Jump to content


Photo
- - - - -

malware installed but now error "Windows cannot access the specified..."


  • This topic is locked This topic is locked
51 replies to this topic

#21 karr

karr

    New Member

  • Members
  • Pip
  • 31 posts

Posted 28 October 2011 - 02:40 PM

OH, and I was able to reinstall the keyboard and mouse-pad drivers so I can once again use those devices.

#22 karr

karr

    New Member

  • Members
  • Pip
  • 31 posts

Posted 28 October 2011 - 02:55 PM

WAIT! I was able to reinstall the Wifi driver and now have internet connection. Running the scan now.

#23 karr

karr

    New Member

  • Members
  • Pip
  • 31 posts

Posted 28 October 2011 - 08:13 PM

Results of ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17099 (vista_gdr.110617-1500)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9affdcdc87bbae4e874c9a531a8abd9d
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2011-10-28 08:46:00
# local_time=2011-10-28 04:46:00 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777190 0 3 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=55756
# found=163
# cleaned=163
# scan_time=2722
C:\Documents and Settings\Karla Reece\Application Data\Sun\Java\Deployment\cache\6.0\35\27b84623-16ebad4f a variant of Java/Exploit.CVE-2010-4452.A trojan (cleaned by deleting - quarantined) 6F2DE4DDE46207478FA584BE15520462 C
C:\Documents and Settings\Karla Reece\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\pjjocllknogjehlegmaifpaffaihokio\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 0F2686D0CDE955C57AD42F280AD7BC71 C
C:\Documents and Settings\Karla Reece\Local Settings\temp\mcupdate_1319829340.exe Win32/Patched.HN trojan (cleaned - quarantined) A5E3B76C4056CDFF486A54DC1EA657AB C
C:\Program Files\Common Files\McAfee\VSCore\mfehidin.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C
C:\Qoobox\Quarantine\C\Documents and Settings\Gabbi\Application Data\Mozilla\Firefox\Profiles\ufi9swwp.default\extensions\{f89940d2-53d3-4f2f-89de-283d09985141}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 87140DDDAE1EC77B149C5E9FA04278C8 C
C:\Qoobox\Quarantine\C\Documents and Settings\Karla Reece\Application Data\Mozilla\Firefox\Profiles\llqfnhrf.default\extensions\{f89940d2-53d3-4f2f-89de-283d09985141}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 87140DDDAE1EC77B149C5E9FA04278C8 C
C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 5B272AD9C26CC47D529BADFFCFEA651B C
C:\Qoobox\Quarantine\C\Program Files\iPod\bin\iPodService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 7252C75EFADBFCCE31EA32CAB432F789 C
C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C
C:\Qoobox\Quarantine\C\Program Files\McAfee\SiteAdvisor\McSACore.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C
C:\Qoobox\Quarantine\C\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C
C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Common\ViewpointService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 9AF7598A2BBBC6007BAE5FD1CBB1E0D6 C
C:\Qoobox\Quarantine\C\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 7335E788DD73FEC1E1B24A59563B2BB2 C
C:\Qoobox\Quarantine\C\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) A824F6F46F0794E1C352E5037CA6BF0F C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037418.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037659.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037660.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037679.exe Win32/Patched.HN trojan (cleaned - quarantined) 4C9C9A0922EC037F2C84F822A8C9F314 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037765.exe Win32/Patched.HN trojan (cleaned - quarantined) 1903A056D15C48153A0A7D32E91C6FF5 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037767.exe Win32/Patched.HN trojan (cleaned - quarantined) 9ADDB29C6AE20E7E13198034ACBC456C C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037772.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP227\A0037773.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0037802.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0037807.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0037833.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0037834.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0037835.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0037836.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0037837.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0038129.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP228\A0038130.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038151.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038156.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038182.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038183.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038184.exe Win32/Patched.HN trojan (cleaned - quarantined) 7252C75EFADBFCCE31EA32CAB432F789 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038185.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038186.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038187.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038479.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP229\A0038480.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038509.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038514.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038540.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038541.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038542.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038543.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038544.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038836.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP230\A0038837.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0038862.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0038867.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0038893.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0038894.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0038895.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0038896.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0038897.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0039189.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP231\A0039190.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039227.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039232.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039258.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039259.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039260.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039261.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039262.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039554.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0039555.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0040554.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP232\A0040555.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040583.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040588.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040614.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040615.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040616.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040617.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040618.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040910.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040911.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040927.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040928.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040939.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0040940.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0041939.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP233\A0041940.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP234\A0041953.rbf Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042107.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042112.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042137.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042138.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042139.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042140.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042141.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042939.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042940.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042975.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP236\A0042976.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0042987.exe Win32/Patched.HN trojan (cleaned - quarantined) A5E3B76C4056CDFF486A54DC1EA657AB C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043038.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043043.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043068.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043069.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043070.exe Win32/Patched.HN trojan (cleaned - quarantined) 7252C75EFADBFCCE31EA32CAB432F789 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043071.exe Win32/Patched.HN trojan (cleaned - quarantined) A824F6F46F0794E1C352E5037CA6BF0F C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043072.exe Win32/Patched.HN trojan (cleaned - quarantined) 9AF7598A2BBBC6007BAE5FD1CBB1E0D6 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043073.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043074.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043075.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043076.exe Win32/Patched.HN trojan (cleaned - quarantined) 5B272AD9C26CC47D529BADFFCFEA651B C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043077.exe Win32/Patched.HN trojan (cleaned - quarantined) 7335E788DD73FEC1E1B24A59563B2BB2 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043361.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043362.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043377.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043378.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043403.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043404.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043418.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043419.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043424.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP237\A0043425.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043462.exe Win32/Patched.HN trojan (cleaned - quarantined) A5E3B76C4056CDFF486A54DC1EA657AB C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043505.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043510.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043534.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043535.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043536.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043537.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043538.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043820.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043821.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043834.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043835.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043852.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP238\A0043853.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0043938.exe Win32/Patched.HN trojan (cleaned - quarantined) A5E3B76C4056CDFF486A54DC1EA657AB C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0043981.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0043986.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0044010.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0044011.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0044012.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0044013.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0044014.exe Win32/Patched.HN trojan (cleaned - quarantined) 7AF4CBC61BC11DBBDDB5A9470DAAEC21 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0044295.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP239\A0044296.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045626.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 8674D6F9F88C8AE1EE0525F64AAE4EB1 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045627.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 87140DDDAE1EC77B149C5E9FA04278C8 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045628.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 87140DDDAE1EC77B149C5E9FA04278C8 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045630.exe Win32/Patched.HN trojan (cleaned - quarantined) 5B272AD9C26CC47D529BADFFCFEA651B C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045631.exe Win32/Patched.HN trojan (cleaned - quarantined) 7335E788DD73FEC1E1B24A59563B2BB2 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045632.exe Win32/Patched.HN trojan (cleaned - quarantined) 7252C75EFADBFCCE31EA32CAB432F789 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045633.exe Win32/Patched.HN trojan (cleaned - quarantined) 3B257A663A621A5A5F3E41FA9D8430C9 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045634.exe Win32/Patched.HN trojan (cleaned - quarantined) A81D33A5BF94AD28EC2171E116D2D914 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045635.exe Win32/Patched.HN trojan (cleaned - quarantined) 50424F34622782014C201CE2D67E2E4D C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045636.exe Win32/Patched.HN trojan (cleaned - quarantined) 111514DF427A445CFA4E1F5D83327C23 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045637.exe Win32/Patched.HN trojan (cleaned - quarantined) 9AF7598A2BBBC6007BAE5FD1CBB1E0D6 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0045638.exe Win32/Patched.HN trojan (cleaned - quarantined) A824F6F46F0794E1C352E5037CA6BF0F C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0046126.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0046145.sys a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0046324.exe Win32/Patched.HN trojan (cleaned - quarantined) C8CF47ECC344CBA5DD73B27C81E86E92 C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0046397.exe Win32/Patched.HN trojan (cleaned - quarantined) A5E3B76C4056CDFF486A54DC1EA657AB C
C:\System Volume Information\_restore{4162143C-F452-4FDB-BC83-F2E878091944}\RP241\A0046877.exe Win32/Patched.HN trojan (cleaned - quarantined) 8ED14231083171349607297024ECD9B5 C
C:\TDSSKiller_Quarantine\28.09.2011_00.43.24\susp0000\svc0000\tsk0000.dta Win32/Sirefef.CT trojan (cleaned by deleting - quarantined) 8F2BB1827CAC01AEE6A16E30A1260199 C
C:\TDSSKiller_Quarantine\28.09.2011_00.43.24\susp0001\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.DX trojan (cleaned by deleting - quarantined) 991DA51D7726402ED767BD11A03A2941 C

