Geographer

Honorary Members

View Profile See their activity

Posts
26
Joined
February 12, 2010
Last visited
July 10, 2011

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Geographer

Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

ok, will do, and thanks immensely for all your help
- July 10, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6522 # api_version=3.0.2 # EOSSerial=befee2d67ddaab4bb18ba2449d5a388f # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-06-05 03:51:12 # local_time=2011-06-04 11:51:12 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5121 16777173 100 75 1061038 36388546 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=116685 # found=0 # cleaned=0 # scan_time=11449 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6522 # api_version=3.0.2 # EOSSerial=befee2d67ddaab4bb18ba2449d5a388f # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-07-01 02:29:49 # local_time=2011-06-30 10:29:49 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5121 16777173 100 75 3302311 38629819 0 0 # compatibility_mode=8192 67108863 100 0 1319819 1319819 0 0 # scanned=122952 # found=0 # cleaned=0 # scan_time=11695 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6522 # api_version=3.0.2 # EOSSerial=befee2d67ddaab4bb18ba2449d5a388f # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-07-02 09:47:52 # local_time=2011-07-02 05:47:52 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5121 16777173 100 75 3457434 38784942 0 0 # compatibility_mode=8192 67108863 100 0 1474942 1474942 0 0 # scanned=118397 # found=0 # cleaned=0 # scan_time=12455 As far as the computer operation, everything appears to be running normally. I have not gotten a browser hijack since I reset the router and ran combofix.
- July 2, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

Results of screen317's Security Check version 0.99.17 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 McAfee AntiVirus Plus McAfee Virtual Technician ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 26 Adobe Flash Player 10.3.181.26 Adobe Reader X (10.1.0) ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe ``````````End of Log````````````
- July 2, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

I reset the router. Btw, the instructions provided might need to be amended to say that you need to reinstall your router setup after you reset it. I don't know if the combofix did it or the router reset did it, but it appears that I am NOT getting the redirects in Firefox anymore. How do I prevent malware from 'infecting' my router?
- June 23, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

