2 Replies Latest reply on Aug 26, 2010 11:49 AM by Dinz

    Internet Exlporer will not connect, no Mcafee updates due to connection failure

      Hi All,

       

      Windows xp pro sp3, internet explorer 8. Firefox connects and appears functional. Malwarebytes is able to connect and update, a safe mode scan shows no errors. Internet explorer

      will not connect, microsoft update will not connect, Mcafee update fails with connection error however runs scan in safe mode error free. Following are system logs. Any help is greatly appreciated. Thanks in advance.

       

      DDS

       


      DDS (Ver_10-03-17.01) - NTFSx86
      Run by repair at 16:51:13.54 on Tue 08/24/2010
      Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
      Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.433 [GMT -4:00]

       

      AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
      FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

       

      ============== Running Processes ===============

       

      C:\WINDOWS\system32\svchost -k DcomLaunch
      svchost.exe
      C:\WINDOWS\System32\svchost.exe -k netsvcs
      C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
      svchost.exe
      svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      svchost.exe
      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
      C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
      C:\Program Files\McAfee.com\Agent\mcagent.exe
      C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
      C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
      C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
      C:\WINDOWS\system32\svchost.exe -k imgsvc
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      C:\WINDOWS\system32\svchost.exe -k netsvcs
      C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
      C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Documents and Settings\repair\Desktop\av tools\dds.scr

       

      ============== Pseudo HJT Report ===============

       

      uStart Page = hxxp://www.google.com/
      uInternet Settings,ProxyServer = http=127.0.0.1:5555
      uInternet Settings,ProxyOverride = <local>
      BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
      BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
      BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
      BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
      BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
      BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100519141547.dll
      BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
      BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
      BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
      BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
      TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
      TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
      TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
      EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
      uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
      uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
      uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_Plugin.exe -update plugin
      mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
      mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
      mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
      mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimageechoenterpriseserver\TrueImageMonitor.exe
      mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimageechoenterpriseserver\TimounterMonitor.exe
      mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
      mRun: [igfxtray] c:\windows\system32\igfxtray.exe
      mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
      mRun: [igfxpers] c:\windows\system32\igfxpers.exe
      mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
      IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
      IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.h tml
      IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
      IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
      IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
      IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
      DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
      DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_sit e.cab?1241980288203
      DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_s ite.cab?1249906416031
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
      DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
      Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
      Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
      Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
      Notify: igfxcui - igfxdev.dll
      SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
      LSA: Authentication Packages = msv1_0 relog_ap

       

      ================= FIREFOX ===================

       

      FF - ProfilePath - c:\docume~1\repair\applic~1\mozilla\firefox\profiles\31qkjhp6.default\
      FF - prefs.js: browser.search.selectedEngine - Secure Search
      FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
      FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
      FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
      FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
      FF - plugin: c:\program files\microsoft\office live\npOLW.dll
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
      FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

       

      ---- FIREFOX POLICIES ----
      c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
      c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
      c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
      c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
      c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
      c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
      c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
      c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
      c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_ pref", true);
      c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
      c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
      c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
      c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
      c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

       

      ============= SERVICES / DRIVERS ===============

       

      R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-2-18 385880]
      R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-2-18 82952]
      R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-2-18 271480]
      R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-2-18 271480]
      R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-2-18 271480]
      R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-2-18 271480]
      R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-2-18 170144]
      R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-2-18 188136]
      R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-2-18 141792]
      R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-2-18 55456]
      R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-2-18 152320]
      R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-2-18 51688]
      R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-2-18 312616]
      R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-2-18 88480]
      S2 jziyhn;Boot Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
      S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-2-18 88480]
      S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-2-18 83496]

       

      =============== Created Last 30 ================

       

      2010-08-24 20:50:52 0 ----a-w- c:\documents and settings\repair\defogger_reenable
      2010-08-24 16:39:56 0 d-----w- c:\docume~1\repair\applic~1\Research In Motion
      2010-08-22 22:44:37 2725 ----a-r- c:\windows\system32\e1000325.din
      2010-08-22 22:44:31 126976 ----a-w- c:\windows\system32\e1000msg.dll
      2010-08-22 22:44:31 121856 ----a-w- c:\windows\system32\drivers\e1000325.sys
      2010-08-22 21:53:39 135168 ----a-w- c:\windows\system32\igfxres.dll
      2010-08-08 16:47:28 1952024 ----a-w- c:\windows\system32\AutoPartNt.exe
      2010-08-08 16:47:28 1024 ----a-w- c:\windows\system32\AutoPartNt.let
      2010-08-08 13:25:43 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
      2010-08-08 13:25:43 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
      2010-08-08 13:25:27 134272 ----a-w- c:\windows\system32\drivers\snman380.sys

