Author Topic: [Resolved] Possible trojon  (Read 18454 times)

0 Members and 1 Guest are viewing this topic.

Offline Jen27

  • Bronze Member
  • Posts: 166
[Resolved] Possible trojon
« on: February 28, 2012, 07:25:19 pm »
Hi,I have been getting a bunch of Blocked ip`s from Mcafee Net gaurd.(Risky connection) After visting their Forums I was advised by one of their Moderators That I should Post at 1 of the Sites that check Hijack this Logs.Since I have run scans & they have come up clean.Was told that a few other with this issue found out it was trojan.Here are My 2 Logs.Thank You Very Much.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/9/2010 4:17:12 PM
System Uptime: 2/28/2012 7:06:20 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0M017G
Processor: Intel(R) Core(TM)2 Quad CPU    Q8300  @ 2.50GHz | CPU 1 | 2499/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 587 GiB total, 533.986 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP631: 2/17/2012 8:14:24 PM - SlimDrivers Installing Drivers
RP632: 2/17/2012 8:16:00 PM - SlimDrivers Installing Drivers
RP633: 2/20/2012 12:36:49 PM - sec
RP634: 2/21/2012 9:14:30 AM - Windows Update
RP635: 2/22/2012 11:33:29 AM - last
RP636: 2/22/2012 11:50:49 AM - Restore Operation
RP637: 2/25/2012 3:43:15 PM - B4 new
RP638: 2/26/2012 9:39:55 AM - kasp
RP639: 2/27/2012 12:00:28 PM - new
RP640: 2/28/2012 8:48:58 AM - Windows Update
RP641: 2/28/2012 5:18:28 PM - hammer
RP642: 2/28/2012 5:19:20 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acoustica Beatcraft
Acoustica Effects Pack
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
aioscnnr
Apple Application Support
Apple Software Update
Audacity 1.3.14 (Unicode)
Auslogics Disk Defrag
Banctec Service Agreement
C4USelfUpdater
center
D3DX10
essentials
Fender FUSE
Fender FUSE 2.4.1.27
FFmpeg for Audacity on Windows
HiJackThis
Intel(R) Graphics Media Accelerator Driver
JMicron 1394 Filter Driver
KODAK AiO Software
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
ocr
PreReq
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.93
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
SlimDrivers
SpywareBlaster 4.6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
2/28/2012 7:06:45 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  TfFsMon TfSysMon
2/28/2012 6:24:18 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
2/28/2012 6:21:10 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
2/28/2012 6:21:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/28/2012 6:21:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/28/2012 6:21:09 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/28/2012 6:21:09 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/28/2012 6:21:08 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/28/2012 6:21:03 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/28/2012 6:20:17 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx TfFsMon TfSysMon Wanarpv6 WfpLwf
2/28/2012 6:20:16 PM, Error: Service Control Manager [7001]  - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/28/2012 6:20:15 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/28/2012 6:20:15 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
2/28/2012 6:20:15 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
2/28/2012 6:20:15 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
2/28/2012 6:20:15 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
2/28/2012 6:20:15 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
2/28/2012 6:20:15 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/28/2012 6:20:15 PM, Error: Service Control Manager [7001]  - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:  A device attached to the system is not functioning.
2/28/2012 6:20:15 PM, Error: Service Control Manager [7001]  - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error:  The dependency service or group failed to start.
