Jump to content

karr

Honorary Members
 View Profile  See their activity

  • Posts

    31

  • Joined

  • Last visited

Reputation

0 Neutral
  1. karr
    Alrighty.... Thanks for helping me fix most of it! Cheers.
  2. karr
    Done, however I was not able to find a file titled check.reg on the desktop. I did a quick search of the computer and couldn't find it either. Did I miss something?
  3. karr
    Attached is the photo of the screen shot of the device manager with the mcafee file. I right clicked to try and uninstall and got the resulting message.
  4. karr
    It's still there.
  5. karr
    DDS Log . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29 Run by Karla Reece at 20:16:31 on 2011-12-24 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.567 [GMT -5:00] . AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Garmin\MyGarminAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Atheros\ACU.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe mRun: [batteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe mRun: [MyGarminAgent] c:\program files\garmin\MyGarminAgent.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.169.1 TCP: Interfaces\{FFADABD1-F041-4152-BD77-3518F6E17BD0} : DhcpNameServer = 192.168.169.1 Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\karla reece\application data\mozilla\firefox\profiles\llqfnhrf.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd40e429d-0c7b-454c-813d-26f65be89cd3%7D&mid=d2215bac354547d1adc4d16d94cfa365-c008b0edb16c18519bd433fe59fcee9928356847&ds=AVG&v=8.0.0.34.1〈=en&pr=pr&d=2011-10-30%2017%3A31%3A35&sap=ku&q= FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll . ============= SERVICES / DRIVERS =============== . R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 4300] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-26 24652] R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-14 30208] R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 238464] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104] S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480] S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-8-1 19840] . =============== Created Last 30 ================ . 2011-12-25 00:59:05 98816 ----a-w- c:\windows\sed.exe 2011-12-25 00:59:05 518144 ----a-w- c:\windows\SWREG.exe 2011-12-25 00:59:05 256000 ----a-w- c:\windows\PEV.exe 2011-12-25 00:59:05 208896 ----a-w- c:\windows\MBR.exe . ==================== Find3M ==================== . 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-17 01:27:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-07 01:14:25 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-07 01:14:25 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll 2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-10-31 23:43:21 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-10-31 23:43:20 17408 ----a-w- c:\windows\system32\corpol.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll . ============= FINISH: 20:16:49.87 ===============
  6. karr
    Here is Combofix - DDS log to follow ComboFix 11-12-24.10 - Karla Reece 12/24/2011 20:01:27.5.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.438 [GMT -5:00] Running from: c:\documents and settings\Karla Reece\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Karla Reece\Desktop\CFScript.txt AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 ))))))))))))))))))))))))))))))) . . . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 13:25 . 2009-02-12 18:05 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-17 01:27 . 2011-11-07 01:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-07 01:14 . 2011-11-07 01:14 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-07 01:14 . 2010-08-31 10:38 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-01 16:07 . 2009-02-12 18:05 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-31 23:43 . 2009-02-12 18:05 832512 ----a-w- c:\windows\system32\wininet.dll 2011-10-31 23:43 . 2009-02-12 18:05 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-10-31 23:43 . 2009-02-12 18:05 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-10-31 23:43 . 2009-02-12 18:05 17408 ----a-w- c:\windows\system32\corpol.dll 2011-10-28 05:31 . 2009-02-12 18:05 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2009-02-12 18:05 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2009-02-12 18:05 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2009-02-12 19:23 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2009-02-12 18:05 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2009-02-12 18:05 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2009-02-12 18:05 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-12-10 15:43 . 2011-05-20 22:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-04-14 18:01 . 2011-01-11 01:21 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-06-28 4950664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456] "EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480] "DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944] "BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896] "MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552] "MyGarminAgent"="c:\program files\Garmin\MyGarminAgent.exe" [2009-05-07 335872] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160] "ACU"="c:\program files\Atheros\ACU.exe" [2011-08-09 474368] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2/12/2009 2:29 PM 4300] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/26/2009 8:46 PM 24652] R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [1/14/2008 10:01 PM 30208] R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2/12/2009 2:33 PM 238464] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 7:47 AM 133104] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 7:47 AM 133104] S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/8/2010 9:52 AM 20480] S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [8/1/2006 6:57 PM 19840] . Contents of the 'Scheduled Tasks' folder . 2011-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 12:47] . 2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 12:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.169.1 FF - ProfilePath - c:\documents and settings\Karla Reece\Application Data\Mozilla\Firefox\Profiles\llqfnhrf.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd40e429d-0c7b-454c-813d-26f65be89cd3%7D&mid=d2215bac354547d1adc4d16d94cfa365-c008b0edb16c18519bd433fe59fcee9928356847&ds=AVG&v=8.0.0.34.1〈=en&pr=pr&d=2011-10-30%2017%3A31%3A35&sap=ku&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-24 20:08 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2616) c:\windows\system32\WININET.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\system32\acs.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Samsung\Samsung Update Plus\SLUBackgroundService.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\program files\Samsung\Easy Display Manager\dmhkcore.exe c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe c:\program files\SAMSUNG\MagicKBD\PerformanceManager.exe c:\windows\system32\igfxext.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-12-24 20:11:38 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-25 01:11 ComboFix2.txt 2011-12-10 16:13 . Pre-Run: 64,871,059,456 bytes free Post-Run: 64,841,416,704 bytes free . - - End Of File - - E629D3264728B657305512AF85FD56B1
