Jump to content

water55

Members
 View Profile  See their activity

  • Posts

    17

  • Joined

  • Last visited

Reputation

0 Neutral
  1. water55
    Hi, The wireless connection works now! Thank you!
  2. water55
    Hi, Here's what is says under it: 1394 Net Adapter Intel ® Pro/100 VE Network Connection Intel ® PRO/Wireless 2200BG Network Connection The first two are connected, that's how I've been going on the internet recently. Thanks again, really appreciate it.
  3. water55
    Hi, I've tried that too, but it still disconnects a couple of minutes after I type in the wireless key.
  4. water55
    Hi again, I uninstalled combofix but I still get disconnected. It does this weird thing where the wireless icon shows that it's disconnected but I can still go on the internet. After a couple of minutes I get disconnected for real. When I try to repair it says "following action cannot be completed: connecting to wireless network" BTW can I delete defrogger, OTL, etc or is there a special process I have to do? Thanks again.
  5. water55
    Thanks, I was getting worried. Here are the logs. I'm not sure if you need the extras.txt log but I'll post it just in case. Thanks again. Everything is running much better besides the wireless thing. OTL logfile created on: 12/8/2009 1:47:53 PM - Run 1 OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Christina Le\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1014.42 Mb Total Physical Memory | 381.78 Mb Available Physical Memory | 37.63% Memory free 2.38 Gb Paging File | 1.93 Gb Available in Paging File | 80.97% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 68.52 Gb Total Space | 52.06 Gb Free Space | 75.97% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: 078A6A7107074FC Current User Name: Christina Le Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Christina Le\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.) PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\iTunesHelper.exe (Apple Computer, Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.) PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation) PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Christina Le\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (iPodService) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.) SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (MCSTRM) -- C:\WINDOWS\system32\drivers\mcstrm.sys (RealNetworks, Inc.) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications) DRV - (tifmsony) -- C:\WINDOWS\system32\drivers\tifmsony.sys (Texas Instruments) DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel
  6. water55
    Hi, I've tried to the repair thing but it doesn't seem to work. I still get disconnected after I repair the connection. Here is the kaspersky report. During the scan a McAfee message popped up and reported finding vundo. Should I be worried? Thanks again. Monday, December 7, 2009 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, December 07, 2009 19:14:21 Records in database: 3340654 Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes Scan area My Computer C:\ D:\ E:\ Scan statistics Objects scanned 62438 Threats found 2 Infected objects found 5 Suspicious objects found 0 Scan duration 02:36:34 File name Threat Threats count C:\Qoobox\Quarantine\C\WINDOWS\system32\dezifamu.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\jatipife.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\veyevida.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\zadowebi.exe.vir Infected: Packed.Win32.Krap.ai 1 C:\System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP1\A0000029.exe Infected: Packed.Win32.Krap.ai 1 Selected area has been scanned.
  7. water55
    Hi, Here is the Malwarebytes log. It doesn't detect anything but I can't run ESET. After I click Start, the window is blank. After running combofix my wireless connection also disconnects every couple minutes. Does this mean I'm still infected? Thanks again Malwarebytes' Anti-Malware 1.42 Database version: 3305 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 12/6/2009 2:46:44 PM mbam-log-2009-12-06 (14-46-44).txt Scan type: Quick Scan Objects scanned: 111793 Time elapsed: 5 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  8. water55