2/28/2012 6:20:15 PM, Error: Service Control Manager [7001]  - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/28/2012 6:20:15 PM, Error: Service Control Manager [7001]  - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/28/2012 6:20:15 PM, Error: Service Control Manager [7001]  - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/28/2012 6:20:15 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
2/28/2012 6:20:15 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
2/28/2012 3:16:10 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} as /. The error: "740" Happened while starting this command: "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" -Embedding
2/23/2012 9:38:05 AM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} as /. The error: "740" Happened while starting this command: "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" -Embedding
2/23/2012 10:33:05 AM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The service has not been started.
2/23/2012 10:32:18 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
2/23/2012 10:05:53 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
2/23/2012 10:05:39 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache SASDIFSV SASKUTIL spldr TfFsMon TfSysMon Wanarpv6
2/22/2012 11:54:42 AM, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
2/22/2012 11:52:57 AM, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error Access is denied..
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tara at 20:05:11 on 2012-02-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6109.4721 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\System32\svchost.exe -k secsvcs
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.bing.com/
uDefault_Page_URL = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120203213139.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
TCP: Interfaces\{CC428FFE-73A3-4DA4-A037-F5E1A969895B} : DhcpNameServer = 167.206.251.129 167.206.251.130
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64:     0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120203213139.dll
BHO-X64:     scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Hosts: 127.0.0.1   www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 johci;JMicron 1394 Filter Driver;C:\Windows\system32\DRIVERS\johci.sys --> C:\Windows\system32\DRIVERS\johci.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-2-11 98208]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-2-3 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-2-3 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-2-3 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-2-3 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-2-3 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-2-3 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S3 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;C:\Windows\system32\DRIVERS\MAudioFastTrack.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrack.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-28 22:19:45   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2012-02-28 13:49:29   8643640   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2CF2B11-4234-4072-807E-D4366FC4B8E1}\mpengine.dll
2012-02-25 20:34:41   --------   d-----w-   C:\Program Files (x86)\stinger
2012-02-15 14:15:41   509952   ----a-w-   C:\Windows\System32\ntshrui.dll
2012-02-15 14:15:41   442880   ----a-w-   C:\Windows\SysWow64\ntshrui.dll
2012-02-15 14:15:38   515584   ----a-w-   C:\Windows\System32\timedate.cpl
2012-02-15 14:15:38   478720   ----a-w-   C:\Windows\SysWow64\timedate.cpl
2012-02-15 14:15:36   3145728   ----a-w-   C:\Windows\System32\win32k.sys
2012-02-15 14:15:35   498688   ----a-w-   C:\Windows\System32\drivers\afd.sys
2012-02-15 14:15:27   690688   ----a-w-   C:\Windows\SysWow64\msvcrt.dll
2012-02-15 14:15:27   634880   ----a-w-   C:\Windows\System32\msvcrt.dll
2012-02-12 19:34:31   --------   d-----w-   C:\Program Files (x86)\JMicron
2012-02-12 19:34:17   25688   ----a-w-   C:\Windows\System32\drivers\johci.sys
2012-02-12 03:00:23   53248   ----a-w-   C:\Windows\SysWow64\CSVer.dll
