[Resolved K] Internet access denied to AV sites

[Larry]

I was trying to reactivate a preinstalled, but expired version of McAfee. It expired 1/10/2012. Computer gets "stuck" trying to find the website. I can get on the web thru Internet Explorer. Trying to get to McAfee thru IS...doesn't work. Tried to get to MalwareBytes and got message "no internet connection detected". McAfee tech. person had me go thru many steps including starting in safe mode. He tried to use the remote access program, don't know the name (PCShare?) where he would be able to download it for me, but that didn't work. When the "Download" button was clicked...the computer just was stuck searching. McAfee guys gave up. I'll buy something else.
I do get a message pop up in the lower right hand corner that  "there were 180+ errors detected" occasionally. Not sure of the name but it was PC???. Clicking it brings up a screen to purchase a cleaner. Didn't do it because I thought it was a fake.
Am running  Windows 7, on a Dell, using IE. I'll attach the asked for files now. Any help would be great.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Deb at 11:03:22 on 2012-05-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.1826 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Users\Deb\AppData\Local\Temp\mcitinfo_1335288966.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Dell\DellDock\DellDock.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = g.msn.com/USCON/1
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120104200525.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [McAfee McItInfo] C:\Users\Deb\AppData\Local\Temp\mcitinfo_1335288966.exe /itinsfin:C:\Users\Deb\AppData\Local\Temp\mcininfo_1335288966.ini
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\Deb\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: Interfaces\{909B009D-758C-4631-B7FB-81F2E5CD3080} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO-X64:     McAfee Phishing Filter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64:     Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120104200525.dll
BHO-X64:     scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-12 98208]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-5 296808]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-13 652360]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-4 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-1-4 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-1-4 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-12 689472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-12 2533400]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-4 249936]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-02 14:37:25   8917360   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{190268A3-15A5-40E9-BC4C-80A7E845E2B3}\mpengine.dll
2012-04-21 20:43:36   --------   d-----w-   C:\Users\Deb\AppData\Local\Google
2012-04-14 10:00:22   23408   ----a-w-   C:\Windows\System32\drivers\fs_rec.sys
2012-04-14 10:00:21   81408   ----a-w-   C:\Windows\System32\imagehlp.dll
2012-04-14 10:00:21   172544   ----a-w-   C:\Windows\SysWow64\wintrust.dll
2012-04-14 10:00:21   159232   ----a-w-   C:\Windows\SysWow64\imagehlp.dll
2012-04-14 10:00:20   5120   ----a-w-   C:\Windows\SysWow64\wmi.dll
2012-04-14 10:00:20   5120   ----a-w-   C:\Windows\System32\wmi.dll
2012-04-14 10:00:20   220672   ----a-w-   C:\Windows\System32\wintrust.dll
.
==================== Find3M  ====================
.
2012-03-06 06:53:37   5559152   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47   3968368   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41   3913072   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48   2311168   ----a-w-   C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56   1390080   ----a-w-   C:\Windows\System32\wininet.dll
2012-02-28 06:48:57   1493504   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55   1799168   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21   1427456   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07   1127424   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-02-23 17:18:36   279656   ------w-   C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22   826880   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07   1544192   ----a-w-   C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43   1077248   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34   3145728   ----a-w-   C:\Windows\System32\win32k.sys
.
============= FINISH: 11:03:58.59 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/24/2011 4:53:16 PM
System Uptime: 5/2/2012 8:37:05 AM (3 hours ago)
.
Motherboard: Dell Inc. |  | 08VFX1
Processor: Intel(R) Core(TM) i3 CPU       M 370  @ 2.40GHz | U2E1 | 2399/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 403.457 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP96: 3/17/2012 5:24:20 PM - Windows Update
RP97: 3/18/2012 6:20:18 PM - Windows Update
RP98: 3/21/2012 5:32:09 PM - Windows Backup
RP99: 3/21/2012 5:49:33 PM - Windows Update
RP100: 3/25/2012 6:26:39 PM - Windows Update
RP101: 3/27/2012 7:33:08 PM - Windows Backup
RP102: 3/31/2012 2:50:50 PM - Windows Update
RP103: 4/2/2012 11:51:59 PM - Windows Backup
RP104: 4/6/2012 10:06:42 AM - Windows Update
RP105: 4/13/2012 6:50:59 AM - Windows Update
RP106: 4/13/2012 6:53:48 AM - Windows Backup
RP107: 4/14/2012 3:00:11 AM - Windows Update
RP108: 4/17/2012 5:54:34 PM - Windows Update
RP109: 4/17/2012 6:01:15 PM - Windows Backup
RP110: 4/21/2012 1:35:56 PM - Windows Update
RP111: 4/23/2012 8:22:30 AM - Windows Backup
RP112: 4/28/2012 12:38:55 PM - Windows Update
RP113: 4/29/2012 7:34:56 PM - Windows Backup
RP114: 5/2/2012 7:36:48 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1.2
Advanced Audio FX Engine
AnswerWorks 5.0 English Runtime
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Consumer In-Home Service Agreement
Cozi
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
Dragon NaturallySpeaking 11
GoToAssist Corporate
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
Live! Cam Avatar Creator
LoJack Factory Installer
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee SecurityCenter
Microsoft Choice Guard
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
QuickBooks
QuickBooks Pro 2010
Quicken 2010
Realtek High Definition Audio Driver
Roxio Burn
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Skype Toolbars
Skype™ 4.2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
5/2/2012 7:32:32 AM, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: D@01010004
5/2/2012 10:53:51 AM, Error: Service Control Manager [7023]  - The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535
5/2/2012 10:53:51 AM, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535
5/2/2012 10:53:51 AM, Error: Microsoft-Windows-PNRPSvc [102]  - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
5/2/2012 10:37:42 AM, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
4/29/2012 11:04:29 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {B77C4C36-0154-4C52-AB49-FAA03837E47F}  and APPID  {EA022610-0748-4C24-B229-6C507EBDFDBB}  to the user DebLaptop\Deb SID (S-1-5-21-3834557590-1407945340-4108908551-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/29/2012 11:02:04 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user DebLaptop\Deb SID (S-1-5-21-3834557590-1407945340-4108908551-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/29/2012 11:02:04 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user DebLaptop\Deb SID (S-1-5-21-3834557590-1407945340-4108908551-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/25/2012 6:51:15 AM, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  After starting, the service hung in a start-pending state.
4/25/2012 6:51:11 AM, Error: Service Control Manager [7022]  - The Peer Name Resolution Protocol service hung on starting.
.
==== End Of File ===========================
Thanks

