Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect and pop-ups after XP Internet Security 2012


  • This topic is locked This topic is locked
22 replies to this topic

#1 sapphirine

sapphirine

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 13 December 2011 - 11:02 AM

Hello again Bleeping Computer,

Yesterday I was hit with XP Internet Security 2012 which has left me with Google redirect, annoying pop-up windows in Firefox that opens as many as 11 tabs at once, and overall slowness of the computer. I am trying to post my logs to the forum but it keeps saying "problem loading page." I was able to post a short test to the forum so I'll try it this way.. just going to post each log separately as replies and hopefully that will work... thanks!

BC AdBot (Login to Remove)

 


#2 sapphirine

sapphirine
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 13 December 2011 - 11:03 AM

I cannot even post one log without getting "Problem loading page." Please help.

#3 sapphirine

sapphirine
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 16 December 2011 - 06:06 PM

Going to try this again with my GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-12 19:32:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD800JD-75MSA1 rev.10.01E01
Running: d0s693mq.exe; Driver: C:\DOCUME~1\Kristi\LOCALS~1\Temp\uxtdapod.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ctfmon.exe[156] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00A63E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\Digital Line Detect\DLG.exe[200] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 01063E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[416] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 019C3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[1068] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FD000A
.text C:\WINDOWS\System32\svchost.exe[1068] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FE000A
.text C:\WINDOWS\System32\svchost.exe[1068] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FC000C
.text C:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 017F3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1924] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00A83E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[1944] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 017D3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe[1952] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 02213E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[2000] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 01663E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \FileSystem\Fastfat \Fat A9149D20

AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) AA4D7000-AA4EE000 (94208 bytes)
Module (noname) (*** hidden *** ) 01900000-03162000 (25567232 bytes)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\temp\sqlite_Exx4td6uyNLwyCd 0 bytes
File C:\WINDOWS\temp\sqlite_Exx4td6uyNLwyCd-journal 0 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463 0 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463\bckfg.tmp 850 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463\cfg.ini 199 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463\keywords 134 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463\L 0 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463\L\pdmzmplg 162816 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463\U 0 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB36617$\2573604463\U\80000032.@ 98304 bytes
File C:\WINDOWS\$NtUninstallKB36617$\3618463053 0 bytes

---- EOF - GMER 1.0.15 ----

#4 sapphirine

sapphirine
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 16 December 2011 - 06:09 PM

It worked! Trying the Attach log. DDS log will not upload, now I'm getting "The Connection was reset."


Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/30/2006 5:20:34 PM
System Uptime: 12/12/2011 2:40:32 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0JC474
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 51 GiB total, 17.983 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 13.292 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0)
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Cobian Backup 10
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support 3.1
Dell System Restore
Digital Content Portal
Digital Line Detect
ELIcon
GemMaster Mystic
Google Chrome
Google Desktop
Google Gmail Notifier
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
iTunes
Java Auto Updater
Java™ 6 Update 26
Learn2 Player (Uninstall Only)
Lexmark Z600 Series
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Uninstaller
MCU
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
OpenOffice.org 3.2
Otto
QuickTime
RealPlayer Basic
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Search Assist
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SpywareBlaster 4.4
Tradewinds
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
12/9/2011 5:24:38 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MskService with arguments "" in order to run the server: {5109B8D8-73AF-4C41-A70E-73707E1F908A}
12/5/2011 10:15:25 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/12/2011 5:30:34 PM, error: Service Control Manager [7034] - The McAfee.com McShield service terminated unexpectedly. It has done this 1 time(s).
12/12/2011 2:42:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
12/12/2011 2:20:15 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/12/2011 2:17:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/10/2011 7:52:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server service to connect.
12/10/2011 7:52:03 PM, error: Service Control Manager [7000] - The McAfee SpamKiller Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:14 AM

Posted 18 December 2011 - 09:59 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 sapphirine

sapphirine
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 18 December 2011 - 11:18 PM

TDSSKiller Log:

21:42:15.0430 1740 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
21:42:17.0430 1740 ============================================================
21:42:17.0430 1740 Current date / time: 2011/12/18 21:42:17.0430
21:42:17.0430 1740 SystemInfo:
21:42:17.0430 1740
21:42:17.0430 1740 OS Version: 5.1.2600 ServicePack: 3.0
21:42:17.0430 1740 Product type: Workstation
21:42:17.0430 1740 ComputerName: ERALAN
21:42:17.0430 1740 UserName: Kristi
21:42:17.0430 1740 Windows directory: C:\WINDOWS
21:42:17.0430 1740 System windows directory: C:\WINDOWS
21:42:17.0430 1740 Processor architecture: Intel x86
21:42:17.0430 1740 Number of processors: 2
21:42:17.0430 1740 Page size: 0x1000
21:42:17.0430 1740 Boot type: Normal boot
21:42:17.0430 1740 ============================================================
21:42:19.0164 1740 Initialize success
21:42:20.0883 2068 ============================================================
21:42:20.0883 2068 Scan started
21:42:20.0883 2068 Mode: Manual;
21:42:20.0883 2068 ============================================================
21:42:22.0445 2068 Abiosdsk - ok
21:42:22.0508 2068 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:42:22.0524 2068 abp480n5 - ok
21:42:22.0586 2068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:42:22.0602 2068 ACPI - ok
21:42:22.0649 2068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:42:22.0664 2068 ACPIEC - ok
21:42:22.0680 2068 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:42:22.0711 2068 adpu160m - ok
21:42:22.0742 2068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:42:22.0774 2068 aec - ok
21:42:22.0820 2068 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:42:22.0852 2068 AFD - ok
21:42:22.0883 2068 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:42:22.0914 2068 agp440 - ok
21:42:22.0930 2068 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:42:22.0945 2068 agpCPQ - ok
21:42:22.0977 2068 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:42:22.0992 2068 Aha154x - ok
21:42:23.0008 2068 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:42:23.0039 2068 aic78u2 - ok
21:42:23.0055 2068 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:42:23.0086 2068 aic78xx - ok
21:42:23.0102 2068 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:42:23.0133 2068 AliIde - ok
21:42:23.0180 2068 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:42:23.0195 2068 alim1541 - ok
21:42:23.0211 2068 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:42:23.0242 2068 amdagp - ok
21:42:23.0258 2068 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:42:23.0289 2068 amsint - ok
21:42:23.0305 2068 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:42:23.0320 2068 asc - ok
21:42:23.0336 2068 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:42:23.0367 2068 asc3350p - ok
21:42:23.0383 2068 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:42:23.0414 2068 asc3550 - ok
21:42:23.0461 2068 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
21:42:23.0477 2068 ASCTRM - ok
21:42:23.0539 2068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:42:23.0555 2068 AsyncMac - ok
21:42:23.0586 2068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:42:23.0586 2068 atapi - ok
21:42:23.0695 2068 Atdisk - ok
21:42:23.0727 2068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:42:23.0742 2068 Atmarpc - ok
21:42:23.0758 2068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:42:23.0774 2068 audstub - ok
21:42:23.0820 2068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:42:23.0899 2068 Beep - ok
21:42:23.0992 2068 bvrp_pci - ok
21:42:24.0117 2068 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:42:24.0149 2068 cbidf - ok
21:42:24.0367 2068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:42:24.0367 2068 cbidf2k - ok
21:42:24.0492 2068 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:42:24.0524 2068 cd20xrnt - ok
21:42:24.0555 2068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:42:24.0570 2068 Cdaudio - ok
21:42:24.0586 2068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:42:24.0617 2068 Cdfs - ok
21:42:24.0633 2068 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:42:24.0664 2068 Cdrom - ok
21:42:24.0664 2068 Changer - ok
21:42:24.0680 2068 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:42:24.0711 2068 CmdIde - ok
21:42:24.0727 2068 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:42:24.0758 2068 Cpqarray - ok
21:42:24.0789 2068 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:42:24.0820 2068 dac2w2k - ok
21:42:24.0836 2068 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:42:24.0867 2068 dac960nt - ok
21:42:24.0899 2068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:42:24.0914 2068 Disk - ok
21:42:25.0024 2068 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:42:25.0055 2068 DLABOIOM - ok
21:42:25.0070 2068 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:42:25.0086 2068 DLACDBHM - ok
21:42:25.0102 2068 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
21:42:25.0133 2068 DLADResN - ok
21:42:25.0149 2068 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:42:25.0180 2068 DLAIFS_M - ok
21:42:25.0195 2068 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:42:25.0211 2068 DLAOPIOM - ok
21:42:25.0227 2068 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:42:25.0258 2068 DLAPoolM - ok
21:42:25.0258 2068 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:42:25.0289 2068 DLARTL_N - ok
21:42:25.0305 2068 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:42:25.0336 2068 DLAUDFAM - ok
21:42:25.0352 2068 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:42:25.0383 2068 DLAUDF_M - ok
21:42:25.0430 2068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:42:25.0492 2068 dmboot - ok
21:42:25.0539 2068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:42:25.0555 2068 dmio - ok
21:42:25.0570 2068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:42:25.0602 2068 dmload - ok
21:42:25.0727 2068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:42:25.0742 2068 DMusic - ok
21:42:25.0836 2068 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:42:25.0867 2068 dpti2o - ok
21:42:25.0899 2068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:42:25.0914 2068 drmkaud - ok
21:42:25.0930 2068 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:42:25.0961 2068 DRVMCDB - ok
21:42:25.0977 2068 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:42:26.0008 2068 DRVNDDM - ok
21:42:26.0024 2068 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:42:26.0055 2068 E100B - ok
21:42:26.0102 2068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:42:26.0117 2068 Fastfat - ok
21:42:26.0164 2068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:42:26.0180 2068 Fdc - ok
21:42:26.0227 2068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:42:26.0242 2068 Fips - ok
21:42:26.0274 2068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:42:26.0305 2068 Flpydisk - ok