  7. karr
    SystemLook 30.07.11 by jpshortstuff Log created at 20:13 on 19/12/2011 by Karla Reece Administrator - Elevation successful ========== regfind ========== Searching for "McAfee" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] "URL"="http://search.yahoo.com/search?fr=mcafee&p={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://search.yahoo.com/search?fr=mcafee&p=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_0159851316703667MCINSTCLEANUP\0000] "DeviceDesc"="McAfee Application Installer Cleanup (0159851316703667)" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000] "DeviceDesc"="McAfee Inc. cfwids" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE\0000] "Service"="McAfee SiteAdvisor Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE\0000] "DeviceDesc"="McAfee SiteAdvisor Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCMPFSVC\0000] "DeviceDesc"="McAfee Personal Firewall Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCMSCSVC\0000] "DeviceDesc"="McAfee Services" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCNAIANN\0000] "DeviceDesc"="McAfee VirusScan Announcer" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCNASVC\0000] "DeviceDesc"="McAfee Network Agent" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCODS\0000] "DeviceDesc"="McAfee Scanner" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEBOPK\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEFIRE\0000] "DeviceDesc"="McAfee Firewall Core Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEHIDK\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDET\0000] "DeviceDesc"="McAfee Inc. mferkdet" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDK\0000] "DeviceDesc"="McAfee Inc. mferkdk" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFESMFK\0000] "DeviceDesc"="McAfee Inc. mfesmfk" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFETDI2K\0000] "DeviceDesc"="McAfee Inc. mfetdi2k" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEVTP\0000] "DeviceDesc"="McAfee Validation Trust Protection Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000] "Mfg"="McAfee" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000] "DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000] "FriendlyName"="Atheros AR5007EG Wireless Network Adapter - McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001] "FriendlyName"="Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller - McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001] "Mfg"="McAfee" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001] "DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002] "FriendlyName"="WAN Miniport (IP) - McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002] "Mfg"="McAfee" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002] "DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\0159851316703667mcinstcleanup] "ImagePath"="C:\WINDOWS\TEMP\015985~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\0159851316703667mcinstcleanup] "DisplayName"="McAfee Application Installer Cleanup (0159851316703667)" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McMPFSvc] "ImagePath"=""C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McMPFSvc] "DisplayName"="McAfee Personal Firewall Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc] "ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc] "DisplayName"="McAfee Services" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc] "Description"="McAfee Services" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn] "ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn] "DisplayName"="McAfee VirusScan Announcer" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn] "Description"="McAfee VirusScan Announcer" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc] "ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc] "DisplayName"="McAfee Network Agent" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc] "Description"="Allows McAfee applications to communicate securely on the local network." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS] "ImagePath"=""C:\Program Files\McAfee\VirusScan\mcods.exe"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS] "DisplayName"="McAfee Scanner" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS] "Description"="McAfee Scanner" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions] "McAfee Core NDIS Intermediate Filter Miniport"="2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAPFK\0000] "DeviceDesc"="McAfee Inc. mfeapfk" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK01\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEFIREK\0000] "DeviceDesc"="McAfee Inc. mfefirek" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEHIDK01\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001] "FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001] "Mfg"="McAfee" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001] "DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions] "McAfee Core NDIS Intermediate Filter Miniport"="2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEAPFK\0000] "DeviceDesc"="McAfee Inc. mfeapfk" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEAVFK01\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEFIREK\0000] "DeviceDesc"="McAfee Inc. mfefirek" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEHIDK01\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001] "FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001] "Mfg"="McAfee" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001] "DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions] "McAfee Core NDIS Intermediate Filter Miniport"="2" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAPFK\0000] "DeviceDesc"="McAfee Inc. mfeapfk" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK01\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEFIREK\0000] "DeviceDesc"="McAfee Inc. mfefirek" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEHIDK01\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001] "FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001] "Mfg"="McAfee" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001] "DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport" [HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] "URL"="http://search.yahoo.com/search?fr=mcafee&p={searchTerms}" [HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\SearchUrl] @="http://search.yahoo.com/search?fr=mcafee&p=%s" ========== filefind ========== Searching for "McAfee" No files found. ========== folderfind ========== Searching for "McAfee" No folders found. -= EOF =-