These are the ComboFix and DDS scans you requested ComboFix 11-06-22.05 - Dennis 06/23/2011 11:55:32.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1141 [GMT -4:00] Running from: c:\documents and settings\Dennis\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Dennis\Local Settings\Application Data\{68088CAC-141C-40D2-9A7A-F8B10F9B656E} c:\documents and settings\Dennis\Local Settings\Application Data\{68088CAC-141C-40D2-9A7A-F8B10F9B656E}\chrome.manifest c:\documents and settings\Dennis\Local Settings\Application Data\{68088CAC-141C-40D2-9A7A-F8B10F9B656E}\chrome\content\_cfg.js c:\documents and settings\Dennis\Local Settings\Application Data\{68088CAC-141C-40D2-9A7A-F8B10F9B656E}\chrome\content\overlay.xul c:\documents and settings\Dennis\Local Settings\Application Data\{68088CAC-141C-40D2-9A7A-F8B10F9B656E}\install.rdf . . ((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 ))))))))))))))))))))))))))))))) . . 2011-06-23 07:04 . 2011-06-23 07:04 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2011-06-23 02:57 . 2011-06-23 02:57 -------- d-----w- c:\program files\Common Files\Java 2011-06-23 02:47 . 2011-06-23 02:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-23 00:05 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2011-06-05 00:38 . 2011-06-05 00:38 -------- d-----w- c:\program files\ESET 2011-05-30 12:15 . 2011-05-30 12:15 -------- dcsh--w- c:\documents and settings\Suzi2\PrivacIE 2011-05-28 23:55 . 2011-05-28 23:55 -------- dc----r- C:\Sandbox 2011-05-28 23:53 . 2011-05-28 23:53 -------- d-----w- c:\program files\Sandboxie 2011-05-27 22:56 . 2011-05-27 22:56 -------- dcsh--w- c:\documents and settings\Suzi2\IETldCache 2011-05-27 17:09 . 2011-05-27 17:09 -------- d-sh--w- c:\documents and settings\Dennis\PrivacIE 2011-05-27 11:05 . 2011-05-27 11:05 -------- d-sh--w- c:\documents and settings\Dennis\IETldCache 2011-05-27 06:17 . 2011-05-27 06:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-05-27 04:57 . 2011-05-27 04:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2011-05-27 04:20 . 2011-05-27 04:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-05-27 00:51 . 2011-05-27 00:54 -------- dc-h--w- c:\windows\ie8 2011-05-27 00:46 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll 2011-05-27 00:46 . 2011-04-25 16:11 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2011-05-27 00:46 . 2011-04-25 16:11 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-05-27 00:46 . 2011-04-25 16:11 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2011-05-27 00:46 . 2011-04-25 16:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2011-05-27 00:46 . 2011-04-25 16:11 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2011-05-27 00:46 . 2011-04-25 16:11 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll 2011-05-27 00:46 . 2011-04-26 14:11 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2010-02-12 08:14 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2010-02-12 08:14 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-04 08:52 . 2010-05-15 14:31 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 06:25 . 2011-05-23 01:15 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-02 15:31 . 2007-02-02 18:13 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19 . 2003-07-16 20:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2003-07-16 20:32 43520 ------w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2003-07-16 20:37 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-14 18:01 . 2010-08-01 15:09 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-04-14 18:01 . 2010-08-01 15:09 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-04-14 18:01 . 2010-08-01 15:09 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-04-14 18:01 . 2010-08-01 15:09 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-04-14 18:01 . 2010-08-01 15:09 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-04-14 18:01 . 2010-08-01 15:09 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-04-14 18:01 . 2010-08-01 15:09 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-04-14 18:01 . 2007-02-03 00:17 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-04-14 18:01 . 2007-02-03 00:17 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-04-14 18:01 . 2007-02-03 00:17 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2001-05-24 16:59 . 2008-05-26 02:53 162304 ----a-w- c:\program files\UNWISE.EXE 2011-04-14 16:26 . 2011-06-05 00:33 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-04-14 18:01 . 2011-06-05 02:41 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-05-18_23.29.29 ))))))))))))))))))))))))))))))))))))))))) . + 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll + 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll + 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll + 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll + 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll + 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll + 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll + 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll + 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll + 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll + 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll + 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll + 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll + 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll + 2011-05-14 00:17 . 2011-05-14 00:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll + 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll + 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll + 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll + 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll + 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll + 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll + 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll + 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll + 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll + 2011-05-14 05:06 . 2011-05-14 05:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll + 2011-05-14 05:23 . 2011-05-14 05:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll + 2011-05-13 22:37 . 2011-05-13 22:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll + 2011-06-23 07:15 . 2011-06-23 07:15 16384 c:\windows\Temp\Perflib_Perfdata_f0.dat + 2011-06-23 10:13 . 2011-06-23 10:13 16384 c:\windows\Temp\Perflib_Perfdata_724.dat + 2011-06-23 07:16 . 2011-06-23 07:16 16384 c:\windows\Temp\Perflib_Perfdata_23c.dat + 2007-02-04 22:58 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe + 2007-02-02 18:16 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll + 2003-07-16 20:41 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll + 2009-01-07 22:20 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll + 2009-01-07 22:20 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll + 2003-07-16 20:35 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll + 2003-07-16 20:35 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll + 2003-07-16 20:35 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe + 2009-03-08 08:31 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe + 2009-03-08 08:31 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll + 2003-07-16 20:31 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll + 2003-07-16 20:30 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll + 2003-07-16 20:30 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll + 2009-03-08 08:32 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe + 2003-07-16 20:30 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll + 2003-07-16 20:30 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll + 2009-01-07 22:20 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll + 2009-03-08 08:31 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll + 2009-03-08 08:31 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll + 2009-03-08 08:31 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll + 2010-09-09 14:16 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll + 2009-03-08 08:31 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe + 2009-03-08 08:34 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll + 2009-03-08 08:33 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll + 2009-03-08 08:32 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll + 2009-03-08 08:31 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll + 2009-03-08 08:32 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll + 2009-03-08 08:32 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll + 2009-03-08 08:24 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll + 2009-03-08 08:33 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll + 2009-03-08 08:32 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll + 2003-07-16 20:25 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll + 2007-02-02 18:20 . 2011-06-23 11:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2007-02-02 18:20 . 2011-05-18 16:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2011-05-27 04:57 . 2011-06-23 11:59 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat - 2010-02-18 07:53 . 2011-05-18 16:41 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2011-05-19 00:15 . 2011-06-23 11:59 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2003-07-16 20:23 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll + 2011-06-01 01:55 . 2011-06-01 01:55 21504 c:\windows\Installer\107ca9.msi + 2011-06-02 23:04 . 2011-06-02 23:04 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2011-06-02 23:04 . 2011-06-02 23:04 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2011-06-02 23:04 . 2011-06-02 23:04 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2011-06-02 23:04 . 2011-06-02 23:04 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2011-06-02 23:04 . 2011-06-02 23:04 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2011-06-02 23:04 . 2011-06-02 23:04 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2011-06-02 23:04 . 2011-06-02 23:04 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ARPPRODUCTICON.exe + 2011-05-02 01:33 . 2011-06-23 07:09 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe - 2011-05-02 01:33 . 2011-05-03 07:08 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe - 2011-05-02 01:33 . 2011-05-03 07:08 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe + 2011-05-02 01:33 . 2011-06-23 07:09 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe + 2011-05-02 01:33 . 2011-06-23 07:09 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe - 2011-05-02 01:33 . 2011-05-03 07:08 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe - 2009-04-08 15:42 . 2011-05-03 07:06 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe + 2009-04-08 15:42 . 2011-06-23 07:05 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe - 2011-05-12 07:00 . 2011-05-12 07:00 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2011-06-23 07:09 . 2011-06-23 07:09 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2010-07-19 17:52 . 2011-05-02 14:23 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll + 2010-07-19 17:52 . 2011-06-23 07:07 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll + 2011-05-27 00:57 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll + 2011-05-27 00:57 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll + 2011-05-27 00:57 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll + 2011-06-23 07:03 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll + 2011-06-23 07:03 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll + 2011-06-23 07:03 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll + 2011-06-23 07:03 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll + 2011-06-23 07:03 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll + 2011-05-27 00:58 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll + 2011-05-27 00:58 . 2009-03-08 08:31 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll + 2011-05-27 00:58 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll + 2011-05-27 00:58 . 2009-03-08 08:34 43008 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll + 2011-05-27 00:58 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll + 2011-05-27 00:51 . 2008-04-14 00:12 37888 c:\windows\ie8\url.dll + 2011-05-27 00:52 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll + 2011-05-27 00:51 . 2008-04-14 00:12 39424 c:\windows\ie8\pngfilt.dll + 2011-05-27 00:51 . 2008-04-14 00:12 96256 c:\windows\ie8\occache.dll + 2011-05-27 00:51 . 2008-04-13 16:26 56832 c:\windows\ie8\mshtmler.dll + 2011-05-27 00:51 . 2008-04-14 00:12 29184 c:\windows\ie8\mshta.exe + 2011-05-27 00:51 . 2008-04-14 00:11 22016 c:\windows\ie8\licmgr10.dll + 2011-05-27 00:51 . 2008-04-14 00:11 15872 c:\windows\ie8\jsproxy.dll + 2011-05-27 00:51 . 2008-04-14 00:11 96256 c:\windows\ie8\inseng.dll + 2011-05-27 00:51 . 2008-04-14 00:11 35840 c:\windows\ie8\imgutil.dll + 2011-05-27 00:51 . 2008-04-14 00:12 93184 c:\windows\ie8\iexplore.exe + 2011-05-27 00:51 . 2008-04-14 00:11 62976 c:\windows\ie8\iesetup.dll + 2011-05-27 00:51 . 2008-04-14 00:11 48640 c:\windows\ie8\iernonce.dll + 2011-05-27 00:51 . 2011-02-17 13:51 81920 c:\windows\ie8\ieencode.dll + 2011-05-27 00:51 . 2008-04-14 00:12 34304 c:\windows\ie8\ie4uinit.exe + 2011-05-27 00:51 . 2008-04-14 00:11 38912 c:\windows\ie8\hmmapi.dll + 2011-05-27 00:51 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll + 2011-05-27 00:51 . 2008-04-14 00:11 99840 c:\windows\ie8\advpack.dll + 2011-05-27 00:51 . 2008-04-14 00:11 61440 c:\windows\ie8\admparse.dll + 2011-05-27 00:58 . 2009-03-08 08:35 2048 c:\windows\ie8updates\KB2447568-IE8\iecompat.dll + 2011-04-19 02:51 . 2011-04-19 02:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll + 2011-04-19 02:51 . 2011-04-19 02:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll + 2011-04-19 02:51 . 2011-04-19 02:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll + 2011-04-19 02:51 . 2011-04-19 02:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll + 2011-05-14 05:17 . 2011-05-14 05:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll + 2011-05-14 05:12 . 2011-05-14 05:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll + 2011-05-14 05:11 . 2011-05-14 05:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll + 2008-11-16 04:13 . 2009-01-07 22:21 121856 c:\windows\system32\xmllite.dll + 2009-03-08 08:34 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe + 2003-07-16 20:51 . 2009-03-08 08:34 236544 c:\windows\system32\webcheck.dll + 2003-07-16 20:49 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll + 2003-07-16 20:49 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll + 2003-07-16 20:40 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll - 2003-07-16 20:40 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll + 2003-07-16 20:40 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll + 2003-07-16 20:36 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll + 2003-07-16 20:36 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll + 2003-07-16 20:36 . 2009-03-08 08:22 156160 c:\windows\system32\msls31.dll + 2009-03-08 08:32 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll + 2009-01-07 22:20 . 2009-01-07 22:20 265720 c:\windows\system32\msdbg2.dll + 2011-06-23 02:47 . 2011-06-23 02:47 240288 c:\windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe + 2006-05-18 05:58 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll + 2011-06-23 02:55 . 2011-05-04 08:52 157472 c:\windows\system32\javaws.exe - 2010-09-17 14:30 . 2010-07-17 09:00 145184 c:\windows\system32\javaw.exe + 2011-06-23 02:55 . 2011-05-04 08:52 145184 c:\windows\system32\javaw.exe + 2011-06-23 02:55 . 2011-05-04 08:52 145184 c:\windows\system32\java.exe - 2010-09-17 14:30 . 2010-07-17 09:00 145184 c:\windows\system32\java.exe + 2009-03-08 08:22 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll + 2003-07-16 20:30 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll + 2003-07-16 20:30 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll + 2009-03-08 08:11 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll + 2003-07-16 20:30 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll + 2003-07-16 20:30 . 2009-03-08 08:33 229376 c:\windows\system32\ieaksie.dll + 2003-07-16 20:30 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll + 2003-07-16 20:30 . 2011-04-25 12:01 173568 c:\windows\system32\ie4uinit.exe + 2003-07-16 20:27 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll + 2003-07-16 20:27 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll - 2003-07-16 20:23 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys + 2003-07-16 20:23 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys + 2008-04-21 06:44 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll + 2009-03-08 08:34 . 2009-03-08 08:34 236544 c:\windows\system32\dllcache\webcheck.dll + 2009-03-08 08:33 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll + 2010-03-09 11:09 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll + 2009-03-08 08:34 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll + 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll + 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll + 2009-03-08 08:34 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll + 2010-11-05 05:05 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll + 2009-03-08 08:34 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll + 2003-07-16 20:36 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll + 2008-11-12 04:13 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys + 2009-09-16 15:43 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll + 2008-08-21 01:37 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll - 2008-08-21 01:37 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll + 2009-03-08 18:09 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe + 2010-02-26 05:43 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll + 2009-03-08 18:09 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll + 2003-07-16 20:30 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll + 2009-03-08 08:33 . 2009-03-08 08:33 229376 c:\windows\system32\dllcache\ieaksie.dll + 2009-03-08 08:33 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll + 2009-03-08 08:32 . 