21:42:26.0320 2068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:42:26.0352 2068 FltMgr - ok
21:42:26.0367 2068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:42:26.0383 2068 Fs_Rec - ok
21:42:26.0399 2068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:42:26.0430 2068 Ftdisk - ok
21:42:26.0477 2068 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:42:26.0524 2068 GearAspiWDM - ok
21:42:26.0555 2068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:42:26.0586 2068 Gpc - ok
21:42:26.0617 2068 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:42:26.0633 2068 HDAudBus - ok
21:42:26.0664 2068 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:42:26.0680 2068 HidUsb - ok
21:42:26.0727 2068 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:42:26.0758 2068 hpn - ok
21:42:26.0805 2068 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
21:42:26.0836 2068 HSFHWBS2 - ok
21:42:26.0883 2068 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:42:26.0945 2068 HSF_DP - ok
21:42:27.0086 2068 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:42:27.0117 2068 HTTP - ok
21:42:27.0133 2068 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:42:27.0164 2068 i2omgmt - ok
21:42:27.0195 2068 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:42:27.0211 2068 i2omp - ok
21:42:27.0242 2068 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:42:27.0274 2068 i8042prt - ok
21:42:27.0352 2068 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:42:27.0414 2068 ialm - ok
21:42:27.0430 2068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:42:27.0445 2068 Imapi - ok
21:42:27.0492 2068 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:42:27.0524 2068 ini910u - ok
21:42:27.0555 2068 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:42:27.0570 2068 IntelIde - ok
21:42:27.0602 2068 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:42:27.0633 2068 intelppm - ok
21:42:27.0649 2068 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:42:27.0680 2068 Ip6Fw - ok
21:42:27.0727 2068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:42:27.0727 2068 IpFilterDriver - ok
21:42:27.0758 2068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:42:27.0774 2068 IpInIp - ok
21:42:27.0836 2068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:42:27.0852 2068 IpNat - ok
21:42:27.0930 2068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:42:27.0945 2068 IPSec - ok
21:42:27.0977 2068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:42:27.0992 2068 IRENUM - ok
21:42:28.0039 2068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:42:28.0055 2068 isapnp - ok
21:42:28.0102 2068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:42:28.0117 2068 Kbdclass - ok
21:42:28.0149 2068 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:42:28.0164 2068 kbdhid - ok
21:42:28.0211 2068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:42:28.0242 2068 kmixer - ok
21:42:28.0274 2068 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:42:28.0289 2068 KSecDD - ok
21:42:28.0320 2068 lbrtfdc - ok
21:42:28.0414 2068 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:42:28.0445 2068 mdmxsdk - ok
21:42:28.0492 2068 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:42:28.0508 2068 MHNDRV - ok
21:42:28.0539 2068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:42:28.0555 2068 mnmdd - ok
21:42:28.0602 2068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:42:28.0602 2068 Modem - ok
21:42:28.0602 2068 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:42:28.0633 2068 MODEMCSA - ok
21:42:28.0649 2068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:42:28.0664 2068 Mouclass - ok
21:42:28.0711 2068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:42:28.0727 2068 mouhid - ok
21:42:28.0774 2068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:42:29.0008 2068 MountMgr - ok
21:42:29.0086 2068 MPFIREWL (cd14c6ba703019944ace809834435659) C:\WINDOWS\system32\Drivers\MpFirewall.sys
21:42:29.0086 2068 MPFIREWL - ok
21:42:29.0117 2068 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:42:29.0133 2068 mraid35x - ok
21:42:29.0180 2068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:42:29.0211 2068 MRxDAV - ok
21:42:29.0274 2068 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:42:29.0305 2068 MRxSmb - ok
21:42:29.0352 2068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:42:29.0367 2068 Msfs - ok
21:42:29.0399 2068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:42:29.0430 2068 MSKSSRV - ok
21:42:29.0445 2068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:42:29.0461 2068 MSPCLOCK - ok
21:42:29.0477 2068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:42:29.0508 2068 MSPQM - ok
21:42:29.0539 2068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:42:29.0539 2068 mssmbios - ok
21:42:29.0586 2068 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:42:29.0617 2068 Mup - ok
21:42:29.0695 2068 NaiAvFilter1 (affd46144d763d9046673dd2d012cff9) C:\WINDOWS\system32\drivers\naiavf5x.sys
21:42:29.0727 2068 NaiAvFilter1 - ok
21:42:29.0774 2068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:42:29.0805 2068 NDIS - ok
21:42:29.0852 2068 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:42:29.0883 2068 NdisTapi - ok
21:42:29.0930 2068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:42:29.0945 2068 Ndisuio - ok
21:42:29.0977 2068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:42:30.0008 2068 NdisWan - ok
21:42:30.0039 2068 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:42:30.0055 2068 NDProxy - ok
21:42:30.0070 2068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:42:30.0102 2068 NetBIOS - ok
21:42:30.0133 2068 NetBT (82b6a69b39d5ca806158daece9b23ac4) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:42:30.0149 2068 NetBT - ok
21:42:30.0180 2068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:42:30.0211 2068 Npfs - ok
21:42:30.0227 2068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:42:30.0258 2068 Ntfs - ok
21:42:30.0289 2068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:42:30.0320 2068 Null - ok
21:42:30.0383 2068 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:42:30.0461 2068 nv - ok
21:42:30.0492 2068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:42:30.0524 2068 NwlnkFlt - ok
21:42:30.0524 2068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:42:30.0555 2068 NwlnkFwd - ok
21:42:30.0570 2068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:42:30.0602 2068 Parport - ok
21:42:30.0664 2068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:42:30.0695 2068 PartMgr - ok
21:42:30.0758 2068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:42:30.0774 2068 ParVdm - ok
21:42:30.0836 2068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:42:30.0867 2068 PCI - ok
21:42:30.0867 2068 PCIDump - ok
21:42:30.0883 2068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:42:30.0914 2068 PCIIde - ok