  8. karr
    In the Device Manager the "Mcafee Core NDIS Intermediate Filter Miniport #2" still shows with an exclamation point - missing driver.
  9. karr
    Unfortunately I was never told to disable any security programs. Security disabled and then I ran Combofix and DDS as requested. Combofix log is: ComboFix 11-12-10.01 - Karla Reece 12/10/2011 10:59:42.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.558 [GMT -5:00] Running from: c:\documents and settings\Karla Reece\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Karla Reece\Desktop\CFScript.txt AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\program files\Common Files\McAfee c:\program files\McAfee c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6875d50b57d25c8a.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_CFWIDS -------\Legacy_MFEAVFK02 -------\Legacy_MFEFIRE -------\Legacy_MFERKDET -------\Legacy_MFETDI2K -------\Legacy_MFEVTP . . ((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 ))))))))))))))))))))))))))))))) . . . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-17 01:27 . 2011-11-07 01:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-07 01:14 . 2011-11-07 01:14 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-07 01:14 . 2010-08-31 10:38 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-10 14:22 . 2009-02-12 19:23 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2009-02-12 18:05 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2009-02-12 18:05 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2009-02-12 18:05 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-12-10 15:43 . 2011-05-20 22:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-04-14 18:01 . 2011-01-11 01:21 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-10-23_03.06.56 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2011-12-10 16:07 . 2011-12-10 16:07 16384 c:\windows\temp\Perflib_Perfdata_e44.dat + 2011-12-10 16:10 . 2011-12-10 16:10 16384 c:\windows\temp\Perflib_Perfdata_d30.dat + 2011-12-10 16:09 . 2011-12-10 16:09 16384 c:\windows\temp\Perflib_Perfdata_6e4.dat + 2011-10-28 19:43 . 2009-03-17 03:19 58208 c:\windows\system32\wsimd.sys - 2009-06-26 00:51 . 2007-07-28 03:11 26488 c:\windows\system32\spupdsvc.exe + 2009-06-26 00:51 . 2011-08-12 17:51 26488 c:\windows\system32\spupdsvc.exe + 2009-02-12 18:05 . 2011-08-17 21:32 44544 c:\windows\system32\pngfilt.dll - 2009-02-12 18:05 . 2011-06-21 18:45 44544 c:\windows\system32\pngfilt.dll + 2009-02-12 18:05 . 2011-11-06 20:29 40394 c:\windows\system32\perfc009.dat - 2009-02-12 18:05 . 2011-03-14 00:23 40394 c:\windows\system32\perfc009.dat - 2007-08-13 22:54 . 2011-06-21 18:45 52224 c:\windows\system32\msfeedsbs.dll + 2007-08-13 22:54 . 2011-08-17 21:32 52224 c:\windows\system32\msfeedsbs.dll + 2009-02-12 18:05 . 2011-08-17 21:32 27648 c:\windows\system32\jsproxy.dll - 2009-02-12 18:05 . 2011-06-21 18:45 27648 c:\windows\system32\jsproxy.dll + 2007-08-13 22:39 . 2011-08-17 12:21 13824 c:\windows\system32\ieudinit.exe - 2007-08-13 22:39 . 2011-06-21 11:46 13824 c:\windows\system32\ieudinit.exe - 2009-02-12 18:05 . 2011-06-21 18:45 44544 c:\windows\system32\iernonce.dll + 2009-02-12 18:05 . 2011-08-17 21:32 44544 c:\windows\system32\iernonce.dll - 2009-02-12 18:05 . 2011-06-21 18:45 78336 c:\windows\system32\ieencode.dll + 2009-02-12 18:05 . 2011-08-17 21:32 78336 c:\windows\system32\ieencode.dll + 2009-02-12 18:05 . 2011-08-17 12:21 70656 c:\windows\system32\ie4uinit.exe - 2009-02-12 18:05 . 2011-06-21 11:46 70656 c:\windows\system32\ie4uinit.exe + 2007-08-13 22:36 . 2011-08-17 21:32 63488 c:\windows\system32\icardie.dll - 2007-08-13 22:36 . 2011-06-21 18:45 63488 c:\windows\system32\icardie.dll + 2011-10-28 19:43 . 2011-08-09 22:51 85256 c:\windows\system32\dsaNac.dll + 2011-10-28 19:43 . 2009-03-17 03:19 58208 c:\windows\system32\drivers\wsimd.sys + 2008-04-14 00:48 . 2008-04-14 04:48 52480 c:\windows\system32\drivers\i8042prt.sys - 2008-04-14 00:48 . 2008-04-14 12:00 52480 c:\windows\system32\drivers\i8042prt.sys - 2009-02-12 18:05 . 2011-06-21 18:45 44544 c:\windows\system32\dllcache\pngfilt.dll + 2009-02-12 18:05 . 2011-08-17 21:32 44544 c:\windows\system32\dllcache\pngfilt.dll + 2009-02-12 18:05 . 2011-09-26 15:41 20480 c:\windows\system32\dllcache\oleaccrc.dll - 2009-07-09 13:02 . 2011-06-21 18:45 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2009-07-09 13:02 . 2011-08-17 21:32 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2009-02-12 18:05 . 2011-08-17 21:32 27648 c:\windows\system32\dllcache\jsproxy.dll - 2009-02-12 18:05 . 2011-06-21 18:45 27648 c:\windows\system32\dllcache\jsproxy.dll + 2009-07-09 13:02 . 2011-08-17 12:21 13824 c:\windows\system32\dllcache\ieudinit.exe - 2009-07-09 13:02 . 2011-06-21 11:46 13824 c:\windows\system32\dllcache\ieudinit.exe - 2009-02-12 18:05 . 2011-06-21 18:45 44544 c:\windows\system32\dllcache\iernonce.dll + 2009-02-12 18:05 . 2011-08-17 21:32 44544 c:\windows\system32\dllcache\iernonce.dll - 2009-02-12 18:05 . 2011-06-21 18:45 78336 c:\windows\system32\dllcache\ieencode.dll + 2009-02-12 18:05 . 2011-08-17 21:32 78336 c:\windows\system32\dllcache\ieencode.dll - 2009-02-12 18:05 . 2011-06-21 11:46 70656 c:\windows\system32\dllcache\ie4uinit.exe + 2009-02-12 18:05 . 2011-08-17 12:21 70656 c:\windows\system32\dllcache\ie4uinit.exe + 2009-07-09 13:02 . 2011-08-17 21:32 63488 c:\windows\system32\dllcache\icardie.dll - 2009-07-09 13:02 . 2011-06-21 18:45 63488 c:\windows\system32\dllcache\icardie.dll + 2008-04-14 00:48 . 2008-04-14 04:48 52480 c:\windows\system32\dllcache\i8042prt.sys - 2008-04-14 00:48 . 2008-04-14 12:00 52480 c:\windows\system32\dllcache\i8042prt.sys + 2009-02-12 18:05 . 2011-08-17 21:32 17408 c:\windows\system32\dllcache\corpol.dll - 2009-02-12 18:05 . 2011-06-21 18:45 17408 c:\windows\system32\dllcache\corpol.dll + 2009-02-12 18:05 . 2011-08-17 21:32 17408 c:\windows\system32\corpol.dll - 2009-02-12 18:05 . 2011-06-21 18:45 17408 c:\windows\system32\corpol.dll - 2009-02-12 19:28 . 2011-09-22 15:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-02-12 19:28 . 2011-11-21 00:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-02-12 19:28 . 2011-11-21 00:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-02-12 19:28 . 2011-09-22 15:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2011-11-21 00:21 . 2011-11-21 00:21 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2011-10-29 01:14 . 2011-10-29 01:14 22016 c:\windows\Installer\1332c40.msi + 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ARPPRODUCTICON.exe + 2011-06-06 17:55 . 