[kevinf80]

Hello Larry and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

• Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
• Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
• Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
• Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.
  
• If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
• If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
• If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Step 1

Download TFC  to your desktop, from either of the following links
 Link 1
 Link 2

• Save any open work. TFC will close all open application windows.
• Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
• If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds.  TFC may re-boot your system, if not Re-boot it yourself to  complete cleaning process <---- Very Important

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc.  Always remember to re-boot after a run, even if not prompted

Step 2

Run ESET Online Scan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
• Check
  
• Leave the tick out of remove found threats
  
• Push the Start button.
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push
  

You can refer to this animation by neomage if needed.
Frequently asked questions available Here  Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt". Post it in your reply...

Kevin

[Larry]

Kevin,
Thanks so much for all of your efforts! I printed & followed your instructions...accurately I think. After backing up files...then running TFC...rebooting...went to ESC Online scanner...cleared the tick mark & hit start...I got message "Downloading virus signature database"  then after a bit I got the message  "Cannot get update. Is proxy configured?"   Tried all this twice. 
Couldn't go any further.  Did I do something wrong or are there maybe some settings in the Dell files that are preventing some (many) sites form being accessed?
Got any ideas other than trashing the whole thing?  Frustrating.
Thanks again for trying.
Larry

[kevinf80]

Hiya Larry,

Is McAfee currently re-activated and up to date, you may have to turn OFF McAfee to enable ESET to run. If still a no go run the following:

Download  RogueKiller (by tigzy) and save direct to your Desktop.