21:42:30.0945 2068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:42:30.0977 2068 Pcmcia - ok
21:42:30.0992 2068 PDCOMP - ok
21:42:30.0992 2068 PDFRAME - ok
21:42:31.0008 2068 PDRELI - ok
21:42:31.0024 2068 PDRFRAME - ok
21:42:31.0039 2068 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:42:31.0070 2068 perc2 - ok
21:42:31.0117 2068 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:42:31.0133 2068 perc2hib - ok
21:42:31.0195 2068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:42:31.0211 2068 PptpMiniport - ok
21:42:31.0227 2068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:42:31.0258 2068 PSched - ok
21:42:31.0258 2068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:42:31.0289 2068 Ptilink - ok
21:42:31.0289 2068 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:42:31.0320 2068 PxHelp20 - ok
21:42:31.0367 2068 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:42:31.0399 2068 ql1080 - ok
21:42:31.0414 2068 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:42:31.0445 2068 Ql10wnt - ok
21:42:31.0461 2068 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:42:31.0492 2068 ql12160 - ok
21:42:31.0508 2068 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:42:31.0539 2068 ql1240 - ok
21:42:31.0555 2068 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:42:31.0586 2068 ql1280 - ok
21:42:31.0633 2068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:42:31.0649 2068 RasAcd - ok
21:42:31.0664 2068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:42:31.0695 2068 Rasl2tp - ok
21:42:31.0711 2068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:42:31.0727 2068 RasPppoe - ok
21:42:31.0742 2068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:42:31.0774 2068 Raspti - ok
21:42:31.0789 2068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:42:31.0820 2068 Rdbss - ok
21:42:31.0867 2068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:42:31.0899 2068 RDPCDD - ok
21:42:31.0930 2068 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:42:31.0945 2068 rdpdr - ok
21:42:31.0992 2068 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:42:32.0024 2068 RDPWD - ok
21:42:32.0102 2068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:42:32.0117 2068 redbook - ok
21:42:32.0195 2068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:42:32.0227 2068 Secdrv - ok
21:42:32.0242 2068 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:42:32.0258 2068 serenum - ok
21:42:32.0305 2068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:42:32.0320 2068 Serial - ok
21:42:32.0336 2068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:42:32.0367 2068 Sfloppy - ok
21:42:32.0383 2068 Simbad - ok
21:42:32.0414 2068 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:42:32.0430 2068 sisagp - ok
21:42:32.0461 2068 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:42:32.0492 2068 Sparrow - ok
21:42:32.0524 2068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:42:32.0539 2068 splitter - ok
21:42:32.0555 2068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:42:32.0586 2068 sr - ok
21:42:32.0633 2068 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:42:32.0664 2068 Srv - ok
21:42:32.0742 2068 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
21:42:32.0805 2068 STHDA - ok
21:42:32.0820 2068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:42:32.0852 2068 swenum - ok
21:42:32.0883 2068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:42:32.0899 2068 swmidi - ok
21:42:32.0945 2068 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:42:32.0961 2068 symc810 - ok
21:42:32.0992 2068 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:42:33.0024 2068 symc8xx - ok
21:42:33.0039 2068 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:42:33.0070 2068 sym_hi - ok
21:42:33.0086 2068 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:42:33.0102 2068 sym_u3 - ok
21:42:33.0180 2068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:42:33.0211 2068 sysaudio - ok
21:42:33.0274 2068 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:42:33.0305 2068 Tcpip - ok
21:42:33.0320 2068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:42:33.0352 2068 TDPIPE - ok
21:42:33.0367 2068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:42:33.0383 2068 TDTCP - ok
21:42:33.0414 2068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:42:33.0430 2068 TermDD - ok
21:42:33.0477 2068 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:42:33.0508 2068 TosIde - ok
21:42:33.0524 2068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:42:33.0555 2068 Udfs - ok
21:42:33.0586 2068 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:42:33.0602 2068 ultra - ok
21:42:33.0649 2068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:42:33.0695 2068 Update - ok
21:42:33.0727 2068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:42:33.0758 2068 usbccgp - ok
21:42:33.0774 2068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:42:33.0789 2068 usbehci - ok
21:42:33.0820 2068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:42:33.0852 2068 usbhub - ok
21:42:33.0867 2068 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:42:33.0883 2068 usbprint - ok
21:42:33.0930 2068 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:42:33.0961 2068 usbscan - ok
21:42:33.0992 2068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:42:34.0008 2068 USBSTOR - ok
21:42:34.0024 2068 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:42:34.0039 2068 usbuhci - ok
21:42:34.0055 2068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:42:34.0086 2068 VgaSave - ok
21:42:34.0117 2068 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:42:34.0133 2068 viaagp - ok
21:42:34.0211 2068 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:42:34.0242 2068 ViaIde - ok
21:42:34.0274 2068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:42:34.0289 2068 VolSnap - ok
21:42:34.0320 2068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:42:34.0352 2068 Wanarp - ok
21:42:34.0367 2068 wanatw - ok
21:42:34.0367 2068 WDICA - ok
21:42:34.0399 2068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:42:34.0414 2068 wdmaud - ok
21:42:34.0461 2068 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:42:34.0508 2068 winachsf - ok
21:42:34.0570 2068 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk0\DR0
21:42:34.0570 2068 \Device\Harddisk0\DR0 - ok
21:42:34.0586 2068 Boot (0x1200) (0229932455146ffda715acc167fe8376) \Device\Harddisk0\DR0\Partition0
21:42:34.0586 2068 \Device\Harddisk0\DR0\Partition0 - ok
21:42:34.0617 2068 Boot (0x1200) (605d81bc87375889befa1deade7c33f8) \Device\Harddisk0\DR0\Partition1
21:42:34.0617 2068 \Device\Harddisk0\DR0\Partition1 - ok
21:42:34.0617 2068 ============================================================
21:42:34.0617 2068 Scan finished
21:42:34.0617 2068 ============================================================
21:42:34.0633 2116 Detected object count: 0
21:42:34.0633 2116 Actual detected object count: 0