2011-06-06 17:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll + 2011-06-06 17:55 . 2011-06-06 17:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe + 2011-06-06 17:55 . 2011-06-06 17:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll + 2011-06-06 17:55 . 2011-06-06 17:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe + 2011-06-06 17:55 . 2011-06-06 17:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe + 2011-06-06 17:55 . 2011-06-06 17:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe + 2011-06-06 17:55 . 2011-06-06 17:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll + 2011-06-06 17:55 . 2011-06-06 17:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll + 2011-06-06 17:55 . 2011-06-06 17:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll + 2011-10-29 01:55 . 2011-06-21 18:45 44544 c:\windows\ie7updates\KB2586448-IE7\pngfilt.dll + 2011-10-29 01:55 . 2011-06-21 18:45 52224 c:\windows\ie7updates\KB2586448-IE7\msfeedsbs.dll + 2011-10-29 01:55 . 2011-06-21 18:45 27648 c:\windows\ie7updates\KB2586448-IE7\jsproxy.dll + 2011-10-29 01:55 . 2011-06-21 11:46 13824 c:\windows\ie7updates\KB2586448-IE7\ieudinit.exe + 2011-10-29 01:55 . 2011-06-21 18:45 44544 c:\windows\ie7updates\KB2586448-IE7\iernonce.dll + 2011-10-29 01:55 . 2011-06-21 18:45 78336 c:\windows\ie7updates\KB2586448-IE7\ieencode.dll + 2011-10-29 01:55 . 2011-06-21 11:46 70656 c:\windows\ie7updates\KB2586448-IE7\ie4uinit.exe + 2011-10-29 01:55 . 2011-06-21 18:45 63488 c:\windows\ie7updates\KB2586448-IE7\icardie.dll + 2011-10-29 01:55 . 2011-06-21 18:45 17408 c:\windows\ie7updates\KB2586448-IE7\corpol.dll + 2011-10-29 01:55 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2592799\update\spcustom.dll + 2011-10-29 01:55 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2592799\spmsg.dll + 2011-10-29 01:55 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2586448-IE7\update\spcustom.dll + 2011-10-29 01:55 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2586448-IE7\spmsg.dll + 2011-08-17 21:30 . 2011-08-17 21:30 44544 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\pngfilt.dll + 2011-08-17 21:30 . 2011-08-17 21:30 52224 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\msfeedsbs.dll + 2011-08-17 21:30 . 2011-08-17 21:30 27648 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\jsproxy.dll + 2011-08-17 12:33 . 2011-08-17 12:33 13824 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieudinit.exe + 2011-08-17 21:30 . 2011-08-17 21:30 44544 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iernonce.dll + 2011-08-17 21:30 . 2011-08-17 21:30 78336 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieencode.dll + 2011-08-17 12:33 . 2011-08-17 12:33 70656 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ie4uinit.exe + 2011-08-17 21:30 . 2011-08-17 21:30 63488 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\icardie.dll + 2011-08-17 21:30 . 2011-08-17 21:30 17408 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\corpol.dll + 2011-10-29 01:55 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2567053\update\spcustom.dll + 2011-10-29 01:55 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2567053\spmsg.dll + 2011-11-10 01:17 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544893-v2\update\spcustom.dll + 2011-11-10 01:17 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544893-v2\spmsg.dll + 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2009-06-15 08:10 . 2009-06-15 08:10 282624 c:\windows\system32\yk51x86.dll + 2011-10-28 19:43 . 2011-08-09 22:51 253160 c:\windows\system32\wsimd.dll + 2011-10-28 19:43 . 2011-08-09 22:51 257256 c:\windows\system32\wsfwDS.dll + 2009-02-12 18:05 . 2011-08-17 21:32 832512 c:\windows\system32\wininet.dll - 2009-02-12 18:05 . 2011-06-21 18:45 832512 c:\windows\system32\wininet.dll + 2011-10-28 19:43 . 2011-08-09 22:46 429312 c:\windows\system32\wgapi.dll + 2009-02-12 18:05 . 2011-08-17 21:32 233472 c:\windows\system32\webcheck.dll - 2009-02-12 18:05 . 2011-06-21 18:45 233472 c:\windows\system32\webcheck.dll + 2011-10-28 19:43 . 2011-08-09 22:46 339200 c:\windows\system32\wcapiU.dll + 2011-10-28 19:43 . 2011-08-09 22:46 417000 c:\windows\system32\wcapi.dll - 2009-02-12 18:05 . 2011-06-21 18:45 106496 c:\windows\system32\url.dll + 2009-02-12 18:05 . 2011-08-17 21:32 106496 c:\windows\system32\url.dll + 2009-02-12 18:05 . 2011-11-06 20:29 312172 c:\windows\system32\perfh009.dat - 2009-02-12 18:05 . 2011-03-14 00:23 312172 c:\windows\system32\perfh009.dat - 2009-02-12 18:05 . 2011-06-21 18:45 102912 c:\windows\system32\occache.dll + 2009-02-12 18:05 . 2011-08-17 21:32 102912 c:\windows\system32\occache.dll - 2009-02-12 18:05 . 2011-06-21 18:45 671232 c:\windows\system32\mstime.dll + 2009-02-12 18:05 . 2011-08-17 21:32 671232 c:\windows\system32\mstime.dll + 2009-02-12 18:05 . 2011-08-17 21:32 193024 c:\windows\system32\msrating.dll - 2009-02-12 18:05 . 2011-06-21 18:45 193024 c:\windows\system32\msrating.dll - 2009-02-12 18:05 . 2011-06-21 18:45 478720 c:\windows\system32\mshtmled.dll + 2009-02-12 18:05 . 2011-08-17 21:32 478720 c:\windows\system32\mshtmled.dll + 2007-08-13 22:54 . 2011-08-17 21:32 468480 c:\windows\system32\msfeeds.dll - 2007-08-13 22:54 . 2011-06-21 18:45 468480 c:\windows\system32\msfeeds.dll + 2011-11-17 01:27 . 2011-11-17 01:27 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe + 2011-11-07 01:13 . 2011-11-07 01:13 247968 c:\windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe + 2011-11-07 01:14 . 2011-11-07 01:14 157472 c:\windows\system32\javaws.exe - 2010-08-31 10:38 . 2010-07-17 10:00 145184 c:\windows\system32\javaw.exe + 2011-11-07 01:14 . 2011-11-07 01:14 145184 c:\windows\system32\javaw.exe - 2010-08-31 10:38 . 2010-07-17 10:00 145184 c:\windows\system32\java.exe + 2011-11-07 01:14 . 2011-11-07 01:14 145184 c:\windows\system32\java.exe + 2011-10-28 19:43 . 2011-08-09 22:46 265456 c:\windows\system32\IPTests.dll + 2007-08-13 22:34 . 2011-08-17 21:32 268288 c:\windows\system32\iertutil.dll - 2007-08-13 22:34 . 2011-06-21 18:45 268288 c:\windows\system32\iertutil.dll + 2009-02-12 18:05 . 2011-08-17 21:32 192512 c:\windows\system32\iepeers.dll - 2009-02-12 18:05 . 2011-06-21 18:45 192512 c:\windows\system32\iepeers.dll - 2009-02-12 18:05 . 2011-06-21 18:45 384512 c:\windows\system32\iedkcs32.dll + 2009-02-12 18:05 . 2011-08-17 21:32 384512 c:\windows\system32\iedkcs32.dll + 2007-07-11 16:27 . 2011-08-17 21:32 380928 c:\windows\system32\ieapfltr.dll - 2007-07-11 16:27 . 2011-06-21 18:45 380928 c:\windows\system32\ieapfltr.dll - 2009-02-12 18:05 . 2011-06-20 11:27 161792 c:\windows\system32\ieakui.dll + 2009-02-12 18:05 . 2011-08-17 11:00 161792 c:\windows\system32\ieakui.dll - 2009-02-12 18:05 . 2011-06-21 18:45 230400 c:\windows\system32\ieaksie.dll + 2009-02-12 18:05 . 