2011-04-25 12:01 173568 c:\windows\system32\dllcache\ie4uinit.exe + 2009-03-08 08:31 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll + 2009-03-08 08:31 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll - 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys + 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys + 2009-03-08 08:32 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll + 2003-07-16 20:23 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll + 2011-05-28 23:53 . 2011-05-28 23:53 867920 c:\windows\Installer\SandboxieInstall32.exe + 2011-05-23 01:14 . 2011-05-23 01:14 675840 c:\windows\Installer\a783b9.msi + 2011-06-23 02:57 . 2011-06-23 02:57 203776 c:\windows\Installer\9e0936.msi + 2011-06-23 07:09 . 2011-06-23 07:09 223744 c:\windows\Installer\1848fa6.msi + 2011-03-17 22:19 . 2011-03-17 22:19 304128 c:\windows\Installer\1848f87.msp + 2011-06-23 07:03 . 2011-06-23 07:03 467456 c:\windows\Installer\1848f4a.msi - 2011-05-02 01:33 . 2011-05-03 07:08 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2011-05-02 01:33 . 2011-06-23 07:09 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe - 2011-05-02 01:33 . 2011-05-03 07:08 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe + 2011-05-02 01:33 . 2011-06-23 07:09 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe - 2011-05-02 01:33 . 2011-05-03 07:08 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe + 2011-05-02 01:33 . 2011-06-23 07:09 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe + 2011-05-02 01:33 . 2011-06-23 07:09 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe - 2011-05-02 01:33 . 2011-05-03 07:08 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe + 2011-05-02 01:33 . 2011-06-23 07:09 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe - 2011-05-02 01:33 . 2011-05-03 07:08 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe - 2011-05-02 01:33 . 2011-05-03 07:08 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe + 2011-05-02 01:33 . 2011-06-23 07:09 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe - 2009-04-08 15:42 . 2011-05-03 07:06 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2009-04-08 15:42 . 2011-06-23 07:05 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2011-05-27 00:57 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll + 2011-05-27 00:57 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll + 2011-05-27 00:57 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe + 2011-05-27 00:57 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll + 2011-05-27 00:57 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll + 2011-05-27 00:57 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll + 2011-05-27 00:57 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll + 2011-05-27 00:57 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll + 2011-05-27 00:57 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll + 2011-05-27 00:57 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll + 2011-05-27 00:57 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe + 2011-06-23 07:01 . 2009-03-08 08:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll + 2011-06-23 07:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll + 2011-06-23 07:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe + 2011-06-23 07:03 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2530548-IE8\wininet.dll + 2011-06-23 07:03 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2530548-IE8\spuninst\updspapi.dll + 2011-06-23 07:03 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2530548-IE8\spuninst\spuninst.exe + 2011-06-23 07:03 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2530548-IE8\occache.dll + 2011-06-23 07:03 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2530548-IE8\mstime.dll + 2011-06-23 07:03 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2530548-IE8\msfeeds.dll + 2011-06-23 07:03 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2530548-IE8\ieproxy.dll + 2011-06-23 07:03 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2530548-IE8\iepeers.dll + 2011-06-23 07:03 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2530548-IE8\iedvtool.dll + 2011-06-23 07:03 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2530548-IE8\iedkcs32.dll + 2011-06-23 07:03 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2530548-IE8\ie4uinit.exe + 2011-05-28 07:01 . 2009-03-08 08:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll + 2011-05-28 07:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll + 2011-05-28 07:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe + 2011-05-28 07:01 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll + 2011-05-27 00:58 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2497640-IE8\wininet.dll + 2011-05-27 00:58 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll + 2011-05-27 00:58 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe + 2011-05-27 00:58 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2497640-IE8\occache.dll + 2011-05-27 00:58 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll + 2011-05-27 00:58 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll + 2011-05-27 00:58 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll + 2011-05-27 00:58 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll + 2011-05-27 00:58 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll + 2011-05-27 00:58 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll + 2011-05-27 00:58 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe + 2011-05-27 00:58 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2447568-IE8\spuninst\updspapi.dll + 2011-05-27 00:58 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2447568-IE8\spuninst\spuninst.exe + 2011-05-27 00:51 . 2011-02-17 13:51 667136 c:\windows\ie8\wininet.dll + 2011-05-27 00:51 . 2008-04-14 00:12 276480 c:\windows\ie8\webcheck.dll + 2011-05-27 00:51 . 2008-04-14 00:12 851968 c:\windows\ie8\vgx.dll + 2011-05-27 00:51 . 2011-03-04 06:45 434176 c:\windows\ie8\vbscript.dll + 2011-05-27 00:51 . 2011-02-17 13:51 629760 c:\windows\ie8\urlmon.dll + 2011-05-27 00:52 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll + 2011-05-27 00:52 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe + 2011-05-27 00:51 . 2011-02-17 13:51 532480 c:\windows\ie8\mstime.dll + 2011-05-27 00:51 . 2008-04-14 00:12 146432 c:\windows\ie8\msrating.dll + 2011-05-27 00:51 . 2003-07-16 20:36 146432 c:\windows\ie8\msls31.dll + 2011-05-27 00:51 . 2011-02-17 13:51 449024 c:\windows\ie8\mshtmled.dll + 2011-05-27 00:51 . 2011-03-04 06:45 512000 c:\windows\ie8\jscript.dll + 2011-05-27 00:51 . 2011-02-17 13:51 251904 c:\windows\ie8\iepeers.dll + 2011-05-27 00:51 . 2008-04-14 00:11 323584 c:\windows\ie8\iedkcs32.dll + 2011-05-27 00:51 . 2003-07-16 20:30 221184 c:\windows\ie8\ieakui.dll + 2011-05-27 00:51 . 2008-04-14 00:11 216576 c:\windows\ie8\ieaksie.dll + 2011-05-27 00:51 . 2008-04-14 00:11 143360 c:\windows\ie8\ieakeng.dll + 2011-05-27 00:51 . 2008-04-14 00:11 205312 c:\windows\ie8\dxtrans.dll + 2011-05-27 00:51 . 2008-04-14 00:11 357888 c:\windows\ie8\dxtmsft.dll + 2008-11-12 04:13 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys + 2011-04-19 02:51 . 2011-04-19 02:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll + 2011-04-19 02:51 . 2011-04-19 02:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll + 2011-05-14 00:04 . 2011-05-14 00:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll + 2011-05-14 00:04 . 2011-05-14 00:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll + 2006-08-31 01:42 . 2011-04-25 16:11 1211904 c:\windows\system32\urlmon.dll + 2003-07-16 20:35 . 2011-05-30 22:19 5964800 c:\windows\system32\mshtml.dll + 2009-10-28 03:40 . 2011-06-23 02:47 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2009-03-08 08:32 . 2011-04-25 16:11 1991680 c:\windows\system32\iertutil.dll + 2009-02-07 01:07 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat + 2008-06-26 08:15 . 2011-04-25 16:11 1211904 c:\windows\system32\dllcache\urlmon.dll + 2008-04-21 06:44 . 2011-05-30 22:19 5964800 c:\windows\system32\dllcache\mshtml.dll + 2011-06-02 23:04 . 2011-06-02 23:04 1529344 c:\windows\Installer\9be1e36.msi + 2011-06-23 15:42 . 2011-06-23 15:42 2295808 c:\windows\Installer\1ce7b47.msi + 2011-04-29 16:28 . 2011-04-29 16:28 1995264 c:\windows\Installer\1848fae.msp + 2011-03-17 23:20 . 2011-03-17 23:20 1961984 c:\windows\Installer\1848f9e.msp + 2011-05-17 22:28 . 2011-05-17 22:28 6862848 c:\windows\Installer\1848f74.msp + 2011-04-29 16:33 . 2011-04-29 16:33 8173568 c:\windows\Installer\1848f52.msp + 2011-05-02 01:33 . 2011-06-23 07:09 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe - 2011-05-02 01:33 . 2011-05-03 07:08 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2011-05-02 01:33 . 2011-06-23 07:09 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2011-05-02 01:33 . 2011-05-03 07:08 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe + 2011-05-02 01:33 . 2011-06-23 07:09 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2011-05-02 01:33 . 2011-05-03 07:08 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe + 2011-05-02 01:33 . 2011-06-23 07:09 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe - 2011-05-02 01:33 . 2011-05-03 07:08 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2011-05-27 00:57 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll + 2011-05-27 00:57 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll + 2011-05-27 00:57 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll + 2011-06-23 07:03 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2530548-IE8\urlmon.dll + 2011-06-23 07:03 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2530548-IE8\mshtml.dll + 2011-06-23 07:03 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2530548-IE8\iertutil.dll + 2011-05-27 00:58 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll + 2011-05-27 00:58 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll + 2011-05-27 00:58 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll + 2011-05-27 00:51 . 2011-02-17 13:51 3078656 c:\windows\ie8\mshtml.dll + 2010-03-11 14:37 . 2011-06-23 07:09 47716296 c:\windows\system32\MRT.exe + 2009-03-08 08:39 . 2011-04-26 14:11 11081728 c:\windows\system32\ieframe.dll + 2011-06-23 07:06 . 2011-06-23 07:06 20333056 c:\windows\Installer\1848f80.msp + 2011-03-17 23:15 . 2011-03-17 23:15 44327424 c:\windows\Installer\1848f6a.msp + 2011-05-27 00:57 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll + 2011-06-23 07:03 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2530548-IE8\ieframe.dll + 2011-05-27 00:58 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Dennis\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Dennis\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Dennis\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Dennis\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-03-24 409320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-03 65536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . c:\documents and settings\Dennis\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Dennis\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-02-12 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2010-02-12 05:43 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"= "c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"= "c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"= "c:\\WINDOWS\\system32\\vssvc.exe"= "c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"= "c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "24726:TCP"= 24726:TCP:FlipShareServer "24727:TCP"= 24727:TCP:FlipShareServer . R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/1/2010 11:09 AM 84200] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 4:03 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 67656] R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 2:22 PM 1085440] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/12/2010 4:14 AM 366640] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/14/2008 9:41 PM 88176] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/1/2010 11:09 AM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/1/2010 11:09 AM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/1/2010 11:09 AM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/1/2010 11:09 AM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/1/2010 11:09 AM 56064] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/12/2010 4:14 AM 22712] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/1/2010 11:09 AM 314088] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/1/2010 11:09 AM 88736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 2:17 PM 133104] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/26/2010 11:54 PM 18560] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 2:17 PM 133104] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/1/2010 11:09 AM 88736] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/1/2010 11:09 AM 84488] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 12872] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2011-06-23 c:\windows\Tasks\Final Media Player Update Checker.job - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-05 21:35] . 2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 18:17] . 2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 18:17] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: internet Trusted Zone: intuit.com\ttlc Trusted Zone: mcafee.com TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\f0hdd127.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp:// FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-23 12:03 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1008) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . Completion time: 2011-06-23 12:08:49 ComboFix-quarantined-files.txt 2011-06-23 16:08 ComboFix2.txt 2011-05-18 23:32 ComboFix3.txt 2010-02-18 03:43 . Pre-Run: 27,300,167,680 bytes free Post-Run: 27,525,718,016 bytes free . - - End Of File - - 10DF9887752944883742C78807B0B627 . DDS (Ver_11-03-05.01) - NTFSx86 Run by Dennis at 12:52:05.46 on Thu 06/23/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.881 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Documents and Settings\Dennis\Application Data\Dropbox\bin\Dropbox.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Dennis\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110604224133.dll BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: CAdBlocker Object: {e24ad748-155e-4254-b674-4edf86e7e1df} - c:\progra~1\acronis\privac~1\Blocker.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\dennis\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\dennis\application data\dropbox\bin\Dropbox.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - c:\progra~1\acronis\privac~1\Blocker.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll Trusted Zone: internet Trusted Zone: intuit.com\ttlc Trusted Zone: mcafee.com DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\dennis\applic~1\mozilla\firefox\profiles\f0hdd127.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp:// FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\windows\system32\superadblocker.com\npsabffx.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-2 387480] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-1 84200] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 67656] R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-12 366640] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-11-14 88176] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-1 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-1 271480] R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-1 271480] R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-1 171168] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-1 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-1 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-1 56064] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-12 22712] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-2 153280] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-2 52320] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-1 314088] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-1 88736] R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-26 18560] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-1 88736] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-1 84488] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-2 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-2 40552] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-06-23 02:47:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-23 00:05:19 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-06 16:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll 2011-06-05 02:41:33 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll 2011-06-05 00:38:00 -------- d-----w- c:\program files\ESET 2011-05-28 23:55:04 -------- dc----r- C:\Sandbox 2011-05-28 23:53:47 -------- d-----w- c:\program files\Sandboxie 2011-05-27 17:09:18 -------- d-sh--w- c:\documents and settings\dennis\PrivacIE 2011-05-27 11:05:57 -------- d-sh--w- c:\documents and settings\dennis\IETldCache 2011-05-27 00:57:18 -------- d-----w- c:\windows\ie8updates 2011-05-27 00:51:45 -------- dc-h--w- c:\windows\ie8 2011-05-27 00:46:58 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll 2011-05-27 00:46:54 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2011-05-27 00:46:53 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-05-27 00:46:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2011-05-27 00:46:50 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2011-05-27 00:46:49 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2011-05-27 00:46:48 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll 2011-05-27 00:46:45 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll . ==================== Find3M ==================== . 2011-05-13 04:57:07 0 ----a-w- c:\windows\Griku.bin 2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 06:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec 2001-05-24 16:59:30 162304 ----a-w- c:\program files\UNWISE.EXE . ============= FINISH: 12:56:08.53 ===============
- June 23, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

