karr

malware installed but now error "Windows cannot access the specified..."

52 posts in this topic

Hi,

Run this to remove all McAfee components; reboot afterward:

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 21

Adobe Flash Player (10.3.183.7)

Adobe Reader 8.0

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Next, please visit Windows Update and download all critical updates, including Internet Explorer 8.

Let me know what issues remain.

-screen317

Share this post


Link to post
Share on other sites

The only remaining issue I have found is that in the Device Manager the "Mcafee Core NDIS Intermediate Filter Miniport #2" still shows with an exclamation point - missing driver.

Share this post


Link to post
Share on other sites

Right-click it and click uninstall. Reboot. See if it is still there.

Share this post


Link to post
Share on other sites

Tried to uninstall but got the error message (Failed to uninstall the device. The device may be required to boot up the computer."

Share this post


Link to post
Share on other sites

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    McAfee
    :filefind
    McAfee
    :folderfind
    McAfee


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 20:35 on 20/11/2011 by Karr

Administrator - Elevation successful

========== regfind ==========

Searching for "McAfee"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\McAfee]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}]

"URL"="http://search.yahoo.com/search?fr=mcafee&p={searchTerms}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://search.yahoo.com/search?fr=mcafee&p=%s"

[HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\McAfee Trust]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E750330E-A1DA-4291-97A6-7441AA00F1F6}\InprocServer32]

@="c:\PROGRA~1\mcafee\SITEAD~1\saplugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E750330E-A1DA-4291-97A6-7441AA00F1F6}\ToolboxBitmap32]

@="c:\PROGRA~1\mcafee\SITEAD~1\saplugin.dll, 102"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SASettings.SASettings]

@="McAfee SASettings"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SASettings.SASettings.1]

@="McAfee SASettings"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013]

"ProviderName"="McAfee"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013]

"DriverDesc"="McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]

"ProviderName"="McAfee"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]

"DriverDesc"="McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]

"ProviderName"="McAfee"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]

"DriverDesc"="McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\McAfee]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]

"McAfee Core NDIS Intermediate Filter Miniport"="1 2 3"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_0159851316703667MCINSTCLEANUP\0000]

"DeviceDesc"="McAfee Application Installer Cleanup (0159851316703667)"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000]

"DeviceDesc"="McAfee Inc. cfwids"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE\0000]

"Service"="McAfee SiteAdvisor Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE\0000]

"DeviceDesc"="McAfee SiteAdvisor Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCMPFSVC\0000]

"DeviceDesc"="McAfee Personal Firewall Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCMSCSVC\0000]

"DeviceDesc"="McAfee Services"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCNAIANN\0000]

"DeviceDesc"="McAfee VirusScan Announcer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCNASVC\0000]

"DeviceDesc"="McAfee Network Agent"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCODS\0000]

"DeviceDesc"="McAfee Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEBOPK\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEFIRE\0000]

"DeviceDesc"="McAfee Firewall Core Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEHIDK\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDET\0000]

"DeviceDesc"="McAfee Inc. mferkdet"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDK\0000]

"DeviceDesc"="McAfee Inc. mferkdk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFESMFK\0000]

"DeviceDesc"="McAfee Inc. mfesmfk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFETDI2K\0000]

"DeviceDesc"="McAfee Inc. mfetdi2k"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEVTP\0000]

"DeviceDesc"="McAfee Validation Trust Protection Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000]

"Mfg"="McAfee"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000]

"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000]

"FriendlyName"="Atheros AR5007EG Wireless Network Adapter - McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001]

"FriendlyName"="Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller - McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001]

"Mfg"="McAfee"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001]

"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002]

"FriendlyName"="WAN Miniport (IP) - McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002]

"Mfg"="McAfee"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002]

"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\0159851316703667mcinstcleanup]

"ImagePath"="C:\WINDOWS\TEMP\015985~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\0159851316703667mcinstcleanup]

"DisplayName"="McAfee Application Installer Cleanup (0159851316703667)"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McMPFSvc]

"ImagePath"=""C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McMPFSvc]

"DisplayName"="McAfee Personal Firewall Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc]

"ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc]

"DisplayName"="McAfee Services"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc]

"Description"="McAfee Services"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn]

"ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn]

"DisplayName"="McAfee VirusScan Announcer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn]

"Description"="McAfee VirusScan Announcer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc]

"ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc]

"DisplayName"="McAfee Network Agent"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc]

"Description"="Allows McAfee applications to communicate securely on the local network."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS]

"ImagePath"=""C:\Program Files\McAfee\VirusScan\mcods.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS]

"DisplayName"="McAfee Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS]

"Description"="McAfee Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]

"McAfee Core NDIS Intermediate Filter Miniport"="2"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000]

"DeviceDesc"="McAfee Inc. cfwids"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAPFK\0000]

"DeviceDesc"="McAfee Inc. mfeapfk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK01\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK02\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEFIRE\0000]

"DeviceDesc"="McAfee Firewall Core Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEFIREK\0000]

"DeviceDesc"="McAfee Inc. mfefirek"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEHIDK01\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFERKDET\0000]

"DeviceDesc"="McAfee Inc. mferkdet"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFETDI2K\0000]

"DeviceDesc"="McAfee Inc. mfetdi2k"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEVTP\0000]

"DeviceDesc"="McAfee Validation Trust Protection Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001]

"FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001]

"Mfg"="McAfee"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001]

"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]

"McAfee Core NDIS Intermediate Filter Miniport"="2"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CFWIDS\0000]

"DeviceDesc"="McAfee Inc. cfwids"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEAPFK\0000]

"DeviceDesc"="McAfee Inc. mfeapfk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEAVFK01\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEAVFK02\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEFIRE\0000]

"DeviceDesc"="McAfee Firewall Core Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEFIREK\0000]

"DeviceDesc"="McAfee Inc. mfefirek"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEHIDK01\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFERKDET\0000]

"DeviceDesc"="McAfee Inc. mferkdet"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFETDI2K\0000]

"DeviceDesc"="McAfee Inc. mfetdi2k"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEVTP\0000]

"DeviceDesc"="McAfee Validation Trust Protection Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001]

"FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001]

"Mfg"="McAfee"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001]

"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]

"McAfee Core NDIS Intermediate Filter Miniport"="2"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]

"DeviceDesc"="McAfee Inc. cfwids"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAPFK\0000]

"DeviceDesc"="McAfee Inc. mfeapfk"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK01\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK02\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEFIRE\0000]

"DeviceDesc"="McAfee Firewall Core Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEFIREK\0000]

"DeviceDesc"="McAfee Inc. mfefirek"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEHIDK01\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFERKDET\0000]

"DeviceDesc"="McAfee Inc. mferkdet"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFETDI2K\0000]

"DeviceDesc"="McAfee Inc. mfetdi2k"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEVTP\0000]

"DeviceDesc"="McAfee Validation Trust Protection Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001]

"FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001]

"Mfg"="McAfee"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001]

"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]

[HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\InternetRegistry\McAfee]

[HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}]

"URL"="http://search.yahoo.com/search?fr=mcafee&p={searchTerms}"

[HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://search.yahoo.com/search?fr=mcafee&p=%s"

[HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\SystemCertificates\McAfee Trust]

[HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]

========== filefind ==========

Searching for "McAfee"

No files found.