    Hi, Here is the combofix log. Thanks again. ComboFix 09-12-05.03 - Christina Le 12/06/2009 0:25.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.499 [GMT -8:00] Running from: c:\documents and settings\Christina Le\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Christina Le\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} FILE :: "c:\windows\system32\besehevi.dll" "c:\windows\system32\zadowebi.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\zadowebi.exe . --------------- FCopy --------------- c:\eventlog.dll --> c:\windows\ServicePackFiles\i386\eventlog.dll c:\eventlog.dll --> c:\windows\$NtServicePackUninstall$\eventlog.dll c:\eventlog.dll --> c:\windows\System32\eventlog.dll . ((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 ))))))))))))))))))))))))))))))) . 2009-12-06 08:38 . 2009-12-06 08:38 -------- d-----w- c:\windows\LastGood 2009-12-06 08:25 . 2008-04-14 09:41 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll 2009-12-06 08:25 . 2008-04-14 09:41 56320 ----a-w- c:\windows\system32\eventlog.dll 2009-12-05 00:28 . 2009-12-05 00:28 -------- d-----w- C:\_OTL 2009-12-02 09:02 . 2009-12-02 09:03 3696032 ----a-w- c:\program files\mbam-rules.exe 2009-12-02 08:55 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-02 08:55 . 2009-12-02 09:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-02 08:55 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-02 08:52 . 2009-12-02 08:54 4045528 ----a-w- c:\program files\mbam-setup.exe 2009-12-02 03:33 . 2009-12-02 03:33 -------- d--h--w- c:\windows\PIF 2009-11-30 05:40 . 2009-12-02 09:43 -------- d-----w- c:\documents and settings\Christina Le\Local Settings\Application Data\deqyvg 2009-11-09 04:58 . 2009-11-09 04:58 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-11-09 04:58 . 2009-11-09 04:58 -------- d-----w- c:\program files\DVDVideoSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-05 01:23 . 2009-09-12 00:28 -------- d-----w- c:\documents and settings\Christina Le\Application Data\Logs 2009-10-11 20:07 . 2009-10-11 20:08 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-11 20:07 . 2006-03-02 08:56 -------- d-----w- c:\program files\Java 2009-10-11 20:07 . 2009-10-11 20:07 152576 ----a-w- c:\documents and settings\Christina Le\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-09-19 07:37 . 2008-01-27 06:47 33568 ----a-w- c:\documents and settings\Christina Le\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-13 20:23 . 2009-09-13 20:23 6944624 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe 2008-02-18 03:00 . 2008-02-18 02:59 13905056 ----a-w- c:\program files\Install_AIM.exe 2008-02-01 01:11 . 2008-02-01 01:11 22528 ----a-w- c:\program files\willow_project_profile_2008.doc 2006-02-23 23:31 . 2006-02-23 23:31 14144000 ----a-w- c:\program files\iTunes.exe 2006-02-23 22:56 . 2006-02-23 22:56 102400 ----a-w- c:\program files\iTunesMiniPlayer.dll 2006-02-23 22:45 . 2006-02-23 22:45 278528 ----a-w- c:\program files\iTunesHelper.exe 2006-02-22 17:47 . 2006-02-22 17:47 4634 ----a-w- c:\program files\About iTunes.rtf 2005-08-09 23:33 . 2005-08-09 23:33 8356 ----a-w- c:\program files\Acknowledgements.rtf 2004-07-15 16:07 . 2004-07-15 16:07 434176 ----a-w- c:\program files\CDDBControlApple.dll 2004-03-08 21:07 . 2004-03-08 21:07 49152 ----a-w- c:\program files\ITDetector.ocx 2008-09-29 15:07 . 2009-09-19 07:26 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . ((((((((((((((((((((((((((((( SnapShot@2009-12-05_01.31.43 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-06 08:34 . 2009-12-06 08:34 16384 c:\windows\temp\Perflib_Perfdata_80.dat + 2009-12-06 08:34 . 2009-12-06 08:34 16384 c:\windows\temp\Perflib_Perfdata_5f0.dat - 2009-12-05 01:38 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\spcustom.dll - 2009-12-05 01:38 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\spmsg.dll + 2009-01-12 08:02 . 2008-04-14 09:41 56320 c:\windows\$NtServicePackUninstall$\eventlog.dll - 2009-12-05 01:38 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\updspapi.dll - 2009-12-05 01:38 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\update.exe - 2009-12-05 01:38 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\spuninst.exe - 2009-12-05 01:38 . 2009-09-11 14:13 136704 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp3qfe\msv1_0.dll - 2009-12-05 01:38 . 2009-09-11 14:18 136192 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp3gdr\msv1_0.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688] "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688] "PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "iTunesHelper"="c:\program files\iTunesHelper.exe" [2006-02-23 278528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-06 155648] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\196R994Qd.exe" [2009-12-02 1312080] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"= R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 7:07 AM 19456] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [9/24/2009 5:24 PM 67904] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/17/2008 7:01 PM 24652] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/24/2009 5:24 PM 64432] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm TCP: {308E66E6-E09C-41AC-826A-3DD6D7F83F16} = 193.104.110.38,4.2.2.1,192.168.1.254 TCP: {7942EEBF-CA44-4928-8BAF-EFD01E8BF0DE} = 193.104.110.38,4.2.2.1 FF - ProfilePath - c:\documents and settings\Christina Le\Application Data\Mozilla\Firefox\Profiles\46ab06tt.default\ FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-06 00:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(864) c:\windows\system32\VESWinlogon.dll - - - - - - - > 'explorer.exe'(616) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\mfeann.