2011-08-17 21:32 230400 c:\windows\system32\ieaksie.dll - 2009-02-12 18:05 . 2011-06-21 18:45 153088 c:\windows\system32\ieakeng.dll + 2009-02-12 18:05 . 2011-08-17 21:32 153088 c:\windows\system32\ieakeng.dll - 2009-02-12 11:17 . 2011-07-15 01:19 107808 c:\windows\system32\FNTCACHE.DAT + 2009-02-12 11:17 . 2011-10-30 21:11 107808 c:\windows\system32\FNTCACHE.DAT - 2009-02-12 18:05 . 2011-06-21 18:45 133120 c:\windows\system32\extmgr.dll + 2009-02-12 18:05 . 2011-08-17 21:32 133120 c:\windows\system32\extmgr.dll - 2009-02-12 18:05 . 2011-06-21 18:45 214528 c:\windows\system32\dxtrans.dll + 2009-02-12 18:05 . 2011-08-17 21:32 214528 c:\windows\system32\dxtrans.dll - 2009-02-12 18:05 . 2011-06-21 18:45 347136 c:\windows\system32\dxtmsft.dll + 2009-02-12 18:05 . 2011-08-17 21:32 347136 c:\windows\system32\dxtmsft.dll + 2009-06-15 08:10 . 2009-06-15 08:10 297728 c:\windows\system32\drivers\yk51x86.sys + 2009-02-12 18:05 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys - 2009-02-12 18:05 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys - 2009-02-12 18:05 . 2011-06-21 18:45 832512 c:\windows\system32\dllcache\wininet.dll + 2009-02-12 18:05 . 2011-08-17 21:32 832512 c:\windows\system32\dllcache\wininet.dll + 2009-02-12 18:05 . 2011-08-17 21:32 233472 c:\windows\system32\dllcache\webcheck.dll - 2009-02-12 18:05 . 2011-06-21 18:45 233472 c:\windows\system32\dllcache\webcheck.dll - 2009-02-12 18:05 . 2011-06-21 18:45 106496 c:\windows\system32\dllcache\url.dll + 2009-02-12 18:05 . 2011-08-17 21:32 106496 c:\windows\system32\dllcache\url.dll + 2009-02-12 18:05 . 2011-09-26 15:41 220160 c:\windows\system32\dllcache\oleacc.dll + 2009-02-12 18:05 . 2011-08-17 21:32 102912 c:\windows\system32\dllcache\occache.dll - 2009-02-12 18:05 . 2011-06-21 18:45 102912 c:\windows\system32\dllcache\occache.dll - 2009-02-12 18:05 . 2011-06-21 18:45 671232 c:\windows\system32\dllcache\mstime.dll + 2009-02-12 18:05 . 2011-08-17 21:32 671232 c:\windows\system32\dllcache\mstime.dll + 2009-02-12 18:05 . 2011-08-17 21:32 193024 c:\windows\system32\dllcache\msrating.dll - 2009-02-12 18:05 . 2011-06-21 18:45 193024 c:\windows\system32\dllcache\msrating.dll - 2009-02-12 18:05 . 2011-06-21 18:45 478720 c:\windows\system32\dllcache\mshtmled.dll + 2009-02-12 18:05 . 2011-08-17 21:32 478720 c:\windows\system32\dllcache\mshtmled.dll - 2009-07-09 13:02 . 2011-06-21 18:45 468480 c:\windows\system32\dllcache\msfeeds.dll + 2009-07-09 13:02 . 2011-08-17 21:32 468480 c:\windows\system32\dllcache\msfeeds.dll + 2009-02-12 19:23 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll - 2009-02-12 19:23 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll + 2009-02-12 19:23 . 2011-08-17 11:01 634632 c:\windows\system32\dllcache\iexplore.exe + 2009-07-09 13:02 . 2011-08-17 21:32 268288 c:\windows\system32\dllcache\iertutil.dll - 2009-07-09 13:02 . 2011-06-21 18:45 268288 c:\windows\system32\dllcache\iertutil.dll + 2009-02-12 18:05 . 2011-08-17 21:32 192512 c:\windows\system32\dllcache\iepeers.dll - 2009-02-12 18:05 . 2011-06-21 18:45 192512 c:\windows\system32\dllcache\iepeers.dll + 2009-02-12 18:05 . 2011-08-17 21:32 384512 c:\windows\system32\dllcache\iedkcs32.dll - 2009-02-12 18:05 . 2011-06-21 18:45 384512 c:\windows\system32\dllcache\iedkcs32.dll - 2009-07-09 13:02 . 2011-06-21 18:45 380928 c:\windows\system32\dllcache\ieapfltr.dll + 2009-07-09 13:02 . 2011-08-17 21:32 380928 c:\windows\system32\dllcache\ieapfltr.dll + 2009-02-12 18:05 . 2011-08-17 11:00 161792 c:\windows\system32\dllcache\ieakui.dll - 2009-02-12 18:05 . 2011-06-20 11:27 161792 c:\windows\system32\dllcache\ieakui.dll + 2009-02-12 18:05 . 2011-08-17 21:32 230400 c:\windows\system32\dllcache\ieaksie.dll - 2009-02-12 18:05 . 2011-06-21 18:45 230400 c:\windows\system32\dllcache\ieaksie.dll - 2009-02-12 18:05 . 2011-06-21 18:45 153088 c:\windows\system32\dllcache\ieakeng.dll + 2009-02-12 18:05 . 2011-08-17 21:32 153088 c:\windows\system32\dllcache\ieakeng.dll + 2009-02-12 18:05 . 2011-08-17 21:32 133120 c:\windows\system32\dllcache\extmgr.dll - 2009-02-12 18:05 . 2011-06-21 18:45 133120 c:\windows\system32\dllcache\extmgr.dll - 2009-02-12 18:05 . 2011-06-21 18:45 214528 c:\windows\system32\dllcache\dxtrans.dll + 2009-02-12 18:05 . 2011-08-17 21:32 214528 c:\windows\system32\dllcache\dxtrans.dll + 2009-02-12 18:05 . 2011-08-17 21:32 347136 c:\windows\system32\dllcache\dxtmsft.dll - 2009-02-12 18:05 . 2011-06-21 18:45 347136 c:\windows\system32\dllcache\dxtmsft.dll - 2009-02-12 18:05 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll + 2009-02-12 18:05 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll + 2009-02-12 18:05 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys - 2009-02-12 18:05 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys - 2009-02-12 18:05 . 2011-06-21 18:45 124928 c:\windows\system32\dllcache\advpack.dll + 2009-02-12 18:05 . 2011-08-17 21:32 124928 c:\windows\system32\dllcache\advpack.dll + 2011-10-28 19:43 . 2011-08-09 22:46 314624 c:\windows\system32\athcfg20U.dll + 2011-10-28 19:43 . 2011-08-09 22:46 130312 c:\windows\system32\athcfg20resU.dll + 2011-10-28 19:43 . 2011-08-09 22:46 130288 c:\windows\system32\athcfg20res.dll + 2011-10-28 19:43 . 2011-08-09 22:46 302312 c:\windows\system32\athcfg20.dll - 2009-02-12 18:05 . 2011-06-21 18:45 124928 c:\windows\system32\advpack.dll + 2009-02-12 18:05 . 2011-08-17 21:32 124928 c:\windows\system32\advpack.dll + 2011-10-28 19:43 . 2011-08-09 22:46 503032 c:\windows\system32\acs.exe + 2011-11-07 01:14 . 2011-11-07 01:14 203776 c:\windows\Installer\5b17c.msi + 2011-11-07 01:14 . 2011-11-07 01:14 901120 c:\windows\Installer\5b16c.msi + 2011-10-30 21:29 . 2011-10-30 21:29 219648 c:\windows\Installer\10b9e2.msi + 2011-06-06 17:55 . 2011-06-06 17:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll + 2011-06-06 17:55 . 2011-06-06 17:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll + 2011-06-06 17:55 . 2011-06-06 17:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe + 2011-06-06 17:55 . 2011-06-06 17:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll + 2011-06-06 17:55 . 2011-06-06 17:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll + 2011-06-06 17:55 . 2011-06-06 17:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll + 2011-06-06 17:55 . 2011-06-06 17:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll + 2011-06-06 17:55 . 2011-06-06 17:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe + 2011-06-06 17:55 . 2011-06-06 17:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll + 2011-10-29 01:55 . 2011-06-21 18:45 832512 c:\windows\ie7updates\KB2586448-IE7\wininet.dll + 2011-10-29 01:55 . 2011-06-21 18:45 233472 c:\windows\ie7updates\KB2586448-IE7\webcheck.dll + 2011-10-29 01:55 . 2011-06-21 18:45 106496 c:\windows\ie7updates\KB2586448-IE7\url.dll + 2011-10-29 01:55 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2586448-IE7\spuninst\updspapi.dll + 2011-10-29 01:55 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2586448-IE7\spuninst\spuninst.exe + 2011-10-29 01:55 . 