Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Deep Infection -- Warning of "Virus" in Pop-Up


  • Please log in to reply
5 replies to this topic

#1 rodriguezm

rodriguezm

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 16 June 2009 - 12:58 PM

I originally posted this issue in Am I Infected? What Do I Do? forum and the wonderful helper asked me to run a dds scan and repost my logs here becuase it is a "deep infection." Topic referenced is here: http://www.bleepingcomputer.com/forums/t/233209/virus-that-keeps-coming-back/ ~ OB This issue has been happening for several weeks, disappearing and reappearing often.

While I was out yesterday, our office lost power, the computer was shut off. The "virus" seems to reappear each time I restart my computer. This morning, I turned my computer on - the first time since yesterday's power outage - and as soon as I clicked on my Outlook and Explorer, the "virus" warning showed up again, blocking my computer from opening either program. It will allow me to open Word but as soon as I attempt any function such as print or save, it closes it and adds another warning to the log in the pop-up box.

Following are the details of the error message:

The box pops up as an "On-Access Scan Message"

The box reads:

Message: Virus Scan Alert

Name: C:\Program Files\Internet Explorer\iexplore.exe: KERNEL32.LoadLibraryA

Detected as: BO: Writable BO: Heap

State: Blocked by Buffer Overflow Protection
______

DDS Log:


DDS (Ver_09-05-14.01) - NTFSx86
Run by rodriguezm at 13:43:12.58 on Tue 06/16/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1980.1337 [GMT -4:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Avanquest Fix-It *On-access scanning disabled* (Outdated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\KONICA MINOLTA\PageScope Direct Print 1.1\KMDPHFMG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\rodriguezm\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cookman.edu/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AIM] c:\progra~1\aim\aim.exe -cnetwait.odl
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
StartupFolder: c:\docume~1\rodrig~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kmdphfmg.lnk - c:\program files\konica minolta\pagescope direct print 1.1\KMDPHFMG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243518499981
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-27 340592]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-5-27 24064]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-5-27 67904]
R2 SBAMSvc;Sunbelt VIPRE Antivirus Service;c:\program files\common files\antivirus\SBAMSvc.exe [2008-8-5 849192]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2009-5-27 144480]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-27 90360]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-27 42424]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-5-27 64432]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2007-11-6 87848]