#24 karr

karr

    New Member

  • Members
  • Pip
  • 31 posts

Posted 28 October 2011 - 08:16 PM

Results of Security Check:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 21
Out of date Java installed!
Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

ESET ESET Online Scanner OnlineCmdLineScanner.exe
``````````End of Log````````````

#25 karr

karr

    New Member

  • Members
  • Pip
  • 31 posts

Posted 30 October 2011 - 09:45 PM

The only thing I can find that is not working is this:

In device manager, Mcafee Core NDIS Intermediate Filter Miniport #2 is missing a driver.

I deleted McAfee when this all started and have just replaced it with AGV until this is all worked out.

Thanks!

#26 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 03 November 2011 - 02:42 PM

Hi,

Run this to remove all McAfee components; reboot afterward:

http://download.mcaf...atches/MCPR.exe


Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.



After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3
Java™ 6 Update 21
Adobe Flash Player (10.3.183.7)
Adobe Reader 8.0


Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.


Next, please visit Windows Update and download all critical updates, including Internet Explorer 8.

Let me know what issues remain.

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#27 karr

karr

    New Member

  • Members
  • Pip
  • 31 posts

Posted 06 November 2011 - 08:49 PM

The only remaining issue I have found is that in the Device Manager the "Mcafee Core NDIS Intermediate Filter Miniport #2" still shows with an exclamation point - missing driver.

#28 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 11 November 2011 - 07:47 PM

Right-click it and click uninstall. Reboot. See if it is still there.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#29 karr

karr

    New Member

  • Members
  • Pip
  • 31 posts

Posted 12 November 2011 - 08:40 PM

Tried to uninstall but got the error message (Failed to uninstall the device. The device may be required to boot up the computer."

#30 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 17 November 2011 - 05:12 PM

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    McAfee
    :filefind
    McAfee
    :folderfind
    McAfee
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#31 karr

karr

    New Member

  • Members
  • Pip
  • 31 posts

Posted 20 November 2011 - 08:38 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 20:35 on 20/11/2011 by Karr
Administrator - Elevation successful

========== regfind ==========

Searching for "McAfee"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\McAfee]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}]
"URL"="http://search.yahoo....={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://search.yahoo....fr=mcafee&p=%s"
[HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E750330E-A1DA-4291-97A6-7441AA00F1F6}\InprocServer32]
@="c:\PROGRA~1\mcafee\SITEAD~1\saplugin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E750330E-A1DA-4291-97A6-7441AA00F1F6}\ToolboxBitmap32]
@="c:\PROGRA~1\mcafee\SITEAD~1\saplugin.dll, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SASettings.SASettings]
@="McAfee SASettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SASettings.SASettings.1]
@="McAfee SASettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013]
"ProviderName"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013]
"DriverDesc"="McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"ProviderName"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"DriverDesc"="McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
"ProviderName"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
"DriverDesc"="McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\McAfee]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"McAfee Core NDIS Intermediate Filter Miniport"="1 2 3"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_0159851316703667MCINSTCLEANUP\0000]
"DeviceDesc"="McAfee Application Installer Cleanup (0159851316703667)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE\0000]
"Service"="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE\0000]
"DeviceDesc"="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCMPFSVC\0000]
"DeviceDesc"="McAfee Personal Firewall Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCMSCSVC\0000]
"DeviceDesc"="McAfee Services"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCNAIANN\0000]
"DeviceDesc"="McAfee VirusScan Announcer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCNASVC\0000]
"DeviceDesc"="McAfee Network Agent"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCODS\0000]
"DeviceDesc"="McAfee Scanner"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEBOPK\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEFIRE\0000]
"DeviceDesc"="McAfee Firewall Core Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEHIDK\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDK\0000]
"DeviceDesc"="McAfee Inc. mferkdk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFESMFK\0000]
"DeviceDesc"="McAfee Inc. mfesmfk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFETDI2K\0000]
"DeviceDesc"="McAfee Inc. mfetdi2k"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEVTP\0000]
"DeviceDesc"="McAfee Validation Trust Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000]
"Mfg"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000]
"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000]
"FriendlyName"="Atheros AR5007EG Wireless Network Adapter - McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001]
"FriendlyName"="Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller - McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001]
"Mfg"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001]
"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002]
"FriendlyName"="WAN Miniport (IP) - McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002]
"Mfg"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002]
"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\0159851316703667mcinstcleanup]
"ImagePath"="C:\WINDOWS\TEMP\015985~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\0159851316703667mcinstcleanup]
"DisplayName"="McAfee Application Installer Cleanup (0159851316703667)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McMPFSvc]
"ImagePath"=""C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McMPFSvc]
"DisplayName"="McAfee Personal Firewall Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc]
"ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc]
"DisplayName"="McAfee Services"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc]
"Description"="McAfee Services"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn]
"ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn]
"DisplayName"="McAfee VirusScan Announcer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn]
"Description"="McAfee VirusScan Announcer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc]
"ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc]
"DisplayName"="McAfee Network Agent"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc]