========== folderfind ==========

Searching for "McAfee"

C:\Program Files\McAfee d------ [23:03 13/10/2009]

C:\Program Files\Common Files\McAfee d------ [23:04 13/10/2009]

C:\Qoobox\Quarantine\C\Program Files\McAfee d------ [03:15 20/10/2011]

C:\Qoobox\Quarantine\C\Program Files\Common Files\McAfee d------ [03:15 20/10/2011]

-= EOF =-

Share this post


Link to post
Share on other sites

Hi,

My apologies for the delay.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Folder::
C:\Program Files\McAfee
C:\Program Files\Common Files\McAfee
KILLALL::
Driver::
0159851316703667MCINSTCLEANUP
CFWIDS
MCAFEE_SITEADVISOR
MCAFEE_SITEADVISOR_SERVICE
MCMPFSVC
MCNAIANN
MCNASVC
MCODS
MFEAVFK
MFEAVFK02
MFEBOPK
MFEFIRE
MFEHIDK
MFERKDET
MFERKDK
MFESMFK
MFETDI2K
MFEVTP
MFE_NDISKMP
mcmscsvc
Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\McAfee]
[-HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\McAfee Trust]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E750330E-A1DA-4291-97A6-7441AA00F1F6}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E750330E-A1DA-4291-97A6-7441AA00F1F6}\ToolboxBitmap32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SASettings.SASettings]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SASettings.SASettings.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\McAfee]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
[-HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\InternetRegistry\McAfee]
[-HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\SystemCertificates\McAfee Trust]
[-KEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Share this post


Link to post
Share on other sites

Did as you asked with the Combofix. After dragging the SFScript.txt into Combovix, my AVG virus program immediately popped up a virus notification that Malware.gen was found. AVG quarantined it. I tried again thinking perhaps it was just a coincidence...... AGAIN Malware.gen was found and subsequently quarantined.

Please help.

Thanks.

Share this post


Link to post
Share on other sites

It's a false positive by AVG. That is why you are asked to disable your security software before running ComboFix. Please delete your copy of ComboFix, grab a fresh one, then run the script.

Share this post


Link to post
Share on other sites

Unfortunately I was never told to disable any security programs.

Security disabled and then I ran Combofix and DDS as requested.

Combofix log is:

ComboFix 11-12-10.01 - Karla Reece 12/10/2011 10:59:42.4.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.558 [GMT -5:00]

Running from: c:\documents and settings\Karla Reece\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Karla Reece\Desktop\CFScript.txt

AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\program files\Common Files\McAfee

c:\program files\McAfee

c:\windows\system32\Cache

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6875d50b57d25c8a.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_CFWIDS

-------\Legacy_MFEAVFK02

-------\Legacy_MFEFIRE

-------\Legacy_MFERKDET

-------\Legacy_MFETDI2K

-------\Legacy_MFEVTP

.

.

((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))

.

.

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-17 01:27 . 2011-11-07 01:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-07 01:14 . 2011-11-07 01:14 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-07 01:14 . 2010-08-31 10:38 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-10 14:22 . 2009-02-12 19:23 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2009-02-12 18:05 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2009-02-12 18:05 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2009-02-12 18:05 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-12-10 15:43 . 2011-05-20 22:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 18:01 . 2011-01-11 01:21 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-23_03.06.56 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

+ 2011-12-10 16:07 . 2011-12-10 16:07 16384 c:\windows\temp\Perflib_Perfdata_e44.dat

+ 2011-12-10 16:10 . 2011-12-10 16:10 16384 c:\windows\temp\Perflib_Perfdata_d30.dat

+ 2011-12-10 16:09 . 2011-12-10 16:09 16384 c:\windows\temp\Perflib_Perfdata_6e4.dat

+ 2011-10-28 19:43 . 2009-03-17 03:19 58208 c:\windows\system32\wsimd.sys

- 2009-06-26 00:51 . 2007-07-28 03:11 26488 c:\windows\system32\spupdsvc.exe

+ 2009-06-26 00:51 . 2011-08-12 17:51 26488 c:\windows\system32\spupdsvc.exe

+ 2009-02-12 18:05 . 2011-08-17 21:32 44544 c:\windows\system32\pngfilt.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 44544 c:\windows\system32\pngfilt.dll

+ 2009-02-12 18:05 . 2011-11-06 20:29 40394 c:\windows\system32\perfc009.dat

- 2009-02-12 18:05 . 2011-03-14 00:23 40394 c:\windows\system32\perfc009.dat

- 2007-08-13 22:54 . 2011-06-21 18:45 52224 c:\windows\system32\msfeedsbs.dll

+ 2007-08-13 22:54 . 2011-08-17 21:32 52224 c:\windows\system32\msfeedsbs.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 27648 c:\windows\system32\jsproxy.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 27648 c:\windows\system32\jsproxy.dll

+ 2007-08-13 22:39 . 2011-08-17 12:21 13824 c:\windows\system32\ieudinit.exe

- 2007-08-13 22:39 . 2011-06-21 11:46 13824 c:\windows\system32\ieudinit.exe

- 2009-02-12 18:05 . 2011-06-21 18:45 44544 c:\windows\system32\iernonce.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 44544 c:\windows\system32\iernonce.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 78336 c:\windows\system32\ieencode.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 78336 c:\windows\system32\ieencode.dll