Combofix log:

ComboFix 11-12-18.02 - Kristi 12/18/2011 21:56:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.256 [GMT -6:00]
Running from: c:\documents and settings\Kristi\Desktop\ComboFix.exe
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB36617$\2573604463\@
c:\windows\$NtUninstallKB36617$\2573604463\bckfg.tmp
c:\windows\$NtUninstallKB36617$\2573604463\cfg.ini
c:\windows\$NtUninstallKB36617$\2573604463\Desktop.ini
c:\windows\$NtUninstallKB36617$\2573604463\keywords
c:\windows\$NtUninstallKB36617$\2573604463\kwrd.dll
c:\windows\$NtUninstallKB36617$\2573604463\L\pdmzmplg
c:\windows\$NtUninstallKB36617$\2573604463\lsflt7.ver
c:\windows\$NtUninstallKB36617$\2573604463\U\00000001.@
c:\windows\$NtUninstallKB36617$\2573604463\U\00000002.@
c:\windows\$NtUninstallKB36617$\2573604463\U\00000004.@
c:\windows\$NtUninstallKB36617$\2573604463\U\80000000.@
c:\windows\$NtUninstallKB36617$\2573604463\U\80000004.@
c:\windows\$NtUninstallKB36617$\2573604463\U\80000032.@
c:\windows\$NtUninstallKB36617$\3618463053
c:\windows\kb913800.exe
c:\windows\$NtUninstallKB36617$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-16 22:54 . 2011-12-16 22:54 36352 ----a-w- c:\windows\system32\03nE034.exe
2011-12-12 22:26 . 2011-12-12 22:26 -------- d-----w- c:\documents and settings\Kristi\Local Settings\Application Data\Safe mirror
2011-12-12 22:26 . 2011-12-12 22:26 -------- d-----w- c:\program files\Cobian Backup 10
2011-12-12 21:39 . 2011-12-12 21:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 22:10 . 2011-05-20 01:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2011-09-26 16:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2005-08-16 09:18 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2005-08-16 09:18 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-10 03:19 . 2011-05-12 03:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MPFEXE"="c:\program files\McAfee.com\Personal Firewall\MPFTray.exe" [2005-08-18 999424]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-25 24576]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Kristi^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Kristi\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
2005-09-22 23:29 303104 ----a-w- c:\progra~1\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2006-01-11 17:05 212992 ----a-w- c:\progra~1\McAfee.com\Agent\mcupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
2005-08-18 22:52 999424 ----a-w- c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
2005-09-26 15:26 110592 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 21:16 1121792 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
2005-08-12 03:02 53248 ------w- c:\program files\McAfee.com\VSO\oasclnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-25 15:46 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
2005-08-10 17:49 163840 ------w- c:\progra~1\McAfee.com\VSO\mcvsshld.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
2005-07-08 23:18 151552 ----a-w- c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"WZCSVC"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2011 10:59 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2011 10:59 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-12-16 c:\windows\Tasks\At1.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At11.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At13.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At15.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At17.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At19.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At21.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At23.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At25.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At27.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At29.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At3.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At31.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At33.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At35.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At37.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At39.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At41.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-19 c:\windows\Tasks\At43.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At45.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At47.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At5.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At7.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-16 c:\windows\Tasks\At9.job
- c:\windows\system32\03nE034.exe [2011-12-16 22:54]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 04:59]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 04:59]
.
2011-12-19 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (ERALAN-Kristi).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2006-03-25 23:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
FF - ProfilePath - c:\documents and settings\Kristi\Application Data\Mozilla\Firefox\Profiles\62g83h7o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-18 22:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MPFEXE = "c:\program files\McAfee.com\Personal Firewall\MPFTray.exe"????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2784)
c:\windows\system32\WININET.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\program files\Google\Google Desktop Search\GoogleDesktopHyper.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\OasClnt.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
.
**************************************************************************
.
Completion time: 2011-12-18 22:16:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-19 04:15
.
Pre-Run: 19,454,095,360 bytes free
Post-Run: 19,796,070,400 bytes free
.
- - End Of File - - CAE19D393A5F77C12C37B38031EE94F0

