RIM
Windows Media Player Firefox Plugin
WinRAR archiver
WIRELESS



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:10 PM, on 11/16/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\config\systemprofile\AppData\L ocal\Temp\lsass.exe
C:\Windows\system32\config\systemprofile\AppData\L ocal\Temp\system.exe
C:\Windows\system32\config\systemprofile\AppData\L ocal\Temp\services.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: C:\Windows\system32\t3hqv.dll - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\Windows\system32\t3hqv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [calc] rundll32.exe C:\Windows\system32\calc.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Windows\system32\config\systemprofile\AppData\L ocal\Temp\services.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Windows\system32\config\systemprofile\AppData\L ocal\Temp\services.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Windows\system32\config\systemprofile\AppData\L ocal\Temp\services.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - Play Games Online | Online Games | Web Games | Comcast.net
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - Play Games Online | Online Games | Web Games | Comcast.net
O16 - DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} (AxLoaderPassword Class) - http://mobileapps.blackberry.com/dev...e/AxLoader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GoToAssist - C:\Windows\
O20 - Winlogon Notify: __c003BDF6 - C:\Windows\system32\__c003BDF6.dat
O22 - SharedTaskScheduler: jkshf8a3rudbfa873fudfhbdugf87whjdb - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\Windows\system32\t3hqv.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - - (no file)
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8359 bytes

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
[list=1][*]Please, never rename Combofix unless instructed.[*]Close any open browsers.[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

It's OK to run it in Safe Mode.

upon turning on my pc, I get the following error... Runtime error 204at 004027EC

Here is the ComboFix log. Thank you....


ComboFix 09-11-17.01 - Mitchell 11/17/2009 7:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1084 [GMT -5:00]
Running from: c:\users\Mitchell\Desktop\ComboFix.exe
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
SP: PC-cillin Internet Security - Spyware Protection *disabled* (Outdated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-10-17 to 2009-11-17 )))))))))))))))))))))))))))))))
.

2009-11-17 12:18 . 2009-11-17 12:19 4096 d-----w- c:\users\Mitchell\AppData\Local\temp
2009-11-17 12:18 . 2009-11-17 12:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-17 12:18 . 2009-11-17 12:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-17 11:57 . 2009-11-17 11:59 49152 d-----w- C:\32788R22FWJFW
2009-11-17 03:51 . 2009-11-17 03:51 -------- d-----w- C:\%APPDATA%
2009-11-17 01:41 . 2009-11-17 03:21 4096 d-----w- c:\progra~2\Spybot - Search & Destroy
2009-11-17 01:41 . 2009-11-17 01:51 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 01:21 . 2009-11-17 01:21 -------- d-----w- c:\program files\Trend Micro
2009-11-17 01:14 . 2009-11-17 01:14 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-11-16 21:47 . 2009-11-16 21:47 98304 ----a-w- c:\windows\system32\kbdatat4.dll
2009-11-16 21:47 . 2009-11-16 21:47 582656 ----a-w- c:\windows\system32\raidmg.dll
2009-11-16 21:47 . 2009-11-16 21:47 18944 ----a-w- c:\windows\system32\AsusUpd.exe
2009-11-16 21:47 . 2009-11-16 21:47 37888 ----a-w- C:\kewwr.exe
2009-11-16 21:47 . 2009-11-16 21:47 20992 ----a-w- C:\penmrdya.exe
2009-11-16 21:46 . 2009-11-16 21:46 -------- d-----w- c:\windows\Sun
2009-11-11 21:28 . 2009-11-11 21:28 -------- d-----w- c:\windows\system32\Profiles
2009-11-11 21:08 . 2009-11-11 21:15 4096 d-----w- c:\program files\Free Window Registry Repair
2009-11-11 20:48 . 2009-11-11 20:48 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-10 23:22 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 23:22 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-10-27 18:02 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 18:02 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-23 12:23 . 2009-10-23 12:23 -------- d-----w- c:\users\Mitchell\AppData\Roaming\LEGO Company
2009-10-23 12:23 . 2009-10-23 12:23 -------- d-----w- c:\program files\LEGO Company