• Quit all programs
• Start RogueKiller.exe
  
• Wait until Prescan has finished ...
• Ensure all boxes are ticked under "Report" tab.
• Click on Scan.
• Click on Report when complete.Copy/paste the content of the report and paste to next reply....

Kevin

[Larry]

Hi Kevin..
Thanks again but after following your instructions got stopped again. This time, as I was starting to run RogueKiller it got stuck on a message
"Please connect to the internet & click ok". Can't get past that message. Kind of the same thing as with McAfee & MalwareBytes. Computer gets to a point where it says there is no internet connection although I am getting to MSN.com & Yahoo. Am I going to have to reformat the C drive???

[kevinf80]

Hiya Larry,

Can you boot into safe mode with networking, re-boot your PC. As it boots continuously tap the F8 key until you see the Windows Advanced menu.
From the options select "Safe Mode with Networking" when stable do the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

• Ensure that Combofix is saved directly to the Desktop <--- Very important
  
  Before saving Combofix to the Desktop re-name to Gotcha.exe as below:
  
  
  
  
  
• Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  
  
• Close any open browsers and any other programs you might have running
• Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  
  
• Instructions for running Combofix available Here if required.
  
  
• If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
• When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why  disabling autoruns is recommended.

*EXTRA NOTES*

• If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
• If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
     
• If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

If Combofix re-boots the system be onhand to go back to Safe Mode with Networking, use the F8 key again...

Post the log in next reply please...

Kevin

[Larry]

Kevin,
Here I go again. I think I followed instructions correct. Attached the report.
Have not rebooted my machine yet...still in safe mode.