"Description"="Allows McAfee applications to communicate securely on the local network."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS]
"ImagePath"=""C:\Program Files\McAfee\VirusScan\mcods.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS]
"DisplayName"="McAfee Scanner"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS]
"Description"="McAfee Scanner"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"McAfee Core NDIS Intermediate Filter Miniport"="2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAPFK\0000]
"DeviceDesc"="McAfee Inc. mfeapfk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEFIRE\0000]
"DeviceDesc"="McAfee Firewall Core Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEFIREK\0000]
"DeviceDesc"="McAfee Inc. mfefirek"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEHIDK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFETDI2K\0000]
"DeviceDesc"="McAfee Inc. mfetdi2k"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEVTP\0000]
"DeviceDesc"="McAfee Validation Trust Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001]
"FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001]
"Mfg"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001]
"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"McAfee Core NDIS Intermediate Filter Miniport"="2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEAPFK\0000]
"DeviceDesc"="McAfee Inc. mfeapfk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEAVFK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEFIRE\0000]
"DeviceDesc"="McAfee Firewall Core Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEFIREK\0000]
"DeviceDesc"="McAfee Inc. mfefirek"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEHIDK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFETDI2K\0000]
"DeviceDesc"="McAfee Inc. mfetdi2k"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEVTP\0000]
"DeviceDesc"="McAfee Validation Trust Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001]
"FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001]
"Mfg"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001]
"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"McAfee Core NDIS Intermediate Filter Miniport"="2"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAPFK\0000]
"DeviceDesc"="McAfee Inc. mfeapfk"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEFIRE\0000]
"DeviceDesc"="McAfee Firewall Core Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEFIREK\0000]
"DeviceDesc"="McAfee Inc. mfefirek"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEHIDK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFETDI2K\0000]
"DeviceDesc"="McAfee Inc. mfetdi2k"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEVTP\0000]
"DeviceDesc"="McAfee Validation Trust Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001]
"FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001]
"Mfg"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001]
"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\InternetRegistry\McAfee]
[HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}]
"URL"="http://search.yahoo....={searchTerms}"
[HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://search.yahoo....fr=mcafee&p=%s"
[HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]

========== filefind ==========

Searching for "McAfee"
No files found.

========== folderfind ==========

Searching for "McAfee"
C:\Program Files\McAfee d------ [23:03 13/10/2009]
C:\Program Files\Common Files\McAfee d------ [23:04 13/10/2009]
C:\Qoobox\Quarantine\C\Program Files\McAfee d------ [03:15 20/10/2011]
C:\Qoobox\Quarantine\C\Program Files\Common Files\McAfee d------ [03:15 20/10/2011]

-= EOF =-

#32 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 27 November 2011 - 04:19 AM

Hi,

My apologies for the delay.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.


Next, please open Notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the box below into Notepad:

Folder::
C:\Program Files\McAfee
C:\Program Files\Common Files\McAfee
KILLALL::
Driver::
0159851316703667MCINSTCLEANUP
CFWIDS
MCAFEE_SITEADVISOR
MCAFEE_SITEADVISOR_SERVICE
MCMPFSVC
MCNAIANN
MCNASVC
MCODS
MFEAVFK
MFEAVFK02
MFEBOPK
MFEFIRE
MFEHIDK
MFERKDET
MFERKDK
MFESMFK
MFETDI2K
MFEVTP
MFE_NDISKMP
mcmscsvc
Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\McAfee]
[-HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\McAfee Trust]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E750330E-A1DA-4291-97A6-7441AA00F1F6}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E750330E-A1DA-4291-97A6-7441AA00F1F6}\ToolboxBitmap32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SASettings.SASettings]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SASettings.SASettings.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\McAfee]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
[-HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\InternetRegistry\McAfee]
[-HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\SystemCertificates\McAfee Trust]
[-KEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#33 karr

karr

    New Member

  • Members
  • Pip
  • 31 posts

Posted 28 November 2011 - 09:05 PM

Did as you asked with the Combofix. After dragging the SFScript.txt into Combovix, my AVG virus program immediately popped up a virus notification that Malware.gen was found. AVG quarantined it. I tried again thinking perhaps it was just a coincidence...... AGAIN Malware.gen was found and subsequently quarantined.

Please help.

Thanks.

#34 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 06 December 2011 - 03:06 PM

It's a false positive by AVG. That is why you are asked to disable your security software before running ComboFix. Please delete your copy of ComboFix, grab a fresh one, then run the script.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#35 karr

karr

    New Member

  • Members
  • Pip
  • 31 posts

Posted 10 December 2011 - 11:29 AM

Unfortunately I was never told to disable any security programs.

Security disabled and then I ran Combofix and DDS as requested.

Combofix log is:


ComboFix 11-12-10.01 - Karla Reece 12/10/2011 10:59:42.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.558 [GMT -5:00]
Running from: c:\documents and settings\Karla Reece\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Karla Reece\Desktop\CFScript.txt
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\Common Files\McAfee
c:\program files\McAfee
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6875d50b57d25c8a.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CFWIDS
-------\Legacy_MFEAVFK02
-------\Legacy_MFEFIRE
-------\Legacy_MFERKDET
-------\Legacy_MFETDI2K
-------\Legacy_MFEVTP
.
.
((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 01:27 . 2011-11-07 01:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 01:14 . 2011-11-07 01:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-07 01:14 . 2010-08-31 10:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-10 14:22 . 2009-02-12 19:23 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2009-02-12 18:05 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2009-02-12 18:05 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2009-02-12 18:05 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-12-10 15:43 . 2011-05-20 22:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2011-01-11 01:21 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-23_03.06.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-12-10 16:07 . 2011-12-10 16:07 16384 c:\windows\temp\Perflib_Perfdata_e44.dat