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-17 11:47 . 2009-08-29 03:20 35180 ----a-w- c:\progra~2\nvModes.dat
2009-11-17 11:47 . 2009-05-02 03:12 4096 d-----w- c:\progra~2\NVIDIA
2009-11-17 01:08 . 2008-01-08 15:18 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-16 21:48 . 2009-05-16 15:05 8192 d-----w- c:\users\Mitchell\AppData\Roaming\BitTorrent
2009-11-11 13:48 . 2009-01-25 19:27 4096 d-----w- c:\program files\Common Files\ArcSoft
2009-11-11 13:48 . 2009-01-25 19:27 -------- d-----w- c:\program files\ArcSoft
2009-11-11 13:48 . 2008-01-08 15:21 12288 d--h--w- c:\program files\InstallShield Installation Information
2009-11-11 13:43 . 2009-01-25 19:29 4096 d-----w- c:\progra~2\ArcSoft
2009-11-11 13:42 . 2009-01-25 19:27 4096 d-----w- c:\users\Mitchell\AppData\Roaming\ArcSoft
2009-11-11 13:37 . 2009-05-19 11:07 4096 d-----w- c:\program files\Coupons
2009-11-11 13:27 . 2009-05-16 15:04 4096 d-----w- c:\users\Mitchell\AppData\Roaming\DNA
2009-11-11 13:03 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 04:34 . 2008-01-17 00:19 12288 d-----w- c:\progra~2\Microsoft Help
2009-11-08 00:55 . 2008-04-28 01:29 8192 d-----w- c:\program files\DivX
2009-11-08 00:54 . 2009-04-27 20:54 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-10-22 10:47 . 2009-05-17 14:36 4096 d-----w- c:\program files\McAfee
2009-10-20 10:53 . 2009-09-30 19:22 -------- d-----w- c:\program files\Encore
2009-10-19 02:54 . 2008-01-08 15:31 4096 d-----w- c:\program files\Google
2009-10-18 03:48 . 2008-01-08 15:36 28672 d-----w- c:\program files\Microsoft Works
2009-10-01 00:14 . 2009-09-30 19:23 4096 d-----w- c:\users\Mitchell\AppData\Roaming\Hoyle Casino
2009-09-30 19:23 . 2009-09-30 19:23 16384 d-----w- c:\users\Mitchell\AppData\Roaming\Hoyle FaceCreator
2009-09-27 22:47 . 2009-09-27 22:47 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 22:47 . 2009-09-27 22:47 92776 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 22:47 . 2009-09-27 22:47 805480 ----a-w- c:\windows\system32\nvsvc.dll
2009-09-27 22:47 . 2009-09-27 22:47 4033128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 22:47 . 2009-09-27 22:47 3553896 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 22:47 . 2009-09-27 22:47 3172968 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 22:47 . 2009-09-27 22:47 215656 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-27 22:47 . 2009-09-27 22:47 195176 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 22:47 . 2009-09-27 22:47 1309288 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-27 22:47 . 2009-09-27 22:47 1292904 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 22:46 . 2009-09-27 22:46 4942440 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 22:46 . 2009-09-27 22:46 13949544 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 21:12 . 2009-09-27 21:12 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-09-27 21:12 . 2009-09-27 21:12 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 21:12 . 2009-09-27 21:12 2169448 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 21:12 . 2009-09-27 21:12 1997416 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 21:12 . 2009-09-27 21:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 21:12 . 2009-09-27 21:12 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-27 21:12 . 2009-09-27 21:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 21:12 . 2009-09-27 21:12 11197032 ----a-w- c:\windows\system32\nvoglv32.dll
2009-09-27 21:12 . 2009-09-27 21:12 10984 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-09-27 21:12 . 2008-05-03 04:16 7614056 ----a-w- c:\windows\system32\nvd3dum.dll
2009-09-27 21:12 . 2008-05-03 04:16 1074280 ----a-w- c:\windows\system32\nvapi.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 00:00 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-25 00:00 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-09-25 00:00 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-09-25 00:00 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-09-25 00:00 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-09-25 00:00 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-09-24 23:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-24 23:50 . 2009-09-24 23:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-09-24 14:24 . 2009-07-01 01:38 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-16 14:22 . 2009-05-17 14:37 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2009-05-17 14:37 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2009-05-17 14:37 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2009-05-17 14:37 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2009-05-17 14:37 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-14 09:29 . 2009-10-18 00:26 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-18 00:26 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41 . 2009-10-18 00:25 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-09-02 21:55 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 21:55 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-21 18:26 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-21 18:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-21 18:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-21 18:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-08-12 01:34 . 2008-08-12 01:34 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-01-08 22:58 . 2008-01-08 22:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-01-08 68856]
"AsusUpd.exe"="AsusUpd.exe" - c:\windows\System32\AsusUpd.exe [2009-11-16 18944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-24 4452352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"SpybotDeletingD6013"="del" [X]
"SpybotDeletingB7782"="command.com" - c:\windows\System32\COMMAND.COM [2006-11-02 50648]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-8 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^ImageMixer HDD Camera Monitor.lnk]
backup=c:\windows\pss\ImageMixer HDD Camera Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Mitchell^AppData^Roa ming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Mitchell^AppData^Roa ming^Microsoft^Windows^Start Menu^Programs^Startup^VirtualExpander.lnk]
backup=c:\windows\pss\VirtualExpander.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6e,72,9b,88,74,3d,ca,01

R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 6:17 AM 77824]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [11/16/2009 8:41 PM 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [8/17/2009 12:32 AM 239648]
R3 pmxmouse;PMXMOUSE;c:\windows\System32\drivers\pmxm ouse.sys [1/8/2008 10:21 AM 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\System32\drivers\pmxu sblf.sys [1/8/2008 10:21 AM 19008]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/8/2008 10:31 AM 29744]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3446959947-1444841828-2394464618-1000Core.job
- c:\users\Mitchell\AppData\Local\Google\Update\Goog leUpdate.exe [2008-09-13 16:36]

2009-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3446959947-1444841828-2394464618-1000UA.job
- c:\users\Mitchell\AppData\Local\Google\Update\Goog leUpdate.exe [2008-09-13 16:36]