2011-06-21 18:45 102912 c:\windows\ie7updates\KB2586448-IE7\occache.dll + 2011-10-29 01:55 . 2011-06-21 18:45 671232 c:\windows\ie7updates\KB2586448-IE7\mstime.dll + 2011-10-29 01:55 . 2011-06-21 18:45 193024 c:\windows\ie7updates\KB2586448-IE7\msrating.dll + 2011-10-29 01:55 . 2011-06-21 18:45 478720 c:\windows\ie7updates\KB2586448-IE7\mshtmled.dll + 2011-10-29 01:55 . 2011-06-21 18:45 468480 c:\windows\ie7updates\KB2586448-IE7\msfeeds.dll + 2011-10-29 01:55 . 2011-06-20 11:29 634648 c:\windows\ie7updates\KB2586448-IE7\iexplore.exe + 2011-10-29 01:55 . 2011-06-21 18:45 268288 c:\windows\ie7updates\KB2586448-IE7\iertutil.dll + 2011-10-29 01:55 . 2011-06-21 18:45 192512 c:\windows\ie7updates\KB2586448-IE7\iepeers.dll + 2011-10-29 01:55 . 2011-06-21 18:45 384512 c:\windows\ie7updates\KB2586448-IE7\iedkcs32.dll + 2011-10-29 01:55 . 2011-06-21 18:45 380928 c:\windows\ie7updates\KB2586448-IE7\ieapfltr.dll + 2011-10-29 01:55 . 2011-06-20 11:27 161792 c:\windows\ie7updates\KB2586448-IE7\ieakui.dll + 2011-10-29 01:55 . 2011-06-21 18:45 230400 c:\windows\ie7updates\KB2586448-IE7\ieaksie.dll + 2011-10-29 01:55 . 2011-06-21 18:45 153088 c:\windows\ie7updates\KB2586448-IE7\ieakeng.dll + 2011-10-29 01:55 . 2011-06-21 18:45 133120 c:\windows\ie7updates\KB2586448-IE7\extmgr.dll + 2011-10-29 01:55 . 2011-06-21 18:45 214528 c:\windows\ie7updates\KB2586448-IE7\dxtrans.dll + 2011-10-29 01:55 . 2011-06-21 18:45 347136 c:\windows\ie7updates\KB2586448-IE7\dxtmsft.dll + 2011-10-29 01:55 . 2011-06-21 18:45 124928 c:\windows\ie7updates\KB2586448-IE7\advpack.dll + 2011-11-10 01:17 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2544893-v2$\spuninst\updspapi.dll + 2011-11-10 01:17 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe + 2011-11-10 01:17 . 2011-05-02 15:31 692736 c:\windows\$NtUninstallKB2544893-v2$\inetcomm.dll + 2011-10-29 01:55 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2592799\update\updspapi.dll + 2011-10-29 01:55 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2592799\update\update.exe + 2011-10-29 01:55 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2592799\spuninst.exe + 2011-10-28 19:48 . 2011-08-17 13:41 138496 c:\windows\$hf_mig$\KB2592799\SP3QFE\afd.sys + 2011-10-29 01:55 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2586448-IE7\update\updspapi.dll + 2011-10-29 01:55 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2586448-IE7\update\update.exe + 2011-10-29 01:55 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2586448-IE7\spuninst.exe + 2011-08-17 21:30 . 2011-08-17 21:30 841216 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\wininet.dll + 2011-08-17 21:30 . 2011-08-17 21:30 233472 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\webcheck.dll + 2011-08-17 21:30 . 2011-08-17 21:30 106496 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\url.dll + 2011-08-17 21:30 . 2011-08-17 21:30 102912 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\occache.dll + 2011-08-17 21:30 . 2011-08-17 21:30 671232 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\mstime.dll + 2011-08-17 21:30 . 2011-08-17 21:30 193024 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\msrating.dll + 2011-08-17 21:30 . 2011-08-17 21:30 478720 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\mshtmled.dll + 2011-08-17 21:30 . 2011-08-17 21:30 468480 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\msfeeds.dll + 2011-08-17 10:34 . 2011-08-17 10:34 634632 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iexplore.exe + 2011-08-17 21:30 . 2011-08-17 21:30 268288 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iertutil.dll + 2011-08-17 21:30 . 2011-08-17 21:30 193024 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iepeers.dll + 2011-08-17 21:30 . 2011-08-17 21:30 388608 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iedkcs32.dll + 2011-08-17 21:30 . 2011-08-17 21:30 380928 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieapfltr.dll + 2011-08-17 10:33 . 2011-08-17 10:33 161792 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieakui.dll + 2011-08-17 21:30 . 2011-08-17 21:30 230400 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieaksie.dll + 2011-08-17 21:30 . 2011-08-17 21:30 153088 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieakeng.dll + 2011-08-17 21:30 . 2011-08-17 21:30 132608 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\extmgr.dll + 2011-08-17 21:30 . 2011-08-17 21:30 214528 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\dxtrans.dll + 2011-08-17 21:30 . 2011-08-17 21:30 347136 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\dxtmsft.dll + 2011-08-17 21:30 . 2011-08-17 21:30 124928 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\advpack.dll + 2011-10-29 01:55 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2567053\update\updspapi.dll + 2011-10-29 01:55 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2567053\update\update.exe + 2011-10-29 01:55 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2567053\spuninst.exe + 2011-11-10 01:17 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2544893-v2\update\updspapi.dll + 2011-11-10 01:17 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2544893-v2\update\update.exe + 2011-11-10 01:17 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2544893-v2\spuninst.exe + 2011-10-10 14:21 . 2011-10-10 14:21 692736 c:\windows\$hf_mig$\KB2544893-v2\SP3QFE\inetcomm.dll + 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll + 2009-02-12 18:05 . 2011-09-06 13:20 1858944 c:\windows\system32\win32k.sys - 2009-02-12 18:05 . 2011-06-02 14:02 1858944 c:\windows\system32\win32k.sys + 2009-02-12 18:05 . 2011-08-17 21:32 1168896 c:\windows\system32\urlmon.dll - 2009-02-12 18:05 . 2011-06-21 18:45 1168896 c:\windows\system32\urlmon.dll + 2011-10-28 19:04 . 2008-10-08 06:35 1334432 c:\windows\system32\ReinstallBackups\0015\DriverFiles\athw.sys + 2009-02-12 18:05 . 2011-09-05 07:48 3615744 c:\windows\system32\mshtml.dll + 2011-11-07 01:13 . 2011-11-17 01:27 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2007-08-13 22:54 . 2011-08-17 21:32 6076416 c:\windows\system32\ieframe.dll - 2007-08-13 22:54 . 2011-06-21 18:45 6076416 c:\windows\system32\ieframe.dll + 2011-10-28 19:43 . 2011-08-09 22:51 1273088 c:\windows\system32\dsa.dll + 2011-10-28 19:43 . 2011-08-05 02:35 1981760 c:\windows\system32\drivers\athw.sys - 2009-02-12 18:05 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys + 2009-02-12 18:05 . 2011-09-06 13:20 1858944 c:\windows\system32\dllcache\win32k.sys + 2009-02-12 18:05 . 2011-08-17 21:32 1168896 c:\windows\system32\dllcache\urlmon.dll - 2009-02-12 18:05 . 2011-06-21 18:45 1168896 c:\windows\system32\dllcache\urlmon.dll + 2009-02-12 18:05 . 