+ 2011-12-10 16:10 . 2011-12-10 16:10 16384 c:\windows\temp\Perflib_Perfdata_d30.dat
+ 2011-12-10 16:09 . 2011-12-10 16:09 16384 c:\windows\temp\Perflib_Perfdata_6e4.dat
+ 2011-10-28 19:43 . 2009-03-17 03:19 58208 c:\windows\system32\wsimd.sys
- 2009-06-26 00:51 . 2007-07-28 03:11 26488 c:\windows\system32\spupdsvc.exe
+ 2009-06-26 00:51 . 2011-08-12 17:51 26488 c:\windows\system32\spupdsvc.exe
+ 2009-02-12 18:05 . 2011-08-17 21:32 44544 c:\windows\system32\pngfilt.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 44544 c:\windows\system32\pngfilt.dll
+ 2009-02-12 18:05 . 2011-11-06 20:29 40394 c:\windows\system32\perfc009.dat
- 2009-02-12 18:05 . 2011-03-14 00:23 40394 c:\windows\system32\perfc009.dat
- 2007-08-13 22:54 . 2011-06-21 18:45 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 22:54 . 2011-08-17 21:32 52224 c:\windows\system32\msfeedsbs.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 27648 c:\windows\system32\jsproxy.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-13 22:39 . 2011-08-17 12:21 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 22:39 . 2011-06-21 11:46 13824 c:\windows\system32\ieudinit.exe
- 2009-02-12 18:05 . 2011-06-21 18:45 44544 c:\windows\system32\iernonce.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 44544 c:\windows\system32\iernonce.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 78336 c:\windows\system32\ieencode.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 78336 c:\windows\system32\ieencode.dll
+ 2009-02-12 18:05 . 2011-08-17 12:21 70656 c:\windows\system32\ie4uinit.exe
- 2009-02-12 18:05 . 2011-06-21 11:46 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 22:36 . 2011-08-17 21:32 63488 c:\windows\system32\icardie.dll
- 2007-08-13 22:36 . 2011-06-21 18:45 63488 c:\windows\system32\icardie.dll
+ 2011-10-28 19:43 . 2011-08-09 22:51 85256 c:\windows\system32\dsaNac.dll
+ 2011-10-28 19:43 . 2009-03-17 03:19 58208 c:\windows\system32\drivers\wsimd.sys
+ 2008-04-14 00:48 . 2008-04-14 04:48 52480 c:\windows\system32\drivers\i8042prt.sys
- 2008-04-14 00:48 . 2008-04-14 12:00 52480 c:\windows\system32\drivers\i8042prt.sys
- 2009-02-12 18:05 . 2011-06-21 18:45 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-02-12 18:05 . 2011-09-26 15:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
- 2009-07-09 13:02 . 2011-06-21 18:45 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-07-09 13:02 . 2011-08-17 21:32 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-07-09 13:02 . 2011-08-17 12:21 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2009-07-09 13:02 . 2011-06-21 11:46 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2009-02-12 18:05 . 2011-06-21 18:45 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-12 18:05 . 2011-06-21 11:46 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-02-12 18:05 . 2011-08-17 12:21 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-07-09 13:02 . 2011-08-17 21:32 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-07-09 13:02 . 2011-06-21 18:45 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-04-14 00:48 . 2008-04-14 04:48 52480 c:\windows\system32\dllcache\i8042prt.sys
- 2008-04-14 00:48 . 2008-04-14 12:00 52480 c:\windows\system32\dllcache\i8042prt.sys
+ 2009-02-12 18:05 . 2011-08-17 21:32 17408 c:\windows\system32\dllcache\corpol.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 17408 c:\windows\system32\corpol.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 17408 c:\windows\system32\corpol.dll
- 2009-02-12 19:28 . 2011-09-22 15:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-12 19:28 . 2011-11-21 00:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-12 19:28 . 2011-11-21 00:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-12 19:28 . 2011-09-22 15:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-11-21 00:21 . 2011-11-21 00:21 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-10-29 01:14 . 2011-10-29 01:14 22016 c:\windows\Installer\1332c40.msi
+ 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 44544 c:\windows\ie7updates\KB2586448-IE7\pngfilt.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 52224 c:\windows\ie7updates\KB2586448-IE7\msfeedsbs.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 27648 c:\windows\ie7updates\KB2586448-IE7\jsproxy.dll
+ 2011-10-29 01:55 . 2011-06-21 11:46 13824 c:\windows\ie7updates\KB2586448-IE7\ieudinit.exe
+ 2011-10-29 01:55 . 2011-06-21 18:45 44544 c:\windows\ie7updates\KB2586448-IE7\iernonce.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 78336 c:\windows\ie7updates\KB2586448-IE7\ieencode.dll
+ 2011-10-29 01:55 . 2011-06-21 11:46 70656 c:\windows\ie7updates\KB2586448-IE7\ie4uinit.exe
+ 2011-10-29 01:55 . 2011-06-21 18:45 63488 c:\windows\ie7updates\KB2586448-IE7\icardie.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 17408 c:\windows\ie7updates\KB2586448-IE7\corpol.dll
+ 2011-10-29 01:55 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2592799\update\spcustom.dll
+ 2011-10-29 01:55 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2592799\spmsg.dll
+ 2011-10-29 01:55 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2586448-IE7\update\spcustom.dll
+ 2011-10-29 01:55 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2586448-IE7\spmsg.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 44544 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\pngfilt.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 52224 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\msfeedsbs.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 27648 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\jsproxy.dll
+ 2011-08-17 12:33 . 2011-08-17 12:33 13824 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieudinit.exe
+ 2011-08-17 21:30 . 2011-08-17 21:30 44544 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iernonce.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 78336 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieencode.dll
+ 2011-08-17 12:33 . 2011-08-17 12:33 70656 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ie4uinit.exe
+ 2011-08-17 21:30 . 2011-08-17 21:30 63488 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\icardie.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 17408 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\corpol.dll
+ 2011-10-29 01:55 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2567053\update\spcustom.dll
+ 2011-10-29 01:55 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2567053\spmsg.dll
+ 2011-11-10 01:17 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544893-v2\update\spcustom.dll
+ 2011-11-10 01:17 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544893-v2\spmsg.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-06-15 08:10 . 2009-06-15 08:10 282624 c:\windows\system32\yk51x86.dll