+ 2009-02-12 18:05 . 2011-08-17 12:21 70656 c:\windows\system32\ie4uinit.exe

- 2009-02-12 18:05 . 2011-06-21 11:46 70656 c:\windows\system32\ie4uinit.exe

+ 2007-08-13 22:36 . 2011-08-17 21:32 63488 c:\windows\system32\icardie.dll

- 2007-08-13 22:36 . 2011-06-21 18:45 63488 c:\windows\system32\icardie.dll

+ 2011-10-28 19:43 . 2011-08-09 22:51 85256 c:\windows\system32\dsaNac.dll

+ 2011-10-28 19:43 . 2009-03-17 03:19 58208 c:\windows\system32\drivers\wsimd.sys

+ 2008-04-14 00:48 . 2008-04-14 04:48 52480 c:\windows\system32\drivers\i8042prt.sys

- 2008-04-14 00:48 . 2008-04-14 12:00 52480 c:\windows\system32\drivers\i8042prt.sys

- 2009-02-12 18:05 . 2011-06-21 18:45 44544 c:\windows\system32\dllcache\pngfilt.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 44544 c:\windows\system32\dllcache\pngfilt.dll

+ 2009-02-12 18:05 . 2011-09-26 15:41 20480 c:\windows\system32\dllcache\oleaccrc.dll

- 2009-07-09 13:02 . 2011-06-21 18:45 52224 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2009-07-09 13:02 . 2011-08-17 21:32 52224 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 27648 c:\windows\system32\dllcache\jsproxy.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 27648 c:\windows\system32\dllcache\jsproxy.dll

+ 2009-07-09 13:02 . 2011-08-17 12:21 13824 c:\windows\system32\dllcache\ieudinit.exe

- 2009-07-09 13:02 . 2011-06-21 11:46 13824 c:\windows\system32\dllcache\ieudinit.exe

- 2009-02-12 18:05 . 2011-06-21 18:45 44544 c:\windows\system32\dllcache\iernonce.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 44544 c:\windows\system32\dllcache\iernonce.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 78336 c:\windows\system32\dllcache\ieencode.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 78336 c:\windows\system32\dllcache\ieencode.dll

- 2009-02-12 18:05 . 2011-06-21 11:46 70656 c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-02-12 18:05 . 2011-08-17 12:21 70656 c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-07-09 13:02 . 2011-08-17 21:32 63488 c:\windows\system32\dllcache\icardie.dll

- 2009-07-09 13:02 . 2011-06-21 18:45 63488 c:\windows\system32\dllcache\icardie.dll

+ 2008-04-14 00:48 . 2008-04-14 04:48 52480 c:\windows\system32\dllcache\i8042prt.sys

- 2008-04-14 00:48 . 2008-04-14 12:00 52480 c:\windows\system32\dllcache\i8042prt.sys

+ 2009-02-12 18:05 . 2011-08-17 21:32 17408 c:\windows\system32\dllcache\corpol.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 17408 c:\windows\system32\dllcache\corpol.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 17408 c:\windows\system32\corpol.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 17408 c:\windows\system32\corpol.dll

- 2009-02-12 19:28 . 2011-09-22 15:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-12 19:28 . 2011-11-21 00:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-12 19:28 . 2011-11-21 00:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2009-02-12 19:28 . 2011-09-22 15:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2011-11-21 00:21 . 2011-11-21 00:21 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2011-10-29 01:14 . 2011-10-29 01:14 22016 c:\windows\Installer\1332c40.msi

+ 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe

+ 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe

+ 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe

+ 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe

+ 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe

+ 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe

+ 2011-11-21 00:23 . 2011-11-21 00:23 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ARPPRODUCTICON.exe

+ 2011-06-06 17:55 . 2011-06-06 17:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll

+ 2011-06-06 17:55 . 2011-06-06 17:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe

+ 2011-06-06 17:55 . 2011-06-06 17:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll

+ 2011-06-06 17:55 . 2011-06-06 17:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe

+ 2011-06-06 17:55 . 2011-06-06 17:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe

+ 2011-06-06 17:55 . 2011-06-06 17:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe

+ 2011-06-06 17:55 . 2011-06-06 17:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll

+ 2011-06-06 17:55 . 2011-06-06 17:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll

+ 2011-06-06 17:55 . 2011-06-06 17:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 44544 c:\windows\ie7updates\KB2586448-IE7\pngfilt.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 52224 c:\windows\ie7updates\KB2586448-IE7\msfeedsbs.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 27648 c:\windows\ie7updates\KB2586448-IE7\jsproxy.dll

+ 2011-10-29 01:55 . 2011-06-21 11:46 13824 c:\windows\ie7updates\KB2586448-IE7\ieudinit.exe

+ 2011-10-29 01:55 . 2011-06-21 18:45 44544 c:\windows\ie7updates\KB2586448-IE7\iernonce.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 78336 c:\windows\ie7updates\KB2586448-IE7\ieencode.dll

+ 2011-10-29 01:55 . 2011-06-21 11:46 70656 c:\windows\ie7updates\KB2586448-IE7\ie4uinit.exe

+ 2011-10-29 01:55 . 2011-06-21 18:45 63488 c:\windows\ie7updates\KB2586448-IE7\icardie.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 17408 c:\windows\ie7updates\KB2586448-IE7\corpol.dll

+ 2011-10-29 01:55 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2592799\update\spcustom.dll

+ 2011-10-29 01:55 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2592799\spmsg.dll

+ 2011-10-29 01:55 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2586448-IE7\update\spcustom.dll

+ 2011-10-29 01:55 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2586448-IE7\spmsg.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 44544 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\pngfilt.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 52224 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\msfeedsbs.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 27648 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\jsproxy.dll

+ 2011-08-17 12:33 . 2011-08-17 12:33 13824 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieudinit.exe

+ 2011-08-17 21:30 . 2011-08-17 21:30 44544 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iernonce.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 78336 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieencode.dll

+ 2011-08-17 12:33 . 2011-08-17 12:33 70656 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ie4uinit.exe

+ 2011-08-17 21:30 . 2011-08-17 21:30 63488 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\icardie.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 17408 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\corpol.dll

+ 2011-10-29 01:55 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2567053\update\spcustom.dll

+ 2011-10-29 01:55 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2567053\spmsg.dll

+ 2011-11-10 01:17 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544893-v2\update\spcustom.dll

+ 2011-11-10 01:17 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544893-v2\spmsg.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2009-06-15 08:10 . 2009-06-15 08:10 282624 c:\windows\system32\yk51x86.dll

+ 2011-10-28 19:43 . 2011-08-09 22:51 253160 c:\windows\system32\wsimd.dll

+ 2011-10-28 19:43 . 2011-08-09 22:51 257256 c:\windows\system32\wsfwDS.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 832512 c:\windows\system32\wininet.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 832512 c:\windows\system32\wininet.dll

