Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Defence yellow bar on IE8 and false phishing warnings


  • This topic is locked This topic is locked
2 replies to this topic

#1 mtnbiker2841

mtnbiker2841

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 06 October 2010 - 09:06 PM

A lady I work with asked me to look at her laptop when it starting having issues with Windows Defence malware. I seem to have gotten it to stop popping up windows on one user profile (the computer has two, not counting the administrator profile, which was not password protected). I went into safe mode using administrator login, managed to get McAfee running (it would not run under normal user profile), downloaded Malwarebytes and ran that, both found and quarantined some files. Knowing that some malware likes to hide in system recovery areas of HDD, I disabled system recovery areas and rescanned. Found and quarantined more files. I also disable IE8 addons that did not have a publisher (there is one called WXcllB Class that looks very suspicious). The computer seems to run ok under one user profile, but the other profile still exhibits symptoms of Windows Defence (I would guess this is the user that was logged in when the initial attack took place). The other profile also cannot obtain IP address via DHCP using wireless network, but wired LAN succeeds in obtaining IP address via DHCP.

Any help would be appreciated.

Thanks,
mtnbiker2841


DDS (Ver_10-10-05.01) - NTFSx86
Run by Cassie Lisle at 20:39:30.67 on Wed 10/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1099 [GMT -4:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\Cobian.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Documents and Settings\Cassie Lisle\Desktop\AntiMalware and Backup Software\DDS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com
uDefault_Page_URL = hxxp://lenovo.live.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101005183107.dll
BHO: WXcllB Class: {aefef98b-c7ad-4ab7-bc89-cf2191f79361} - c:\documents and settings\all users\application data\microsoft\machine\WXcll.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Conime] %windir%\system32\conime.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [sysmondtEsPlgRes131500] c:\program files\mcafee\virusscan\1033\virusscansysmondt.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRunServices: [oWhg] c:\docume~1\cassie~1\locals~1\temp\oWhg.exe
mRunServices: [hpClipBookClipBook] c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\componenthpxplogging.exe
mRunServices: [trueOSLangtrueOSLang] c:\program files\lenovo\system update\session\osx058us\trueoslangtrueoslang.exe
mRunServices: [VisualMicrosoft] c:\program files\common files\microsoft shared\vs7debug\vsassertmicrosoft.exe
mRunServices: [McAfeeMcVsPPRes] c:\program files\mcafee\virusscan\1033\virusscansysmondt.exe
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 8\PostUpdate.exe" 1014021
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
LSA: Notification Packages = scecli ACGina

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 386712]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-5 84072]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-10-5 67584]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-1-31 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-5 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-5 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-5 141792]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-1-12 94208]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 253952]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-5 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-31 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-31 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-5 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-10-5 88544]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S2 0130931286318737mcinstcleanup;McAfee Application Installer Cleanup (0130931286318737);c:\windows\temp\013093~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\013093~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-12 133104]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe --> c:\program files\kodak\aio\center\EKDiscovery.exe [?]
S2 SessionLauncher;SessionLauncher;c:\docume~1\admini~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\admini~1\locals~1\temp\dx9\SessionLauncher.exe [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-10-5 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-5 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-31 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-31 40552]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-15 1120752]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-10-5 11520]

=============== Created Last 30 ================

2010-10-07 00:36:17 0 ----a-w- c:\documents and settings\cassie lisle\defogger_reenable
2010-10-05 23:51:20 -------- d-----w- c:\docume~1\cassie~1\locals~1\applic~1\Safe mirror
2010-10-05 23:51:02 -------- d-----w- c:\program files\Cobian Backup 10
2010-10-05 23:44:43 -------- d-----w- c:\docume~1\cassie~1\locals~1\applic~1\Western_Digital
2010-10-05 23:42:28 -------- d-----w- c:\docume~1\cassie~1\applic~1\Western Digital
2010-10-05 23:42:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Western Digital
2010-10-05 23:42:00 11520 ------w- c:\windows\system32\drivers\wdcsam.sys
2010-10-05 23:41:43 -------- d-----w- c:\program files\Western Digital
2010-10-05 23:41:15 105312 ------w- c:\docume~1\cassie~1\locals~1\applic~1\GDIPFONTCACHEV1.DAT
2010-10-05 23:41:11 -------- d-----w- c:\docume~1\cassie~1\locals~1\applic~1\Western Digital
2010-10-05 22:31:07 9344 ------w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-05 22:31:03 141792 ------w- c:\windows\system32\mfevtps.exe
2010-10-05 22:31:01 95600 ------w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-05 22:31:01 88544 ------w- c:\windows\system32\drivers\mfendisk.sys
2010-10-05 22:31:01 84264 ------w- c:\windows\system32\drivers\mferkdet.sys
2010-10-05 22:31:01 84072 ------w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-05 22:31:01 55840 ------w- c:\windows\system32\drivers\cfwids.sys
2010-10-05 22:31:01 312904 ------w- c:\windows\system32\drivers\mfefirek.sys
2010-10-05 22:21:37 -------- d-----w- c:\windows\pss
2010-09-22 04:24:28 423656 ------w- c:\windows\system32\deployJava1.dll
2010-09-22 01:03:56 11648 ------w- c:\windows\system32\drivers\ACPIEC.sy@
2010-09-21 23:05:18 -------- d-----w- c:\docume~1\cassie~1\applic~1\Malwarebytes
2010-09-21 22:37:36 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-21 22:37:35 20952 ------w- c:\windows\system32\drivers\mbam.sys
2010-09-21 22:37:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-21 22:37:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-21 22:19:46 -------- d-----w- c:\program files\Trend Micro
2010-09-21 22:13:30 -------- d-----w- c:\docume~1\cassie~1\applic~1\HpUpdate
2010-09-21 22:09:31 -------- d-sh--w- c:\documents and settings\cassie lisle\PrivacIE
2010-09-21 22:08:18 -------- d-sh--w- c:\documents and settings\cassie lisle\IETldCache
2010-09-18 21:10:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\WSCL
2010-09-16 20:34:30 57600 ------w- c:\windows\system32\drivers\redbook.sy@

==================== Find3M ====================

2010-08-30 22:50:56 398744 ------r- c:\windows\system32\cpnprt2.cid
2010-08-24 18:57:38 52104 ------w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 18:57:38 386712 ------w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 18:57:38 152992 ------w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-24 16:29:53 1409 ------w- c:\windows\QTFont.for
2010-07-17 09:42:29 73728 ------w- c:\windows\system32\javacpl.cpl

============= FINISH: 20:40:21.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:18 PM

Posted 15 October 2010 - 01:56 PM

Hi,

QUOTE
but the other profile still exhibits symptoms of Windows Defence

If the posted log was not taken while logged on that other profile please use that user account to run DDS. Then post back generated dds.txt log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:18 PM

Posted 23 October 2010 - 04:21 AM

Due to inactivity, this thread will now be closed. Should you have the same or a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users