File.org removal

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Here is th elog.
But first let me say that 90% of the time the "File.org" window prompts for RealPlayer upgrades which I don't think I use, but have installed. Sometimes I have seen it hogging the CPU. What wouold happen if I uninstalled it?
the Combofic log:
ComboFix 14-02-14.01 - Yule family 14/02/2014 23:32:02.10.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3006.2192 [GMT 0:00]
Running from: c:\documents and settings\Yule family\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\program files\ZenSearch\IeZEnsearch.dll
c:\windows\system32\SET67.tmp
c:\windows\system32\SET69.tmp
c:\windows\system32\SET77.tmp
.
.
((((((((((((((((((((((((( Files Created from 2014-01-14 to 2014-02-14 )))))))))))))))))))))))))))))))
.
.
2014-02-14 23:23 . 2014-02-14 23:23 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2014-02-10 23:11 . 2014-02-10 23:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-10 23:11 . 2014-02-10 23:11 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-10 23:10 . 2014-02-10 23:10 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-10 10:15 . 2014-02-10 10:16 -------- d-----w- c:\documents and settings\Yule family\to be dleted - Feb 14
2014-02-09 20:56 . 2014-02-12 00:24 -------- d-----w- c:\documents and settings\Yule family\Local Settings\Application Data\FileTypeAssistant
2014-02-09 15:10 . 2014-02-09 15:17 -------- d-----w- C:\AdwCleaner
2014-01-28 22:36 . 2014-01-28 22:36 -------- d-----w- c:\documents and settings\Yule family\Local Settings\Application Data\Skype
2014-01-26 00:36 . 2014-01-26 00:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-22 20:37 . 2014-01-22 20:37 107256 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-01-17 05:11 . 2014-01-17 05:11 -------- d-----w- c:\program files\ZenSearch Updater
2014-01-17 05:10 . 2014-02-14 23:46 -------- d-----w- c:\program files\ZenSearch
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 23:26 . 2006-03-04 03:33 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2004-08-04 10:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2014-02-05 00:32 . 2012-04-01 21:10 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 00:32 . 2011-06-06 18:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-04 03:13 . 2004-08-04 10:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 17:29 . 2012-04-04 18:49 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-12-05 17:21 . 2012-04-04 18:34 174488 ----a-w- c:\windows\system32\mfevtps.exe
2013-12-05 17:21 . 2013-11-04 17:16 91736 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2013-12-05 17:16 . 2013-11-04 17:12 572688 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-12-05 17:15 . 2013-10-12 08:09 85064 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2013-12-05 17:14 . 2012-04-04 18:49 365416 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-12-05 17:14 . 2012-04-04 18:49 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-12-05 17:13 . 2012-04-04 18:49 236000 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-12-05 17:12 . 2011-10-15 11:16 133992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-12-05 11:26 . 2004-08-04 10:00 1172992 ----a-w- c:\windows\system32\msxml3.dll
2013-11-27 20:21 . 2004-08-04 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-26 22:06 . 2013-07-09 06:34 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-11-26 22:06 . 2013-07-09 06:34 80752 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-11-26 22:06 . 2013-07-09 06:34 319808 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Yule family\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Yule family\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Yule family\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Yule family\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 15:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 15:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 15:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 15:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 15:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 15:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="5 ADSL MODEM\DSLSTAT.EXE ICON" [X]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 516912]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"NvMediaCenter"="NvMCTray.dll" [2013-03-21 108832]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 516912]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-01-20 152392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-03-21 15517984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Del2001265"="del" [X]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\PHOTOfunSTUDIO 4.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Yule family^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Yule family\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Yule family^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Yule family\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Yule family^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\documents and settings\Yule family\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-12-01 17:38 38400 ----a-r- c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-01-20 16:32 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 13:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-01-14 16:35 20724384 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-12-22 09:15 295072 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 12:29 159456 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\Platform\\McSvcHost\\McSvHost.exe"=
"c:\\Documents and Settings\\Yule family\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\File Type Assistant\\TSAssist.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R?2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [10/10/2013 20:38 281560]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [22/01/2014 20:37 107256]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [04/11/2013 17:16 91736]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users.WINDOWS\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [11/12/2013 17:58 340432]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [22/01/2014 20:37 155704]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [22/01/2014 20:37 228888]
R2 HomeNetSvc;McAfee Home Network;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [10/10/2013 20:38 281560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [04/04/2012 18:49 167784]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [10/10/2013 20:39 145088]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [10/10/2013 20:38 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [10/10/2013 20:38 281560]
R2 mcpltsvc;McAfee Platform Services;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [10/10/2013 20:38 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\Mcafee\AMCore\mcshield.exe [10/10/2013 20:40 643608]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [04/04/2012 18:50 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [04/04/2012 18:34 174488]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [22/01/2014 20:37 1444120]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [29/11/2012 20:31 38608]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [04/04/2012 18:49 60920]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [04/04/2012 18:49 365416]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [09/07/2013 06:34 319808]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/10/2013 08:09 85064]
S1 MpKsl56ce2b3f;MpKsl56ce2b3f;\??\c:\windows\system32\MpEngineStore\MpKsl56ce2b3f.sys --> c:\windows\system32\MpEngineStore\MpKsl56ce2b3f.sys [?]
S1 MpKsl8b16be60;MpKsl8b16be60;\??\c:\windows\system32\MpEngineStore\MpKsl8b16be60.sys --> c:\windows\system32\MpEngineStore\MpKsl8b16be60.sys [?]
S1 MpKslfb1eeb2a;MpKslfb1eeb2a;\??\c:\windows\system32\MpEngineStore\MpKslfb1eeb2a.sys --> c:\windows\system32\MpEngineStore\MpKslfb1eeb2a.sys [?]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 10:58 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23/10/2013 08:15 172192]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [27/10/2012 07:51 147912]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [06/09/2013 17:29 235216]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [09/07/2013 06:34 80752]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/10/2013 08:09 85064]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [22/02/2010 11:55 61536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-05 09:20 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 00:33]
.
2014-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2014-02-14 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-12-21 11:16]
.
2014-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 17:28]
.
2014-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 17:28]
.
2014-02-14 c:\windows\Tasks\ProgramRefresh-ATFST.job
- c:\program files\File Type Assistant\TSASetup.exe [2012-12-21 00:13]
.
2014-02-14 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2012-12-21 13:02]
.
2014-02-14 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-220523388-1275210071-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2014-02-14 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-220523388-1275210071-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2014-02-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1275210071-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2014-02-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1275210071-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2014-02-14 c:\windows\Tasks\User_Feed_Synchronization-{DF8E2BEC-7A9C-4D85-9DC0-FDC10DEDCB66}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} - hxxp://www.pitchero.com/v6/ImageUploaderPHP/Scripts/ImageUploader7.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-CTFMON - (no file)
AddRemove-UpdaterEX - c:\documents and settings\Yule family\Application Data\UpdaterEX\UpdateProc\UpdateTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-14 23:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-02-14 23:52:19
ComboFix-quarantined-files.txt 2014-02-14 23:52
.
Pre-Run: 49,536,503,808 bytes free
Post-Run: 50,236,624,896 bytes free
.
- - End Of File - - AE4622F9856FAFC23F573982F848FEE8
8F558EB6672622401DA993E1E865C861