+ 2011-10-28 19:43 . 2011-08-09 22:46 429312 c:\windows\system32\wgapi.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 233472 c:\windows\system32\webcheck.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 233472 c:\windows\system32\webcheck.dll

+ 2011-10-28 19:43 . 2011-08-09 22:46 339200 c:\windows\system32\wcapiU.dll

+ 2011-10-28 19:43 . 2011-08-09 22:46 417000 c:\windows\system32\wcapi.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 106496 c:\windows\system32\url.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 106496 c:\windows\system32\url.dll

+ 2009-02-12 18:05 . 2011-11-06 20:29 312172 c:\windows\system32\perfh009.dat

- 2009-02-12 18:05 . 2011-03-14 00:23 312172 c:\windows\system32\perfh009.dat

- 2009-02-12 18:05 . 2011-06-21 18:45 102912 c:\windows\system32\occache.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 102912 c:\windows\system32\occache.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 671232 c:\windows\system32\mstime.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 671232 c:\windows\system32\mstime.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 193024 c:\windows\system32\msrating.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 193024 c:\windows\system32\msrating.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 478720 c:\windows\system32\mshtmled.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 478720 c:\windows\system32\mshtmled.dll

+ 2007-08-13 22:54 . 2011-08-17 21:32 468480 c:\windows\system32\msfeeds.dll

- 2007-08-13 22:54 . 2011-06-21 18:45 468480 c:\windows\system32\msfeeds.dll

+ 2011-11-17 01:27 . 2011-11-17 01:27 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe

+ 2011-11-07 01:13 . 2011-11-07 01:13 247968 c:\windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe

+ 2011-11-07 01:14 . 2011-11-07 01:14 157472 c:\windows\system32\javaws.exe

- 2010-08-31 10:38 . 2010-07-17 10:00 145184 c:\windows\system32\javaw.exe

+ 2011-11-07 01:14 . 2011-11-07 01:14 145184 c:\windows\system32\javaw.exe

- 2010-08-31 10:38 . 2010-07-17 10:00 145184 c:\windows\system32\java.exe

+ 2011-11-07 01:14 . 2011-11-07 01:14 145184 c:\windows\system32\java.exe

+ 2011-10-28 19:43 . 2011-08-09 22:46 265456 c:\windows\system32\IPTests.dll

+ 2007-08-13 22:34 . 2011-08-17 21:32 268288 c:\windows\system32\iertutil.dll

- 2007-08-13 22:34 . 2011-06-21 18:45 268288 c:\windows\system32\iertutil.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 192512 c:\windows\system32\iepeers.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 192512 c:\windows\system32\iepeers.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 384512 c:\windows\system32\iedkcs32.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 384512 c:\windows\system32\iedkcs32.dll

+ 2007-07-11 16:27 . 2011-08-17 21:32 380928 c:\windows\system32\ieapfltr.dll

- 2007-07-11 16:27 . 2011-06-21 18:45 380928 c:\windows\system32\ieapfltr.dll

- 2009-02-12 18:05 . 2011-06-20 11:27 161792 c:\windows\system32\ieakui.dll

+ 2009-02-12 18:05 . 2011-08-17 11:00 161792 c:\windows\system32\ieakui.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 230400 c:\windows\system32\ieaksie.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 230400 c:\windows\system32\ieaksie.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 153088 c:\windows\system32\ieakeng.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 153088 c:\windows\system32\ieakeng.dll

- 2009-02-12 11:17 . 2011-07-15 01:19 107808 c:\windows\system32\FNTCACHE.DAT

+ 2009-02-12 11:17 . 2011-10-30 21:11 107808 c:\windows\system32\FNTCACHE.DAT

- 2009-02-12 18:05 . 2011-06-21 18:45 133120 c:\windows\system32\extmgr.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 133120 c:\windows\system32\extmgr.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 214528 c:\windows\system32\dxtrans.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 214528 c:\windows\system32\dxtrans.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 347136 c:\windows\system32\dxtmsft.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 347136 c:\windows\system32\dxtmsft.dll

+ 2009-06-15 08:10 . 2009-06-15 08:10 297728 c:\windows\system32\drivers\yk51x86.sys

+ 2009-02-12 18:05 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys

- 2009-02-12 18:05 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys

- 2009-02-12 18:05 . 2011-06-21 18:45 832512 c:\windows\system32\dllcache\wininet.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 832512 c:\windows\system32\dllcache\wininet.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 233472 c:\windows\system32\dllcache\webcheck.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 233472 c:\windows\system32\dllcache\webcheck.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 106496 c:\windows\system32\dllcache\url.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 106496 c:\windows\system32\dllcache\url.dll

+ 2009-02-12 18:05 . 2011-09-26 15:41 220160 c:\windows\system32\dllcache\oleacc.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 102912 c:\windows\system32\dllcache\occache.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 102912 c:\windows\system32\dllcache\occache.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 671232 c:\windows\system32\dllcache\mstime.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 671232 c:\windows\system32\dllcache\mstime.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 193024 c:\windows\system32\dllcache\msrating.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 193024 c:\windows\system32\dllcache\msrating.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 478720 c:\windows\system32\dllcache\mshtmled.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 478720 c:\windows\system32\dllcache\mshtmled.dll

- 2009-07-09 13:02 . 2011-06-21 18:45 468480 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-07-09 13:02 . 2011-08-17 21:32 468480 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-02-12 19:23 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll

- 2009-02-12 19:23 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2009-02-12 19:23 . 2011-08-17 11:01 634632 c:\windows\system32\dllcache\iexplore.exe

+ 2009-07-09 13:02 . 2011-08-17 21:32 268288 c:\windows\system32\dllcache\iertutil.dll

- 2009-07-09 13:02 . 2011-06-21 18:45 268288 c:\windows\system32\dllcache\iertutil.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 192512 c:\windows\system32\dllcache\iepeers.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 192512 c:\windows\system32\dllcache\iepeers.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 384512 c:\windows\system32\dllcache\iedkcs32.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 384512 c:\windows\system32\dllcache\iedkcs32.dll

- 2009-07-09 13:02 . 2011-06-21 18:45 380928 c:\windows\system32\dllcache\ieapfltr.dll

+ 2009-07-09 13:02 . 2011-08-17 21:32 380928 c:\windows\system32\dllcache\ieapfltr.dll

+ 2009-02-12 18:05 . 2011-08-17 11:00 161792 c:\windows\system32\dllcache\ieakui.dll

