Jump to content

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:33:17 PM, on 5/19/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19048)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\windows\SMINST\scheduler.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\Explorer.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\tina merrifield.COMNET\Desktop\Virus\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:\\C:\Program Files\Internet Explorer\MyGoogle.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110519091802.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\RunOnce: [sT Recovery Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-21-2923289019-1991700180-2435281453-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Ctx_StreamingSvc')

O4 - HKUS\S-1-5-21-2923289019-1991700180-2435281453-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Ctx_StreamingSvc')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O15 - Trusted Zone: http://*.ccex1

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: toolboxOI - http://it.toolbox.com/home/toolboxOI.CAB

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} (ICWMInstallObj Class) - https://qwestconferencing.qwest.com/confmgr/installs/ICWMInstall.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.6.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} (SCDeviceMonitor Class) - https://ccbes1/webconsole/RIMWebComponents.cab

O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab

O16 - DPF: {DC120706-9372-4B2E-AD15-F2135F51F30A} (Session Viewer) - https://192.168.100.240/plugins/vkvm/ActiveXVideoViewer.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://192.168.100.43/activex/AMC.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mcafeesaas.webex.com/client/T27L10NSP11EP5/training/ieatgpc1.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = comnet.com

O17 - HKLM\Software\..\Telephony: DomainName = comnet.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = comnet.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = comnet.com

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\PROGRA~1\Citrix\System32\mfaphook.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Extend360 Enforcement Agent (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Citrix Diagnostic Facility COM Server (CdfSvc) - Citrix Systems, Inc. - C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: Citrix Streaming Service (RadeSvc) - Citrix Systems, Inc. - C:\Program Files\Citrix\Streaming Client\RadeSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Sage Service Host (v1.0) (Sage.LS1.ServiceHost.1.0) - Sage Software, Inc. - C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe

--

End of file - 9278 bytes

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Sorry for the delay. Here is the MBAM log and DDS log.

MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6655

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19048

5/23/2011 2:41:51 PM

mbam-log-2011-05-23 (14-41-51).txt

Scan type: Full scan (C:\|)

Objects scanned: 343384

Time elapsed: 1 hour(s), 23 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS:

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.19048

Run by tina merrifield at 15:18:41 on 2011-05-23

Microsoft

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

I have attached the info you requested. Thanks for your help!!

ESET ONLINE SCANNER:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6522

# api_version=3.0.2

# EOSSerial=8f4b7fff82f79244b4a03e4a919120e2

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-05-31 06:30:53

# local_time=2011-05-31 01:30:53 (-0600, Central Daylight Time)

# country="United States"

# lang=9

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776574 100 95 6262504 143467834 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=226594

# found=1

# cleaned=1

# scan_time=6474

C:\Users\tina merrifield.COMNET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ANU7GLUR\cveucohwhnamy[1].pdf PDF/Exploit.Pidief.PDS.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

SECURITY CHECKUP LOG:

Results of screen317's Security Check version 0.99.12

Windows Vista Service Pack 2 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

McAfee VirusScan Enterprise

McAfee Virtual Technician

McAfee Agent

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 2

Out of date Java installed!

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

McAfee VirusScan Enterprise VsTskMgr.exe

McAfee VirusScan Enterprise mfeann.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
KILLALL::
RenV::
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl .exe
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray .exe
c:\program files\Analog Devices\Core\smax4pnp .exe
c:\program files\HP\Digital Imaging\bin\hpqSRMon .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\HP\SetRefresh\SetRefresh .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\PDF Complete\pdfsty .exe
c:\program files\QuickTime\QTTask .exe

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...

I have completed the steps above and IE is still corrupted. Here is the info (I've attached the files as well):

COMBOFIX:

ComboFix 11-07-12.09 - tina merrifield 07/13/2011 12:32:23.6.4 - x86

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3566.2225 [GMT -5:00]

Running from: c:\users\tina merrifield.COMNET\Desktop\Virus\July13\ComboFix.exe

Command switches used :: c:\users\tina merrifield.COMNET\Desktop\Virus\July13\CFScript.txt

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-13 to 2011-07-13 )))))))))))))))))))))))))))))))

.

.