=============== Created Last 30 ================

2009-06-16 08:58 --d----- c:\docume~1\alluse~1\applic~1\Avanquest
2009-06-16 08:57 --dshr-- C:\_Backup.RC
2009-06-16 08:55 --d-h--- C:\_Backup
2009-06-16 08:55 --d----- c:\docume~1\rodrig~1\applic~1\Avanquest
2009-06-16 08:55 --d----- c:\program files\Avanquest update
2009-06-16 08:55 --d----- c:\program files\common files\AntiVirus
2009-06-16 08:54 --d----- c:\program files\Avanquest
2009-06-16 08:49 --d----- c:\program files\common files\Wise Installation Wizard
2009-06-11 16:07 --d----- c:\docume~1\rodrig~1\applic~1\Malwarebytes
2009-06-11 16:07 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-11 16:07 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-11 16:07 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-11 16:07 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-11 08:42 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-11 08:42 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 08:42 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-11 08:42 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-11 08:38 268,648 a------- c:\windows\system32\mucltui.dll
2009-06-11 08:38 208,744 a------- c:\windows\system32\muweb.dll
2009-06-11 08:38 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-05-29 15:14 --d----- C:\QUARANTINE
2009-05-29 13:46 --d----- c:\docume~1\alluse~1\applic~1\KONICA MINOLTA
2009-05-29 13:46 --d----- c:\program files\KONICA MINOLTA
2009-05-29 13:45 --d----- c:\windows\Downloaded Installations
2009-05-29 09:56 --d----- c:\program files\Viewpoint
2009-05-29 09:56 --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-05-29 09:56 --d----- c:\program files\AOD
2009-05-29 09:56 --d----- c:\program files\AIM
2009-05-28 15:50 16,384 a------- c:\windows\system32\FileOps.exe
2009-05-28 15:50 --d----- c:\windows\system32\Adobe
2009-05-28 15:31 --d----- c:\program files\common files\Adobe Systems Shared
2009-05-28 15:08 --d----- c:\windows\system32\GroupPolicy
2009-05-28 15:08 --d----- c:\program files\Windows Desktop Search
2009-05-28 15:03 --d----- c:\windows\system32\appmgmt
2009-05-28 14:51 --d----- c:\documents and settings\rodriguezm\Tracing
2009-05-28 14:46 --d----- c:\program files\Microsoft
2009-05-28 14:46 --d----- c:\program files\Windows Live SkyDrive
2009-05-28 14:37 --d----- c:\program files\common files\Windows Live
2009-05-28 10:26 --dsh--- c:\documents and settings\rodriguezm\PrivacIE
2009-05-28 10:23 --dsh--- c:\documents and settings\rodriguezm\IETldCache
2009-05-28 10:06 --d----- c:\windows\ie8updates
2009-05-28 10:06 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-28 10:05 -cd-h--- c:\windows\ie8
2009-05-28 10:01 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-28 10:01 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-28 10:01 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-28 10:00 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-28 09:57 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-05-28 09:56 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-05-28 09:56 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-05-28 09:51 3,255 a------- c:\windows\system32\wbem\Outlook_01c9df9b7890757f.mof
2009-05-28 09:51 --d----- c:\windows\system32\PreInstall
2009-05-28 09:51 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-28 09:51 --d-h--- c:\windows\$hf_mig$
2009-05-28 09:48 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-05-28 09:48 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-05-28 09:48 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-05-28 09:48 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-05-28 09:48 --d----- c:\windows\system32\SoftwareDistribution
2009-05-28 09:48 --dsh--- c:\documents and settings\rodriguezm\UserData
2009-05-28 09:47 --d----- c:\documents and settings\rodriguezm
2009-05-28 09:15 --d----- c:\program files\IBM
2009-05-28 09:14 --d----- c:\program files\MSECache
2009-05-28 09:09 32,592 a------- c:\windows\system32\msonpmon.dll
2009-05-28 09:06 --d----- c:\windows\SHELLNEW
2009-05-28 09:03 --d----- c:\windows\SchCache
2009-05-28 09:02 221,184 a------- c:\windows\system32\wmpns.dll
2009-05-27 17:16 664 a------- c:\windows\system32\d3d9caps.dat
2009-05-27 17:14 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-27 17:14 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-27 17:06 64,432 a------- c:\windows\system32\drivers\mferkdet.sys
2009-05-27 17:06 42,424 a------- c:\windows\system32\drivers\mfebopk.sys
2009-05-27 17:06 340,592 a------- c:\windows\system32\drivers\mfehidk.sys
2009-05-27 17:06 90,360 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-05-27 17:06 74,648 a------- c:\windows\system32\drivers\mfeapfk.sys
2009-05-27 17:06 67,904 a------- c:\windows\system32\mfevtps.exe
2009-05-27 17:06 62,704 a------- c:\windows\system32\drivers\mfetdik.sys
2009-05-27 17:06 --d----- c:\program files\common files\Cisco Systems
2009-05-27 17:06 --d----- c:\program files\McAfee
2009-05-27 17:06 --d----- c:\program files\common files\McAfee
2009-05-27 17:01 248,448 a------- c:\windows\system32\PROUnstl.exe
2009-05-27 17:01 1,904 -------- c:\windows\system32\SetupBD.din
2009-05-27 17:01 144,480 a------- c:\windows\system32\drivers\e1k5132.sys
2009-05-27 17:01 72,288 a------- c:\windows\system32\e1qmsg.dll
2009-05-27 17:01 42,616 a------- c:\windows\system32\NicInstQ.dll
2009-05-27 17:01 28,272 a------- c:\windows\system32\NicCo2.dll
2009-05-27 17:01 2,783 a------- c:\windows\system32\e1k5132.din
2009-05-27 17:00 --d----- c:\program files\Analog Devices
2009-05-27 16:59 --d----- c:\windows\system32\ReinstallBackups
2009-05-27 16:59 53,248 a------- c:\windows\system32\CSVer.dll
2009-05-27 16:59 --d----- C:\Intel
2009-05-27 16:59 --d----- C:\dell
2009-05-27 16:58 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-05-27 16:57 --ds---- c:\windows\system32\Microsoft
2009-05-27 16:56 8,192 a------- c:\windows\REGLOCS.OLD
2009-05-27 16:54 82,172 ac------ c:\windows\system32\dllcache\bopomofo.nls
2009-05-27 16:53 --dsh--- c:\documents and settings\all users\DRM
2009-05-27 16:53 --d-h--- c:\program files\WindowsUpdate
2009-05-27 16:53 --d----- c:\program files\common files\MSSoap
2009-05-27 16:51 --d----- c:\program files\Online Services
2009-05-27 16:51 --d----- c:\program files\Messenger
2009-05-27 16:51 --d----- c:\program files\MSN Gaming Zone
2009-05-27 16:51 --d----- c:\program files\Windows NT
2009-05-27 12:45 --d----- c:\program files\common files\ODBC
2009-05-27 12:45 --d----- c:\program files\common files\SpeechEngines
2009-05-27 12:45 --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-05-28 17:12 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-27 16:52 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 13:43:25.62 ===============