- 2009-02-12 18:05 . 2011-06-20 11:27 161792 c:\windows\system32\dllcache\ieakui.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 230400 c:\windows\system32\dllcache\ieaksie.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 230400 c:\windows\system32\dllcache\ieaksie.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 133120 c:\windows\system32\dllcache\extmgr.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 133120 c:\windows\system32\dllcache\extmgr.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 347136 c:\windows\system32\dllcache\dxtmsft.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 347136 c:\windows\system32\dllcache\dxtmsft.dll

- 2009-02-12 18:05 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll

+ 2009-02-12 18:05 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll

+ 2009-02-12 18:05 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys

- 2009-02-12 18:05 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys

- 2009-02-12 18:05 . 2011-06-21 18:45 124928 c:\windows\system32\dllcache\advpack.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 124928 c:\windows\system32\dllcache\advpack.dll

+ 2011-10-28 19:43 . 2011-08-09 22:46 314624 c:\windows\system32\athcfg20U.dll

+ 2011-10-28 19:43 . 2011-08-09 22:46 130312 c:\windows\system32\athcfg20resU.dll

+ 2011-10-28 19:43 . 2011-08-09 22:46 130288 c:\windows\system32\athcfg20res.dll

+ 2011-10-28 19:43 . 2011-08-09 22:46 302312 c:\windows\system32\athcfg20.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 124928 c:\windows\system32\advpack.dll

+ 2009-02-12 18:05 . 2011-08-17 21:32 124928 c:\windows\system32\advpack.dll

+ 2011-10-28 19:43 . 2011-08-09 22:46 503032 c:\windows\system32\acs.exe

+ 2011-11-07 01:14 . 2011-11-07 01:14 203776 c:\windows\Installer\5b17c.msi

+ 2011-11-07 01:14 . 2011-11-07 01:14 901120 c:\windows\Installer\5b16c.msi

+ 2011-10-30 21:29 . 2011-10-30 21:29 219648 c:\windows\Installer\10b9e2.msi

+ 2011-06-06 17:55 . 2011-06-06 17:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll

+ 2011-06-06 17:55 . 2011-06-06 17:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll

+ 2011-06-06 17:55 . 2011-06-06 17:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe

+ 2011-06-06 17:55 . 2011-06-06 17:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll

+ 2011-06-06 17:55 . 2011-06-06 17:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll

+ 2011-06-06 17:55 . 2011-06-06 17:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll

+ 2011-06-06 17:55 . 2011-06-06 17:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll

+ 2011-06-06 17:55 . 2011-06-06 17:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe

+ 2011-06-06 17:55 . 2011-06-06 17:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 832512 c:\windows\ie7updates\KB2586448-IE7\wininet.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 233472 c:\windows\ie7updates\KB2586448-IE7\webcheck.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 106496 c:\windows\ie7updates\KB2586448-IE7\url.dll

+ 2011-10-29 01:55 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2586448-IE7\spuninst\updspapi.dll

+ 2011-10-29 01:55 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2586448-IE7\spuninst\spuninst.exe

+ 2011-10-29 01:55 . 2011-06-21 18:45 102912 c:\windows\ie7updates\KB2586448-IE7\occache.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 671232 c:\windows\ie7updates\KB2586448-IE7\mstime.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 193024 c:\windows\ie7updates\KB2586448-IE7\msrating.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 478720 c:\windows\ie7updates\KB2586448-IE7\mshtmled.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 468480 c:\windows\ie7updates\KB2586448-IE7\msfeeds.dll

+ 2011-10-29 01:55 . 2011-06-20 11:29 634648 c:\windows\ie7updates\KB2586448-IE7\iexplore.exe

+ 2011-10-29 01:55 . 2011-06-21 18:45 268288 c:\windows\ie7updates\KB2586448-IE7\iertutil.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 192512 c:\windows\ie7updates\KB2586448-IE7\iepeers.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 384512 c:\windows\ie7updates\KB2586448-IE7\iedkcs32.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 380928 c:\windows\ie7updates\KB2586448-IE7\ieapfltr.dll

+ 2011-10-29 01:55 . 2011-06-20 11:27 161792 c:\windows\ie7updates\KB2586448-IE7\ieakui.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 230400 c:\windows\ie7updates\KB2586448-IE7\ieaksie.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 153088 c:\windows\ie7updates\KB2586448-IE7\ieakeng.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 133120 c:\windows\ie7updates\KB2586448-IE7\extmgr.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 214528 c:\windows\ie7updates\KB2586448-IE7\dxtrans.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 347136 c:\windows\ie7updates\KB2586448-IE7\dxtmsft.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 124928 c:\windows\ie7updates\KB2586448-IE7\advpack.dll

+ 2011-11-10 01:17 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2544893-v2$\spuninst\updspapi.dll

+ 2011-11-10 01:17 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe

+ 2011-11-10 01:17 . 2011-05-02 15:31 692736 c:\windows\$NtUninstallKB2544893-v2$\inetcomm.dll

+ 2011-10-29 01:55 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2592799\update\updspapi.dll

+ 2011-10-29 01:55 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2592799\update\update.exe

+ 2011-10-29 01:55 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2592799\spuninst.exe

+ 2011-10-28 19:48 . 2011-08-17 13:41 138496 c:\windows\$hf_mig$\KB2592799\SP3QFE\afd.sys

+ 2011-10-29 01:55 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2586448-IE7\update\updspapi.dll

+ 2011-10-29 01:55 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2586448-IE7\update\update.exe

+ 2011-10-29 01:55 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2586448-IE7\spuninst.exe

+ 2011-08-17 21:30 . 2011-08-17 21:30 841216 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\wininet.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 233472 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\webcheck.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 106496 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\url.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 102912 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\occache.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 671232 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\mstime.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 193024 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\msrating.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 478720 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\mshtmled.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 468480 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\msfeeds.dll

+ 2011-08-17 10:34 . 2011-08-17 10:34 634632 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iexplore.exe

+ 2011-08-17 21:30 . 2011-08-17 21:30 268288 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iertutil.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 193024 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iepeers.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 388608 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iedkcs32.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 380928 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieapfltr.dll

+ 2011-08-17 10:33 . 2011-08-17 10:33 161792 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieakui.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 230400 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieaksie.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 153088 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieakeng.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 132608 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\extmgr.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 214528 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\dxtrans.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 347136 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\dxtmsft.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 124928 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\advpack.dll