2009-05-17 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2009-05-17 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2009-11-17 c:\windows\Tasks\User_Feed_Synchronization-{89C1311C-BD24-4A9D-92DA-64CCE8E246B0}.job
- c:\windows\system32\msfeedssync.exe [2009-10-21 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\Mitchell\AppData\Roaming\Mozilla\Firefox\ Profiles\hqky65ph.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\users\Mitchell\AppData\Local\Google\Update\1.2. 183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Mitchell\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-uceorvok - c:\users\Mitchell\AppData\Local\sbmsel\wxnusysguar d.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-17 07:19
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
AsusUpd.exe = AsusUpd.exe?As

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-17 07:23
ComboFix-quarantined-files.txt 2009-11-17 12:22
ComboFix2.txt 2009-11-17 04:09

Pre-Run: 163,790,704,640 bytes free
Post-Run: 163,729,772,544 bytes free

- - End Of File - - 022D29914D7ED672DB659BCBF2BEACB0

Remember to include fresh HJT log. See, if you can operate in Normal Mode after running below script.

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\kbdatat4.dll
c:\windows\system32\raidmg.dll
c:\windows\system32\AsusUpd.exe
C:\kewwr.exe
C:\penmrdya.exe
c:\windows\system32\drivers\mfeavfk.sys
c:\windows\system32\drivers\mfesmfk.sys
c:\windows\system32\drivers\mfebopk.sys
c:\windows\system32\drivers\mfehidk.sys
c:\windows\system32\drivers\mferkdk.sys
c:\windows\Tasks\McDefragTask.job
c:\windows\Tasks\McQcTask.job
c:\progra~1\mcafee\mqc\QcConsol.exe


Folder::

Driver::

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD6013"=-
"SpybotDeletingB7782"=-


RegLockDel::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

This is my HijackThis log BEFORE I complete the instructions you have for me. I got this message. I'll copy my HijackThis log below.


---------------------------
HijackThis
---------------------------
For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.
If that happens, you need to edit the file yourself. To do this, click Start, Run and type: notepad C:\Windows\System32\drivers\etc\hosts
and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.
For Vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'.
---------------------------
OK
---------------------------

Here is the HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:10 PM, on 11/16/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\config\systemprofile\AppData\L ocal\Temp\lsass.exe
C:\Windows\system32\config\systemprofile\AppData\L ocal\Temp\system.exe
C:\Windows\system32\config\systemprofile\AppData\L ocal\Temp\services.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: C:\Windows\system32\t3hqv.dll - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\Windows\system32\t3hqv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [calc] rundll32.exe C:\Windows\system32\calc.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Windows\system32\config\systemprofile\AppData\L ocal\Temp\services.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Windows\system32\config\systemprofile\AppData\L ocal\Temp\services.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Windows\system32\config\systemprofile\AppData\L ocal\Temp\services.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - Play Games Online | Online Games | Web Games | Comcast.net
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - Play Games Online | Online Games | Web Games | Comcast.net
O16 - DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} (AxLoaderPassword Class) - http://mobileapps.blackberry.com/dev...e/AxLoader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GoToAssist - C:\Windows\
O20 - Winlogon Notify: __c003BDF6 - C:\Windows\system32\__c003BDF6.dat
O22 - SharedTaskScheduler: jkshf8a3rudbfa873fudfhbdugf87whjdb - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\Windows\system32\t3hqv.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - - (no file)
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8359 bytes

In Vista, right click on HijackThis, and click Run as Administrator.
Post both fresh logs.

First, the ComboFix log...

ComboFix 09-11-18.04 - Mitchell 11/17/2009 18:29.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1119 [GMT -5:00]
Running from: c:\users\Mitchell\Desktop\ComboFix.exe
Command switches used :: c:\users\Mitchell\Desktop\CFScript.txt
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
SP: PC-cillin Internet Security - Spyware Protection *disabled* (Outdated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active


FILE ::
"C:\kewwr.exe"
"C:\penmrdya.exe"
"c:\progra~1\mcafee\mqc\QcConsol.exe"
"c:\windows\system32\AsusUpd.exe"
"c:\windows\system32\drivers\mfeavfk.sys"
"c:\windows\system32\drivers\mfebopk.sys"
"c:\windows\system32\drivers\mfehidk.sys"
"c:\windows\system32\drivers\mferkdk.sys"
"c:\windows\system32\drivers\mfesmfk.sys"
"c:\windows\system32\kbdatat4.dll"
"c:\windows\system32\raidmg.dll"
"c:\windows\Tasks\McDefragTask.job"
"c:\windows\Tasks\McQcTask.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kewwr.exe
C:\penmrdya.exe
c:\progra~1\mcafee\mqc\QcConsol.exe
c:\windows\system32\AsusUpd.exe
c:\windows\system32\drivers\mfeavfk.sys
c:\windows\system32\drivers\mfebopk.sys
c:\windows\system32\drivers\mfehidk.sys
c:\windows\system32\drivers\mferkdk.sys
c:\windows\system32\drivers\mfesmfk.sys
c:\windows\system32\kbdatat4.dll
c:\windows\system32\raidmg.dll
c:\windows\Tasks\McDefragTask.job
c:\windows\Tasks\McQcTask.job

.
((((((((((((((((((((((((( Files Created from 2009-10-17 to 2009-11-17 )))))))))))))))))))))))))))))))
.