What wouold happen if I uninstalled it?

I suspect that may be the cure.
Please let me know how that turns out?

Well.... my PC crashed as I was selecting removal options in Add/Remove! It now won't boot, and I am having it checked out by a Repair shop. I don't know if this was just coincidence!
Therefore I won't be able to update you for some days, at least. I will advise if/when I get it back!

Hi again! Back up and running. My motherboard had blown. I can't see how this is anything to do with my problem, or the actions to resolve it. The outcome is that the repair shop took the inards of my PC and put them into a CompaQ PC, retaining its motherboard.
Once it was proven to be ok, I removed RealPlayer. However, on the next day, I was prompted for a Skype download, which I appeared to need. I downloaded it via the Skye website, not the File.org window.
I also removed a program called ZenSearch, which I must have loaded at some point. Perhaps it is related to the File.org prompt?!
My PC is working fine, but I would like to find out and remove the File.org prompt. However, I can understand if you would prefer a set of harder facts/problems.
Let me know what you think.
At minimum, I would like to ensure that I have removed all the malware programmes that I have downloaded.

thanks

but I would like to find out and remove the File.org prompt. However, I can understand if you would prefer a set of harder facts/problems.

Something on your computer is generating this prompt and I can really help you with this.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Hi Again, another couple of these "update " prompts came. I followed one through and have now removed the troublesome s/w.
fyi, it a programme "TSAssiste.exe" from Trusted Sofware Aps. Their address is File.org Team
Blomsterhaven 42
DK-4300 Holbaek
Denmark.
Their email address is contact@file.org.
Their website is : http:\\file.org/about.html.
It gives information re disabling and uninstalling.

In order to close this request down, I would like inofmration on how to iuninstall the programmes that I downloaded, to investigate the problem:
- Combofix
- ADWCleaner
- JRT
- Mbar (Anti-rootkit)
- Spybot
- Spywareblaster
Or should I retain any?
thanks

In order to close this request down, I would like inofmration on how to iuninstall the programmes that I downloaded, to investigate the problem:
- Combofix
- ADWCleaner
- JRT
- Mbar (Anti-rootkit)
- Spybot
- Spywareblaster
Or should I retain any?

I've already given instructions how to remove ComboFix. I would advise that you keep AdwCleaner, JRT and MBAM and run them often. Spybot and SpywareBlaster can be uninstalled by going to Control Panel, Add/Remove programs.

Sorry, I should have said that I had tried to "Run, Conbofix /Uninstall", but it failed. However, files are still there in C: and C:\Qoobox.
Also when you mention MBAM, do you mean Malwarebytes or its Rootkit variant? Or both?
I will take your advice on the others, but will probbaly keep Spybot too.

Sorry, I should have said that I had tried to "Run, Conbofix /Uninstall", but it failed. However, files are still there in C: and C:\Qoobox.

Please try this.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you
******************************************

Also when you mention MBAM, do you mean Malwarebytes or its Rootkit variant? Or both?
I will take your advice on the others, but will probbaly keep Spybot too..

No, I meant keep MBAM. Update it and run it on a regular basis. Spybot is obsolete in today's infections. It's your call if you want to keep it.

OK - have done all that , and everything seems fine. However, I am still left with a folder : C:\Qoobox, with a sub-folder "Backenv". The system won't let me delete it. Any ideas?

The system won't let me delete it. Any ideas?.

You can use Unlocker below.

You can download and install Unlocker .Make sure you decline each of those free offers so they won't get loaded on your computer.

Thanks. That's me sorted out now, although I have still to work through all the potential maintenance options that you suggested earlier.
Thanks for the help.