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\program files\Apoint\Apntex.exe c:\program files\iPod\bin\iPodService.exe c:\program files\McAfee\Common Framework\McTray.exe . ************************************************************************** . Completion time: 2009-12-06 00:52 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-06 08:51 ComboFix2.txt 2009-12-05 01:46 Pre-Run: 56,034,197,504 bytes free Post-Run: 55,995,473,920 bytes free - - End Of File - - 55BC4D45496C0B4610EABA61F62E466B
  9. water55
    Here is the Combofix log. Thanks a bunch. ComboFix 09-12-04.02 - Christina Le 12/04/2009 17:10.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.403 [GMT -8:00] Running from: c:\documents and settings\Christina Le\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Christina Le\Application Data\Logs\scns.log c:\recycler\S-1-5-21-1229272821-706699826-839522115-1005 c:\recycler\S-1-5-21-1388569314-1795991618-3006732738-1003 c:\recycler\S-1-5-21-1482476501-776561741-839522115-1003 c:\recycler\S-1-5-21-2380657726-3734598010-3631447877-1003 c:\recycler\S-1-5-21-2674361505-969318620-4082022749-1003 c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\setup.exe c:\windows\system32\18467.exe c:\windows\system32\dezifamu.dll c:\windows\system32\jatipife.dll c:\windows\system32\veyevida.dll ----- BITS: Possible infected sites ----- hxxp://82.98.235.29 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 ))))))))))))))))))))))))))))))) . 2009-12-05 00:28 . 2009-12-05 00:28 -------- d-----w- C:\_OTL 2009-12-02 08:55 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-02 08:55 . 2009-12-02 09:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-02 08:55 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-02 03:33 . 2009-12-02 03:33 -------- d--h--w- c:\windows\PIF 2009-11-30 05:40 . 2009-12-02 09:43 -------- d-----w- c:\documents and settings\Christina Le\Local Settings\Application Data\deqyvg 2009-11-09 04:58 . 2009-11-09 04:58 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-11-09 04:58 . 2009-11-09 04:58 -------- d-----w- c:\program files\DVDVideoSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-05 01:23 . 2009-09-12 00:28 -------- d-----w- c:\documents and settings\Christina Le\Application Data\Logs 2009-10-11 20:07 . 2009-10-11 20:08 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-11 20:07 . 2006-03-02 08:56 -------- d-----w- c:\program files\Java 2009-10-11 20:07 . 2009-10-11 20:07 152576 ----a-w- c:\documents and settings\Christina Le\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-10-07 00:46 . 2006-03-02 08:11 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-07 00:46 . 2009-10-07 00:46 -------- d-----w- c:\program files\Veoh Networks 2009-09-19 07:37 . 2008-01-27 06:47 33568 ----a-w- c:\documents and settings\Christina Le\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-13 20:23 . 2009-09-13 20:23 6944624 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe 2008-02-18 03:00 . 2008-02-18 02:59 13905056 ----a-w- c:\program files\Install_AIM.exe 2008-02-01 01:11 . 2008-02-01 01:11 22528 ----a-w- c:\program files\willow_project_profile_2008.doc 2006-02-23 23:31 . 2006-02-23 23:31 14144000 ----a-w- c:\program files\iTunes.exe 2006-02-23 22:56 . 2006-02-23 22:56 102400 ----a-w- c:\program files\iTunesMiniPlayer.dll 2006-02-23 22:45 . 2006-02-23 22:45 278528 ----a-w- c:\program files\iTunesHelper.exe 2006-02-22 17:47 . 2006-02-22 17:47 4634 ----a-w- c:\program files\About iTunes.rtf 2005-08-09 23:33 . 2005-08-09 23:33 8356 ----a-w- c:\program files\Acknowledgements.rtf 2004-07-15 16:07 . 2004-07-15 16:07 434176 ----a-w- c:\program files\CDDBControlApple.dll 2004-03-08 21:07 . 2004-03-08 21:07 49152 ----a-w- c:\program files\ITDetector.ocx 2008-09-29 15:07 . 2009-09-19 07:26 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll 2009-09-05 00:10 . 2009-09-05 00:10 62464 --sha-w- c:\windows\system32\besehevi.dll 2009-09-01 07:06 . 2009-09-01 07:06 102400 --sha-w- c:\windows\system32\zadowebi.exe . ------- Sigcheck ------- [7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll [7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll c:\windows\System32\eventlog.