2009-11-17 23:39 . 2009-11-17 23:40 -------- d-----w- c:\users\Mitchell\AppData\Local\temp
2009-11-17 23:39 . 2009-11-17 23:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-17 23:39 . 2009-11-17 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-17 14:14 . 2009-11-17 14:14 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 14:11 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 14:11 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 14:11 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 14:07 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-17 11:52 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 11:52 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-17 11:52 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 03:51 . 2009-11-17 03:51 -------- d-----w- C:\%APPDATA%
2009-11-17 01:41 . 2009-11-17 03:21 4096 d-----w- c:\progra~2\Spybot - Search & Destroy
2009-11-17 01:41 . 2009-11-17 01:51 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 01:21 . 2009-11-17 01:21 -------- d-----w- c:\program files\Trend Micro
2009-11-17 01:14 . 2009-11-17 01:14 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-11-16 21:46 . 2009-11-16 21:46 -------- d-----w- c:\windows\Sun
2009-11-11 21:28 . 2009-11-11 21:28 -------- d-----w- c:\windows\system32\Profiles
2009-11-11 21:08 . 2009-11-11 21:15 4096 d-----w- c:\program files\Free Window Registry Repair
2009-11-11 20:48 . 2009-11-11 20:48 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-10 23:22 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 23:22 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-10-27 18:02 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 18:02 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-23 12:23 . 2009-10-23 12:23 -------- d-----w- c:\users\Mitchell\AppData\Roaming\LEGO Company
2009-10-23 12:23 . 2009-10-23 12:23 -------- d-----w- c:\program files\LEGO Company

