Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Online Protection Tool


  • This topic is locked This topic is locked
3 replies to this topic

#1 drbeggs

drbeggs

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 30 March 2010 - 02:24 PM

I have been working with Blind Faith for a couple of days, doing various things. She has finally referred me to this forum to see if we you can fix it. Here is the link to the thread of our conversations.

http://www.bleepingcomputer.com/forums/t/305177/online-protection-tool/

I went to the Prep guide and followed all instructions. The Defogger ran and said finished, but never prompted for a restart. I ran it again, and again, no prompt for restart so it may not have worked. I did restart myself after the second run. DDS ran fine and logs were saved. After the gmer had scanned for maybe 2 hours, I came back to see a blue screen saying

"A PROBLEM HAS BEEN DETECTED WINDOWS HAS BEEN SHUT DOWN TO PREVENT DAMAGE TO YOUR COMPUTER

W_LIST_CORRUPT ( I couldnt see all of the first letter, didnt fit to screen. I think it was a W)

IF THIS THE FIRST TIME YOU HAVE SEEN THIS MESSAGE, BLAH BLAH YOU KNOW

TECHNICAL INFORMATION
STOP:0x0000004E(0x00000007, 0x00033C22, 0x00000001, 0x00000000) (there was a word in front of STOP, but I couldnt see it)

BEGINNING DUMP OF PHYSICAL MEMORY
PHYSICAL MEMORY DUMP COMPLETE

CONTACT SYSTEM ADMIN. OR TECH SUPPORT


I turned off the computer and turned it back on and it booted back up. I didnt run the gmer again. I wanted to let you know about this before I tried it again. The log for DDS follows.




DDS (Ver_10-03-17.01) - NTFSx86
Run by Dana at 11:50:16.35 on Tue 03/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.414 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Dana\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dogpile.com/
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
uURLSearchHooks: Playdom Toolbar: {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - c:\program files\playdom\tbPlay.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: Playdom Toolbar: {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - c:\program files\playdom\tbPlay.dll
BHO: {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - No File
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
TB: Playdom Toolbar: {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - c:\program files\playdom\tbPlay.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [TOY5KNQ8OC] c:\docume~1\dana\locals~1\temp\Pdh.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247686739484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250307198239
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.163.95,93.188.161.23
TCP: {FC93E8A7-FD5A-4931-B283-22CD6D79C75C} = 93.188.163.95,93.188.161.23
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: liwimase.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli yiyoyumu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dana\applic~1\mozilla\firefox\profiles\wyuf1zlt.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.dogpile.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\dana\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\dana\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\dana\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\dana\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-25 201320]
R1 SASDIFSV;SASDIFSV;c:\docume~1\dana\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-3-28 9968]
R1 SASKUTIL;SASKUTIL;c:\docume~1\dana\locals~1\temp\sas_selfextract\SASKUTIL.sys [2010-3-28 74480]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-3-26 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-3-25 358224]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-3-25 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-3-25 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-25 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-25 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-3-25 40488]
S0 svwfn;svwfn; [x]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 fmfdisk;fmfdisk;\??\c:\windows\system32\fmfdisk.sys --> c:\windows\system32\fmfdisk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-3-25 33832]
S3 SASENUM;SASENUM;\??\c:\docume~1\dana\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\dana\locals~1\temp\sas_selfextract\SASENUM.SYS [?]

=============== Created Last 30 ================

2010-03-30 16:34:21 0 ----a-w- c:\documents and settings\dana\defogger_reenable
2010-03-28 22:16:41 0 d-----w- c:\docume~1\dana\applic~1\SUPERAntiSpyware.com
2010-03-28 22:16:41 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-27 02:26:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2010-03-27 02:23:29 0 d-----w- c:\program files\Citrix
2010-03-27 02:23:21 61224 ----a-w- c:\documents and settings\dana\GoToAssistDownloadHelper.exe
2010-03-25 20:08:30 0 d-----w- c:\program files\Playdom
2010-03-25 15:47:58 11755 ----a-w- c:\windows\system32\Config.MPF
2010-03-25 15:44:29 143360 ----a-w- c:\windows\system32\dunzip32.dll
2010-03-25 15:41:56 33832 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-03-25 15:41:51 40488 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-03-25 15:41:51 35240 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-03-25 15:41:50 79304 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-03-25 15:41:50 201320 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-03-25 15:41:41 113952 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-03-25 15:40:36 0 d-----w- c:\program files\McAfee.com
2010-03-25 15:40:26 0 d-----w- c:\program files\common files\McAfee
2010-03-25 15:40:11 0 d-----w- c:\program files\McAfee
2010-03-19 00:24:13 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2010-03-18 21:51:28 3 ----a-w- c:\windows\Twain001.Mtx
2010-03-18 21:51:28 156 ----a-w- c:\windows\Twunk001.MTX
2010-03-18 21:51:28 0 ----a-w- c:\windows\Twunk002.MTX
2010-03-18 21:40:53 19496 ----a-w- c:\windows\hpqins13.dat
2010-03-05 18:13:36 0 d-----w- c:\program files\Conduit
2010-03-05 18:13:34 0 d-----w- c:\program files\Zynga

==================== Find3M ====================

2010-01-14 17:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-07-16 03:32:59 104 --sh--r- c:\windows\system32\8BBB7C9E8C.sys
2009-07-16 03:33:01 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 11:51:19.79 ===============



Awaiting Instructions, thanks, Dana

Edited by drbeggs, 30 March 2010 - 02:34 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:25 AM

Posted 03 April 2010 - 06:22 AM

Hi Dana,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds logs (both dds.txt and attach.txt).


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 drbeggs

drbeggs
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 03 April 2010 - 08:50 PM

Thank you. I had to do a complete recovery since my last post over a week ago. I got up one morning and my computer was off. I usually leave it on, I turned it back on and there was another popup called "My Protection" that kept popping up constantly with different warnings and redirecting my searches. It had also either put three shortcuts to some pornsites or had changed three of my shortcuts to porn shortcuts, Im not sure b/c I had added alot of shortcuts while working with Blind Faith trying to resolve my issue. I didnt click on any of them I just deleted them but if I restarted, they were back again. I apologize for not waiting for a reply, but I only did the recovery yesterday. Had I known I'd get a response today I may have waited. I just couldnt take it any longer. I didnt know if the recovery would even get rid of it, but so far so good. Again I apologize and do thank you very much for your time and help. Dana

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:25 AM

Posted 04 April 2010 - 05:31 AM

Thanks for reporting back. As a positive thing, your system should be safe again now smile.gif

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users