2011-09-05 07:48 3615744 c:\windows\system32\dllcache\mshtml.dll + 2009-07-09 13:02 . 2011-08-17 21:32 6076416 c:\windows\system32\dllcache\ieframe.dll - 2009-07-09 13:02 . 2011-06-21 18:45 6076416 c:\windows\system32\dllcache\ieframe.dll + 2011-10-28 19:43 . 2011-08-05 02:35 1981760 c:\windows\system32\athw.sys + 2011-11-29 01:14 . 2011-11-29 01:14 2186240 c:\windows\Installer\75940.msi + 2011-11-17 01:34 . 2011-11-17 01:34 4671488 c:\windows\Installer\67f26.msi + 2011-11-21 00:23 . 2011-11-21 00:23 1435136 c:\windows\Installer\21d6ec.msi + 2011-11-07 01:34 . 2011-11-07 01:34 2295808 c:\windows\Installer\16f866.msi + 2011-06-06 17:55 . 2011-06-06 17:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll + 2011-06-06 17:55 . 2011-06-06 17:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll + 2011-06-06 17:55 . 2011-06-06 17:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe + 2011-06-06 17:55 . 2011-06-06 17:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe + 2011-10-29 01:55 . 2011-06-21 18:45 1168896 c:\windows\ie7updates\KB2586448-IE7\urlmon.dll + 2011-10-29 01:55 . 2011-07-22 16:35 3613696 c:\windows\ie7updates\KB2586448-IE7\mshtml.dll + 2011-10-29 01:55 . 2011-06-21 18:45 6076416 c:\windows\ie7updates\KB2586448-IE7\ieframe.dll + 2011-08-17 21:30 . 2011-08-17 21:30 1172992 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\urlmon.dll + 2011-08-18 10:00 . 2011-08-18 10:00 3617792 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\mshtml.dll + 2011-08-17 21:30 . 2011-08-17 21:30 6080512 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieframe.dll + 2011-10-28 19:51 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieapfltr.dat + 2011-09-06 13:25 . 2011-09-06 13:25 1867904 c:\windows\$hf_mig$\KB2567053\SP3QFE\win32k.sys + 2009-06-28 03:17 . 2011-11-10 01:12 50295240 c:\windows\system32\MRT.exe + 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\16f867.msp + 2011-06-06 17:55 . 2011-06-06 17:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-06-28 4950664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456] "EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480] "DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944] "BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896] "MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552] "MyGarminAgent"="c:\program files\Garmin\MyGarminAgent.exe" [2009-05-07 335872] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160] "ACU"="c:\program files\Atheros\ACU.exe" [2011-08-09 474368] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2/12/2009 2:29 PM 4300] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/26/2009 8:46 PM 24652] R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [1/14/2008 10:01 PM 30208] R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2/12/2009 2:33 PM 238464] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 7:47 AM 133104] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 7:47 AM 133104] S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/8/2010 9:52 AM 20480] S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [8/1/2006 6:57 PM 19840] . Contents of the 'Scheduled Tasks' folder . 2011-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 12:47] . 2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 12:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.169.1 FF - ProfilePath - c:\documents and settings\Karla Reece\Application Data\Mozilla\Firefox\Profiles\llqfnhrf.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd40e429d-0c7b-454c-813d-26f65be89cd3%7D&mid=d2215bac354547d1adc4d16d94cfa365-c008b0edb16c18519bd433fe59fcee9928356847&ds=AVG&v=8.0.0.34.1〈=en&pr=pr&d=2011-10-30%2017%3A31%3A35&sap=ku&q= . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-10 11:09 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3552) c:\windows\system32\WININET.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\system32\acs.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Samsung\Samsung Update Plus\SLUBackgroundService.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\program files\Samsung\Easy Display Manager\dmhkcore.exe c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe c:\windows\system32\igfxext.exe c:\program files\SAMSUNG\MagicKBD\PerformanceManager.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-12-10 11:13:05 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-10 16:13 ComboFix2.txt 2011-10-23 03:10 . Pre-Run: 62,250,881,024 bytes free Post-Run: 62,409,510,912 bytes free . - - End Of File - - B1D075240EFE16601E44C6D2DA27304A DDS file reads: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29 Run by Karla Reece at 11:25:11 on 2011-12-10 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.412 [GMT -5:00] . AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe C:\Program Files\Garmin\MyGarminAgent.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Atheros\ACU.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe C:\WINDOWS\system32\notepad.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe mRun: [batteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe mRun: [MyGarminAgent] c:\program files\garmin\MyGarminAgent.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.169.1 TCP: Interfaces\{FFADABD1-F041-4152-BD77-3518F6E17BD0} : DhcpNameServer = 192.168.169.1 Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\karla reece\application data\mozilla\firefox\profiles\llqfnhrf.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd40e429d-0c7b-454c-813d-26f65be89cd3%7D&mid=d2215bac354547d1adc4d16d94cfa365-c008b0edb16c18519bd433fe59fcee9928356847&ds=AVG&v=8.0.0.34.1〈=en&pr=pr&d=2011-10-30%2017%3A31%3A35&sap=ku&q= FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll . ============= SERVICES / DRIVERS =============== . R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 4300] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-26 24652] R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-14 30208] R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 238464] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104] S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480] S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-8-1 19840] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2011-11-17 01:27:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-07 01:14:25 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-07 01:14:25 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll . ============= FINISH: 11:25:29.37 ===============
  10. karr
    Did as you asked with the Combofix. After dragging the SFScript.txt into Combovix, my AVG virus program immediately popped up a virus notification that Malware.gen was found. AVG quarantined it. I tried again thinking perhaps it was just a coincidence...... AGAIN Malware.gen was found and subsequently quarantined. Please help. Thanks.