2011-07-13 17:37 . 2011-07-13 17:37 -------- d-----w- c:\users\tina merrifield\AppData\Local\temp

2011-07-13 17:37 . 2011-07-13 17:37 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-07-13 17:37 . 2011-07-13 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-13 17:37 . 2011-07-13 17:37 -------- d-----w- c:\users\Ctx_StreamingSvc\AppData\Local\temp

2011-07-13 00:53 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-07-13 00:53 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-07-13 00:53 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-06-29 00:14 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-06 19:03 . 2011-06-06 19:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-06 18:38 . 2011-06-06 18:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-19 14:16 . 2011-05-19 14:17 162928 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-05-19 14:16 . 2011-05-19 14:18 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll

2011-05-19 14:16 . 2011-05-19 14:18 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-05-19 14:16 . 2011-05-19 14:17 145936 ----a-w- c:\windows\system32\mfevtps.exe

2011-05-19 14:16 . 2011-05-19 14:18 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-05-19 14:16 . 2011-05-19 14:17 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-05-19 14:16 . 2010-03-26 00:07 22816 ----a-w- c:\windows\system32\MFEOtlk.dll

2011-05-19 14:16 . 2011-05-19 14:18 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-05-19 14:16 . 2011-05-19 14:18 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-05-19 14:16 . 2011-05-19 14:18 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-05-03 13:02 . 2011-05-03 13:02 53248 ----a-r- c:\users\tina merrifield.COMNET\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-09-25 136512]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-03-31 273544]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2008-02-22 44168]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Citrix\System32\mfaphook.dll

.

[HKLM\~\startupfolder\C:^Users^tina merrifield.COMNET^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]

path=c:\users\tina merrifield.COMNET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2009-02-27 16:14 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

2009-02-27 20:54 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2009-08-24 19:27 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-21 02:23 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-01-02 22:06 166424 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-01-02 22:07 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2009-11-05 20:35 1468256 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]

2009-11-05 20:45 1505144 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]

2011-03-02 04:14 190808 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-01-02 22:07 133656 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-05-27 02:50 15147400 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2007-07-10 04:40 1282048 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-03-31 14:35 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-05-19 85152]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]

S1 cdfdrv;cdfdrv;c:\windows\system32\DRIVERS\cdfdrv.sys [2007-05-24 22968]

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-05-19 162928]

S2 ctxpidmn;ctxpidmn;c:\windows\system32\DRIVERS\ctxpidmn.sys [2007-07-05 20424]

S2 CtxSbx;CtxSbx;c:\windows\system32\DRIVERS\CtxSbx.sys [2007-07-05 161352]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-05-19 145936]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-04-07 576024]

S2 RadeSvc;Citrix Streaming Service;c:\program files\Citrix\Streaming Client\RadeSvc.exe [2007-07-05 237568]

S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-13 c:\windows\Tasks\User_Feed_Synchronization-{4D9B0C0D-847B-45EA-A652-1F6C303D323E}.job

- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop

uInternet Settings,ProxyOverride = *.local

Trusted Zone: ccex1

Trusted Zone: comnetcomm.com\www

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: sagenorthamerica.com\customers

TCP: DhcpNameServer = 192.168.101.11 192.168.100.10

DPF: toolboxOI - hxxp://it.toolbox.com/home/toolboxOI.CAB

DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} - hxxps://qwestconferencing.qwest.com/confmgr/installs/ICWMInstall.cab

DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} - hxxps://ccbes1/webconsole/RIMWebComponents.cab

DPF: {DC120706-9372-4B2E-AD15-F2135F51F30A} - hxxps://192.168.100.240/plugins/vkvm/ActiveXVideoViewer.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://192.168.100.43/activex/AMC.cab

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-RTHDBPL - C:\autoexec.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-13 12:55

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\AEADISRV.EXE

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Citrix\System32\CdfSvc.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files\McAfee\VirusScan Enterprise\mfeann.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\program files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\windows\system32\WUDFHost.exe

c:\windows\SMINST\scheduler.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-07-13 12:59:10 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-13 17:58

ComboFix2.txt 2011-06-13 14:10

ComboFix3.txt 2011-05-27 15:26

.

Pre-Run: 130,376,732,672 bytes free

Post-Run: 130,328,723,456 bytes free

.