+ 2011-10-28 19:43 . 2011-08-09 22:51 253160 c:\windows\system32\wsimd.dll
+ 2011-10-28 19:43 . 2011-08-09 22:51 257256 c:\windows\system32\wsfwDS.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 832512 c:\windows\system32\wininet.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 832512 c:\windows\system32\wininet.dll
+ 2011-10-28 19:43 . 2011-08-09 22:46 429312 c:\windows\system32\wgapi.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 233472 c:\windows\system32\webcheck.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 233472 c:\windows\system32\webcheck.dll
+ 2011-10-28 19:43 . 2011-08-09 22:46 339200 c:\windows\system32\wcapiU.dll
+ 2011-10-28 19:43 . 2011-08-09 22:46 417000 c:\windows\system32\wcapi.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 106496 c:\windows\system32\url.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 106496 c:\windows\system32\url.dll
+ 2009-02-12 18:05 . 2011-11-06 20:29 312172 c:\windows\system32\perfh009.dat
- 2009-02-12 18:05 . 2011-03-14 00:23 312172 c:\windows\system32\perfh009.dat
- 2009-02-12 18:05 . 2011-06-21 18:45 102912 c:\windows\system32\occache.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 102912 c:\windows\system32\occache.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 671232 c:\windows\system32\mstime.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 671232 c:\windows\system32\mstime.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 193024 c:\windows\system32\msrating.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 193024 c:\windows\system32\msrating.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 478720 c:\windows\system32\mshtmled.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 478720 c:\windows\system32\mshtmled.dll
+ 2007-08-13 22:54 . 2011-08-17 21:32 468480 c:\windows\system32\msfeeds.dll
- 2007-08-13 22:54 . 2011-06-21 18:45 468480 c:\windows\system32\msfeeds.dll
+ 2011-11-17 01:27 . 2011-11-17 01:27 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2011-11-07 01:13 . 2011-11-07 01:13 247968 c:\windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe
+ 2011-11-07 01:14 . 2011-11-07 01:14 157472 c:\windows\system32\javaws.exe
- 2010-08-31 10:38 . 2010-07-17 10:00 145184 c:\windows\system32\javaw.exe
+ 2011-11-07 01:14 . 2011-11-07 01:14 145184 c:\windows\system32\javaw.exe
- 2010-08-31 10:38 . 2010-07-17 10:00 145184 c:\windows\system32\java.exe
+ 2011-11-07 01:14 . 2011-11-07 01:14 145184 c:\windows\system32\java.exe
+ 2011-10-28 19:43 . 2011-08-09 22:46 265456 c:\windows\system32\IPTests.dll
+ 2007-08-13 22:34 . 2011-08-17 21:32 268288 c:\windows\system32\iertutil.dll
- 2007-08-13 22:34 . 2011-06-21 18:45 268288 c:\windows\system32\iertutil.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 192512 c:\windows\system32\iepeers.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 192512 c:\windows\system32\iepeers.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 384512 c:\windows\system32\iedkcs32.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 384512 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 16:27 . 2011-08-17 21:32 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 16:27 . 2011-06-21 18:45 380928 c:\windows\system32\ieapfltr.dll
- 2009-02-12 18:05 . 2011-06-20 11:27 161792 c:\windows\system32\ieakui.dll
+ 2009-02-12 18:05 . 2011-08-17 11:00 161792 c:\windows\system32\ieakui.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 230400 c:\windows\system32\ieaksie.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 230400 c:\windows\system32\ieaksie.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 153088 c:\windows\system32\ieakeng.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 153088 c:\windows\system32\ieakeng.dll
- 2009-02-12 11:17 . 2011-07-15 01:19 107808 c:\windows\system32\FNTCACHE.DAT
+ 2009-02-12 11:17 . 2011-10-30 21:11 107808 c:\windows\system32\FNTCACHE.DAT
- 2009-02-12 18:05 . 2011-06-21 18:45 133120 c:\windows\system32\extmgr.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 133120 c:\windows\system32\extmgr.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 214528 c:\windows\system32\dxtrans.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 214528 c:\windows\system32\dxtrans.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 347136 c:\windows\system32\dxtmsft.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 347136 c:\windows\system32\dxtmsft.dll
+ 2009-06-15 08:10 . 2009-06-15 08:10 297728 c:\windows\system32\drivers\yk51x86.sys
+ 2009-02-12 18:05 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
- 2009-02-12 18:05 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
- 2009-02-12 18:05 . 2011-06-21 18:45 832512 c:\windows\system32\dllcache\wininet.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 832512 c:\windows\system32\dllcache\wininet.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 233472 c:\windows\system32\dllcache\webcheck.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 233472 c:\windows\system32\dllcache\webcheck.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 106496 c:\windows\system32\dllcache\url.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 106496 c:\windows\system32\dllcache\url.dll
+ 2009-02-12 18:05 . 2011-09-26 15:41 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 102912 c:\windows\system32\dllcache\occache.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 102912 c:\windows\system32\dllcache\occache.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 671232 c:\windows\system32\dllcache\mstime.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 671232 c:\windows\system32\dllcache\mstime.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 193024 c:\windows\system32\dllcache\msrating.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 193024 c:\windows\system32\dllcache\msrating.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 478720 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 478720 c:\windows\system32\dllcache\mshtmled.dll
- 2009-07-09 13:02 . 2011-06-21 18:45 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-07-09 13:02 . 2011-08-17 21:32 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-02-12 19:23 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2009-02-12 19:23 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-02-12 19:23 . 2011-08-17 11:01 634632 c:\windows\system32\dllcache\iexplore.exe
+ 2009-07-09 13:02 . 2011-08-17 21:32 268288 c:\windows\system32\dllcache\iertutil.dll
- 2009-07-09 13:02 . 2011-06-21 18:45 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 192512 c:\windows\system32\dllcache\iepeers.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 384512 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 384512 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-07-09 13:02 . 2011-06-21 18:45 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-07-09 13:02 . 2011-08-17 21:32 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-02-12 18:05 . 2011-08-17 11:00 161792 c:\windows\system32\dllcache\ieakui.dll