Awesome, I will be able to do everything on Thursday, June 23.
- June 17, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

I actually don't have another computer on the network, just a Roku.
- June 13, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

any chance this could be a virus in my router?
- June 8, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

Thanks I'll do that, but I won't have access to the damaged computer for a few weeks, so it will be late June before I can post the information.
- June 8, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

did it, but i'm still getting the redirects
- June 5, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

I'm still getting the redirects. Here's an example hxxp://www.pcsecurityshield.com/lp/shield-deluxe-43.aspx?aid=wps766&Subid=5malware and to clarify, I only get the redirects when I use Firefox. I don't get them with IE.
- June 2, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

IE is updated, and I ran the ESET online again. It found this: C:\Documents and Settings\Suzi2\Application Data\Sun\Java\Deployment\cache\6.0\39\58ec35a7-404be173 a variant of Java/Exploit.CVE-2010-4452.A trojan cleaned by deleting - quarantined here are some examples of the hijacks If i do a google search (using Firefox) for 'XP Security malware' the first site that appears in the search is an ehow url: How to Get Rid of XP Security Center Malware | eHow.com How to Get Rid of XP Security Center Malware. XP Security Center is a rogue antispyware program despite its creators advertising it as a legitimate security ... www.ehow.com
- May 29, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

Thanks, I believe I understand now about replying correctly, all at once and then don't add anything until I hear back from you. I deleted all the old Java and installed the most current. I never use Internet Explorer, so I haven't updated it yet. I was able to download and run exehelper and now the file associations on the old profile work correctly, so I don't think I need to delete the old profile just yet. This is the exehelper log exeHelper by Raktor Build 20100414 Run at 19:12:19 on 05/25/11 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- I have re-run complete MBAM and McAffee scans and they both come back clean. This is the latest MBAM log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6644 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 5/25/2011 10:29:52 PM mbam-log-2011-05-25 (22-29-52).txt Scan type: Full scan (C:\|) Objects scanned: 304366 Time elapsed: 1 hour(s), 42 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I am still having occasional hijacks when I do google searches (most are blocked by MBAM Pro), so I know I'm not clean yet. I don't feel comfortable repeating any of the other cleaning efforts without your guidance, so I'll wait to hear from you. Thanks again. You guys who do this for us are literally unsung heroes.
- May 27, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

Looking at your other replies to users who have the same issue as me, if I try to even download exehelper, i get this:
- May 24, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

on the profile that is most functional, I am now getting Google search redirects to urls such as this http://aplsearch.net/in.cgi?22&parameter=java/exploit.cve-2010-4452.a&qbid=0.039800000000&qaff=14
- May 22, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

I was able to fix the Carbonite issue, now the only problems I have are restricted to the old user account.
- May 21, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