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688] "PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "iTunesHelper"="c:\program files\iTunesHelper.exe" [2006-02-23 278528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-06 155648] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\196R994Qd.exe" [2009-12-02 1312080] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-06-29 14720000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"= R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 7:07 AM 19456] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [9/24/2009 5:24 PM 67904] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/17/2008 7:01 PM 24652] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/24/2009 5:24 PM 64432] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm TCP: {308E66E6-E09C-41AC-826A-3DD6D7F83F16} = 193.104.110.38,4.2.2.1,192.168.1.254 TCP: {7942EEBF-CA44-4928-8BAF-EFD01E8BF0DE} = 193.104.110.38,4.2.2.1 FF - ProfilePath - c:\documents and settings\Christina Le\Application Data\Mozilla\Firefox\Profiles\46ab06tt.default\ FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . - - - - ORPHANS REMOVED - - - - HKCU-Run-Aim6 - (no file) HKLM-Run-rejugajat - c:\windows\system32\veyevida.dll SharedTaskScheduler-{7f0e5319-b7e9-4e0b-8412-33f85c2c04bc} - c:\windows\system32\veyevida.dll SSODL-yuradiyin-{7f0e5319-b7e9-4e0b-8412-33f85c2c04bc} - c:\windows\system32\veyevida.dll AddRemove-PictureItSuiteTrial_v11 - c:\program files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe ADDREMOVE=1 SKU=TRIAL VERSION=11 AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-04 17:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(860) c:\windows\system32\VESWinlogon.dll - - - - - - - > 'explorer.exe'(2952) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\mfeann.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\windows\system32\wscntfy.exe c:\program files\Apoint\Apntex.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\Rundll32.exe c:\program files\McAfee\Common Framework\McTray.exe . ************************************************************************** . Completion time: 2009-12-04 17:46 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-05 01:46 Pre-Run: 56,136,413,184 bytes free Post-Run: 56,020,815,872 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - ECDFD49630840644B0885E3678776AFE
  10. water55
    Hi, I was unable to change the proxy settings for internet explorer before I ran OTL because it wouldn't open, but it's changed now. Here is the log. Thanks again, I really appreciate it. All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rejugajat deleted successfully. C:\WINDOWS\system32\jaduzumi.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:zukenezo.dll deleted successfully. C:\WINDOWS\system32\zukenezo.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\jaduzumi.dll deleted successfully. File C:\WINDOWS\system32\jaduzumi.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\nukupagil not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7656c049-273a-4a64-8ba9-a80375ea2884}\ not found. File C:\WINDOWS\system32\jaduzumi.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{7656c049-273a-4a64-8ba9-a80375ea2884} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7656c049-273a-4a64-8ba9-a80375ea2884}\ not found. File C:\WINDOWS\system32\jaduzumi.dll not found. C:\vbaaaah.exe moved successfully. C:\WINDOWS\system32\11478.exe moved successfully. C:\WINDOWS\system32\15724.exe moved successfully. C:\WINDOWS\system32\19169.exe moved successfully. C:\WINDOWS\system32\26500.exe moved successfully. C:\WINDOWS\system32\6334.exe moved successfully. C:\WINDOWS\system32\fiwevoga.dll moved successfully. File C:\WINDOWS\System32\jaduzumi.dll not found. C:\WINDOWS\system32\rumepopo.dll moved successfully. C:\WINDOWS\system32\dasofupu.dll moved successfully. C:\WINDOWS\system32\buyaneju.dll moved successfully. C:\WINDOWS\system32\loyuwisa.dll moved successfully. C:\WINDOWS\system32\vasidifu.dll moved successfully. File C:\WINDOWS\System32\zukenezo.dll not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Christina Le ->Temp folder emptied: 1229712521 bytes ->Temporary Internet Files folder emptied: 9668874 bytes ->Java cache emptied: 28077576 bytes ->FireFox cache emptied: 61841885 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 131206 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 2577 bytes Windows Temp folder emptied: 50368512 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 169811 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1316.09 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.1.11.4 log created on 12042009_162835 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5c8.dat not found! Registry entries deleted on Reboot...
  11. water55
    Hi, Sorry, but I'm not sure about the proxy thing. How would I check that on internet explorer and firefox? I'm using another computer right now, but I post the logs once I get back later today. Thanks in advance for the help.