- 2009-02-12 18:05 . 2011-06-20 11:27 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 133120 c:\windows\system32\dllcache\extmgr.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 133120 c:\windows\system32\dllcache\extmgr.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2009-02-12 18:05 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2009-02-12 18:05 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2009-02-12 18:05 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
- 2009-02-12 18:05 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
- 2009-02-12 18:05 . 2011-06-21 18:45 124928 c:\windows\system32\dllcache\advpack.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 124928 c:\windows\system32\dllcache\advpack.dll
+ 2011-10-28 19:43 . 2011-08-09 22:46 314624 c:\windows\system32\athcfg20U.dll
+ 2011-10-28 19:43 . 2011-08-09 22:46 130312 c:\windows\system32\athcfg20resU.dll
+ 2011-10-28 19:43 . 2011-08-09 22:46 130288 c:\windows\system32\athcfg20res.dll
+ 2011-10-28 19:43 . 2011-08-09 22:46 302312 c:\windows\system32\athcfg20.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 124928 c:\windows\system32\advpack.dll
+ 2009-02-12 18:05 . 2011-08-17 21:32 124928 c:\windows\system32\advpack.dll
+ 2011-10-28 19:43 . 2011-08-09 22:46 503032 c:\windows\system32\acs.exe
+ 2011-11-07 01:14 . 2011-11-07 01:14 203776 c:\windows\Installer\5b17c.msi
+ 2011-11-07 01:14 . 2011-11-07 01:14 901120 c:\windows\Installer\5b16c.msi
+ 2011-10-30 21:29 . 2011-10-30 21:29 219648 c:\windows\Installer\10b9e2.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 832512 c:\windows\ie7updates\KB2586448-IE7\wininet.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 233472 c:\windows\ie7updates\KB2586448-IE7\webcheck.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 106496 c:\windows\ie7updates\KB2586448-IE7\url.dll
+ 2011-10-29 01:55 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2586448-IE7\spuninst\updspapi.dll
+ 2011-10-29 01:55 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2586448-IE7\spuninst\spuninst.exe
+ 2011-10-29 01:55 . 2011-06-21 18:45 102912 c:\windows\ie7updates\KB2586448-IE7\occache.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 671232 c:\windows\ie7updates\KB2586448-IE7\mstime.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 193024 c:\windows\ie7updates\KB2586448-IE7\msrating.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 478720 c:\windows\ie7updates\KB2586448-IE7\mshtmled.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 468480 c:\windows\ie7updates\KB2586448-IE7\msfeeds.dll
+ 2011-10-29 01:55 . 2011-06-20 11:29 634648 c:\windows\ie7updates\KB2586448-IE7\iexplore.exe
+ 2011-10-29 01:55 . 2011-06-21 18:45 268288 c:\windows\ie7updates\KB2586448-IE7\iertutil.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 192512 c:\windows\ie7updates\KB2586448-IE7\iepeers.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 384512 c:\windows\ie7updates\KB2586448-IE7\iedkcs32.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 380928 c:\windows\ie7updates\KB2586448-IE7\ieapfltr.dll
+ 2011-10-29 01:55 . 2011-06-20 11:27 161792 c:\windows\ie7updates\KB2586448-IE7\ieakui.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 230400 c:\windows\ie7updates\KB2586448-IE7\ieaksie.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 153088 c:\windows\ie7updates\KB2586448-IE7\ieakeng.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 133120 c:\windows\ie7updates\KB2586448-IE7\extmgr.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 214528 c:\windows\ie7updates\KB2586448-IE7\dxtrans.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 347136 c:\windows\ie7updates\KB2586448-IE7\dxtmsft.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 124928 c:\windows\ie7updates\KB2586448-IE7\advpack.dll
+ 2011-11-10 01:17 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2544893-v2$\spuninst\updspapi.dll
+ 2011-11-10 01:17 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe
+ 2011-11-10 01:17 . 2011-05-02 15:31 692736 c:\windows\$NtUninstallKB2544893-v2$\inetcomm.dll
+ 2011-10-29 01:55 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2592799\update\updspapi.dll
+ 2011-10-29 01:55 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2592799\update\update.exe
+ 2011-10-29 01:55 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2592799\spuninst.exe
+ 2011-10-28 19:48 . 2011-08-17 13:41 138496 c:\windows\$hf_mig$\KB2592799\SP3QFE\afd.sys
+ 2011-10-29 01:55 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2586448-IE7\update\updspapi.dll
+ 2011-10-29 01:55 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2586448-IE7\update\update.exe
+ 2011-10-29 01:55 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2586448-IE7\spuninst.exe
+ 2011-08-17 21:30 . 2011-08-17 21:30 841216 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\wininet.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 233472 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\webcheck.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 106496 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\url.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 102912 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\occache.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 671232 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\mstime.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 193024 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\msrating.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 478720 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\mshtmled.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 468480 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\msfeeds.dll
+ 2011-08-17 10:34 . 2011-08-17 10:34 634632 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iexplore.exe
+ 2011-08-17 21:30 . 2011-08-17 21:30 268288 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iertutil.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 193024 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iepeers.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 388608 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iedkcs32.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 380928 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieapfltr.dll
+ 2011-08-17 10:33 . 2011-08-17 10:33 161792 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieakui.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 230400 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieaksie.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 153088 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieakeng.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 132608 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\extmgr.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 214528 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\dxtrans.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 347136 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\dxtmsft.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 124928 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\advpack.dll
+ 2011-10-29 01:55 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2567053\update\updspapi.dll
+ 2011-10-29 01:55 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2567053\update\update.exe