2012-02-12 01:16:46   1284712   ----a-w-   C:\Windows\RtlExUpd.dll
2012-02-12 01:16:44   757760   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-02-12 01:16:44   69715   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-02-12 01:16:44   65024   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-02-12 01:16:44   5632   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-02-12 01:16:44   274432   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-02-12 01:16:44   204800   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-02-12 01:16:43   331908   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-02-12 01:16:43   200836   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-02-12 01:13:43   --------   d--h--w-   C:\Program Files (x86)\Temp
2012-02-12 01:03:57   74272   ----a-w-   C:\Windows\System32\RtNicProp64.dll
2012-02-12 01:03:57   565352   ----a-w-   C:\Windows\System32\drivers\Rt64win7.sys
2012-02-12 00:59:15   15672   ----a-w-   C:\Windows\System32\drivers\SWDUMon.sys
2012-02-12 00:59:13   --------   d-----w-   C:\Users\Tara\AppData\Local\SlimWare Utilities Inc
2012-02-12 00:59:09   --------   d-----w-   C:\Program Files (x86)\SlimDrivers
2012-02-06 20:14:41   --------   d-----w-   C:\Users\Tara\AppData\Roaming\SUPERAntiSpyware.com
2012-02-05 18:19:05   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2012-02-05 18:19:05   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2012-02-05 16:40:55   34152   ----a-w-   C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-02-05 16:40:55   126312   ----a-w-   C:\Windows\System32\GEARAspi64.dll
2012-02-05 16:40:55   107368   ----a-w-   C:\Windows\SysWow64\GEARAspi.dll
2012-02-05 16:40:21   --------   d-----w-   C:\Program Files\iPod
2012-02-05 16:40:20   --------   d-----w-   C:\Program Files\iTunes
2012-02-05 16:40:20   --------   d-----w-   C:\Program Files (x86)\iTunes
2012-02-04 02:48:04   --------   d-----w-   C:\ProgramData\Malwarebytes
2012-02-04 02:48:03   23152   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-02-04 02:48:03   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-04 02:31:52   --------   d-----w-   C:\Program Files (x86)\McAfee.com
2012-02-04 02:31:38   10248   ----a-w-   C:\Windows\System32\drivers\mfeclnk.sys
2012-02-04 02:31:38   --------   d-----w-   C:\Program Files (x86)\Common Files\McAfee
2012-02-04 02:31:05   75808   ----a-w-   C:\Windows\System32\drivers\mfenlfk.sys
2012-02-04 02:31:05   65264   ----a-w-   C:\Windows\System32\drivers\cfwids.sys
2012-02-04 02:31:05   481768   ----a-w-   C:\Windows\System32\drivers\mfefirek.sys
2012-02-04 02:31:05   284648   ----a-w-   C:\Windows\System32\drivers\mfewfpk.sys
2012-02-04 02:31:05   229528   ----a-w-   C:\Windows\System32\drivers\mfeavfk.sys
2012-02-04 02:31:05   100912   ----a-w-   C:\Windows\System32\drivers\mferkdet.sys
2012-02-04 02:30:56   --------   d-----w-   C:\Program Files\McAfee.com
2012-02-04 02:30:56   --------   d-----w-   C:\Program Files\Common Files\McAfee
2012-02-04 02:30:55   --------   d-----w-   C:\Program Files\McAfee
2012-02-04 02:30:54   --------   d-----w-   C:\Program Files (x86)\McAfee
2012-02-04 02:25:16   161168   ----a-w-   C:\Windows\System32\mfevtps.exe
.
==================== Find3M  ====================
.
2012-02-18 20:49:54   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 10:10:42   279656   ------w-   C:\Windows\System32\MpSigStub.exe
2011-12-14 07:11:03   2308096   ----a-w-   C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30   1390080   ----a-w-   C:\Windows\System32\wininet.dll
2011-12-14 07:03:38   1493504   ----a-w-   C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54   1798656   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18   1127424   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58   1427456   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-12-10 15:22:44   1058304   ----a-w-   C:\Windows\System32\EKAiO2MON.dll
2011-12-10 15:22:28   177664   ----a-w-   C:\Windows\System32\EKAiO2COI07.dll
.