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-17 19:36 . 2009-08-29 03:20 35180 ----a-w- c:\progra~2\nvModes.dat
2009-11-17 19:35 . 2009-05-02 03:12 4096 d-----w- c:\progra~2\NVIDIA
2009-11-17 14:14 . 2008-01-08 15:18 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-17 14:13 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 14:12 . 2009-11-17 14:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 07_00.Wdf
2009-11-17 14:11 . 2009-11-17 14:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_ 00.Wdf
2009-11-16 21:48 . 2009-05-16 15:05 8192 d-----w- c:\users\Mitchell\AppData\Roaming\BitTorrent
2009-11-11 13:48 . 2009-01-25 19:27 4096 d-----w- c:\program files\Common Files\ArcSoft
2009-11-11 13:48 . 2009-01-25 19:27 -------- d-----w- c:\program files\ArcSoft
2009-11-11 13:48 . 2008-01-08 15:21 12288 d--h--w- c:\program files\InstallShield Installation Information
2009-11-11 13:43 . 2009-01-25 19:29 4096 d-----w- c:\progra~2\ArcSoft
2009-11-11 13:42 . 2009-01-25 19:27 4096 d-----w- c:\users\Mitchell\AppData\Roaming\ArcSoft
2009-11-11 13:37 . 2009-05-19 11:07 4096 d-----w- c:\program files\Coupons
2009-11-11 13:27 . 2009-05-16 15:04 4096 d-----w- c:\users\Mitchell\AppData\Roaming\DNA
2009-11-11 13:03 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 04:34 . 2008-01-17 00:19 12288 d-----w- c:\progra~2\Microsoft Help
2009-11-08 00:55 . 2008-04-28 01:29 8192 d-----w- c:\program files\DivX
2009-11-08 00:54 . 2009-04-27 20:54 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-10-22 10:47 . 2009-05-17 14:36 4096 d-----w- c:\program files\McAfee
2009-10-20 10:53 . 2009-09-30 19:22 -------- d-----w- c:\program files\Encore
2009-10-19 02:54 . 2008-01-08 15:31 4096 d-----w- c:\program files\Google
2009-10-18 03:48 . 2008-01-08 15:36 28672 d-----w- c:\program files\Microsoft Works
2009-10-01 01:02 . 2009-11-17 14:07 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 14:07 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 14:07 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 14:07 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 14:07 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 14:07 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 14:07 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 14:07 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.d ll
2009-10-01 01:01 . 2009-11-17 14:07 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 14:07 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 14:07 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-17 14:07 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-17 14:07 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-17 14:07 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-17 14:07 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-10-01 00:14 . 2009-09-30 19:23 4096 d-----w- c:\users\Mitchell\AppData\Roaming\Hoyle Casino
2009-09-30 19:23 . 2009-09-30 19:23 16384 d-----w- c:\users\Mitchell\AppData\Roaming\Hoyle FaceCreator
2009-09-27 22:47 . 2009-09-27 22:47 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 22:47 . 2009-09-27 22:47 92776 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 22:47 . 2009-09-27 22:47 805480 ----a-w- c:\windows\system32\nvsvc.dll
2009-09-27 22:47 . 2009-09-27 22:47 4033128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 22:47 . 2009-09-27 22:47 3553896 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 22:47 . 2009-09-27 22:47 3172968 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 22:47 . 2009-09-27 22:47 215656 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-27 22:47 . 2009-09-27 22:47 195176 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 22:47 . 2009-09-27 22:47 1309288 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-27 22:47 . 2009-09-27 22:47 1292904 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 22:46 . 2009-09-27 22:46 4942440 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 22:46 . 2009-09-27 22:46 13949544 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 21:12 . 2009-09-27 21:12 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-09-27 21:12 . 2009-09-27 21:12 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 21:12 . 2009-09-27 21:12 2169448 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 21:12 . 2009-09-27 21:12 1997416 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 21:12 . 2009-09-27 21:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 21:12 . 2009-09-27 21:12 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-27 21:12 . 2009-09-27 21:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 21:12 . 2009-09-27 21:12 11197032 ----a-w- c:\windows\system32\nvoglv32.dll
2009-09-27 21:12 . 2009-09-27 21:12 10984 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-09-27 21:12 . 2008-05-03 04:16 7614056 ----a-w- c:\windows\system32\nvd3dum.dll
2009-09-27 21:12 . 2008-05-03 04:16 1074280 ----a-w- c:\windows\system32\nvapi.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 02:10 . 2009-11-17 14:09 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 14:09 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 14:09 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 14:09 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 14:09 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 14:09 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 14:09 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 14:09 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 14:09 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 14:09 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 14:09 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 14:09 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 14:09 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 14:09 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 14:09 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 14:09 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 14:09 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 14:09 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 14:09 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-17 14:09 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-17 14:09 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 14:09 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 14:09 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 14:09 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-25 00:00 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-25 00:00 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-09-25 00:00 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-09-25 00:00 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-09-25 00:00 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-09-25 00:00 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-09-24 23:50 . 2009-09-24 23:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-09-24 22:54 . 2009-11-17 14:09 258048 ----a-w- c:\windows\system32\winspool.drv