+ 2011-10-29 01:55 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2567053\spuninst.exe
+ 2011-11-10 01:17 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2544893-v2\update\updspapi.dll
+ 2011-11-10 01:17 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2544893-v2\update\update.exe
+ 2011-11-10 01:17 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2544893-v2\spuninst.exe
+ 2011-10-10 14:21 . 2011-10-10 14:21 692736 c:\windows\$hf_mig$\KB2544893-v2\SP3QFE\inetcomm.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-02-12 18:05 . 2011-09-06 13:20 1858944 c:\windows\system32\win32k.sys
- 2009-02-12 18:05 . 2011-06-02 14:02 1858944 c:\windows\system32\win32k.sys
+ 2009-02-12 18:05 . 2011-08-17 21:32 1168896 c:\windows\system32\urlmon.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 1168896 c:\windows\system32\urlmon.dll
+ 2011-10-28 19:04 . 2008-10-08 06:35 1334432 c:\windows\system32\ReinstallBackups\0015\DriverFiles\athw.sys
+ 2009-02-12 18:05 . 2011-09-05 07:48 3615744 c:\windows\system32\mshtml.dll
+ 2011-11-07 01:13 . 2011-11-17 01:27 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-08-13 22:54 . 2011-08-17 21:32 6076416 c:\windows\system32\ieframe.dll
- 2007-08-13 22:54 . 2011-06-21 18:45 6076416 c:\windows\system32\ieframe.dll
+ 2011-10-28 19:43 . 2011-08-09 22:51 1273088 c:\windows\system32\dsa.dll
+ 2011-10-28 19:43 . 2011-08-05 02:35 1981760 c:\windows\system32\drivers\athw.sys
- 2009-02-12 18:05 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2009-02-12 18:05 . 2011-09-06 13:20 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2009-02-12 18:05 . 2011-08-17 21:32 1168896 c:\windows\system32\dllcache\urlmon.dll
- 2009-02-12 18:05 . 2011-06-21 18:45 1168896 c:\windows\system32\dllcache\urlmon.dll
+ 2009-02-12 18:05 . 2011-09-05 07:48 3615744 c:\windows\system32\dllcache\mshtml.dll
+ 2009-07-09 13:02 . 2011-08-17 21:32 6076416 c:\windows\system32\dllcache\ieframe.dll
- 2009-07-09 13:02 . 2011-06-21 18:45 6076416 c:\windows\system32\dllcache\ieframe.dll
+ 2011-10-28 19:43 . 2011-08-05 02:35 1981760 c:\windows\system32\athw.sys
+ 2011-11-29 01:14 . 2011-11-29 01:14 2186240 c:\windows\Installer\75940.msi
+ 2011-11-17 01:34 . 2011-11-17 01:34 4671488 c:\windows\Installer\67f26.msi
+ 2011-11-21 00:23 . 2011-11-21 00:23 1435136 c:\windows\Installer\21d6ec.msi
+ 2011-11-07 01:34 . 2011-11-07 01:34 2295808 c:\windows\Installer\16f866.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-10-29 01:55 . 2011-06-21 18:45 1168896 c:\windows\ie7updates\KB2586448-IE7\urlmon.dll
+ 2011-10-29 01:55 . 2011-07-22 16:35 3613696 c:\windows\ie7updates\KB2586448-IE7\mshtml.dll
+ 2011-10-29 01:55 . 2011-06-21 18:45 6076416 c:\windows\ie7updates\KB2586448-IE7\ieframe.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 1172992 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\urlmon.dll
+ 2011-08-18 10:00 . 2011-08-18 10:00 3617792 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\mshtml.dll
+ 2011-08-17 21:30 . 2011-08-17 21:30 6080512 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieframe.dll
+ 2011-10-28 19:51 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieapfltr.dat
+ 2011-09-06 13:25 . 2011-09-06 13:25 1867904 c:\windows\$hf_mig$\KB2567053\SP3QFE\win32k.sys
+ 2009-06-28 03:17 . 2011-11-10 01:12 50295240 c:\windows\system32\MRT.exe
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\16f867.msp
+ 2011-06-06 17:55 . 2011-06-06 17:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-06-28 4950664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent.exe" [2009-05-07 335872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"ACU"="c:\program files\Atheros\ACU.exe" [2011-08-09 474368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2/12/2009 2:29 PM 4300]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/26/2009 8:46 PM 24652]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [1/14/2008 10:01 PM 30208]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2/12/2009 2:33 PM 238464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 7:47 AM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 7:47 AM 133104]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/8/2010 9:52 AM 20480]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [8/1/2006 6:57 PM 19840]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 12:47]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 12:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.169.1
FF - ProfilePath - c:\documents and settings\Karla Reece\Application Data\Mozilla\Firefox\Profiles\llqfnhrf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd40e429d-0c7b-454c-813d-26f65be89cd3%7D&mid=d2215bac354547d1adc4d16d94cfa365-c008b0edb16c18519bd433fe59fcee9928356847&ds=AVG&v=8.0.0.34.1&lang=en&pr=pr&d=2011-10-30%2017%3A31%3A35&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-10 11:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3552)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\acs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\windows\system32\igfxext.exe
c:\program files\SAMSUNG\MagicKBD\PerformanceManager.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-12-10 11:13:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-10 16:13
ComboFix2.txt 2011-10-23 03:10
.
Pre-Run: 62,250,881,024 bytes free
Post-Run: 62,409,510,912 bytes free
.
- - End Of File - - B1D075240EFE16601E44C6D2DA27304A



DDS file reads:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29
Run by Karla Reece at 11:25:11 on 2011-12-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.412 [GMT -5:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Garmin\MyGarminAgent.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\WINDOWS\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [MyGarminAgent] c:\program files\garmin\MyGarminAgent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.169.1
TCP: Interfaces\{FFADABD1-F041-4152-BD77-3518F6E17BD0} : DhcpNameServer = 192.168.169.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\karla reece\application data\mozilla\firefox\profiles\llqfnhrf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd40e429d-0c7b-454c-813d-26f65be89cd3%7D&mid=d2215bac354547d1adc4d16d94cfa365-c008b0edb16c18519bd433fe59fcee9928356847&ds=AVG&v=8.0.0.34.1&lang=en&pr=pr&d=2011-10-30%2017%3A31%3A35&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 4300]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-26 24652]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-14 30208]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 238464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-8-1 19840]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-11-17 01:27:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 01:14:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-07 01:14:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 11:25:29.37 ===============

#36 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 16 December 2011 - 03:58 AM

Hi,

Things are looking good.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.



Reboot and let me know what issues remain.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#37 karr