Attached Files


Edited by Orange Blossom, 16 June 2009 - 01:47 PM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:13 AM

Posted 18 June 2009 - 11:08 AM

Reboot your computer, do not fix anything else or allow mcafee to fix anything. Then do this:

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

After running ComboFix, please post the ComboFix log as a reply to this

#3 rodriguezm

rodriguezm
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 18 June 2009 - 01:51 PM

I am getting ready to run Combofix, however I am unable to disable my McAfee software because that option is blocked here. Is it still possible to run Combofix properly without disabling and will it harm the process should I do it without disabling? I am ready to get going on this ASAP because I've had this issue for over a week and cannot use my computer. Pleas help!

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:13 AM

Posted 18 June 2009 - 04:00 PM

You should be able to run it. If mcafee asks if you would like to run a program while running combofix, say yes.

#5 rodriguezm

rodriguezm
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 23 June 2009 - 08:59 AM

I apologize for the delay, I was out of town. Here is my ComboFix log. As a reminder, I was unable to disable McAfee while running the program so I don't know if this affected my results. Please let me know what my next step is. I am desperate to get back onto my computer at work!

Also, when can I test to see if my computer programs/internet are operating again?

Thank you, thank you!


ComboFix 09-06-22.0A - rodriguezm 06/23/2009 9:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1980.1381 [GMT -4:00]
Running from: c:\documents and settings\rodriguezm\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\sfcfiles.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SFC
-------\Service_sfc