The browser hijack is still happening in my old profile as well, google searches are redirected to coupon sites etc.
- May 21, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

Antivir is now uninstalled, and these are the results from the ESET and the Security Check: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=6.00.2900.5512 (xpsp.080413-2105) # OnlineScanner.ocx=1.0.0.6522 # api_version=3.0.2 # EOSSerial=befee2d67ddaab4bb18ba2449d5a388f # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-05-21 04:59:28 # local_time=2011-05-21 12:59:28 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16774142 0 1 0 0 0 0 # compatibility_mode=5121 16777173 100 75 0 35099796 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=126462 # found=1 # cleaned=1 # scan_time=8295 C:\System Volume Information\_restore{9EE8FFE7-A98B-401B-96FD-32A41CC0A7CC}\RP451\A0090237.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Results of screen317's Security Check version 0.99.11 Windows XP Service Pack 3 Internet Explorer 6 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 McAfee AntiVirus Plus McAfee Virtual Technician ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 21 Java SE Runtime Environment 6 Update 1 Java 6 Update 2 Java 6 Update 3 Java 6 Update 5 Out of date Java installed! Adobe Flash Player 10.1.85.3 Adobe Reader X (10.0.1) ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe ``````````End of Log```````````` And these are the main issues I am still having: If I attempt to open a program from my old user profile, I get the file association dialog: or if I am in my old user profile, and Iattempt to open a utility in the control panel, I get a different error And finally, I have reinstalled it and made sure my firewall isn't blocking it, but carbonite can't access the internet from any user profile. Thanks so very much for spending time to help me with this.
- May 21, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

More information: This time, I had to run Combofix, MBAM, and DDS from my wife's user account. Previously I was able to run everything from my user account. Now, I can't get anything to work from my user account (where I first noticed all the problems). If I attempt to open MBAM or Firefox or anything from my user account, the file association dialog opens (the Open With box) and no matter what I select, nothing happens. Also, Carbonite lost connection with the internet on all user accounts about 11 days ago. And finally the system clock went back to 2003. I was able to reset the clock from my wife's user account, but the MBAM program still says it is 2798 days out of date.
- May 19, 2011
- 33 replies
Browser Hijacker - Again

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

Thanks for your help, this is the updated MBAM log file Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6612 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 5/18/2011 7:11:11 PM mbam-log-2011-05-18 (19-11-11).txt Scan type: Quick scan Objects scanned: 191864 Time elapsed: 15 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) this is the cf log: ComboFix 11-05-17.03 - Suzi2 05/18/2011 19:19:36.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1418 [GMT -4:00] Running from: c:\documents and settings\Suzi2\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Suzi2\Application Data\Adobe\plugs c:\documents and settings\Suzi2\Application Data\Adobe\shed c:\documents and settings\Suzi2\Local Settings\Application Data\{D7427597-ECD1-485E-ACCE-2A58EC457E82} c:\documents and settings\Suzi2\Local Settings\Application Data\{D7427597-ECD1-485E-ACCE-2A58EC457E82}\chrome.manifest c:\documents and settings\Suzi2\Local Settings\Application Data\{D7427597-ECD1-485E-ACCE-2A58EC457E82}\chrome\content\_cfg.js c:\documents and settings\Suzi2\Local Settings\Application Data\{D7427597-ECD1-485E-ACCE-2A58EC457E82}\chrome\content\overlay.xul c:\documents and settings\Suzi2\Local Settings\Application Data\{D7427597-ECD1-485E-ACCE-2A58EC457E82}\install.rdf c:\windows\system32\regobj.dll . . ((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 ))))))))))))))))))))))))))))))) . . 2011-05-18 02:15 . 2011-05-18 02:15 -------- dc----w- c:\documents and settings\Suzi2\Application Data\SUPERAntiSpyware.com 2011-05-18 02:11 . 2011-05-18 02:11 -------- dc----w- c:\documents and settings\Suzi2\Application Data\Avira 2011-05-13 05:31 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-05-13 05:31 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-05-13 05:31 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-05-13 05:31 . 2011-05-13 05:31 -------- dc----w- c:\documents and settings\All Users\Application Data\Avira 2011-05-13 05:31 . 2011-05-13 05:31 -------- d-----w- c:\program files\Avira 2011-05-06 01:03 . 2011-05-06 01:03 -------- d-----w- c:\windows\system32\LogFiles 2011-05-05 23:41 . 2011-05-06 22:03 -------- d-----w- c:\program files\Cisco Systems 2011-05-05 23:15 . 2011-05-05 23:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Cisco Systems 2011-05-03 07:05 . 2011-05-03 07:05 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-05-02 13:34 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll 2011-05-02 13:34 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-05-02 01:23 . 2011-05-02 01:23 -------- d-----w- c:\program files\Microsoft Synchronization Services 2011-05-02 01:21 . 2011-05-02 01:21 -------- dc----w- c:\documents and settings\All Users\Microsoft 2011-05-02 01:21 . 2011-05-02 01:21 -------- d-----w- c:\program files\Microsoft Sync Framework 2011-05-02 01:21 . 2011-05-02 01:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2011-05-02 01:06 . 2011-05-02 01:06 -------- d-----w- c:\program files\Microsoft Analysis Services 2011-04-23 21:37 . 2011-05-13 04:57 0 ----a-w- c:\windows\Griku.bin 2011-04-20 01:41 . 2011-04-20 01:41 -------- dc----w- c:\documents and settings\Suzi2\Application Data\HP 2011-04-20 01:41 . 2005-02-05 02:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll 2011-04-20 01:41 . 2005-04-08 15:51 258122 ----a-w- c:\windows\system32\hpovst08.dll 2011-04-20 01:41 . 2005-04-08 15:51 606208 ----a-w- c:\windows\system32\hpotscl.dll 2011-04-20 01:40 . 2005-03-18 18:32 180315 ----a-w- c:\windows\system32\hpzsnt12.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-14 18:01 . 2010-08-01 15:09 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-04-14 18:01 . 2010-08-01 15:09 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-04-14 18:01 . 2010-08-01 15:09 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-04-14 18:01 . 2010-08-01 15:09 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-04-14 18:01 . 2010-08-01 15:09 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-04-14 18:01 . 2010-08-01 15:09 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-04-14 18:01 . 2010-08-01 15:09 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-04-14 18:01 . 2007-02-03 00:17 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-04-14 18:01 . 2007-02-03 00:17 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-04-14 18:01 . 2007-02-03 00:17 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-04-01 21:07 . 2010-02-12 20:39 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-07 05:33 . 2007-02-02 18:13 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45 . 2003-07-16 20:49 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2003-07-16 20:51 1857920 ----a-w- c:\windows\system32\win32k.sys 2001-05-24 16:59 . 2008-05-26 02:53 162304 ----a-w- c:\program files\UNWISE.EXE 2011-04-14 18:01 . 2010-08-01 15:09 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-03 65536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768] "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-02-12 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2010-02-12 05:43 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"= "c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"= "c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"= "c:\\WINDOWS\\system32\\vssvc.exe"= "c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"= "c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "24726:TCP"= 24726:TCP:FlipShareServer "24727:TCP"= 24727:TCP:FlipShareServer . R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/1/2010 11:09 AM 84200] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 4:03 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 67656] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/13/2011 1:31 AM 136360] R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 2:22 PM 1085440] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/12/2010 4:14 AM 363344] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/14/2008 9:41 PM 88176] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/1/2010 11:09 AM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/1/2010 11:09 AM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/1/2010 11:09 AM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/1/2010 11:09 AM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/1/2010 11:09 AM 56064] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/12/2010 4:14 AM 20952] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/1/2010 11:09 AM 314088] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/1/2010 11:09 AM 88736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 2:17 PM 133104] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/26/2010 11:54 PM 18560] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 2:17 PM 133104] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/1/2010 11:09 AM 88736] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/1/2010 11:09 AM 84488] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 12872] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2003-09-19 c:\windows\Tasks\Final Media Player Update Checker.job - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-05 21:35] . 2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 18:17] . 2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 18:17] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com FF - ProfilePath - c:\documents and settings\Suzi2\Application Data\Mozilla\Firefox\Profiles\3t77m5o6.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} . - - - - ORPHANS REMOVED - - - - . BHO-{A095A6F6-B7E8-40E2-9A80-A235566C0FE6} - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) HKCU-Run-Mgekewori - c:\windows\lsonet.dll AddRemove-HijackThis - c:\documents and settings\Dennis\My Documents\HiJackThis\HijackThis.exe AddRemove-Shockwave - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE AddRemove-{E6358333-B89B-4243-8477-647C9360B5D9}_is1 - c:\documents and settings\Dennis\Local Settings\Application Data\Batchwork\Ppt-2-Ppt\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-18 19:29 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1008) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . Completion time: 2011-05-18 19:32:51 ComboFix-quarantined-files.txt 2011-05-18 23:32 ComboFix2.txt 2010-02-18 03:43 . Pre-Run: 22,931,062,784 bytes free Post-Run: 23,875,989,504 bytes free . - - End Of File - - C2327102AC15334966ABD365DC16749D and the two DDS logs . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 2/2/2007 1:20:29 PM System Uptime: 9/19/2003 1:33:07 AM (67171 hours ago) . Motherboard: Dell Computer Corp. | | 0K0057 Processor: Intel® Pentium® 4 CPU 2.66GHz | Microprocessor | 2660/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 75 GiB total, 22.251 GiB free. D: is CDROM () F: is FIXED (NTFS) - 297 GiB total, 243.901 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP428: 4/28/2011 3:49:36 AM - System Checkpoint RP429: 4/29/2011 4:49:35 AM - System Checkpoint RP430: 4/30/2011 5:49:34 AM - System Checkpoint RP431: 4/30/2011 10:28:10 AM - Software Distribution Service 3.0 RP432: 5/1/2011 11:02:07 AM - System Checkpoint RP433: 5/1/2011 8:57:11 PM - Installed Microsoft Office Professional Plus 2010 RP434: 5/1/2011 9:01:49 PM - Installed Microsoft Office Professional Plus 2010 RP435: 5/1/2011 9:33:22 PM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed RP436: 5/2/2011 10:21:31 AM - Software Distribution Service 3.0 RP437: 5/3/2011 3:00:50 AM - Software Distribution Service 3.0 RP438: 5/4/2011 3:00:25 AM - Software Distribution Service 3.0 RP439: 5/5/2011 3:16:06 AM - System Checkpoint RP440: 5/6/2011 4:08:39 AM - System Checkpoint RP441: 5/7/2011 3:00:42 PM - System Checkpoint RP442: 5/8/2011 3:28:41 PM - System Checkpoint RP443: 5/9/2011 3:49:27 PM - System Checkpoint RP444: 5/10/2011 4:49:27 PM - System Checkpoint RP445: 5/11/2011 5:49:27 PM - System Checkpoint RP446: 5/12/2011 3:00:20 AM - Software Distribution Service 3.0 RP447: 5/15/2011 1:42:36 AM - System Checkpoint RP448: 5/16/2011 2:30:54 AM - System Checkpoint RP449: 5/17/2011 3:31:10 AM - System Checkpoint RP450: 5/17/2011 9:54:22 PM - Restore Operation RP451: 5/17/2011 10:02:59 PM - Restore Operation . ==== Installed Programs ====================== . . 1400 1400_Help 1400Trb Acronis
- May 19, 2011
- 33 replies
Browser Hijacker - Again