karr

    New Member

  • Members
  • Pip
  • 31 posts

Posted 16 December 2011 - 07:54 PM

In the Device Manager the "Mcafee Core NDIS Intermediate Filter Miniport #2" still shows with an exclamation point - missing driver.

#38 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 19 December 2011 - 05:40 AM

Repeat the instructions in Post #30 and we'll see if we missed anything.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#39 karr

karr

    New Member

  • Members
  • Pip
  • 31 posts

Posted 19 December 2011 - 08:23 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 20:13 on 19/12/2011 by Karla Reece
Administrator - Elevation successful

========== regfind ==========

Searching for "McAfee"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}]
"URL"="http://search.yahoo....={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://search.yahoo....fr=mcafee&p=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_0159851316703667MCINSTCLEANUP\0000]
"DeviceDesc"="McAfee Application Installer Cleanup (0159851316703667)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE\0000]
"Service"="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE\0000]
"DeviceDesc"="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCMPFSVC\0000]
"DeviceDesc"="McAfee Personal Firewall Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCMSCSVC\0000]
"DeviceDesc"="McAfee Services"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCNAIANN\0000]
"DeviceDesc"="McAfee VirusScan Announcer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCNASVC\0000]
"DeviceDesc"="McAfee Network Agent"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCODS\0000]
"DeviceDesc"="McAfee Scanner"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEBOPK\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEFIRE\0000]
"DeviceDesc"="McAfee Firewall Core Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEHIDK\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDK\0000]
"DeviceDesc"="McAfee Inc. mferkdk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFESMFK\0000]
"DeviceDesc"="McAfee Inc. mfesmfk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFETDI2K\0000]
"DeviceDesc"="McAfee Inc. mfetdi2k"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEVTP\0000]
"DeviceDesc"="McAfee Validation Trust Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000]
"Mfg"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000]
"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000]
"FriendlyName"="Atheros AR5007EG Wireless Network Adapter - McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001]
"FriendlyName"="Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller - McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001]
"Mfg"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001]
"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002]
"FriendlyName"="WAN Miniport (IP) - McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002]
"Mfg"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002]
"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\0159851316703667mcinstcleanup]
"ImagePath"="C:\WINDOWS\TEMP\015985~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\0159851316703667mcinstcleanup]
"DisplayName"="McAfee Application Installer Cleanup (0159851316703667)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McMPFSvc]
"ImagePath"=""C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McMPFSvc]
"DisplayName"="McAfee Personal Firewall Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc]
"ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc]
"DisplayName"="McAfee Services"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc]
"Description"="McAfee Services"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn]
"ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn]
"DisplayName"="McAfee VirusScan Announcer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn]
"Description"="McAfee VirusScan Announcer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc]
"ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc]
"DisplayName"="McAfee Network Agent"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc]
"Description"="Allows McAfee applications to communicate securely on the local network."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS]
"ImagePath"=""C:\Program Files\McAfee\VirusScan\mcods.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS]
"DisplayName"="McAfee Scanner"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS]
"Description"="McAfee Scanner"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"McAfee Core NDIS Intermediate Filter Miniport"="2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAPFK\0000]
"DeviceDesc"="McAfee Inc. mfeapfk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEFIREK\0000]
"DeviceDesc"="McAfee Inc. mfefirek"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEHIDK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001]
"FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001]
"Mfg"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001]
"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"McAfee Core NDIS Intermediate Filter Miniport"="2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEAPFK\0000]
"DeviceDesc"="McAfee Inc. mfeapfk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEAVFK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEFIREK\0000]
"DeviceDesc"="McAfee Inc. mfefirek"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEHIDK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001]
"FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001]
"Mfg"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001]
"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"McAfee Core NDIS Intermediate Filter Miniport"="2"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAPFK\0000]
"DeviceDesc"="McAfee Inc. mfeapfk"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEFIREK\0000]
"DeviceDesc"="McAfee Inc. mfefirek"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEHIDK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001]
"FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001]
"Mfg"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001]
"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"
[HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}]
"URL"="http://search.yahoo....={searchTerms}"
[HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://search.yahoo....fr=mcafee&p=%s"

========== filefind ==========

Searching for "McAfee"
No files found.

========== folderfind ==========

Searching for "McAfee"
No folders found.

-= EOF =-

#40 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 24 December 2011 - 05:59 PM

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.


Next, please open Notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the box below into Notepad:

Driver::
0159851316703667MCINSTCLEANUP
CFWIDS
MCAFEE_SITEADVISOR
MCAFEE_SITEADVISOR_SERVICE
MCMPFSVC
MCNAIANN
MCNASVC
MCODS
MFEAVFK
MFEAVFK02
MFEBOPK
MFEFIRE
MFEHIDK
MFERKDET
MFERKDK
MFESMFK
MFETDI2K
MFEVTP
MFE_NDISKMP
mcmscsvc
KILLALL::

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users