2008-08-12 01:34 . 2008-08-12 01:34 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-01-08 22:58 . 2008-01-08 22:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-11-17_12.19.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-17 14:07 . 2009-10-01 01:01 40448 c:\windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_ 6.0.6002.18112_none_2177efcb83dd35a0\wpdusb.sys
+ 2009-11-17 14:07 . 2009-10-01 01:01 61952 c:\windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_ 6.0.6002.18112_none_2177efcb83dd35a0\wpdmtpus.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 68608 c:\windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_ 6.0.6002.18112_none_2177efcb83dd35a0\wpdmtpip.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 78336 c:\windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_ 6.0.6002.18112_none_2177efcb83dd35a0\wpdmtpbt.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 33280 c:\windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_ 6.0.6002.18112_none_2177efcb83dd35a0\wpdconns.dll
+ 2009-11-17 14:07 . 2009-10-01 01:02 87552 c:\windows\winsxs\x86_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.0.6002.18112_non e_130696d2c3f64ac4\WPDShServiceObj.dll
+ 2009-11-17 14:07 . 2009-10-01 01:02 30208 c:\windows\winsxs\x86_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.0.6002.18112_non e_130696d2c3f64ac4\WPDShextAutoplay.exe
+ 2009-11-17 14:07 . 2009-10-01 01:01 60928 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18112_ none_4cde706de936888c\PortableDeviceConnectApi.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 81920 c:\windows\winsxs\x86_microsoft-windows-wpd-busenumservice_31bf3856ad364e35_6.0.6002.18112_non e_79dbda7dc92efc79\wpdbusenum.dll
+ 2009-11-17 14:11 . 2009-09-10 02:00 92672 c:\windows\winsxs\x86_microsoft-windows-uianimation_31bf3856ad364e35_7.0.6002.18108_none_7 edc01bff7a1cb45\UIAnimation.dll
+ 2009-11-17 14:09 . 2009-09-24 22:54 26112 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.22164_non e_2de0cf8ef1d7d6cc\printfilterpipelineprxy.dll
+ 2009-11-17 14:09 . 2009-09-24 22:54 26112 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18060_non e_2d53319bd8bdd1a6\printfilterpipelineprxy.dll
+ 2009-11-17 14:09 . 2009-09-25 01:27 37888 c:\windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_7.0.6002.18107_none_9f26 906a6b93696c\cdd.dll
+ 2009-11-17 14:07 . 2009-10-01 01:02 31232 c:\windows\winsxs\x86_microsoft-windows-d..thmtpcontexthandler_31bf3856ad364e35_7.0.6002.1 8112_none_302fc434dcfbe04c\BthMtpContextHandler.dl l
+ 2009-11-17 14:07 . 2009-10-01 01:01 50688 c:\windows\winsxs\x86_bthmtpenum.inf_31bf3856ad364 e35_6.0.6002.18112_none_01d56cf0911e704e\bthmtpenu m.sys
+ 2008-01-08 15:19 . 2009-11-17 19:37 61826 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
- 2006-11-02 13:05 . 2009-11-17 11:48 60384 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2006-11-02 13:05 . 2009-11-17 12:41 60384 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2008-01-16 12:04 . 2009-11-17 11:48 12578 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3446959947-1444841828-2394464618-1000_UserData.bin
+ 2008-01-16 12:04 . 2009-11-17 12:41 12578 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3446959947-1444841828-2394464618-1000_UserData.bin
- 2009-09-20 14:16 . 2009-04-11 06:28 26112 c:\windows\System32\printfilterpipelineprxy.dll
+ 2009-11-17 14:09 . 2009-09-24 22:54 26112 c:\windows\System32\printfilterpipelineprxy.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 40448 c:\windows\System32\DriverStore\FileRepository\wpd mtp.inf_2a7adb02\WpdUsb.sys
+ 2009-11-17 14:07 . 2009-10-01 01:01 61952 c:\windows\System32\DriverStore\FileRepository\wpd mtp.inf_2a7adb02\WpdMtpUS.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 68608 c:\windows\System32\DriverStore\FileRepository\wpd mtp.inf_2a7adb02\WpdMtpIP.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 78336 c:\windows\System32\DriverStore\FileRepository\wpd mtp.inf_2a7adb02\WpdMtpbt.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 33280 c:\windows\System32\DriverStore\FileRepository\wpd mtp.inf_2a7adb02\WpdConns.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 50688 c:\windows\System32\DriverStore\FileRepository\bth mtpenum.inf_201caa7f\BthMtpEnum.sys
- 2008-01-16 12:01 . 2009-11-17 11:57 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-16 12:01 . 2009-11-17 23:36 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 10:25 . 2009-11-17 14:13 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-11-11 22:11 51200 c:\windows\inf\infpub.dat
+ 2009-11-17 19:35 . 2009-11-17 19:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-11-17 11:47 . 2009-11-17 11:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-11-17 11:47 . 2009-11-17 11:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-11-17 19:35 . 2009-11-17 19:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-11-17 14:07 . 2009-10-01 01:01 839168 c:\windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_ 6.0.6002.18112_none_2177efcb83dd35a0\wpdmtpdr.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 226816 c:\windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_ 6.0.6002.18112_none_2177efcb83dd35a0\wpdmtp.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 227840 c:\windows\winsxs\x86_wpdfs.inf_31bf3856ad364e35_6 .0.6002.18112_none_27ca7fa9cfc85a60\wpdfs.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 546816 c:\windows\winsxs\x86_microsoft.windows.h..ler.wpd-driverclass_31bf3856ad364e35_6.0.6002.18112_none_6 a8bd86c653628e0\wpd_ci.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 134144 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledevicesqm_31bf3856ad364e35_7.0.6002.18112_ none_46439f2b6f000426\sqmapi.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 160256 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18112_ none_4cde706de936888c\PortableDeviceTypes.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 100864 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18112_ none_4cde706de936888c\PortableDeviceClassExtension .dll
+ 2009-11-17 14:07 . 2009-10-01 01:02 334848 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18112_ none_4cde706de936888c\PortableDeviceApi.dll
+ 2009-11-17 14:09 . 2009-09-25 02:07 189440 c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_7.0.6002.18107_no ne_86efc43840ac1e52\WindowsCodecsExt.dll
+ 2009-11-17 14:09 . 2009-09-25 02:10 974848 c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_7.0.6002.18107_none_ 89dfaf462924c1eb\WindowsCodecs.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 196608 c:\windows\winsxs\x86_microsoft-windows-w..ewmdrmcompatibility_31bf3856ad364e35_6.0.6002.1 8112_none_aeefe03423bfee4f\PortableDeviceWMDRM.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 350208 c:\windows\winsxs\x86_microsoft-windows-w..cationcompatibility_31bf3856ad364e35_6.0.6002.1 8112_none_7007d7d4dbaec336\WPDSp.dll
+ 2009-11-17 14:09 . 2009-09-25 01:48 351232 c:\windows\winsxs\x86_microsoft-windows-printing-xpsprint_31bf3856ad364e35_7.0.6002.18107_none_9f01 1af59951f340\XpsPrint.dll
+ 2009-11-17 14:09 . 2009-09-25 02:04 321024 c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_7.0.6002.181 07_none_bdcd592c6d8ad7f7\PhotoMetadataHandler.dll