ComboFix 12-05-04.03 - Deb 05/04/2012  15:29:20.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.3181 [GMT -7:00]
Running from: c:\users\Deb\Desktop\Gotcha.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2012-04-04 to 2012-05-04  )))))))))))))))))))))))))))))))
.
.
2012-05-04 22:33 . 2012-05-04 22:33   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-05-04 14:05 . 2012-04-13 08:46   8917360   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCBA9080-29F9-4899-81F1-5F592CD12AEA}\mpengine.dll
2012-05-03 23:09 . 2012-05-03 23:09   --------   d-----w-   c:\program files (x86)\ESET
2012-04-21 20:43 . 2012-05-02 23:18   --------   d-----w-   c:\program files (x86)\Google
2012-04-21 20:43 . 2012-05-02 23:19   --------   d-----w-   c:\users\Deb\AppData\Local\Google
2012-04-14 10:00 . 2012-03-01 06:46   23408   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-04-14 10:00 . 2012-03-01 06:33   81408   ----a-w-   c:\windows\system32\imagehlp.dll
2012-04-14 10:00 . 2012-03-01 05:37   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-04-14 10:00 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2012-04-14 10:00 . 2012-03-01 06:38   220672   ----a-w-   c:\windows\system32\wintrust.dll
2012-04-14 10:00 . 2012-03-01 06:28   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-04-14 10:00 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-18 00:25 . 2012-03-18 00:25   74752   ----a-w-   c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-18 00:25 . 2012-03-18 00:25   161792   ----a-w-   c:\windows\SysWow64\msls31.dll
2012-03-18 00:25 . 2012-03-18 00:25   91648   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2012-03-18 00:25 . 2012-03-18 00:25   89088   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2012-03-18 00:25 . 2012-03-18 00:25   86528   ----a-w-   c:\windows\SysWow64\iesysprep.dll
2012-03-18 00:25 . 2012-03-18 00:25   85504   ----a-w-   c:\windows\system32\iesetup.dll
2012-03-18 00:25 . 2012-03-18 00:25   76800   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-18 00:25 . 2012-03-18 00:25   76800   ----a-w-   c:\windows\system32\tdc.ocx
2012-03-18 00:25 . 2012-03-18 00:25   74752   ----a-w-   c:\windows\SysWow64\iesetup.dll
2012-03-18 00:25 . 2012-03-18 00:25   63488   ----a-w-   c:\windows\SysWow64\tdc.ocx
2012-03-18 00:25 . 2012-03-18 00:25   603648   ----a-w-   c:\windows\system32\vbscript.dll
2012-03-18 00:25 . 2012-03-18 00:25   49664   ----a-w-   c:\windows\system32\imgutil.dll
2012-03-18 00:25 . 2012-03-18 00:25   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2012-03-18 00:25 . 2012-03-18 00:25   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2012-03-18 00:25 . 2012-03-18 00:25   448512   ----a-w-   c:\windows\system32\html.iec
2012-03-18 00:25 . 2012-03-18 00:25   420864   ----a-w-   c:\windows\SysWow64\vbscript.dll
2012-03-18 00:25 . 2012-03-18 00:25   367104   ----a-w-   c:\windows\SysWow64\html.iec
2012-03-18 00:25 . 2012-03-18 00:25   35840   ----a-w-   c:\windows\SysWow64\imgutil.dll
2012-03-18 00:25 . 2012-03-18 00:25   30720   ----a-w-   c:\windows\system32\licmgr10.dll
2012-03-18 00:25 . 2012-03-18 00:25   23552   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2012-03-18 00:25 . 2012-03-18 00:25   222208   ----a-w-   c:\windows\system32\msls31.dll
2012-03-18 00:25 . 2012-03-18 00:25   173056   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-03-18 00:25 . 2012-03-18 00:25   165888   ----a-w-   c:\windows\system32\iexpress.exe
2012-03-18 00:25 . 2012-03-18 00:25   160256   ----a-w-   c:\windows\system32\wextract.exe
2012-03-18 00:25 . 2012-03-18 00:25   152064   ----a-w-   c:\windows\SysWow64\wextract.exe
2012-03-18 00:25 . 2012-03-18 00:25   150528   ----a-w-   c:\windows\SysWow64\iexpress.exe
2012-03-18 00:25 . 2012-03-18 00:25   142848   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2012-03-18 00:25 . 2012-03-18 00:25   135168   ----a-w-   c:\windows\system32\IEAdvpack.dll
2012-03-18 00:25 . 2012-03-18 00:25   12288   ----a-w-   c:\windows\system32\mshta.exe
2012-03-18 00:25 . 2012-03-18 00:25   11776   ----a-w-   c:\windows\SysWow64\mshta.exe
2012-03-18 00:25 . 2012-03-18 00:25   114176   ----a-w-   c:\windows\system32\admparse.dll
2012-03-18 00:25 . 2012-03-18 00:25   111616   ----a-w-   c:\windows\system32\iesysprep.dll
2012-03-18 00:25 . 2012-03-18 00:25   110592   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2012-03-18 00:25 . 2012-03-18 00:25   101888   ----a-w-   c:\windows\SysWow64\admparse.dll
2012-02-23 17:18 . 2011-12-26 00:59   279656   ------w-   c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-15 02:10   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-15 02:10   826880   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-15 02:10   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-15 02:10   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-15 02:12   1544192   ----a-w-   c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 02:12   1077248   ----a-w-   c:\windows\SysWow64\DWrite.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-08-31 996616]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]
"STToasterLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe" [2010-08-12 120032]
.
c:\users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-06 296808]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe

R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys

R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2011-12-26 20:22]
.
2011-12-26 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2011-12-26 20:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-04  15:34:44
ComboFix-quarantined-files.txt  2012-05-04 22:34
.
Pre-Run: 433,729,646,592 bytes free
Post-Run: 433,278,722,048 bytes free
.
- - End Of File - - 560285D58886698DC3124B645D96CAA9

[kevinf80]

Boot into Normal mode, try RogueKiller again...

[Larry]

Here it comes

RogueKiller V7.4.3 [05/04/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Deb [Admin rights]
Mode: Scan -- Date: 05/04/2012 16:09:53

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] dd6967e897e9549401c89a8d9f38da4a
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461837 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: HP Photosmart C3180 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

[kevinf80]

What is the status of McAfee, is the licence current?