+ 2011-10-29 01:55 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2567053\update\updspapi.dll

+ 2011-10-29 01:55 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2567053\update\update.exe

+ 2011-10-29 01:55 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2567053\spuninst.exe

+ 2011-11-10 01:17 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2544893-v2\update\updspapi.dll

+ 2011-11-10 01:17 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2544893-v2\update\update.exe

+ 2011-11-10 01:17 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2544893-v2\spuninst.exe

+ 2011-10-10 14:21 . 2011-10-10 14:21 692736 c:\windows\$hf_mig$\KB2544893-v2\SP3QFE\inetcomm.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

+ 2009-02-12 18:05 . 2011-09-06 13:20 1858944 c:\windows\system32\win32k.sys

- 2009-02-12 18:05 . 2011-06-02 14:02 1858944 c:\windows\system32\win32k.sys

+ 2009-02-12 18:05 . 2011-08-17 21:32 1168896 c:\windows\system32\urlmon.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 1168896 c:\windows\system32\urlmon.dll

+ 2011-10-28 19:04 . 2008-10-08 06:35 1334432 c:\windows\system32\ReinstallBackups\0015\DriverFiles\athw.sys

+ 2009-02-12 18:05 . 2011-09-05 07:48 3615744 c:\windows\system32\mshtml.dll

+ 2011-11-07 01:13 . 2011-11-17 01:27 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2007-08-13 22:54 . 2011-08-17 21:32 6076416 c:\windows\system32\ieframe.dll

- 2007-08-13 22:54 . 2011-06-21 18:45 6076416 c:\windows\system32\ieframe.dll

+ 2011-10-28 19:43 . 2011-08-09 22:51 1273088 c:\windows\system32\dsa.dll

+ 2011-10-28 19:43 . 2011-08-05 02:35 1981760 c:\windows\system32\drivers\athw.sys

- 2009-02-12 18:05 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys

+ 2009-02-12 18:05 . 2011-09-06 13:20 1858944 c:\windows\system32\dllcache\win32k.sys

+ 2009-02-12 18:05 . 2011-08-17 21:32 1168896 c:\windows\system32\dllcache\urlmon.dll

- 2009-02-12 18:05 . 2011-06-21 18:45 1168896 c:\windows\system32\dllcache\urlmon.dll

+ 2009-02-12 18:05 . 2011-09-05 07:48 3615744 c:\windows\system32\dllcache\mshtml.dll

+ 2009-07-09 13:02 . 2011-08-17 21:32 6076416 c:\windows\system32\dllcache\ieframe.dll

- 2009-07-09 13:02 . 2011-06-21 18:45 6076416 c:\windows\system32\dllcache\ieframe.dll

+ 2011-10-28 19:43 . 2011-08-05 02:35 1981760 c:\windows\system32\athw.sys

+ 2011-11-29 01:14 . 2011-11-29 01:14 2186240 c:\windows\Installer\75940.msi

+ 2011-11-17 01:34 . 2011-11-17 01:34 4671488 c:\windows\Installer\67f26.msi

+ 2011-11-21 00:23 . 2011-11-21 00:23 1435136 c:\windows\Installer\21d6ec.msi

+ 2011-11-07 01:34 . 2011-11-07 01:34 2295808 c:\windows\Installer\16f866.msi

+ 2011-06-06 17:55 . 2011-06-06 17:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll

+ 2011-06-06 17:55 . 2011-06-06 17:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll

+ 2011-06-06 17:55 . 2011-06-06 17:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe

+ 2011-06-06 17:55 . 2011-06-06 17:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe

+ 2011-10-29 01:55 . 2011-06-21 18:45 1168896 c:\windows\ie7updates\KB2586448-IE7\urlmon.dll

+ 2011-10-29 01:55 . 2011-07-22 16:35 3613696 c:\windows\ie7updates\KB2586448-IE7\mshtml.dll

+ 2011-10-29 01:55 . 2011-06-21 18:45 6076416 c:\windows\ie7updates\KB2586448-IE7\ieframe.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 1172992 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\urlmon.dll

+ 2011-08-18 10:00 . 2011-08-18 10:00 3617792 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\mshtml.dll

+ 2011-08-17 21:30 . 2011-08-17 21:30 6080512 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieframe.dll

+ 2011-10-28 19:51 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\ieapfltr.dat

+ 2011-09-06 13:25 . 2011-09-06 13:25 1867904 c:\windows\$hf_mig$\KB2567053\SP3QFE\win32k.sys

+ 2009-06-28 03:17 . 2011-11-10 01:12 50295240 c:\windows\system32\MRT.exe

+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\16f867.msp

+ 2011-06-06 17:55 . 2011-06-06 17:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-06-28 4950664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]

"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]

"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]

"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]

"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]

"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent.exe" [2009-05-07 335872]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"ACU"="c:\program files\Atheros\ACU.exe" [2011-08-09 474368]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2/12/2009 2:29 PM 4300]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/26/2009 8:46 PM 24652]

R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [1/14/2008 10:01 PM 30208]

R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2/12/2009 2:33 PM 238464]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 7:47 AM 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 7:47 AM 133104]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/8/2010 9:52 AM 20480]

S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [8/1/2006 6:57 PM 19840]

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 12:47]

.

2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 12:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.169.1

FF - ProfilePath - c:\documents and settings\Karla Reece\Application Data\Mozilla\Firefox\Profiles\llqfnhrf.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd40e429d-0c7b-454c-813d-26f65be89cd3%7D&mid=d2215bac354547d1adc4d16d94cfa365-c008b0edb16c18519bd433fe59fcee9928356847&ds=AVG&v=8.0.0.34.1〈=en&pr=pr&d=2011-10-30%2017%3A31%3A35&sap=ku&q=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-10 11:09

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3552)

c:\windows\system32\WININET.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\ieframe.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\windows\system32\acs.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\program files\Samsung\Easy Display Manager\dmhkcore.exe

c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe

c:\windows\system32\igfxext.exe

c:\program files\SAMSUNG\MagicKBD\PerformanceManager.exe

c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-12-10 11:13:05 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-10 16:13

ComboFix2.txt 2011-10-23 03:10

.

Pre-Run: 62,250,881,024 bytes free

Post-Run: 62,409,510,912 bytes free

.

- - End Of File - - B1D075240EFE16601E44C6D2DA27304A

DDS file reads:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29

Run by Karla Reece at 11:25:11 on 2011-12-10

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.412 [GMT -5:00]

.

AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe

C:\Program Files\Garmin\MyGarminAgent.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Atheros\ACU.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe

C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe

C:\WINDOWS\system32\notepad.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet

uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe

mRun: [batteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe

mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe

mRun: [MyGarminAgent] c:\program files\garmin\MyGarminAgent.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.169.1

TCP: Interfaces\{FFADABD1-F041-4152-BD77-3518F6E17BD0} : DhcpNameServer = 192.168.169.1

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\karla reece\application data\mozilla\firefox\profiles\llqfnhrf.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd40e429d-0c7b-454c-813d-26f65be89cd3%7D&mid=d2215bac354547d1adc4d16d94cfa365-c008b0edb16c18519bd433fe59fcee9928356847&ds=AVG&v=8.0.0.34.1〈=en&pr=pr&d=2011-10-30%2017%3A31%3A35&sap=ku&q=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 4300]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-26 24652]

R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-14 30208]

R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 238464]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]

S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-8-1 19840]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2011-11-17 01:27:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-07 01:14:25 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-07 01:14:25 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

============= FINISH: 11:25:29.37 ===============

Share this post


Link to post
Share on other sites

Hi,

Things are looking good.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Reboot and let me know what issues remain.

Share this post


Link to post
Share on other sites

In the Device Manager the "Mcafee Core NDIS Intermediate Filter Miniport #2" still shows with an exclamation point - missing driver.

Share this post


Link to post
Share on other sites

Repeat the instructions in Post #30 and we'll see if we missed anything.

Share this post


Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 20:13 on 19/12/2011 by Karla Reece

Administrator - Elevation successful

========== regfind ==========

Searching for "McAfee"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}]

"URL"="http://search.yahoo.com/search?fr=mcafee&p={searchTerms}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://search.yahoo.com/search?fr=mcafee&p=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_0159851316703667MCINSTCLEANUP\0000]

"DeviceDesc"="McAfee Application Installer Cleanup (0159851316703667)"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000]

"DeviceDesc"="McAfee Inc. cfwids"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE\0000]

"Service"="McAfee SiteAdvisor Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_SITEADVISOR_SERVICE\0000]

"DeviceDesc"="McAfee SiteAdvisor Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCMPFSVC\0000]

"DeviceDesc"="McAfee Personal Firewall Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCMSCSVC\0000]

"DeviceDesc"="McAfee Services"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCNAIANN\0000]

"DeviceDesc"="McAfee VirusScan Announcer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCNASVC\0000]

"DeviceDesc"="McAfee Network Agent"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCODS\0000]

"DeviceDesc"="McAfee Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEBOPK\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEFIRE\0000]

"DeviceDesc"="McAfee Firewall Core Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEHIDK\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDET\0000]

"DeviceDesc"="McAfee Inc. mferkdet"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDK\0000]

"DeviceDesc"="McAfee Inc. mferkdk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFESMFK\0000]

"DeviceDesc"="McAfee Inc. mfesmfk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFETDI2K\0000]

"DeviceDesc"="McAfee Inc. mfetdi2k"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEVTP\0000]

"DeviceDesc"="McAfee Validation Trust Protection Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000]

"Mfg"="McAfee"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000]

"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0000]

"FriendlyName"="Atheros AR5007EG Wireless Network Adapter - McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001]

"FriendlyName"="Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller - McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001]

"Mfg"="McAfee"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0001]

"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002]

"FriendlyName"="WAN Miniport (IP) - McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002]

"Mfg"="McAfee"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MFE_NDISKMP\0002]

"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\0159851316703667mcinstcleanup]

"ImagePath"="C:\WINDOWS\TEMP\015985~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\0159851316703667mcinstcleanup]

"DisplayName"="McAfee Application Installer Cleanup (0159851316703667)"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McMPFSvc]

"ImagePath"=""C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McMPFSvc]

"DisplayName"="McAfee Personal Firewall Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc]

"ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc]

"DisplayName"="McAfee Services"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcmscsvc]

"Description"="McAfee Services"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn]

"ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn]

"DisplayName"="McAfee VirusScan Announcer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNaiAnn]

"Description"="McAfee VirusScan Announcer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc]

"ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc]

"DisplayName"="McAfee Network Agent"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McNASvc]

"Description"="Allows McAfee applications to communicate securely on the local network."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS]

"ImagePath"=""C:\Program Files\McAfee\VirusScan\mcods.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS]

"DisplayName"="McAfee Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McODS]

"Description"="McAfee Scanner"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]

"McAfee Core NDIS Intermediate Filter Miniport"="2"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAPFK\0000]

"DeviceDesc"="McAfee Inc. mfeapfk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK01\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEFIREK\0000]

"DeviceDesc"="McAfee Inc. mfefirek"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEHIDK01\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001]

"FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001]

"Mfg"="McAfee"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\MFE_NDISKMP\0001]

"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]

"McAfee Core NDIS Intermediate Filter Miniport"="2"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEAPFK\0000]

"DeviceDesc"="McAfee Inc. mfeapfk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEAVFK01\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEFIREK\0000]

"DeviceDesc"="McAfee Inc. mfefirek"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MFEHIDK01\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001]

"FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001]

"Mfg"="McAfee"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\MFE_NDISKMP\0001]

"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]

"McAfee Core NDIS Intermediate Filter Miniport"="2"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAPFK\0000]

"DeviceDesc"="McAfee Inc. mfeapfk"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK01\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEFIREK\0000]

"DeviceDesc"="McAfee Inc. mfefirek"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEHIDK01\0000]

"DeviceDesc"="McAfee Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001]

"FriendlyName"="McAfee Core NDIS Intermediate Filter Miniport #2"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001]

"Mfg"="McAfee"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MFE_NDISKMP\0001]

"DeviceDesc"="McAfee Core NDIS Intermediate Filter Miniport"

[HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}]

"URL"="http://search.yahoo.com/search?fr=mcafee&p={searchTerms}"

[HKEY_USERS\S-1-5-21-1797825476-4020221913-1248729961-1005\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://search.yahoo.com/search?fr=mcafee&p=%s"

========== filefind ==========

Searching for "McAfee"

No files found.

========== folderfind ==========

Searching for "McAfee"

No folders found.