Thanks I will wait for your Response.Thanks Again
« Last Edit: February 28, 2012, 07:29:53 pm by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25712
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Possible trojon
« Reply #1 on: February 28, 2012, 07:35:42 pm »
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.


Please download Rkill by Grinler and save it to your desktop.
    Link 2
    Link 3
    Link 4

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.


    Update Malwarebytes' Anti-Malware and then run a quick scan with it and if it finds nothing, post the log. If it does find something, fix it and then post the log. [/list]

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline Jen27

    • Bronze Member
    • Posts: 166
    Re: [In Progress] Possible trojon
    « Reply #2 on: February 29, 2012, 09:48:33 am »
    Hi Hoov!Thanks for your Time.I appreciate it.First so you know I am probabley an Average computer User at Beast.So I will try to keep up.Answer to Question What have I done?/ I have run scans With Mcafee security Center,Malwarebytes,Superantispyware & yesterday before posting Ran a Hijack this scan Just to look.I only looked up some of the Items But did not do anything else.The Computer Is Mine.
    It is a Home computer.I did`nt Install anything that Encrypts My hard drive.Sorry but not sure If that is what your asking.Thanks here is the Malwarebytes Log It did`nt find anything.

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.29.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Tara :: TARA-PC [administrator]

    2/29/2012 9:56:31 AM
    mbam-log-2012-02-29 (09-56-31).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 329560
    Time elapsed: 34 minute(s), 39 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
                                                          Thanks

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25712
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Possible trojon
    « Reply #3 on: February 29, 2012, 11:26:27 am »
    You answer my questions perfectly.

    Does McAfee keep a log of the blocked IP address's? Do you have a link to your post over at the McAfee forums?

    Are there any other problems with your computer?

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline Jen27

    • Bronze Member
    • Posts: 166
    Re: [In Progress] Possible trojon
    « Reply #4 on: February 29, 2012, 12:27:22 pm »
    Hi again Hoov. :)1 Thanks Here is the link to the Mcafee post https://community.mcafee.com/thread/43432?start=0&tstart=0
    Mcafee does have an Area in the Interface that does report the blocked i.p`s But I am not sure If Or how to print the entire log.There are a lot.Also I will be going to work soon so I won`t be able to get back until later or early tommorow.Thanks so much!
    Oh I hav`nt really noticed any real problems that I know about.Just that it looks like my system is trying to connect to that I.P? I think

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25712
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Possible trojon
    « Reply #5 on: February 29, 2012, 12:47:25 pm »
    Don't worry about the report, there is enough info in the other thread.

    * Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

    Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

    Please include the C:\ComboFix.txt in your next reply for further review.

    Note:
    Do not mouseclick combofix''s window while it''s running. That may cause it to stall


    I need you to go to the administration tools in Vista / Windows 7. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on  System. Then up at the top click on Action and then click on Save Events As, type in system as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline Jen27

    • Bronze Member
    • Posts: 166
    Re: [In Progress] Possible trojon
    « Reply #6 on: February 29, 2012, 01:15:36 pm »
    Ok Thanks I will do this later im off to work.2 questions.I have my standard Account that I run everything from & my main Admin account.Can I perform all of these things from my standard account?Also if so do I unplug internet after turning off antivirus?Then run Combofix.Thanks.
    I will send report late tonight or early tommorow.

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25712
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Possible trojon
    « Reply #7 on: February 29, 2012, 01:37:33 pm »
    You can unplug the internet connection before you turn off the AV scanner. As for standard / admin account, you should be able to run it from the standard account.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline Jen27

    • Bronze Member
    • Posts: 166
    Re: [In Progress] Possible trojon
    « Reply #8 on: February 29, 2012, 03:11:31 pm »
    Hi 1 quick Question Does it matter The order they are performed? Or do you need Combo first & then Do the Events? Sorry,Just want to make sure.Not sure if It matters want Order.I am assuming Combo the the events? Just want to Make sure I don`t screw It up.Thanks Jen27

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25712
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Possible trojon
    « Reply #9 on: February 29, 2012, 05:41:44 pm »
    I would prefer that you run combofix first, then the event viewer logs. That way I can tell if after running combofix, something got fixed.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline Jen27

    • Bronze Member
    • Posts: 166
    Re: [In Progress] Possible trojon
    « Reply #10 on: March 01, 2012, 09:44:32 am »
    Having Problems with attachments.Says contact Mod