((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-18 14:39 . 2009-06-18 14:39 -------- d-----w- c:\program files\MSXML 4.0
2009-06-18 14:39 . 2009-06-18 14:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-16 12:58 . 2009-06-16 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avanquest
2009-06-16 12:57 . 2009-06-16 12:57 -------- d-sh--r- C:\_Backup.RC
2009-06-16 12:55 . 2009-06-23 13:36 -------- d--h--w- C:\_Backup
2009-06-16 12:55 . 2009-06-16 13:01 -------- d-----w- c:\documents and settings\rodriguezm\Application Data\Avanquest
2009-06-16 12:55 . 2009-06-16 12:55 -------- d-----w- c:\program files\Avanquest update
2009-06-16 12:55 . 2009-06-23 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-06-16 12:55 . 2009-06-16 12:55 -------- d-----w- c:\documents and settings\rodriguezm\Application Data\InstallShield
2009-06-16 12:55 . 2009-06-23 13:37 -------- d-----w- c:\program files\Common Files\AntiVirus
2009-06-16 12:54 . 2009-06-16 12:54 -------- d-----w- c:\program files\Avanquest
2009-06-12 18:18 . 2009-06-12 18:18 34063 ----a-w- c:\documents and settings\rodriguezm\Application Data\Move Networks\ie_bin\Uninst.exe
2009-06-12 18:18 . 2009-06-12 18:18 -------- d-----w- c:\documents and settings\rodriguezm\Application Data\Move Networks
2009-06-11 20:07 . 2009-06-11 20:07 -------- d-----w- c:\documents and settings\rodriguezm\Application Data\Malwarebytes
2009-06-11 20:07 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-11 20:07 . 2009-06-11 20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-11 20:07 . 2009-06-11 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-11 20:07 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 12:42 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 12:42 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-11 12:42 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 12:42 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-11 12:38 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-11 12:38 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-06-10 18:08 . 2009-06-10 18:08 -------- d-----w- c:\documents and settings\rodriguezm\Local Settings\Application Data\Apple
2009-06-03 18:08 . 2009-06-03 18:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-05-29 19:14 . 2009-06-23 13:44 -------- d-----w- C:\QUARANTINE
2009-05-29 17:46 . 2009-05-29 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\KONICA MINOLTA
2009-05-29 17:46 . 2009-05-29 17:46 -------- d-----w- c:\program files\KONICA MINOLTA
2009-05-29 17:45 . 2009-05-29 17:45 -------- d-----w- c:\windows\Downloaded Installations
2009-05-29 13:56 . 2009-05-29 13:56 -------- d-----w- c:\documents and settings\rodriguezm\Application Data\Aim
2009-05-29 13:56 . 2009-06-01 12:35 -------- d-----w- c:\program files\Viewpoint
2009-05-29 13:56 . 2009-05-29 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-29 13:56 . 2009-05-29 13:56 -------- d-----w- c:\program files\AOD
2009-05-29 13:56 . 2009-05-29 13:56 -------- d-----w- c:\program files\AIM
2009-05-28 20:42 . 2009-05-28 20:42 -------- d-----w- c:\documents and settings\rodriguezm\Local Settings\Application Data\Microsoft Help
2009-05-28 20:23 . 2009-05-28 20:23 -------- d-----w- c:\documents and settings\rodriguezm\Application Data\AdobeUM
2009-05-28 20:19 . 2009-05-28 20:19 -------- d-----w- c:\documents and settings\rodriguezm\Local Settings\Application Data\Apple Computer
2009-05-28 19:50 . 2004-08-17 00:40 16384 ----a-w- c:\windows\system32\FileOps.exe
2009-05-28 19:50 . 2009-05-28 19:50 -------- d-----w- c:\windows\system32\Adobe
2009-05-28 19:31 . 2009-05-28 19:31 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-05-28 19:10 . 2009-05-28 19:10 -------- d-----w- c:\documents and settings\rodriguezm\Local Settings\Application Data\Identities
2009-05-28 19:08 . 2009-05-28 19:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-05-28 19:08 . 2009-05-28 19:24 -------- d-----w- c:\program files\Windows Desktop Search
2009-05-28 19:08 . 2009-05-28 19:08 -------- d-----w- c:\windows\system32\GroupPolicy
2009-05-28 18:51 . 2009-06-23 13:49 -------- d-----w- c:\documents and settings\rodriguezm\Tracing
2009-05-28 18:46 . 2009-05-28 18:46 -------- d-----w- c:\program files\Microsoft
2009-05-28 18:46 . 2009-05-28 18:46 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-28 18:45 . 2009-05-28 18:46 -------- d-----w- c:\program files\Windows Live
2009-05-28 18:37 . 2009-05-28 18:37 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-28 14:27 . 2009-05-28 20:18 -------- d-----w- c:\documents and settings\rodriguezm\Local Settings\Application Data\Adobe
2009-05-28 14:26 . 2009-05-28 14:27 -------- d-sh--w- c:\documents and settings\rodriguezm\PrivacIE
2009-05-28 14:23 . 2009-05-28 14:23 -------- d-sh--w- c:\documents and settings\rodriguezm\IETldCache
2009-05-28 14:10 . 2009-05-29 19:57 69512 ----a-w- c:\documents and settings\rodriguezm\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-28 14:06 . 2009-06-11 12:51 -------- d-----w- c:\windows\ie8updates
2009-05-28 14:06 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-28 14:05 . 2009-05-28 14:06 -------- dc-h--w- c:\windows\ie8
2009-05-28 14:01 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-28 14:01 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-28 14:01 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-28 14:00 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-05-28 13:57 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-28 13:56 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-05-28 13:56 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-05-28 13:51 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-28 13:51 . 2009-06-11 12:51 -------- d--h--w- c:\windows\$hf_mig$
2009-05-28 13:48 . 2008-10-16 18:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-28 13:48 . 2009-05-28 13:48 -------- d-sh--w- c:\documents and settings\rodriguezm\UserData
2009-05-28 13:15 . 2005-10-19 09:40 40960 ----a-w- c:\windows\system32\pcmfcenu.dll
2009-05-28 13:14 . 2009-05-28 13:14 -------- d-----w- c:\program files\MSECache
2009-05-28 13:09 . 2006-10-26 23:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-05-28 13:08 . 2009-05-28 13:08 -------- d-----w- c:\program files\Microsoft Works
2009-05-28 13:08 . 2009-05-28 13:08 -------- d-----w- c:\program files\MSBuild