Geographer posted a topic in Resolved Malware Removal Logs

Thanks in advance, you guys helped me back in 2008, and now I have a similar problem with a browser hijacker. Briefly, I had a the 'XP Security Center' mal appear a few days ago along with a browse hijacker that would redirect to findsutff.com, and I was able to remove them with Malwarebytes and Avira. I still have a browser hijacker that redirects searches to icityfind.com, but it doesn't do it every time I perform a search. In any case i appreciate any help you can offer: This is my latest mbam log Malwarebytes' Anti-Malware 1.44 Database version: 3730 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 6/13/2010 12:35:35 AM mbam-log-2010-06-13 (00-35-35).txt Scan type: Full Scan (C:\|) Objects scanned: 271054 Time elapsed: 2 hour(s), 50 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And this is the results of DDS . DDS (Ver_11-03-05.01) - NTFSx86 Run by Dennis at 13:19:59.89 on Sat 05/14/2011 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1220 [GMT -4:00] . AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\WINDOWS\system32\LxrJD31s.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Dennis\Application Data\Dropbox\bin\Dropbox.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\System32\dllhost.exe c:\PROGRA~1\mcafee.com\agent\McUpdate.exe C:\WINDOWS\explorer.exe C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Dennis\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110512215306.dll BHO: {A095A6F6-B7E8-40E2-9A80-A235566C0FE6} - No File BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: CAdBlocker Object: {e24ad748-155e-4254-b674-4edf86e7e1df} - c:\progra~1\acronis\privac~1\Blocker.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe StartupFolder: c:\docume~1\dennis\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\dennis\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - c:\progra~1\acronis\privac~1\Blocker.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll Trusted Zone: internet Trusted Zone: intuit.com\ttlc Trusted Zone: mcafee.com DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\dennis\applic~1\mozilla\firefox\profiles\f0hdd127.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp:// FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdbplug.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\windows\system32\superadblocker.com\npsabffx.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu FF - Ext: Wired-Marker: {e36db930-f18d-4449-b45f-e286cfb9e03a} - %profile%\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: XULRunner: {D7427597-ECD1-485E-ACCE-2A58EC457E82} - c:\documents and settings\suzi2\local settings\application data\{D7427597-ECD1-485E-ACCE-2A58EC457E82} FF - Ext: XULRunner: {68088CAC-141C-40D2-9A7A-F8B10F9B656E} - c:\documents and settings\dennis\local settings\application data\{68088CAC-141C-40D2-9A7A-F8B10F9B656E} . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-2 387480] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-13 11608] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-1 84200] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 67656] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-13 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-13 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-12 61960] R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-12 363344] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-11-14 88176] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-1 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-1 271480] R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-1 271480] R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-1 171168] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-1 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-1 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-1 56064] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-12 20952] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-2 153280] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-2 52320] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-1 314088] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-1 88736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-26 18560] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-1 88736] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-1 84488] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-2 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-2 40552] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-05-13 05:39:40 -------- d-----w- c:\docume~1\dennis\applic~1\Avira 2011-05-13 05:31:16 -------- dc----w- c:\docume~1\alluse~1\applic~1\Avira 2011-05-13 05:31:16 -------- d-----w- c:\program files\Avira 2011-05-06 01:03:28 -------- d-----w- c:\windows\system32\LogFiles 2011-05-05 23:41:05 -------- d-----w- c:\program files\Cisco Systems 2011-05-05 23:15:25 -------- dc----w- c:\docume~1\alluse~1\applic~1\Cisco Systems 2011-05-03 07:05:14 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-05-02 13:34:03 215920 ----a-w- c:\windows\system32\muweb.dll 2011-05-02 13:34:03 16736 ----a-w- c:\windows\system32\mucltui.dll.mui 2011-05-02 13:34:02 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-05-02 01:23:22 -------- d-----w- c:\program files\Microsoft Synchronization Services 2011-05-02 01:21:46 -------- dc----w- c:\documents and settings\all users\Microsoft 2011-05-02 01:21:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2011-05-02 01:06:32 -------- d-----w- c:\program files\Microsoft Analysis Services 2011-04-23 22:04:22 -------- d-----w- c:\docume~1\dennis\locals~1\applic~1\{68088CAC-141C-40D2-9A7A-F8B10F9B656E} 2011-04-23 21:37:13 0 ----a-w- c:\windows\Griku.bin 2011-04-20 01:41:12 98304 ----a-w- c:\windows\system32\hpzjsn01.dll 2011-04-20 01:41:11 606208 ----a-w- c:\windows\system32\hpotscl.dll 2011-04-20 01:41:11 258122 ----a-w- c:\windows\system32\hpovst08.dll 2011-04-20 01:40:18 180315 ----a-w- c:\windows\system32\hpzsnt12.dll 2011-04-18 17:29:27 -------- dc----w- C:\spoolerlogs . ==================== Find3M ==================== . 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-17 13:51:57 81920 ------w- c:\windows\system32\ieencode.dll 2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll 2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-02-17 12:37:38 369664 ------w- c:\windows\system32\html.iec 2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll 2001-05-24 16:59:30 162304 ----a-w- c:\program files\UNWISE.EXE . ============= FINISH: 13:22:47.92 =============== Attach.zip
- May 15, 2011
- 33 replies
Malware redirects searchs to 94.228.209.171 etc.