    Offline Jen27

    • Bronze Member
    • Posts: 166
    Re: [In Progress] Possible trojon
    « Reply #11 on: March 01, 2012, 09:46:13 am »
    ComboFix 12-03-01.01 - Tara 03/01/2012   9:11.1.4 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6109.4737 [GMT -5:00]
    Running from: c:\users\TATA\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Downloaded Installers
    c:\program files (x86)\Downloaded Installers\{4288DCD5-118B-4BBE-AB88-BAE7AE4163D1}\setup.msi
    c:\users\Tara\GoToAssistDownloadHelper.exe
    c:\users\TATA\GoToAssistDownloadHelper.exe
    .
    .
    (((((((((((((((((((((((((   Files Created from 2012-02-01 to 2012-03-01  )))))))))))))))))))))))))))))))
    .
    .
    2012-03-01 14:15 . 2012-03-01 14:41   --------   d-----w-   c:\users\Tara\AppData\Local\temp
    2012-02-28 22:19 . 2012-02-28 22:19   388096   ----a-r-   c:\users\TATA\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-28 22:19 . 2012-02-28 22:19   --------   d-----w-   c:\program files (x86)\Trend Micro
    2012-02-28 13:49 . 2012-02-08 07:13   8643640   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2CF2B11-4234-4072-807E-D4366FC4B8E1}\mpengine.dll
    2012-02-25 20:34 . 2012-02-25 20:34   --------   d-----w-   c:\program files (x86)\stinger
    2012-02-17 22:23 . 2012-03-01 13:45   --------   d-----w-   c:\users\TATA\AppData\Local\Diagnostics
    2012-02-15 14:15 . 2012-01-04 10:44   509952   ----a-w-   c:\windows\system32\ntshrui.dll
    2012-02-15 14:15 . 2012-01-04 08:58   442880   ----a-w-   c:\windows\SysWow64\ntshrui.dll
    2012-02-15 14:15 . 2011-12-30 06:26   515584   ----a-w-   c:\windows\system32\timedate.cpl
    2012-02-15 14:15 . 2011-12-30 05:27   478720   ----a-w-   c:\windows\SysWow64\timedate.cpl
    2012-02-15 14:15 . 2012-01-14 04:06   3145728   ----a-w-   c:\windows\system32\win32k.sys
    2012-02-15 14:15 . 2011-12-28 03:59   498688   ----a-w-   c:\windows\system32\drivers\afd.sys
    2012-02-15 14:15 . 2011-12-16 08:46   634880   ----a-w-   c:\windows\system32\msvcrt.dll
    2012-02-15 14:15 . 2011-12-16 07:52   690688   ----a-w-   c:\windows\SysWow64\msvcrt.dll
    2012-02-12 19:34 . 2012-02-12 19:34   --------   d-----w-   c:\program files (x86)\JMicron
    2012-02-12 19:34 . 2000-01-01 00:00   25688   ----a-w-   c:\windows\system32\drivers\johci.sys
    2012-02-12 03:00 . 2000-01-01 00:00   53248   ----a-w-   c:\windows\SysWow64\CSVer.dll
    2012-02-12 01:16 . 2000-01-01 00:00   1284712   ----a-w-   c:\windows\RtlExUpd.dll
    2012-02-12 01:16 . 2006-02-07 20:45   757760   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2012-02-12 01:16 . 2006-02-07 20:44   65024   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
    2012-02-12 01:16 . 2006-02-07 20:40   204800   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2012-02-12 01:16 . 2006-02-07 20:40   69715   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2012-02-12 01:16 . 2006-02-07 20:40   274432   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2012-02-12 01:16 . 2005-11-14 04:19   5632   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2012-02-12 01:16 . 2012-02-12 01:16   331908   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2012-02-12 01:16 . 2012-02-12 01:16   200836   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2012-02-12 01:13 . 2012-02-12 01:29   --------   d--h--w-   c:\program files (x86)\Temp