2009-05-28 13:06 . 2009-05-28 13:08 -------- d-----w- c:\windows\SHELLNEW
2009-05-28 13:06 . 2009-05-28 13:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help
2009-05-28 13:06 . 2009-06-13 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-28 13:06 . 2009-05-28 13:06 -------- d--h--r- C:\MSOCache
2009-05-28 13:03 . 2009-05-28 13:03 -------- d-----w- c:\windows\SchCache
2009-05-27 21:20 . 2009-05-27 21:20 -------- d-----w- c:\documents and settings\cit\Application Data\InstallShield
2009-05-27 21:19 . 2009-05-27 21:19 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-27 21:19 . 2009-05-29 18:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-27 21:17 . 2009-05-27 21:19 -------- d-----w- c:\documents and settings\cit\Local Settings\Application Data\Adobe
2009-05-27 21:17 . 2009-05-28 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-05-27 21:17 . 2009-05-28 13:02 -------- d-----w- c:\program files\NOS
2009-05-27 21:16 . 2009-06-16 13:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-27 21:16 . 2009-05-27 21:16 -------- d-----w- c:\windows\Sun
2009-05-27 21:14 . 2009-05-27 21:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-27 21:14 . 2009-05-27 21:14 -------- d-----w- c:\program files\Java
2009-05-27 21:14 . 2009-05-27 21:14 152576 ----a-w- c:\documents and settings\cit\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-27 21:10 . 2009-05-27 21:10 12328 ----a-w- c:\documents and settings\cit\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-27 21:06 . 2008-09-29 12:07 64432 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2009-05-27 21:06 . 2008-09-29 12:07 42424 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-05-27 21:06 . 2008-09-29 12:07 90360 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-05-27 21:06 . 2008-09-29 12:07 74648 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-05-27 21:06 . 2008-09-29 12:07 67904 ----a-w- c:\windows\system32\mfevtps.exe
2009-05-27 21:06 . 2008-09-29 12:07 62704 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2009-05-27 21:06 . 2008-09-29 12:07 340592 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-05-27 21:06 . 2009-05-27 21:06 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-05-27 21:06 . 2009-05-27 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-27 21:06 . 2009-05-27 21:06 -------- d-----w- c:\program files\McAfee
2009-05-27 21:06 . 2009-05-27 21:06 -------- d-----w- c:\program files\Common Files\McAfee
2009-05-27 21:04 . 2009-05-27 21:04 -------- d-----w- c:\program files\QuickTime
2009-05-27 21:04 . 2009-05-27 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-27 21:04 . 2009-05-27 21:04 -------- d-----w- c:\documents and settings\cit\Local Settings\Application Data\Apple
2009-05-27 21:04 . 2009-05-27 21:04 -------- d-----w- c:\program files\Apple Software Update
2009-05-27 21:04 . 2009-05-27 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-27 21:03 . 2009-05-27 21:03 -------- d-----w- c:\documents and settings\cit\Local Settings\Application Data\Apple Computer
2009-05-27 21:01 . 2008-07-25 20:21 248448 ----a-w- c:\windows\system32\PROUnstl.exe
2009-05-27 21:01 . 2008-06-10 14:22 72288 ----a-w- c:\windows\system32\e1qmsg.dll
2009-05-27 21:01 . 2008-06-05 15:58 144480 ----a-w- c:\windows\system32\drivers\e1k5132.sys
2009-05-27 21:01 . 2008-06-04 21:00 42616 ----a-w- c:\windows\system32\NicInstQ.dll
2009-05-27 21:01 . 2007-08-07 05:28 28272 ----a-w- c:\windows\system32\NicCo2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 12:55 . 2009-05-27 21:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-28 21:12 . 2009-05-27 20:53 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-28 13:15 . 2009-05-28 13:15 -------- d-----w- c:\program files\IBM
2009-05-27 21:00 . 2009-05-27 21:00 -------- d-----w- c:\program files\Analog Devices
2009-05-27 21:00 . 2009-05-27 21:00 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-27 20:59 . 2009-05-27 20:59 -------- d-----w- c:\program files\Intel
2009-05-27 20:54 . 2009-05-27 20:54 -------- d-----w- c:\program files\microsoft frontpage
2009-05-27 20:52 . 2009-05-27 20:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-13 05:15 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-14 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2008-04-14 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-14 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AIM"="c:\progra~1\AIM\aim.exe" [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-24 1044480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-27 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2006-05-02 20531]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]

c:\documents and settings\rodriguezm\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-5-28 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
KMDPHFMG.lnk - c:\program files\KONICA MINOLTA\PageScope Direct Print 1.1\KMDPHFMG.exe [2008-2-13 266240]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-27 118784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [5/27/2009 5:00 PM 24064]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 8:07 AM 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/27/2009 5:06 PM 67904]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [5/27/2009 5:01 PM 144480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/27/2009 5:06 PM 64432]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cookman.edu/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 09:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2544)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\program files\McAfee\Common Framework\McTray.exe
.
**************************************************************************
.
Completion time: 2009-06-23 9:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-23 13:51

Pre-Run: 143,163,113,472 bytes free
Post-Run: 143,421,243,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

249 --- E O F --- 2009-06-18 14:39

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:13 AM

Posted 05 July 2009 - 11:58 AM

Sorry for the very long delay. For some reason I did not get a notification that you responded.

Please rerun combofix and post a new log.

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users