       

      ==================== Find3M ====================

       

      2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
      2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
      2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
      2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
      2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

       

      ============= FINISH: 16:52:50.50 ===============

       


      gmer one

       

      GMER 1.0.15.15281 -
      Rootkit quick scan 2010-08-24 13:54:08
      Windows 5.1.2600 Service Pack 3
      Running: cr40tr0i.exe; Driver: C:\DOCUME~1\repair\LOCALS~1\Temp\pxtdipow.sys

       


      ---- System - GMER 1.0.15 ----

       

      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7465DB0]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7465DC4]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7465DF0]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7465E46]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7465D9C]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7465D74]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7465D88]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7465DDA]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7465E1C]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7465E06]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7465E70]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7465E5C]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7465E30]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

       

      ---- Devices - GMER 1.0.15 ----

       

      AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
      AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
      AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
      AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
      AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
      AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

       

      ---- Services - GMER 1.0.15 ----

       

      Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] jziyhn <-- ROOTKIT !!!

       

      ---- EOF - GMER 1.0.15 ----

       


      gmer two

       

      GMER 1.0.15.15281 -
      Rootkit scan 2010-08-24 16:10:01
      Windows 5.1.2600 Service Pack 3
      Running: cr40tr0i.exe; Driver: C:\DOCUME~1\repair\LOCALS~1\Temp\pxtdipow.sys

       


      ---- System - GMER 1.0.15 ----

       

      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7465DB0]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7465DC4]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7465DF0]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7465E46]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7465D9C]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7465D74]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7465D88]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7465DDA]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7465E1C]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7465E06]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7465E70]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7465E5C]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7465E30]
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
      Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

       

      ---- Devices - GMER 1.0.15 ----

       

      AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
      AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
      AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
      AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snman380.sys (Acronis Snapshot API/Acronis)
      AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
      AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
      AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

       

      Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

       

      ---- Services - GMER 1.0.15 ----

       

      Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] jziyhn <-- ROOTKIT !!!

       

      ---- Registry - GMER 1.0.15 ----

       

      Reg HKLM\SYSTEM\CurrentControlSet\Services\jziyhn@DisplayName Boot Helper
      Reg HKLM\SYSTEM\CurrentControlSet\Services\jziyhn@Type 32
      Reg HKLM\SYSTEM\CurrentControlSet\Services\jziyhn@Start 2
      Reg HKLM\SYSTEM\CurrentControlSet\Services\jziyhn@ErrorControl 0
      Reg HKLM\SYSTEM\CurrentControlSet\Services\jziyhn@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
      Reg HKLM\SYSTEM\CurrentControlSet\Services\jziyhn@ObjectName LocalSystem
      Reg HKLM\SYSTEM\CurrentControlSet\Services\jziyhn@Description Maintains links between NTFS files within a computer or across computers in a network domain.
      Reg HKLM\SYSTEM\CurrentControlSet\Services\jziyhn\Parameters
      Reg HKLM\SYSTEM\CurrentControlSet\Services\jziyhn\Parameters@ServiceDll C:\WINDOWS\system32\ltmohrjx.dll
      Reg HKLM\SYSTEM\ControlSet003\Services\jziyhn@DisplayName Boot Helper
      Reg HKLM\SYSTEM\ControlSet003\Services\jziyhn@Type 32
      Reg HKLM\SYSTEM\ControlSet003\Services\jziyhn@Start 2
      Reg HKLM\SYSTEM\ControlSet003\Services\jziyhn@ErrorControl 0
      Reg HKLM\SYSTEM\ControlSet003\Services\jziyhn@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
      Reg HKLM\SYSTEM\ControlSet003\Services\jziyhn@ObjectName LocalSystem
      Reg HKLM\SYSTEM\ControlSet003\Services\jziyhn@Description Maintains links between NTFS files within a computer or across computers in a network domain.
      Reg HKLM\SYSTEM\ControlSet003\Services\jziyhn\Parameters (not active ControlSet)
      Reg HKLM\SYSTEM\ControlSet003\Services\jziyhn\Parameters@ServiceDll C:\WINDOWS\system32\ltmohrjx.dll

       

      ---- EOF - GMER 1.0.15 ----

       

       

      Message was edited by: Dinz on 8/26/10 10:48:55 AM GMT-06:00