    2012-02-12 01:03 . 2000-01-01 00:00   74272   ----a-w-   c:\windows\system32\RtNicProp64.dll
    2012-02-12 01:03 . 2000-01-01 00:00   565352   ----a-w-   c:\windows\system32\drivers\Rt64win7.sys
    2012-02-12 00:59 . 2012-02-18 01:13   15672   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys
    2012-02-12 00:59 . 2012-02-12 00:59   --------   d-----w-   c:\users\Tara\AppData\Local\SlimWare Utilities Inc
    2012-02-12 00:59 . 2012-02-12 00:59   --------   d-----w-   c:\program files (x86)\SlimDrivers
    2012-02-09 23:15 . 2012-02-09 23:15   --------   d-----w-   c:\program files\7-Zip
    2012-02-06 20:14 . 2012-02-06 20:14   --------   d-----w-   c:\users\Tara\AppData\Roaming\SUPERAntiSpyware.com
    2012-02-05 18:19 . 2012-02-05 18:19   --------   d-----w-   c:\users\TATA\AppData\Roaming\SUPERAntiSpyware.com
    2012-02-05 18:19 . 2012-02-05 18:19   --------   d-----w-   c:\program files\SUPERAntiSpyware
    2012-02-05 18:19 . 2012-02-05 18:19   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
    2012-02-05 16:40 . 2009-05-18 18:17   34152   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-02-05 16:40 . 2008-04-17 17:12   126312   ----a-w-   c:\windows\system32\GEARAspi64.dll
    2012-02-05 16:40 . 2008-04-17 17:12   107368   ----a-w-   c:\windows\SysWow64\GEARAspi.dll
    2012-02-05 16:40 . 2012-02-05 16:40   --------   d-----w-   c:\program files\iPod
    2012-02-05 16:40 . 2012-02-05 16:40   --------   d-----w-   c:\program files\iTunes
    2012-02-05 16:40 . 2012-02-05 16:40   --------   d-----w-   c:\program files (x86)\iTunes
    2012-02-05 16:39 . 2012-02-05 16:39   --------   d-----w-   c:\program files (x86)\Apple Software Update
    2012-02-05 16:39 . 2012-02-09 18:48   --------   d-----w-   c:\program files (x86)\Common Files\Apple
    2012-02-05 16:39 . 2012-02-05 16:39   --------   d-----w-   c:\programdata\Apple
    2012-02-04 02:48 . 2012-02-04 02:48   --------   d-----w-   c:\programdata\Malwarebytes
    2012-02-04 02:48 . 2012-02-04 02:48   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-02-04 02:48 . 2011-12-10 20:24   23152   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2012-02-04 02:31 . 2012-02-04 02:32   --------   d-----w-   c:\program files (x86)\Common Files\McAfee
    2012-02-04 02:31 . 2011-10-15 17:16   10248   ----a-w-   c:\windows\system32\drivers\mfeclnk.sys
    2012-02-04 02:31 . 2011-10-15 17:16   75808   ----a-w-   c:\windows\system32\drivers\mfenlfk.sys
    2012-02-04 02:31 . 2011-10-15 17:16   65264   ----a-w-   c:\windows\system32\drivers\cfwids.sys
    2012-02-04 02:31 . 2011-10-15 17:16   481768   ----a-w-   c:\windows\system32\drivers\mfefirek.sys
    2012-02-04 02:31 . 2011-10-15 17:16   284648   ----a-w-   c:\windows\system32\drivers\mfewfpk.sys
    2012-02-04 02:31 . 2011-10-15 17:16   229528   ----a-w-   c:\windows\system32\drivers\mfeavfk.sys
    2012-02-04 02:31 . 2011-10-15 17:16   100912   ----a-w-   c:\windows\system32\drivers\mferkdet.sys
    2012-02-04 02:30 . 2012-02-04 02:32   --------   d-----w-   c:\program files\Common Files\McAfee
    2012-02-04 02:30 . 2012-02-04 02:32   --------   d-----w-   c:\program files\McAfee
    2012-02-04 02:30 . 2012-02-28 20:36   --------   d-----w-   c:\program files (x86)\McAfee
    2012-02-04 02:25 . 2011-11-18 21:36   161168   ----a-w-   c:\windows\system32\mfevtps.exe
    2012-02-04 02:25 . 2012-02-28 20:36   --------   d-----w-   c:\programdata\McAfee
    .