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

Thanks again, you are awesome! Is it okay to re-enable the defogger process now that everything is fixed? Also, do I need to turn system restore off and restart it after a reboot? D
- February 19, 2010
- 10 replies
Malware redirects searchs to 94.228.209.171 etc.

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

The uninstall went just fine and everything appears to be working properly. I can't thank you enough! What virus did I have by the way? Are there any other steps I need to take to return my system to normal?
- February 19, 2010
- 10 replies
Malware redirects searchs to 94.228.209.171 etc.

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

This is the result of the most recent combofix log: ComboFix 10-02-16.01 - Dennis 02/17/2010 22:21:49.1.1 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1738 [GMT -5:00] Running from: c:\documents and settings\Dennis\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Dennis\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FILE :: "c:\windows\Griku.bin" "c:\windows\Lsoquxawodafuve.dat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Griku.bin c:\windows\Lsoquxawodafuve.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DFBBADFABEED -------\Service_dfbbadfabeed ((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 ))))))))))))))))))))))))))))))) . 2010-02-14 20:57 . 2010-02-15 00:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-02-14 20:57 . 2010-02-15 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-02-12 20:39 . 2010-02-12 20:49 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-02-12 10:57 . 2010-02-12 10:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-02-12 09:30 . 2010-02-12 09:30 -------- d-s---w- c:\documents and settings\LocalService\UserData 2010-02-12 08:14 . 2010-02-12 08:14 -------- d-----w- c:\documents and settings\Dennis\Application Data\Malwarebytes 2010-02-12 08:14 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-12 08:14 . 2010-02-12 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-02-12 08:14 . 2010-02-12 08:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-12 08:14 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-12 06:18 . 2010-02-18 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2010-02-12 05:08 . 2010-02-12 05:08 -------- d-----w- c:\documents and settings\Dennis\Local Settings\Application Data\Threat Expert 2010-02-12 05:07 . 2010-02-12 05:07 -------- d-----w- c:\program files\Enigma Software Group 2010-02-12 04:47 . 2010-02-18 03:19 -------- d-----w- c:\program files\Spyware Doctor 2010-02-12 04:47 . 2010-02-18 03:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-02-12 02:02 . 2010-02-12 02:02 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2010-02-11 21:52 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-02-11 21:52 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-02-11 21:52 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2010-02-11 21:52 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-02-11 21:51 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys 2010-02-11 21:51 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-01-21 18:00 . 2010-01-21 18:00 -------- d-----w- c:\documents and settings\Meredith\Local Settings\Application Data\ApplicationHistory . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-18 03:07 . 2007-02-03 00:17 -------- d-----w- c:\program files\McAfee 2010-02-12 17:46 . 2010-02-12 05:44 117760 ----a-w- c:\documents and settings\Dennis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-02-12 05:45 . 2010-02-12 05:45 52224 ----a-w- c:\documents and settings\Dennis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-02-12 05:44 . 2008-05-06 03:48 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-02-11 21:50 . 2008-03-23 22:37 -------- d-----w- c:\program files\QuickTime 2010-02-04 14:29 . 2009-09-30 18:17 -------- d-----w- c:\program files\Google 2010-01-17 21:03 . 2009-11-25 21:18 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll 2009-12-31 16:50 . 2003-07-16 20:46 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-30 04:18 . 2009-12-30 04:18 -------- d-----w- c:\documents and settings\Dennis\Application Data\McAfee 2009-12-30 04:18 . 2007-02-02 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-12-27 22:07 . 2007-02-03 00:22 57768 -c--a-w- c:\documents and settings\Dennis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-27 19:12 . 2007-02-04 20:08 57768 -c--a-w- c:\documents and settings\Suzi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-27 18:46 . 2009-12-27 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\4D 2009-12-27 18:41 . 2009-12-27 18:41 -------- d-----w- c:\program files\4D Runtime Interpreted 2004.7 2009-12-27 18:40 . 2009-12-27 18:40 -------- d-----w- c:\program files\EVA 2009-12-22 05:21 . 2006-06-23 16:33 667136 ------w- c:\windows\system32\wininet.dll 2009-12-22 05:20 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll 2009-12-16 18:43 . 2007-02-02 18:11 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:27 . 2003-07-16 20:39 2189184 ------w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43 . 2002-08-29 01:04 2066048 ------w- c:\windows\system32\ntkrnlpa.exe 2009-12-07 03:38 . 2007-02-02 18:29 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-12-04 18:22 . 2003-07-16 20:34 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-11-30 06:12 . 2007-02-02 20:43 71168 ----a-w- c:\windows\system32\LxrJD31s.exe 2009-11-30 06:12 . 2007-02-02 20:43 69824 ----a-w- c:\windows\system32\drivers\LxrJD31d.sys 2009-11-30 06:12 . 2007-02-02 20:43 61440 ----a-w- c:\windows\system32\LxrJD20Sat.dll 2009-11-30 06:12 . 2007-02-02 20:43 249856 ----a-w- c:\windows\system32\LxrJD31.dll 2009-11-30 06:12 . 2007-02-02 20:43 163840 ----a-w- c:\windows\system32\LxrJD31c.exe 2009-11-30 06:12 . 2007-02-02 20:43 146432 ----a-w- c:\windows\system32\LxrJD31p.exe 2009-11-27 17:11 . 2003-07-16 20:42 1291776 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 17:11 . 2001-08-17 22:36 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 16:07 . 2003-07-16 20:36 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-27 16:07 . 2003-07-16 20:36 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-27 16:07 . 2003-07-16 20:24 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-25 21:22 . 2009-11-25 21:18 158 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\ssprs.dll 2009-11-25 21:18 . 2009-11-25 21:18 16 ---h--w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\ujgwo2n.dll 2009-11-25 21:16 . 2009-11-25 21:16 1025 ----a-w- c:\windows\system32\sysprs7.dll 2009-11-21 15:51 . 2003-07-16 20:23 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2001-05-24 16:59 . 2008-05-26 02:53 162304 ----a-w- c:\program files\UNWISE.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2009-09-19 01:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2009-09-19 01:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2009-09-19 01:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-03 65536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-07 198160] "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-09-19 670864] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-02-12 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2010-02-12 05:43 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"= "c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"= "c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"= "c:\\WINDOWS\\system32\\vssvc.exe"= "c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 3:03 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 3:03 PM 74480] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/12/2010 3:14 AM 236368] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/14/2008 8:41 PM 93320] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/12/2010 3:14 AM 19160] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 1:17 PM 133104] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\sasenum.sys [2/16/2006 3:51 PM 4096] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 18:17] 2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 18:17] 2010-02-15 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-02-03 16:22] 2010-01-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-02-03 16:22] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore Trusted Zone: mcafee.com FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\f0hdd127.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - BHO-{A095A6F6-B7E8-40E2-9A80-A235566C0FE6} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-17 22:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(632) c:\program files\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'explorer.exe'(3664) c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe c:\windows\system32\LxrJD31s.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\windows\System32\HPZipm12.exe c:\program files\Analog Devices\SoundMAX\spkrmon.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************** . Completion time: 2010-02-17 22:43:03 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-18 03:42 ComboFix2.txt 2010-02-17 02:22 Pre-Run: 24,291,524,608 bytes free Post-Run: 24,270,983,168 bytes free - - End Of File - - 19A7CCD46A747E62A0BE0AE78533BE9A
- February 18, 2010
- 10 replies
Malware redirects searchs to 94.228.209.171 etc.