+ 2009-11-17 14:09 . 2009-09-25 01:33 369664 c:\windows\winsxs\x86_microsoft-windows-photo-image-codec_31bf3856ad364e35_7.0.6002.18107_none_9297a60 0cdc57a69\WMPhoto.dll
+ 2009-11-17 14:09 . 2009-09-24 22:55 258048 c:\windows\winsxs\x86_microsoft-windows-p..ting-spooler-client_31bf3856ad364e35_6.0.6002.22197_none_9543bd 3e2f3469c3\winspool.drv
+ 2009-11-17 14:09 . 2009-09-24 22:54 258048 c:\windows\winsxs\x86_microsoft-windows-p..ting-spooler-client_31bf3856ad364e35_6.0.6002.18088_none_94c5f0 a9160dc75f\winspool.drv
+ 2009-11-17 14:09 . 2009-09-24 22:55 667648 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.22164_non e_2de0cf8ef1d7d6cc\printfilterpipelinesvc.exe
+ 2009-11-17 14:09 . 2009-09-24 22:54 667648 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18060_non e_2d53319bd8bdd1a6\printfilterpipelinesvc.exe
+ 2009-11-17 14:09 . 2009-09-25 01:27 634880 c:\windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_7.0.6002.18107_none_9f26 906a6b93696c\dxgkrnl.sys
+ 2009-11-17 14:09 . 2009-09-25 01:33 829440 c:\windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_7.0.6002.18107_none_ddc19b afdeb30271\d3d10warp.dll
+ 2009-11-17 14:09 . 2009-09-25 01:30 481792 c:\windows\winsxs\x86_microsoft-windows-directx-dxgi_31bf3856ad364e35_7.0.6002.18107_none_2ddc701e a6935db8\dxgi.dll
+ 2009-11-17 14:09 . 2009-09-25 01:31 519680 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d11_31bf3856ad364e35_7.0.6002.18107_none_e3 1646a255b2bb52\d3d11.dll
+ 2009-11-17 14:09 . 2009-09-25 01:30 190464 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10_31bf3856ad364e35_7.0.6002.18107_none_e3 165d6a55b2a1b1\d3d10core.dll
+ 2009-11-17 14:09 . 2009-09-25 01:31 218112 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_7.0.6002.18107_none_ 438775313198baea\d3d10_1core.dll
+ 2009-11-17 14:09 . 2009-09-25 01:31 161280 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_7.0.6002.18107_none_ 438775313198baea\d3d10_1.dll
+ 2009-11-17 14:09 . 2009-09-25 01:31 486912 c:\windows\winsxs\x86_microsoft-windows-directx-d3d10level9_31bf3856ad364e35_7.0.6002.18107_none_d 6bc647e27993a91\d3d10level9.dll
+ 2009-11-17 14:09 . 2009-09-25 01:27 793088 c:\windows\winsxs\x86_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_7.0.6002.18107_none_f80 806179955d90c\FntCache.dll
+ 2009-11-17 14:09 . 2009-09-25 01:31 828928 c:\windows\winsxs\x86_microsoft-windows-d2d_31bf3856ad364e35_7.0.6002.18107_none_9afade8fe 3f79d22\d2d1.dll
+ 2009-11-17 14:09 . 2009-09-25 01:33 195584 c:\windows\winsxs\x86_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_7.0.6002.18107_ none_17218ffde5ca9cc0\dxdiagn.dll
+ 2009-11-17 14:09 . 2009-09-25 01:32 252928 c:\windows\winsxs\x86_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_7.0.6002.18107_ none_17218ffde5ca9cc0\dxdiag.exe
+ 2009-11-17 14:09 . 2009-09-25 01:38 847360 c:\windows\winsxs\x86_microsoft-windows-component-opcom_31bf3856ad364e35_7.0.6002.18107_none_9694f99 f3a97a698\OpcServices.dll
+ 2009-11-17 14:09 . 2009-09-25 01:35 135680 c:\windows\winsxs\x86_microsoft-windows-c..nt-xpsrasterservice_31bf3856ad364e35_7.0.6002.18107_n one_0dfb54ccb407a2d9\XpsRasterService.dll
+ 2009-11-17 14:09 . 2009-09-25 01:36 280064 c:\windows\winsxs\x86_microsoft-windows-c..ent-xpsgdiconverter_31bf3856ad364e35_7.0.6002.18107_no ne_064a6d5573576b79\XpsGdiConverter.dll
+ 2008-06-19 15:05 . 2009-11-17 13:36 275354 c:\windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_FastS4.bin
+ 2009-11-17 14:09 . 2009-09-24 22:54 667648 c:\windows\System32\printfilterpipelinesvc.exe
+ 2006-11-02 10:33 . 2009-11-17 19:42 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-11-08 00:06 595446 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-17 19:42 101144 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-11-08 00:06 101144 c:\windows\System32\perfc009.dat
+ 2009-11-17 14:07 . 2009-10-01 01:01 839168 c:\windows\System32\DriverStore\FileRepository\wpd mtp.inf_2a7adb02\WpdMtpDr.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 226816 c:\windows\System32\DriverStore\FileRepository\wpd mtp.inf_2a7adb02\WpdMtp.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 227840 c:\windows\System32\DriverStore\FileRepository\wpd fs.inf_07b511b6\WpdFs.dll
+ 2009-11-17 14:07 . 2009-10-01 01:01 839168 c:\windows\System32\drivers\UMDF\WpdMtpDr.dll
+ 2006-11-02 10:25 . 2009-10-01 01:01 227840 c:\windows\System32\drivers\UMDF\WpdFs.dll
- 2009-03-19 23:06 . 2009-11-17 11:54 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-03-19 23:06 . 2009-11-17 19:42 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
- 2008-01-16 12:01 . 2009-11-17 11:57 622592 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-16 12:01 . 2009-11-17 23:36 622592 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-16 12:01 . 2009-11-17 11:57 147456 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2008-01-16 12:01 . 2009-11-17 23:36 147456 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2006-11-02 10:25 . 2009-11-11 22:11 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-11-17 14:13 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-11-17 14:13 143360 c:\windows\inf\infstor.dat
+ 2009-11-17 14:07 . 2009-10-01 01:02 2537472 c:\windows\winsxs\x86_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.0.6002.18112_non e_130696d2c3f64ac4\wpdshext.dll
+ 2009-11-17 14:11 . 2009-09-10 02:00 1164800 c:\windows\winsxs\x86_microsoft-windows-uiribbon_31bf3856ad364e35_7.0.6002.18108_none_663b d42f9b3acad1\UIRibbonRes.dll
+ 2009-11-17 14:11 . 2009-09-10 02:01 3023360 c:\windows\winsxs\x86_microsoft-windows-uiribbon_31bf3856ad364e35_7.0.6002.18108_none_663b d42f9b3acad1\UIRibbon.dll
+ 2009-11-17 14:09 . 2009-09-25 01:31 1030144 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10_31bf3856ad364e35_7.0.6002.18107_none_e3 165d6a55b2a1b1\d3d10.dll
+ 2009-11-17 14:09 . 2009-09-25 01:27 1064448 c:\windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_7.0.6002.18107_none_c 5fb66ed8775b3a4\DWrite.dll
+ 2009-11-17 14:09 . 2009-09-25 01:49 1554432 c:\windows\winsxs\x86_microsoft-windows-c..t-xpsomandstreaming_31bf3856ad364e35_7.0.6002.18107_ none_a27672456d27e8b6\xpsservices.dll
+ 2006-11-02 10:22 . 2009-11-17 19:36 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-11-17 11:56 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-11-17 12:00 . 2009-11-17 12:00 6365184 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2009-11-17 23:24 . 2009-11-17 23:24 6365184 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2009-06-05 03:00 . 2009-11-17 14:11 214113852 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001 c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-01-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-24 4452352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-8 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^ImageMixer HDD Camera Monitor.lnk]
backup=c:\windows\pss\ImageMixer HDD Camera Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Mitchell^AppData^Roa ming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Mitchell^AppData^Roa ming^Microsoft^Windows^Start Menu^Programs^Startup^VirtualExpander.lnk]
backup=c:\windows\pss\VirtualExpander.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6e,72,9b,88,74,3d,ca,01