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:14 AM

Posted 18 December 2011 - 11:45 PM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic432227.html/page__pid__2515277#entry2515277

Folder::
c:\windows\$NtUninstallKB36617$

Collect::
c:\windows\system32\03nE034.exe

AtJob::

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 sapphirine

sapphirine
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 19 December 2011 - 01:42 PM

Hello,

Here is the 2nd Combofix log:

ComboFix 11-12-19.01 - Kristi 12/19/2011 10:47:01.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.213 [GMT -6:00]
Running from: c:\documents and settings\Kristi\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kristi\Desktop\CFScript.txt
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
file zipped: c:\windows\system32\03nE034.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\03nE034.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At9.job
c:\windows\$NtUninstallKB36617$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-12 22:26 . 2011-12-12 22:26 -------- d-----w- c:\documents and settings\Kristi\Local Settings\Application Data\Safe mirror
2011-12-12 22:26 . 2011-12-12 22:26 -------- d-----w- c:\program files\Cobian Backup 10
2011-12-12 21:39 . 2011-12-12 21:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 22:10 . 2011-05-20 01:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2011-09-26 16:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2005-08-16 09:18 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2005-08-16 09:18 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-10 03:19 . 2011-05-12 03:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-19_04.10.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-19 16:57 . 2011-12-19 16:57 16384 c:\windows\temp\Perflib_Perfdata_1b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MPFEXE"="c:\program files\McAfee.com\Personal Firewall\MPFTray.exe" [2005-08-18 999424]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-25 24576]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Kristi^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Kristi\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
2005-09-22 23:29 303104 ----a-w- c:\progra~1\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2006-01-11 17:05 212992 ----a-w- c:\progra~1\McAfee.com\Agent\mcupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
2005-08-18 22:52 999424 ----a-w- c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
2005-09-26 15:26 110592 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 21:16 1121792 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
2005-08-12 03:02 53248 ------w- c:\program files\McAfee.com\VSO\oasclnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-25 15:46 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
2005-08-10 17:49 163840 ------w- c:\progra~1\McAfee.com\VSO\mcvsshld.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
2005-07-08 23:18 151552 ----a-w- c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"WZCSVC"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2011 10:59 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2011 10:59 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 04:59]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 04:59]
.
2011-12-19 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (ERALAN-Kristi).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2006-03-25 23:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
FF - ProfilePath - c:\documents and settings\Kristi\Application Data\Mozilla\Firefox\Profiles\62g83h7o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-19 10:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MPFEXE = "c:\program files\McAfee.com\Personal Firewall\MPFTray.exe"????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(964)
c:\windows\system32\WININET.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\program files\Google\Google Desktop Search\GoogleDesktopHyper.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\OasClnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
.
**************************************************************************
.
Completion time: 2011-12-19 11:04:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-19 17:04
ComboFix2.txt 2011-12-19 04:16
.
Pre-Run: 19,675,516,928 bytes free
Post-Run: 19,661,119,488 bytes free
.
- - End Of File - - B0AD879CCE0328C525FFED5B240DB3BD
Upload was successful


MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8358

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2011 11:15:26 AM
mbam-log-2011-12-19 (11-15-25).txt

Scan type: Quick scan
Objects scanned: 174890
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I ran the ESET Online Scanner, but when it was finished, it restarted my computer and I didn't get a chance to export anything to a text file. I couldn't figure out how to get it to display the results again after the computer had restarted. I saw that it had found 1 infected file. It took quite a long time to scan (45 mins to an hour) but if you would like me to run it again to obtain this log I will do so, just let me know.

Thank you - the computer is already working much better now :) :)

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:14 AM

Posted 19 December 2011 - 02:22 PM

hi,

Yes, If you could please re-run the ESET scan, chances are the infected file it has fgound is already in quarantine or an old restore point, but I don't want to risk it.

There is a stubborn folder refusing to delete. Please navigate to the following folder > see if you are able to right click and delete it, if not, we will need a different tool

c:\windows\$NtUninstallKB36617$


(make certain you have the correct folder as there are similar ones on your machine that are legit)

NEXT

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 30
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u30-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 sapphirine

sapphirine
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 19 December 2011 - 04:09 PM

Here is the log from the ESET Online Scanner (don't like the look of this!)

C:\WINDOWS\system32\drivers\netbt.sys a variant of Win32/Rootkit.Kryptik.GG trojan unable to clean


I tried to manually delete c:\windows\$NtUninstallKB36617$ but was unable; it told me I do not have access. :(

I followed all the steps above to update Java. Thanks :)

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:14 AM

Posted 19 December 2011 - 04:18 PM

OK

we need to find a replacement for netbt.sys and we'll check the permission on that folder so we can delete it

Please do the following

Please download Farbar Service Scanner and save it to your desktop.
  • Double click the FSS icon to run it
  • Type netbt.sys into the search box
  • Press the "Search Files" button
  • Farbar Service Scanner will search your system for all instances of that file.
  • It will then create a log (FSS.txt) on your desktop.
  • Please copy and paste the log to your next reply.