- - End Of File - - 6256948D52D8F7FD6A06F7C8A6C3691F

DDS:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.19088

Run by tina merrifield at 13:39:39 on 2011-07-13

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

C:\Program Files\PDF Complete\pdfsvc.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files\Citrix\Streaming Client\RadeSvc.exe

C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\windows\SMINST\scheduler.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\tina merrifield.COMNET\Desktop\Virus\July13\dds.scr

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k HPService

.

============== Pseudo HJT Report ===============

.

uStart Page = file:\\c:\program files\internet explorer\MyGoogle.html

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110519091802.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

EB: GoogleBar: {31dafb0b-1090-4e86-91db-11a77fba5361} - c:\users\tina merrifield.comnet\appdata\roaming\google.com\googlebar\adxloader.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRunOnce: [sT Recovery Launcher] %WINDIR%\SMINST\launcher.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: ccex1

Trusted Zone: comnetcomm.com\www

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: sagenorthamerica.com\customers

DPF: toolboxOI - hxxp://it.toolbox.com/home/toolboxOI.CAB

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} - hxxps://qwestconferencing.qwest.com/confmgr/installs/ICWMInstall.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.6.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} - hxxps://ccbes1/webconsole/RIMWebComponents.cab

DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {DC120706-9372-4B2E-AD15-F2135F51F30A} - hxxps://192.168.100.240/plugins/vkvm/ActiveXVideoViewer.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://192.168.100.43/activex/AMC.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mcafeesaas.webex.com/client/T27L10NSP11EP5/training/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 192.168.101.11 192.168.100.10

TCP: Interfaces\{098DCEE8-ABDB-4C92-A1CD-A0F04075962F} : DhcpNameServer = 192.168.101.11 192.168.100.10

TCP: Interfaces\{85ECF4A2-BE79-4806-8781-9DCEAC6BC087} : DhcpNameServer = 192.168.100.10

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\citrix\system32\mfaphook.dll

.

============= SERVICES / DRIVERS ===============

.

R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? mferkdet;McAfee Inc. mferkdet

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

R? WSDPrintDevice;WSD Print Support via UMB

S? cdfdrv;cdfdrv

S? ctxpidmn;ctxpidmn

S? CtxSbx;CtxSbx

S? McAfeeFramework;McAfee Framework Service

S? McShield;McAfee McShield

S? McTaskManager;McAfee Task Manager

S? mfeavfk;McAfee Inc. mfeavfk

S? mfebopk;McAfee Inc. mfebopk

S? mfehidk;McAfee Inc. mfehidk

S? mfevtp;McAfee Validation Trust Protection Service

S? mfewfpk;McAfee Inc. mfewfpk

S? NPF;NetGroup Packet Filter Driver

S? pdfcDispatcher;PDF Document Manager

S? RadeSvc;Citrix Streaming Service

S? Sage.LS1.ServiceHost.1.0;Sage Service Host (v1.0)

S? UMVPFSrv;UMVPFSrv

.

=============== Created Last 30 ================

.

2011-07-13 17:55:14 -------- d-----w- C:\$RECYCLE.BIN

2011-07-13 00:53:28 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-07-13 00:53:15 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-13 00:53:15 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-06-29 00:14:20 276992 ----a-w- c:\windows\system32\schannel.dll

.

==================== Find3M ====================

.

2011-06-27 22:07:36 256 ----a-w- c:\windows\system32\pool.bin

2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe

2011-06-06 19:03:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-06 18:38:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll

2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec

2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-19 14:16:25 162928 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-05-19 14:16:24 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-05-19 14:16:24 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll

2011-05-19 14:16:24 145936 ----a-w- c:\windows\system32\mfevtps.exe

2011-05-19 14:16:23 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-05-19 14:16:23 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-05-19 14:16:23 22816 ----a-w- c:\windows\system32\MFEOtlk.dll

2011-05-19 14:16:22 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-05-19 14:16:22 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-05-19 14:16:22 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-29 13:24:50 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-29 13:24:42 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-29 13:24:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-21 13:58:27 273408 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 13:40:05.16 ===============

combofix.txt

DDS.txt

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Let's see if we can find the source.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    MyGoogle
    :filefind
    MyGoogle.html


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Let's see if we can find the source.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    MyGoogle
    :filefind
    MyGoogle.html


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.