  11. karr
    SystemLook 30.07.11 by jpshortstuff Log created at 20:35 on 20/11/2011 by Karr Administrator - Elevation successful ========== regfind ========== Searching for "McAfee" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\McAfee] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] "URL"="http://search.yahoo.com/search?fr=mcafee&p={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://search.yahoo.com/search?fr=mcafee&p=%s" [HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\McAfee Trust] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E750330E-A1DA-4291-97A6-7441AA00F1F6}\InprocServer32] @="c:\PROGRA~1\mcafee\SITEAD~1\saplugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E750330E-A1DA-4291-97A6-7441AA00F1F6}\ToolboxBitmap32] @="c:\PROGRA~1\mcafee\SITEAD~1\saplugin.dll, 102" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SASettings.SASettings] @="McAfee SASettings" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SASettings.SASettings.1] @="McAfee SASettings" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013] "ProviderName"="McAfee" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013] "DriverDesc"="McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014] "ProviderName"="McAfee" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014] "DriverDesc"="McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015] "ProviderName"="McAfee" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015] "DriverDesc"="McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\McAfee] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions] "McAfee Core NDIS Intermediate Filter Miniport"="1 2 3" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_0159851316703667MCINSTCLEANUP\0000] "DeviceDesc"="McAfee Application Installer Cleanup (0159851316703667)" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000] "DeviceDesc"="McAfee Inc. cfwids" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE\0000] "Service"="McAfee SiteAdvisor Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE\0000] "DeviceDesc"="McAfee SiteAdvisor Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCMPFSVC\0000] "DeviceDesc"="McAfee Personal Firewall Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCMSCSVC\0000] "DeviceDesc"="McAfee Services" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCNAIANN\0000] "DeviceDesc"="McAfee VirusScan Announcer" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCNASVC\0000] "DeviceDesc"="McAfee Network Agent" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCODS\0000] "DeviceDesc"="McAfee Scanner" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEBOPK\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEFIRE\0000] "DeviceDesc"="McAfee Firewall Core Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEHIDK\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDET\0000] "DeviceDesc"="McAfee Inc. mferkdet" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDK\0000] "DeviceDesc"="McAfee Inc. mferkdk" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFESMFK\0000] "DeviceDesc"="McAfee Inc. mfesmfk" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFETDI2K\0000] "DeviceDesc"="McAfee Inc. mfetdi2k" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEVTP\0000] "DeviceDesc"="McAfee Validation Trust Protection Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000] "Mfg"="McAfee" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000] "DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000] "FriendlyName"="Atheros AR5007EG Wireless Network Adapter - McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001] "FriendlyName"="Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller - McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001] "Mfg"="McAfee" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001] "DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002] "FriendlyName"="WAN Miniport (IP) - McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002] "Mfg"="McAfee" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002] "DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\0159851316703667mcinstcleanup] "ImagePath"="C:\WINDOWS\TEMP\015985~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\0159851316703667mcinstcleanup] "DisplayName"="McAfee Application Installer Cleanup (0159851316703667)" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McMPFSvc] "ImagePath"=""C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McMPFSvc] "DisplayName"="McAfee Personal Firewall Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc] "ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc] "DisplayName"="McAfee Services" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc] "Description"="McAfee Services" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn] "ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn] "DisplayName"="McAfee VirusScan Announcer" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn] "Description"="McAfee VirusScan Announcer" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc] "ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc] "DisplayName"="McAfee Network Agent" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc] "Description"="Allows McAfee applications to communicate securely on the local network." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS] "ImagePath"=""C:\Program Files\McAfee\VirusScan\mcods.exe"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS] "DisplayName"="McAfee Scanner" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS] "Description"="McAfee Scanner" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions] "McAfee Core NDIS Intermediate Filter Miniport"="2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000] "DeviceDesc"="McAfee Inc. cfwids" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAPFK\0000] "DeviceDesc"="McAfee Inc. mfeapfk" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK01\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK02\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEFIRE\0000] "DeviceDesc"="McAfee Firewall Core Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEFIREK\0000] "DeviceDesc"="McAfee Inc. mfefirek" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEHIDK01\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFERKDET\0000] "DeviceDesc"="McAfee Inc. mferkdet" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFETDI2K\0000] "DeviceDesc"="McAfee Inc. mfetdi2k" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEVTP\0000] "DeviceDesc"="McAfee Validation Trust Protection Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001] "FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001] "Mfg"="McAfee" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001] "DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions] "McAfee Core NDIS Intermediate Filter Miniport"="2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CFWIDS\0000] "DeviceDesc"="McAfee Inc. cfwids" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEAPFK\0000] "DeviceDesc"="McAfee Inc. mfeapfk" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEAVFK01\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEAVFK02\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEFIRE\0000] "DeviceDesc"="McAfee Firewall Core Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEFIREK\0000] "DeviceDesc"="McAfee Inc. mfefirek" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEHIDK01\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFERKDET\0000] "DeviceDesc"="McAfee Inc. mferkdet" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFETDI2K\0000] "DeviceDesc"="McAfee Inc. mfetdi2k" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEVTP\0000] "DeviceDesc"="McAfee Validation Trust Protection Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001] "FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001] "Mfg"="McAfee" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001] "DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions] "McAfee Core NDIS Intermediate Filter Miniport"="2" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000] "DeviceDesc"="McAfee Inc. cfwids" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAPFK\0000] "DeviceDesc"="McAfee Inc. mfeapfk" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK01\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK02\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEFIRE\0000] "DeviceDesc"="McAfee Firewall Core Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEFIREK\0000] "DeviceDesc"="McAfee Inc. mfefirek" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEHIDK01\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFERKDET\0000] "DeviceDesc"="McAfee Inc. mferkdet" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFETDI2K\0000] "DeviceDesc"="McAfee Inc. mfetdi2k" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEVTP\0000] "DeviceDesc"="McAfee Validation Trust Protection Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001] "FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001] "Mfg"="McAfee" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001] "DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport" [HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust] [HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\InternetRegistry\McAfee] [HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] "URL"="http://search.yahoo.com/search?fr=mcafee&p={searchTerms}" [HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\SearchUrl] @="http://search.yahoo.com/search?fr=mcafee&p=%s" [HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\SystemCertificates\McAfee Trust] [HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust] ========== filefind ========== Searching for "McAfee" No files found. ========== folderfind ========== Searching for "McAfee" C:\Program Files\McAfee d------ [23:03 13/10/2009] C:\Program Files\Common Files\McAfee d------ [23:04 13/10/2009] C:\Qoobox\Quarantine\C\Program Files\McAfee d------ [03:15 20/10/2011] C:\Qoobox\Quarantine\C\Program Files\Common Files\McAfee d------ [03:15 20/10/2011] -= EOF =-
  12. karr
    Tried to uninstall but got the error message (Failed to uninstall the device. The device may be required to boot up the computer."
  13. karr
    The only remaining issue I have found is that in the Device Manager the "Mcafee Core NDIS Intermediate Filter Miniport #2" still shows with an exclamation point - missing driver.
  14. karr
    The only thing I can find that is not working is this: In device manager, Mcafee Core NDIS Intermediate Filter Miniport #2 is missing a driver. I deleted McAfee when this all started and have just replaced it with AGV until this is all worked out. Thanks!
  15. karr
    Results of Security Check: Results of screen317's Security Check version 0.99.24 Windows XP Service Pack 3 x86 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 21 Out of date Java installed! Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date! Mozilla Firefox (x86 en-US..) Mozilla Thunderbird (2.0.0) Thunderbird Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent ESET ESET Online Scanner OnlineCmdLineScanner.exe ``````````End of Log````````````
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.