NEXT

Let's scan for files who's permissions have been set to no access, please do the following:


  • Please download Junction.zip and save it to your desktop.
  • Unzip it and put junction.exe in the Windows directory (C:\WINDOWS).
  • Now go to Start > Run to open a run box > Copy and paste the following command in the open run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

  • A command window will open and the system will be scanned.
  • Wait until a log file opens.
  • Copy and paste or attach the content of it in your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 sapphirine

sapphirine
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 19 December 2011 - 05:10 PM

Here is the FSS log:

Farbar Service Scanner
Ran by Kristi (administrator) on 19-12-2011 at 15:57:40
Microsoft Windows XP Service Pack 3 (X86)

************************************************
================== Search: "netbt.sys" ===================

C:\WINDOWS\system32\drivers\netbt.sys
[2005-08-16 03:18] - [2008-04-13 13:21] - 0162816 ____A () 82B6A69B39D5CA806158DAECE9B23AC4

C:\WINDOWS\system32\dllcache\netbt.sys
[2005-08-16 03:18] - [2008-04-13 13:21] - 0162816 ____A (Microsoft Corporation) 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008-04-13 13:21] - [2008-04-13 13:21] - 0162816 ____N (Microsoft Corporation) 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2010-10-25 09:00] - [2004-08-10 04:00] - 0162816 ____C (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\i386\netbt.sys
[2006-05-30 17:38] - [2004-08-10 04:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

====== End Of Search ======


And here is the Junction log:


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.


...
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f: Access is denied.




...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..
Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.


.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

No reparse points found.

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:14 AM

Posted 19 December 2011 - 05:22 PM

Hi

Please do the following:

  • please download GrantPerms.zip and save it to your desktop.
  • Unzip the file and run GrantPerms.exe
  • Copy and paste the following in the edit box:


c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f
c:\windows\$NtUninstallKB36617$


  • Now Click Unlock.
  • When it is done click "OK".
  • Now click List Permissions and post the result (Perms.txt) that pops up.
  • A copy of Perms.txt will be saved in the same directory the tool is run.


NEXT



  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

FCopy::
C:\WINDOWS\ServicePackFiles\i386\netbt.sys | C:\WINDOWS\system32\drivers\netbt.sys

Folder::
c:\windows\$NtUninstallKB36617$

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Please advise how your computer is running now and if there are any outstanding issues

Edited by CatByte, 19 December 2011 - 05:22 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 sapphirine

sapphirine
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 20 December 2011 - 12:21 AM

Perms.txt:

GrantPerms by Farbar
Ran by Kristi (administrator) at 2011-12-19 22:35:23

===============================================
\\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\windows\$NtUninstallKB36617$

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(IO)(I)
BUILTIN\Power Users change ALLOW (I)
BUILTIN\Power Users change ALLOW (CI)(OI)(IO)(I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (CI)(OI)(IO)(I)
NT AUTHORITY\SYSTEM FULL ALLOW (I)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(IO)(I)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)



ComboFix log:

ComboFix 11-12-19.03 - Kristi 12/19/2011 22:44:39.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.296 [GMT -6:00]
Running from: c:\documents and settings\Kristi\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kristi\Desktop\CFScript2.txt
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\netbt.sys --> c:\windows\system32\drivers\netbt.sys
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-19 22:02 . 2010-09-07 21:39 150392 ----a-w- c:\windows\junction.exe
2011-12-19 21:05 . 2011-12-19 21:05 -------- d-----w- c:\program files\Common Files\Java
2011-12-19 21:05 . 2011-12-19 21:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-19 17:28 . 2011-12-19 17:28 -------- d-----w- c:\program files\ESET
2011-12-12 22:26 . 2011-12-12 22:26 -------- d-----w- c:\documents and settings\Kristi\Local Settings\Application Data\Safe mirror
2011-12-12 22:26 . 2011-12-12 22:26 -------- d-----w- c:\program files\Cobian Backup 10
2011-12-12 21:39 . 2011-12-12 21:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 21:04 . 2010-10-25 02:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-12 22:10 . 2011-05-20 01:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2005-08-16 09:18 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2005-08-16 09:18 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2005-08-16 09:18 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2005-08-16 09:18 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-08-16 09:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 03:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-14 23:38 . 2005-08-16 09:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2011-09-26 16:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2005-08-16 09:18 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2005-08-16 09:18 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-10 03:19 . 2011-05-12 03:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-19_04.10.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-20 04:17 . 2011-12-20 04:17 16384 c:\windows\temp\Perflib_Perfdata_39c.dat
- 2010-10-25 00:22 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
+ 2010-10-25 00:22 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
- 2005-08-16 09:18 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
+ 2005-08-16 09:18 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 09:31 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 09:31 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
- 2005-08-16 09:18 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
+ 2005-08-16 09:18 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
+ 2010-10-25 00:35 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-10-25 00:35 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-03-08 09:31 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-03-08 09:31 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2010-10-25 00:35 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-10-25 00:35 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 09:34 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2009-03-08 09:34 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 09:33 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 09:33 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2005-08-16 09:18 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2005-08-16 09:18 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2011-12-19 18:13 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2011-12-19 18:13 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2011-12-19 18:13 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2011-12-19 18:13 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2011-12-19 18:13 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2005-08-16 09:18 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
- 2005-08-16 09:18 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
+ 2005-08-16 09:18 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
- 2005-08-16 09:18 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
+ 2005-08-16 09:18 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
- 2005-08-16 09:18 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
- 2009-03-08 09:32 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
+ 2009-03-08 09:32 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
+ 2011-12-19 21:05 . 2011-12-19 21:04 157472 c:\windows\system32\javaws.exe
- 2011-08-01 21:34 . 2011-08-01 21:34 157472 c:\windows\system32\javaws.exe
+ 2011-12-19 21:05 . 2011-12-19 21:04 149280 c:\windows\system32\javaw.exe
+ 2011-12-19 21:05 . 2011-12-19 21:04 149280 c:\windows\system32\java.exe
- 2005-08-16 09:18 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
+ 2005-08-16 09:18 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
- 2005-08-16 09:18 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
+ 2005-08-16 09:18 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
+ 2005-08-16 09:18 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
- 2005-08-16 09:18 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
- 2005-08-16 09:27 . 2011-10-14 19:20 118952 c:\windows\system32\FNTCACHE.DAT
+ 2005-08-16 09:27 . 2011-12-19 18:31 118952 c:\windows\system32\FNTCACHE.DAT
+ 2005-08-16 09:18 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
- 2005-08-16 09:18 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
+ 2005-08-16 09:18 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
+ 2005-08-16 09:18 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
- 2005-08-16 09:18 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 09:32 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-03-08 09:32 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
- 2010-10-25 00:35 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-10-25 00:35 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2010-10-25 00:35 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-10-25 00:35 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 09:31 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-08 09:31 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-10-25 00:35 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-10-25 00:35 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 19:09 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 19:09 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2005-08-16 09:18 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2005-08-16 09:18 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2011-02-04 23:48 . 2011-02-04 23:48 456192 c:\windows\system32\dllcache\encdec.dll
+ 2011-02-04 23:48 . 2011-10-14 23:38 456192 c:\windows\system32\dllcache\encdec.dll
+ 2011-12-19 21:05 . 2011-12-19 21:05 203776 c:\windows\Installer\19abd.msi
+ 2011-12-19 21:04 . 2011-12-19 21:04 902656 c:\windows\Installer\19ab7.msi
+ 2011-12-19 18:13 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2011-12-19 18:13 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2011-12-19 18:14 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2011-12-19 18:14 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2011-12-19 18:13 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2011-12-19 18:13 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2011-12-19 18:13 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2011-12-19 18:13 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2011-12-19 18:13 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2011-12-19 18:13 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2011-12-19 18:13 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2011-12-19 18:13 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
- 2005-08-16 09:18 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
+ 2005-08-16 09:18 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
+ 2005-08-16 09:18 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
+ 2009-03-08 09:32 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
- 2009-03-08 09:32 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
+ 2005-08-16 09:18 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
- 2005-08-16 09:18 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2005-08-16 09:18 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2005-08-16 09:18 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
- 2010-10-25 00:07 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-10-25 00:07 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2010-10-25 00:07 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2010-10-25 00:07 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 00:02 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2005-08-16 09:18 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2005-08-16 09:18 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-03-08 09:41 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
+ 2010-10-25 00:35 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2010-10-25 00:35 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-12-19 18:13 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2011-12-19 18:13 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2011-12-19 18:13 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2010-10-25 00:07 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2010-10-25 00:07 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-10-25 00:07 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2010-10-25 00:07 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 00:02 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-10-25 00:07 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2010-10-25 00:07 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2006-05-30 23:16 . 2011-12-19 18:04 52988224 c:\windows\system32\MRT.exe
+ 2009-03-08 09:39 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
- 2009-03-08 09:39 . 2011-08-23 22:48 11081728 c:\windows\system32\ieframe.dll
- 2010-10-25 00:35 . 2011-08-23 22:48 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2010-10-25 00:35 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-12-19 18:13 . 2011-08-23 22:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MPFEXE"="c:\program files\McAfee.com\Personal Firewall\MPFTray.exe" [2005-08-18 999424]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"MSKAGENTEXE"="c:\progra~1\mcafee\SPAMKI~1\mskagent.exe" [2005-09-26 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-25 24576]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Kristi^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Kristi\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
2005-09-22 23:29 303104 ----a-w- c:\progra~1\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2006-01-11 17:05 212992 ----a-w- c:\progra~1\McAfee.com\Agent\mcupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
2005-08-18 22:52 999424 ----a-w- c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
2005-09-26 15:26 110592 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 21:16 1121792 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
2005-08-12 03:02 53248 ------w- c:\program files\McAfee.com\VSO\oasclnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-25 15:46 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
2005-08-10 17:49 163840 ------w- c:\progra~1\McAfee.com\VSO\mcvsshld.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
2005-07-08 23:18 151552 ----a-w- c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"WZCSVC"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2011 10:59 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2011 10:59 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 04:59]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 04:59]
.
2011-12-20 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (ERALAN-Kristi).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2006-03-25 23:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
FF - ProfilePath - c:\documents and settings\Kristi\Application Data\Mozilla\Firefox\Profiles\62g83h7o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-19 22:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MPFEXE = "c:\program files\McAfee.com\Personal Firewall\MPFTray.exe"????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1496)
c:\windows\system32\WININET.dll
c:\program files\Google\Google Desktop Search\GoogleDesktopHyper.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-12-19 22:56:26
ComboFix-quarantined-files.txt 2011-12-20 04:56
ComboFix2.txt 2011-12-19 17:05
ComboFix3.txt 2011-12-19 04:16
.
Pre-Run: 19,165,745,152 bytes free
Post-Run: 19,156,881,408 bytes free
.
- - End Of File - - 2D35F85D8DEACEE8A9B22E01061AD2C5



I am not seeing any more pop-ups and haven't been able to re-create any Google redirects after a few searches. Yay :thumbsup:

#15 sapphirine

sapphirine
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 20 December 2011 - 12:25 AM

Although... I looked again in the Windows folder and that pesky folder is still in there :huh:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users