Geographer replied to Geographer's topic in Resolved Malware Removal Logs

This is the combofix log information: ComboFix 10-02-16.01 - Dennis 02/16/2010 20:44:52.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1398 [GMT -5:00] Running from: c:\documents and settings\Dennis\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Dennis\Local Settings\Application Data\{78C3C6FE-FD84-43EF-8381-BEF7844FBDD7} c:\documents and settings\Dennis\Local Settings\Application Data\{78C3C6FE-FD84-43EF-8381-BEF7844FBDD7}\chrome.manifest c:\documents and settings\Dennis\Local Settings\Application Data\{78C3C6FE-FD84-43EF-8381-BEF7844FBDD7}\chrome\content\_cfg.js c:\documents and settings\Dennis\Local Settings\Application Data\{78C3C6FE-FD84-43EF-8381-BEF7844FBDD7}\chrome\content\overlay.xul c:\documents and settings\Dennis\Local Settings\Application Data\{78C3C6FE-FD84-43EF-8381-BEF7844FBDD7}\install.rdf c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\system32\lsprst7.dll c:\windows\system32\prsgrc.dll . ((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 ))))))))))))))))))))))))))))))) . 2010-02-14 20:57 . 2010-02-15 00:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-02-14 20:57 . 2010-02-15 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-02-12 20:39 . 2010-02-12 20:49 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-02-12 10:57 . 2010-02-12 10:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-02-12 09:30 . 2010-02-12 09:30 -------- d-s---w- c:\documents and settings\LocalService\UserData 2010-02-12 08:14 . 2010-02-12 08:14 -------- d-----w- c:\documents and settings\Dennis\Application Data\Malwarebytes 2010-02-12 08:14 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-12 08:14 . 2010-02-12 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-02-12 08:14 . 2010-02-12 08:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-12 08:14 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-12 06:18 . 2010-02-17 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2010-02-12 05:45 . 2010-02-12 05:45 52224 ----a-w- c:\documents and settings\Dennis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-02-12 05:44 . 2010-02-12 17:46 117760 ----a-w- c:\documents and settings\Dennis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-02-12 05:08 . 2010-02-12 05:08 -------- d-----w- c:\documents and settings\Dennis\Local Settings\Application Data\Threat Expert 2010-02-12 05:07 . 2010-02-12 05:07 -------- d-----w- c:\program files\Enigma Software Group 2010-02-12 04:47 . 2010-02-17 01:51 -------- d-----w- c:\program files\Spyware Doctor 2010-02-12 04:47 . 2010-02-17 01:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-02-12 02:02 . 2010-02-12 02:02 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2010-02-11 21:52 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-02-11 21:52 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-02-11 21:52 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2010-02-11 21:52 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-02-11 21:51 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys 2010-02-11 21:51 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-02-11 21:51 . 2010-02-12 05:43 0 ----a-w- c:\windows\Griku.bin 2010-02-11 21:51 . 2010-02-12 16:48 120 ----a-w- c:\windows\Lsoquxawodafuve.dat 2010-01-21 18:00 . 2010-01-21 18:00 -------- d-----w- c:\documents and settings\Meredith\Local Settings\Application Data\ApplicationHistory . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-12 05:44 . 2008-05-06 03:48 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-02-11 21:50 . 2008-03-23 22:37 -------- d-----w- c:\program files\QuickTime 2010-02-04 14:29 . 2009-09-30 18:17 -------- d-----w- c:\program files\Google 2010-01-17 21:03 . 2009-11-25 21:18 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll 2009-12-31 16:50 . 2003-07-16 20:46 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-30 04:18 . 2009-12-30 04:18 -------- d-----w- c:\documents and settings\Dennis\Application Data\McAfee 2009-12-30 04:18 . 2007-02-02 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-12-27 22:07 . 2007-02-03 00:22 57768 -c--a-w- c:\documents and settings\Dennis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-27 19:12 . 2007-02-04 20:08 57768 -c--a-w- c:\documents and settings\Suzi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-27 18:46 . 2009-12-27 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\4D 2009-12-27 18:41 . 2009-12-27 18:41 -------- d-----w- c:\program files\4D Runtime Interpreted 2004.7 2009-12-27 18:40 . 2009-12-27 18:40 -------- d-----w- c:\program files\EVA 2009-12-24 16:09 . 2007-02-03 00:17 -------- d-----w- c:\program files\McAfee 2009-12-22 05:21 . 2006-06-23 16:33 667136 ----a-w- c:\windows\system32\wininet.dll 2009-12-22 05:20 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll 2009-12-16 18:43 . 2007-02-02 18:11 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:27 . 2003-07-16 20:39 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43 . 2002-08-29 01:04 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-07 03:38 . 2007-02-02 18:29 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-12-04 18:22 . 2003-07-16 20:34 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-11-30 06:12 . 2007-02-02 20:43 71168 ----a-w- c:\windows\system32\LxrJD31s.exe 2009-11-30 06:12 . 2007-02-02 20:43 69824 ----a-w- c:\windows\system32\drivers\LxrJD31d.sys 2009-11-30 06:12 . 2007-02-02 20:43 61440 ----a-w- c:\windows\system32\LxrJD20Sat.dll 2009-11-30 06:12 . 2007-02-02 20:43 249856 ----a-w- c:\windows\system32\LxrJD31.dll 2009-11-30 06:12 . 2007-02-02 20:43 163840 ----a-w- c:\windows\system32\LxrJD31c.exe 2009-11-30 06:12 . 2007-02-02 20:43 146432 ----a-w- c:\windows\system32\LxrJD31p.exe 2009-11-27 17:11 . 2003-07-16 20:42 1291776 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 17:11 . 2001-08-17 22:36 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 16:07 . 2003-07-16 20:36 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-27 16:07 . 2003-07-16 20:36 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-27 16:07 . 2003-07-16 20:24 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-25 21:22 . 2009-11-25 21:18 158 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\ssprs.dll 2009-11-25 21:18 . 2009-11-25 21:18 16 ---h--w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\ujgwo2n.dll 2009-11-25 21:16 . 2009-11-25 21:16 1025 ----a-w- c:\windows\system32\sysprs7.dll 2009-11-21 15:51 . 2003-07-16 20:23 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2001-05-24 16:59 . 2008-05-26 02:53 162304 ----a-w- c:\program files\UNWISE.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2009-09-19 01:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2009-09-19 01:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2009-09-19 01:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-03 65536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-07 198160] "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-09-19 670864] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-02-12 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2010-02-12 05:43 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"= "c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"= "c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"= "c:\\WINDOWS\\system32\\vssvc.exe"= "c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 3:03 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 3:03 PM 74480] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/12/2010 3:14 AM 236368] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/14/2008 8:41 PM 93320] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/12/2010 3:14 AM 19160] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 dfbbadfabeed;5b5f45d62d002e18563f873ee163e9ad;c:\windows\dfbbadfabeed.exe /s --> c:\windows\dfbbadfabeed.exe [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 1:17 PM 133104] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\sasenum.sys [2/16/2006 3:51 PM 4096] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 18:17] 2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 18:17] 2010-02-15 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-02-03 16:22] 2010-01-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-02-03 16:22] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore Trusted Zone: buy-internetsecurity10.com Trusted Zone: internet Trusted Zone: is-software-download.com Trusted Zone: is10-soft-download.com Trusted Zone: mcafee.com Trusted Zone: buy-internetsecurity10.com FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\f0hdd127.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - BHO-{A095A6F6-B7E8-40E2-9A80-A235566C0FE6} - (no file) HKCU-Run-Sonic RecordNow! - (no file) SharedTaskScheduler-{b9b87990-3351-4941-ad13-b050beadff63} - c:\windows\system32\maweyeri.dll SSODL-rujinuror-{b9b87990-3351-4941-ad13-b050beadff63} - c:\windows\system32\maweyeri.dll Notify-ljJDssQJ - ljJDssQJ.dll Notify-WgaLogon - (no file) AddRemove-Lights Out - c:\program files\The Adventure Company\Dark Fall\Lights Out\Uninstal.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-16 21:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(632) c:\program files\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'explorer.exe'(3700) c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe c:\windows\system32\LxrJD31s.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\windows\System32\HPZipm12.exe c:\program files\Analog Devices\SoundMAX\spkrmon.exe c:\windows\system32\rundll32.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\windows\system32\wscntfy.exe c:\progra~1\mcafee.com\agent\mcupdate.exe . ************************************************************************** . Completion time: 2010-02-16 21:22:49 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-17 02:22 Pre-Run: 23,499,993,088 bytes free Post-Run: 24,468,672,512 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - BC4FA3A50C18CCF040C390768FCDC3DF
- February 17, 2010
- 10 replies

Events

Profiles

Forums

Everything posted by Geographer

Important Information