[Larry]

McAfee was uninstalled on the infected computer. I bot 2 current licenses...expire in August, but haven't been able to install or reactivate on the infected computer. (I have 2 laptops here...downstairs & upstairs)

[kevinf80]

Hiya Larry,

Ok lets make sure all remnants of McAfee are gone from the infected system:

Go Here and download the McAfee removal tool, save it to your Desktop. Double click the tool to run it, Vista or Windows 7 users right click and select "Run as Administrator" re-boot when requested to complete the task.

Next,

To keep safe when online you need a good Antivirus/Antspyware/Antimalware/Anti-Rootkit combination application. Microsoft Security Essentials covers all of those bases, but better still it is free. Go Here and hit the "Download free" tab, follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen.

Let me know if the quick scan finds anything, you will not get a log as such, open the History tab fromthe main interface.

Kevin

[Larry]

Kevin,
Thanks again for your efforts!!!
Security essentials didn't find anything...So I went back to desktop.
I actually was able to get some e-mails that I couldn't a couple of days ago. I could download Google Earth which I couldn't do a couple of days ago.
Should I go to McAfee and see if I can download the program (I still have 2 paid licenses till August). or  should I just start with something new? I'm not a huge McAfee fan right now. Suggestions?
Also, I have been using the MalwareBytes free download...should I again or is there something better..I still have RogueKiller on the desktop...keep it & run it occasionally?
First let me know if you think this solved the problem. If not what should I do next?
If so...I can't thank you enuf. You are awesome & I'll go back to the Spywarehammer site & post it.
Let me know...Thanks again!
Larry

[kevinf80]

Hiya Larry,

When there are remnants of security applications such as McAfee left on a system they can cause all sorts of issues, that is why I asked you to run the removal tool.

I do not believe you actually had any malware on your system, but it has to be checked out before being discounted. Before you go and see if you can access McAfee do the following;

Step 1

Remove Combofix now that we're done with it

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  
  
  
• Please follow the prompts to uninstall Combofix.
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:_OtMoveIt folder, if present
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Reset System Restore.

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Step 2

Remove ESET online scanner:

• Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
  
• Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.
  

Step 3

• Download OTC by OldTimer and save it to your desktop. Alternative mirror
  
• Double click icon to start the program.
  If you are using Vista or Windows 7, please right-click and choose run as administrator
  
• Then Click the big button.
  
• You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  
• Restart your computer when prompted.
• This will remove tools we have used and itself.

Any tools/logs remaining on the Desktop can be deleted.

Step 4

Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack and exploitation.

Please go to the link below to update.

Adobe Reader Untick the Free McAfee® Security Scan Plus (optional) Not required

Step 5

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
The most current version of Sun Java is: Java Runtime Environment Version 6 Update 32.

• Go to Sun Java
  
• Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
  
• Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
• Reboot your computer

As you`ve updated Adobe and Java go to Start > Control Panel > Uninstall a Program, make sure old versions of both have been removed during the update.

Step 6

Re-run TFC again to clear out all temp folders etc... I give instructions again incase you`ve removed it:

Download TFC  to your desktop, from either of the following links
 Link 1
 Link 2

• Save any open work. TFC will close all open application windows.
• Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
• If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds.  TFC may re-boot your system, if not Re-boot it yourself to  complete cleaning process <---- Very Important

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc.  Always remember to re-boot after a run, even if not prompted.

If those steps complete OK you should be OK to check McAfee website again... If you are re-installing McAfee MSE will have to be removed. It should UNinstall OK from Start > Control Panel > Uninstall a Program.

If you have any issues removing MSE use the procedure detailed here http://support.microsoft.com/kb/2435760

Let me know how you get on,

Thanks,

Kevin

[Larry]

Hi Kevin,
Thank You again! I followed the last few steps.
I will try to reinstall the McAfee a little later. I'll let you know how it went.
You didn't make any recommendations on AV products...is that because you aren't supposed to or if it might not work for me? Its all my decision and I am responsible...I just always ask the people that know...when I don't.
No big deal if you aren't comfortable doing.
Thanks so much.
Larry