-= EOF =-

Share this post


Link to post
Share on other sites

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Driver::
0159851316703667MCINSTCLEANUP
CFWIDS
MCAFEE_SITEADVISOR
MCAFEE_SITEADVISOR_SERVICE
MCMPFSVC
MCNAIANN
MCNASVC
MCODS
MFEAVFK
MFEAVFK02
MFEBOPK
MFEFIRE
MFEHIDK
MFERKDET
MFERKDK
MFESMFK
MFETDI2K
MFEVTP
MFE_NDISKMP
mcmscsvc
KILLALL::

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Share this post


Link to post
Share on other sites

Here is Combofix - DDS log to follow

ComboFix 11-12-24.10 - Karla Reece 12/24/2011 20:01:27.5.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.438 [GMT -5:00]

Running from: c:\documents and settings\Karla Reece\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Karla Reece\Desktop\CFScript.txt

AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 )))))))))))))))))))))))))))))))

.

.

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 13:25 . 2009-02-12 18:05 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-17 01:27 . 2011-11-07 01:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-07 01:14 . 2011-11-07 01:14 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-07 01:14 . 2010-08-31 10:38 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-01 16:07 . 2009-02-12 18:05 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-31 23:43 . 2009-02-12 18:05 832512 ----a-w- c:\windows\system32\wininet.dll

2011-10-31 23:43 . 2009-02-12 18:05 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-10-31 23:43 . 2009-02-12 18:05 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-10-31 23:43 . 2009-02-12 18:05 17408 ----a-w- c:\windows\system32\corpol.dll

2011-10-28 05:31 . 2009-02-12 18:05 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2009-02-12 18:05 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2009-02-12 18:05 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2009-02-12 19:23 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2009-02-12 18:05 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2009-02-12 18:05 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2009-02-12 18:05 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-12-10 15:43 . 2011-05-20 22:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 18:01 . 2011-01-11 01:21 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-06-28 4950664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]

"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]

"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]

"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]

"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]

"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent.exe" [2009-05-07 335872]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"ACU"="c:\program files\Atheros\ACU.exe" [2011-08-09 474368]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2/12/2009 2:29 PM 4300]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/26/2009 8:46 PM 24652]

R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [1/14/2008 10:01 PM 30208]

R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2/12/2009 2:33 PM 238464]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 7:47 AM 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 7:47 AM 133104]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/8/2010 9:52 AM 20480]

S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [8/1/2006 6:57 PM 19840]

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 12:47]

.

2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 12:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.169.1

FF - ProfilePath - c:\documents and settings\Karla Reece\Application Data\Mozilla\Firefox\Profiles\llqfnhrf.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd40e429d-0c7b-454c-813d-26f65be89cd3%7D&mid=d2215bac354547d1adc4d16d94cfa365-c008b0edb16c18519bd433fe59fcee9928356847&ds=AVG&v=8.0.0.34.1〈=en&pr=pr&d=2011-10-30%2017%3A31%3A35&sap=ku&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-24 20:08

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2616)

c:\windows\system32\WININET.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\ieframe.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\windows\system32\acs.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\program files\Samsung\Easy Display Manager\dmhkcore.exe

c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe

c:\program files\SAMSUNG\MagicKBD\PerformanceManager.exe

c:\windows\system32\igfxext.exe

c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-12-24 20:11:38 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-25 01:11

ComboFix2.txt 2011-12-10 16:13

.

Pre-Run: 64,871,059,456 bytes free

Post-Run: 64,841,416,704 bytes free

.

- - End Of File - - E629D3264728B657305512AF85FD56B1

Share this post


Link to post
Share on other sites

DDS Log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29

Run by Karla Reece at 20:16:31 on 2011-12-24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.567 [GMT -5:00]

.

AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Garmin\MyGarminAgent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Atheros\ACU.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe

C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet

uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe

mRun: [batteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe

mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe

mRun: [MyGarminAgent] c:\program files\garmin\MyGarminAgent.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.169.1

TCP: Interfaces\{FFADABD1-F041-4152-BD77-3518F6E17BD0} : DhcpNameServer = 192.168.169.1

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\karla reece\application data\mozilla\firefox\profiles\llqfnhrf.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd40e429d-0c7b-454c-813d-26f65be89cd3%7D&mid=d2215bac354547d1adc4d16d94cfa365-c008b0edb16c18519bd433fe59fcee9928356847&ds=AVG&v=8.0.0.34.1〈=en&pr=pr&d=2011-10-30%2017%3A31%3A35&sap=ku&q=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 4300]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-26 24652]

R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-14 30208]

R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 238464]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]

S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-8-1 19840]

.

=============== Created Last 30 ================

.

2011-12-25 00:59:05 98816 ----a-w- c:\windows\sed.exe

2011-12-25 00:59:05 518144 ----a-w- c:\windows\SWREG.exe

2011-12-25 00:59:05 256000 ----a-w- c:\windows\PEV.exe

2011-12-25 00:59:05 208896 ----a-w- c:\windows\MBR.exe

.

==================== Find3M ====================

.

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-17 01:27:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-07 01:14:25 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-07 01:14:25 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll

2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-10-31 23:43:21 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-10-31 23:43:20 17408 ----a-w- c:\windows\system32\corpol.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

============= FINISH: 20:16:49.87 ===============

Share this post


Link to post
Share on other sites

Please take a screenshot of the error you are experiencing and post it here.

Share this post


Link to post
Share on other sites

Attached is the photo of the screen shot of the device manager with the mcafee file. I right clicked to try and uninstall and got the resulting message.

post-95571-0-21691400-1326660410.jpg

Share this post


Link to post
Share on other sites

Hi,

Please open Notepad. Copy and paste the following text (starting with @echo off) into the Notepad document.

Navigate to File --> Save As..., and save the file as RegExport.bat (make sure the Save As Type is set to All Files).

Save it to your Desktop.

@echo off
REGEDIT.exe /E "%userprofile%\DESKTOP\check.reg" "HKEY_LOCAL_MACHINE\Drivers\Active"
EXIT

Now navigate to your Desktop, and double click RegExport.bat

A black window will open and close quickly. This is normal.

Now, open Notepad, navigate to your Desktop, and open check.reg; post its contents here.

Share this post


Link to post
Share on other sites

Done, however I was not able to find a file titled check.reg on the desktop. I did a quick search of the computer and couldn't find it either. Did I miss something?

Share this post


Link to post
Share on other sites

Hi,

Scratch that.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Reboot.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Run TFC by OldTimer to clear temporary files:

At this point I suggest contacting McAfee's support. Hopefully they'll be able to remove this component of their own software.

Share this post


Link to post
Share on other sites

Alrighty.... Thanks for helping me fix most of it!

Cheers.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.