R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 6:17 AM 77824]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [11/16/2009 8:41 PM 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [8/17/2009 12:32 AM 239648]
R3 pmxmouse;PMXMOUSE;c:\windows\System32\drivers\pmxm ouse.sys [1/8/2008 10:21 AM 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\System32\drivers\pmxu sblf.sys [1/8/2008 10:21 AM 19008]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [6/17/2008 2:49 PM 21504]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/8/2008 10:31 AM 29744]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3446959947-1444841828-2394464618-1000Core.job
- c:\users\Mitchell\AppData\Local\Google\Update\Goog leUpdate.exe [2008-09-13 16:36]

2009-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3446959947-1444841828-2394464618-1000UA.job
- c:\users\Mitchell\AppData\Local\Google\Update\Goog leUpdate.exe [2008-09-13 16:36]

2009-11-17 c:\windows\Tasks\User_Feed_Synchronization-{89C1311C-BD24-4A9D-92DA-64CCE8E246B0}.job
- c:\windows\system32\msfeedssync.exe [2009-10-21 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\Mitchell\AppData\Roaming\Mozilla\Firefox\ Profiles\hqky65ph.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\users\Mitchell\AppData\Local\Google\Update\1.2. 183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Mitchell\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AsusUpd.exe - AsusUpd.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-17 18:40
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
AsusUpd.exe = AsusUpd.exe?As

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-17 18:44
ComboFix-quarantined-files.txt 2009-11-17 23:43
ComboFix2.txt 2009-11-17 12:23
ComboFix3.txt 2009-11-17 04:09

Pre-Run: 164,122,025,984 bytes free
Post-Run: 164,080,721,920 bytes free

- - End Of File - - B60CB6E247EB93903AA85CEF7ED8A981


Now the HijackThis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:26 PM, on 11/17/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Comcast.net: News, Sports, Video, TV listings, Email and more!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://pbskids.org/barney/children/games/featured_game.html"
O4 - HKUS\S-1-5-18\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - Play Games Online | Online Games | Web Games | Comcast.net
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - Play Games Online | Online Games | Web Games | Comcast.net
O16 - DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} (AxLoaderPassword Class) - http://mobileapps.blackberry.com/dev...e/AxLoader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - - (no file)
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8742 bytes

Can you operate in Normal Mode now?


1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

DEQUARANTINE::

C:\Qoobox\Quarantine\c\windows\system32\drivers\mfeavfk.sys.vir
C:\Qoobox\Quarantine\c\windows\system32\drivers\mfebopk.sys.vir
C:\Qoobox\Quarantine\c\windows\system32\drivers\mfehidk.sys.vir
C:\Qoobox\Quarantine\c\windows\system32\drivers\mferkdk.sys.vir
C:\Qoobox\Quarantine\c\windows\system32\drivers\mfesmfk.sys.vir
C:\Qoobox\Quarantine\c\windows\Tasks\McDefragTask.job.vir
C:\Qoobox\Quarantine\c\windows\Tasks\McQcTask.job.vir

QUIT::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.