  12. water55
    Hi. Thank you for helping me. I've tried using OTL, but every time I do it never finishes the scan (it stops at HKEY_Current_user/UninstallList). I've copied and pasted the OTL.txt log, but I don't know that's what you are looking for. I also tried going into safe mode but it never works. I've also been infected with Vundo H and it's causing McAfee to scan the 3 same files over and over so I keep on getting the same message every second. This pop up prevents me from opening firefox, malwarebytes, and other programs on my comp. I had to restart a couple times just to get firefox to open. Thanks in advance for the help. OTL logfile created on: 12/3/2009 10:49:40 PM - Run 1 OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Christina Le\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1014.42 Mb Total Physical Memory | 530.20 Mb Available Physical Memory | 52.27% Memory free 2.38 Gb Paging File | 2.05 Gb Available in Paging File | 86.04% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 68.52 Gb Total Space | 51.21 Gb Free Space | 74.74% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: 078A6A7107074FC Current User Name: Christina Le Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Christina Le\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.) PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\iTunesHelper.exe (Apple Computer, Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.) PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation) PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Christina Le\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\jaduzumi.dll () MOD - C:\WINDOWS\system32\zukenezo.dll () ========== Win32 Services (SafeList) ========== SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (iPodService) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.) SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (MCSTRM) -- C:\WINDOWS\system32\drivers\mcstrm.sys (RealNetworks, Inc.) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications) DRV - (tifmsony) -- C:\WINDOWS\system32\drivers\tifmsony.sys (Texas Instruments) DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel
  13. water55
    When I rebooted, I kept on getting messages like "this file is not a valid Windows Image. Please check installation disk." I did another quick scan and it found some more infected items so I'm posted the log just in case. After this scan, antivirus system pro and this other fake security program (not sure what it is but it's a big red circle with a X in the center on my toolbar) seem to be gone. Also before I got this message before startup that worm.win32.netsky has infected my computer. Should I be worried? Malwarebytes' Anti-Malware 1.41 Database version: 3181 Windows 5.1.2600 Service Pack 3 12/2/2009 1:42:09 AM mbam-log-2009-12-02 (01-42-09).txt Scan type: Quick Scan Objects scanned: 109775 Time elapsed: 18 minute(s), 57 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 3 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: C:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\daqdrv (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\exbycanb (Trojan.FakeAlert.N) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\exbycanb (Trojan.FakeAlert.N) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\daqdrv.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Christina Le\Local Settings\Application Data\deqyvg\qvyhsysguard.exe (Trojan.FakeAlert.N) -> Delete on reboot. C:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\AVR10.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winhelper86.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  14. water55
    Here is the Malwarebytes log. Thanks again Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 12/2/2009 1:10:12 AM mbam-log-2009-12-02 (01-10-12).txt Scan type: Quick Scan Objects scanned: 100311 Time elapsed: 7 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 2 Registry Values Infected: 3 Registry Data Items Infected: 9 Folders Infected: 0 Files Infected: 10 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\system32\jusirodo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\sezogibe.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{6517263b-e04a-4c58-8e03-14eef9a06a8f} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rejugajat (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{6517263b-e04a-4c58-8e03-14eef9a06a8f} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\popiroduz (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jusirodo.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jusirodo.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\jusirodo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\defarewo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jadelamo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kunuzavi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lewowesa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mulipiza.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sezogibe.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\sidenohe.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tehayela.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yejimoya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  15. water55
    Hi, I had to use rkill to use ATF Cleaner and GMER. I hope that's okay. Here is the log for GMER rootkit scanner. Thanks in advance. GMER 1.0.15.15252 - http://www.gmer.net Rootkit scan 2009-12-01 21:46:33 Windows 5.1.2600 Service Pack 3 Running: nyh08d1y.exe; Driver: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\ffkoraog.sys ---- System - GMER 1.0.15 ---- Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xF73981C8] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7398086] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xF7398020] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF7398034] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF739809A] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF73980C6] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF7398134] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF739811E] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xF739814A] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7398208] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF7398176] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7398072] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7397FE4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7397FF8] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF73981DC] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xF73981B2] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF7398108] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF73980F2] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF73980B0] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xF739819E] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xF739818A] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xF739805E] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF739804A] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF73980DC] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7398237] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xF7398160] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF739821E] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF73981F2] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) ---- EOF - GMER 1.0.15 ----
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.