    Hello Again Hoov, I just want to tell you a few things In case you need to know them.First I ran Combofix & left the room.I came back about 10 minutes later & The computer was @ the Log on screen.So I logged In thinking It was finished.But it was still running & the black Box was Bouncing all over the screen.So I was not sure If it was not working corectly or I screwed Up by logging Back in?When I logged Into My ADMIN the Blue box was Finishing Up.It did Finish But Just thought I should bring that to your Attention.I also notice that When I went to turned Back on My Mcafee from Admin,It said Marked for deletion? But the it did Turn On from My standard account.Sorry to Ramble on just want to make sure You get the right info.Here are is the Log.If I need to run again Let me Know.I may have Messed it up.Sorry ???

    Offline Jen27

    • Bronze Member
    • Posts: 166
    Re: [In Progress] Possible trojon
    « Reply #12 on: March 01, 2012, 02:34:09 pm »
    Sorry Cant send other files.Says they are to large.I tried to even send them seperate but they are over 1mb compressed?Let me know what I should do next when you can Thank You.

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25712
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Possible trojon
    « Reply #13 on: March 01, 2012, 04:10:18 pm »
    You ran combofix fine, sometimes it reboots.

    If McAfee ran, then it could be a glitch. Let me know if it has problems running.

    About the other files, I sent you a PM letting you know what to do with them.

    There is one problem, the combofix log seems to be truncated a bit. Can you go to c:\qoobox and open combofix.txt and copy the entire thing and post it back here. You may have to scroll down to get to the bottom of the log.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline Jen27

    • Bronze Member
    • Posts: 166
    Re: [In Progress] Possible trojon
    « Reply #14 on: March 01, 2012, 04:35:47 pm »
    Hi Ok Thanks Sorry about The Other Message. :D1 Here are the 2 Logs you requested.I am now sending the 2 other things As zipped.
    From 7zip & LInk.Just wanted to make sure about Combofix because I ran It under My standard Acount since you said Ok.
    Thank you So much Again

    Update for Microsoft Office 2007 (KB2508958)
    Acoustica Beatcraft
    Acoustica Effects Pack
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.2)
    aioscnnr
    Apple Application Support
    Apple Software Update
    Audacity 1.3.14 (Unicode)
    Auslogics Disk Defrag
    Banctec Service Agreement
    C4USelfUpdater
    center
    D3DX10
    essentials
    Fender FUSE
    Fender FUSE 2.4.1.27
    FFmpeg for Audacity on Windows
    HiJackThis
    Intel(R) Graphics Media Accelerator Driver
    JMicron 1394 Filter Driver
    KODAK AiO Software
    Malwarebytes Anti-Malware version 1.60.1.1000
    McAfee SecurityCenter
    McAfee Virtual Technician
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    ocr
    PreReq
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.93
    Secunia PSI (2.0.0.3003)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    SlimDrivers
    SpywareBlaster 4.6
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack

    Combo Text--

    2012-03-01 14:43:35 . 2012-03-01 14:43:35            1,404 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-3673066089.fuse.fender.com.reg.dat
    2012-03-01 14:43:35 . 2012-03-01 14:43:35              494 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758}.reg.dat
    2012-03-01 14:43:15 . 2012-03-01 14:43:15               92 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
    2012-03-01 14:43:01 . 2012-03-01 14:43:01              104 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
    2012-03-01 14:14:14 . 2012-03-01 14:14:14            3,893 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2012-03-01 14:10:35 . 2012-03-01 14:10:35               51 ----a-w-  C:\Qoobox\Quarantine\catchme.log
    2011-04-02 15:31:17 . 2011-04-01 13:44:30       24,875,008 ----a-w-  C:\Qoobox\Quarantine\C\Program Files (x86)\Downloaded Installers\{4288DCD5-118B-4BBE-AB88-BAE7AE4163D1}\setup.msi.vir
    2010-11-16 19:18:58 . 2010-11-16 19:18:58          103,784 ----a-w-  C:\Qoobox\Quarantine\C\Users\TATA\GoToAssistDownloadHelper.exe.vir
    2010-10-27 20:27:05 . 2010-10-27 20:27:06          103,784 ----a-w-  C:\Qoobox\Quarantine\C\Users\Tara\GoToAssistDownloadHelper.exe.vir