The latest requests were for me to do an Active Scan and GMER scan. I just did them; the Active Scan log is:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-12-31 12:07:43
PROTECTIONS: 3
MALWARE: 15
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.4205.0 No Yes
McAfee Internet Security Suite 2007 9.0 No No
McAfee VirusScan Plus 13.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\Low\analyst@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\analyst@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\analyst@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\Low\analyst@atdmt[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\Low\analyst@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\Low\analyst@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\analyst@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\analyst@mediaplex[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\Low\analyst@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\Low\analyst@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\analyst@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\Low\analyst@ad.yieldmanager[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\Low\analyst@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\analyst@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\Low\analyst@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\analyst@bs.serving-sys[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\Low\analyst@advertising[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\analyst@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\analyst@ads.pointroll[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\analyst@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\analyst\AppData\Roaming\Microsoft\Windows\Cookies\Low\analyst@questionmarket[2].txt
04426062 Generic Trojan Virus/Trojan No 0 Yes No C:\Users\analyst\Downloads\ComboFix.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location =?
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description =?
;===================================================================================================================================================================================
;===================================================================================================================================================================================
The GMER was a bit weird. I ran the program, and it produced the following log:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-31 12:25:49
Windows 6.0.6001 Service Pack 1
---- System - GMER 1.0.14 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8E8BA9DE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8E8BA978]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8E8BA98C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8E8BAA1C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8E8BAA5F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8E8BA950]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8E8BA964]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8E8BA9F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8E8BAA87]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8E8BAA73]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8E8BA9CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8E8BA9B6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8E8BAA4B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8E8BAA32]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8E8BAA08]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8E8BA9A2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.14 ----
There was no notice about possible rootkit activity. There was a Scan button (along with Save and Copy buttons), but it didn't respond when I tried to click it.
Looking forward to you advice! Thanks!