Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello, I am needing some help with a nasty virus, shuts down Mcafee.


  • This topic is locked This topic is locked
34 replies to this topic

#1 RealMcCoy890

RealMcCoy890

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 04 February 2014 - 05:44 AM

Hi, working on my Daughters computer, the techs at McAfee have worked on it twice and the problem just returns. It shuts down McAfee without you knowing. No warning signs. It was first showing up as another network connection, but has gotten wise and started hidding itself better. Seems to use system32, configfree, and takes over the modem in the pc. From what I have read it sounds like the noaccess virus. It locks me out of the temp files. McAfee couldnt stop it on my wifes computer so they did a system restore, after the system restore I ran malwayre bytes and it found trojen.ed. But I think that was just part of it. On my wifes computer there was a file in the program files that would replicate itself. If you opend It, it was filled with the letter "Z" that just kept getting bigger and bigger,it was actually trying to fill the hard drive! They couldnt stop it, it gradualy takes over everything.Now I am fighting it on my Daughters computer. Any help at all would be much appreciated.It has Vista 32 bit, I ran the FRST.EXE and here are the results after search:

 

 

 

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2014-01-13 04:51] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:34] - [2008-01-20 18:34] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\System32\services.exe
[2014-01-13 04:51] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

X:\Windows\System32\services.exe
[2008-01-18 21:33] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

=== End Of Search ===


Edited by hamluis, 04 February 2014 - 08:06 AM.
Moved from Vista to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:30 PM

Posted 04 February 2014 - 01:42 PM

Hi RealMcCoy890 and Welcome to BleepingComputer!

We need to see some additional information about what is happening in your machine.
Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.
    DDS.jpg
  • Please can you Paste the DDS.txt in your next reply and Attach the Attach.txt
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:30 PM

Posted 06 February 2014 - 11:41 AM

This is a 48 hour status check. We need to continue our troubleshooting to make sure there are no more threats on your machine. If you don't have any free time please reply back to this thread and we will keep it open.

If you don't reply back within 24 hours, this thread may be closed for inactivity.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 RealMcCoy890

RealMcCoy890
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 06 February 2014 - 12:14 PM

Ok,sorry about the delay, McAfee went through this PC again yesterday because it was taken over. All drivers were non identifiable.

 

 

 

DDS (Ver_2012-11-05.02) - NTFS_x86
Internet Explorer: 7.0.6001.18527
Run by trinadee booboo at 11:01:52 on 2014-02-06
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.1.1033.18.2939.1610 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - c:\programdata\partner\partner.dll
BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - c:\program files\safekey\LPToolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.1852\swg.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: &Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - c:\program files\safekey\LPToolbar.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: McAfee SafeKey Fill Forms - c:\users\trinadee booboo\appdata\locallow\safekey\context.html?cmd=fillforms
IE: safekey - c:\users\trinadee booboo\appdata\locallow\safekey\context.html?cmd=lastpass
IE: SafeKey Fill Forms - c:\users\trinadee booboo\appdata\locallow\safekey\context.html?cmd=fillforms
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - c:\program files\safekey\LPToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{EEC127E6-7E82-4B8D-83DC-903C289EF543} : DHCPNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2014-2-5 20384]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2014-2-6 54776]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-2-6 281560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-2-6 281560]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2014-2-6 145088]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-2-6 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-2-6 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-2-6 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2014-2-6 281560]
R2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2014-2-6 66296]
R2 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-12-5 236000]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2014-2-6 643608]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2014-2-6 169320]
R2 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-9-24 572688]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2014-2-6 174488]
R2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-12-5 213392]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-12-5 60920]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-12-5 365416]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2013-11-26 319808]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2014-2-6 147912]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2014-2-5 954368]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-12-5 65928]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2013-11-26 80752]
S3 Partner Service;Partner Service;c:\programdata\partner\partner.exe [2014-2-5 110576]
.
=============== Created Last 30 ================
.
2014-02-06 16:33:26 -------- d-----w- C:\inetpub
2014-02-06 14:44:35 -------- d-----w- c:\users\trinadee booboo\appdata\local\Microsoft Help
2014-02-06 13:49:39 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2014-02-06 13:49:39 49472 ----a-w- c:\windows\system32\netfxperf.dll
2014-02-06 13:49:39 297808 ----a-w- c:\windows\system32\mscoree.dll
2014-02-06 13:49:39 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2014-02-06 13:49:39 1130824 ----a-w- c:\windows\system32\dfshim.dll
2014-02-06 13:48:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2014-02-06 13:48:17 31232 ----a-w- c:\windows\system32\httpapi.dll
2014-02-06 13:48:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2014-02-06 13:47:04 125952 ----a-w- c:\windows\system32\srvsvc.dll
2014-02-06 13:47:02 17920 ----a-w- c:\windows\system32\netevent.dll
2014-02-06 13:46:47 378368 ----a-w- c:\windows\system32\winhttp.dll
2014-02-06 13:45:52 2067456 ----a-w- c:\windows\system32\mstscax.dll
2014-02-06 13:45:51 677888 ----a-w- c:\windows\system32\mstsc.exe
2014-02-06 10:01:51 97800 ----a-w- c:\windows\system32\infocardapi.dll
2014-02-06 10:01:50 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-06 10:01:49 622080 ----a-w- c:\windows\system32\icardagt.exe
2014-02-06 10:01:49 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2014-02-06 10:01:49 11264 ----a-w- c:\windows\system32\icardres.dll
2014-02-06 10:01:47 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2014-02-06 09:54:25 158720 ----a-w- c:\windows\system32\mscorier.dll
2014-02-06 09:54:20 83968 ----a-w- c:\windows\system32\mscories.dll
2014-02-06 09:49:50 231936 ----a-w- c:\windows\system32\msshsq.dll
2014-02-06 09:42:04 147456 ----a-w- c:\windows\system32\Faultrep.dll
2014-02-06 09:42:03 125952 ----a-w- c:\windows\system32\wersvc.dll
2014-02-06 09:42:02 714240 ----a-w- c:\windows\system32\timedate.cpl
2014-02-06 09:40:31 1399296 ----a-w- c:\windows\system32\msxml6.dll
2014-02-06 09:40:27 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2014-02-06 09:40:27 1315840 ----a-w- c:\windows\system32\ole32.dll
2014-02-06 09:40:21 636928 ----a-w- c:\windows\system32\localspl.dll
2014-02-06 09:40:17 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2014-02-06 09:40:07 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2014-02-06 09:40:01 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2014-02-06 09:38:48 499712 ----a-w- c:\windows\system32\kerberos.dll
2014-02-06 09:38:47 175104 ----a-w- c:\windows\system32\wdigest.dll
2014-02-06 09:38:44 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2014-02-06 09:38:43 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-02-06 09:38:40 9728 ----a-w- c:\windows\system32\lsass.exe
2014-02-06 09:38:40 72704 ----a-w- c:\windows\system32\secur32.dll
2014-02-06 09:38:34 1314816 ----a-w- c:\windows\system32\quartz.dll
2014-02-06 09:38:26 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2014-02-06 09:38:26 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2014-02-06 09:37:43 2048 ----a-w- c:\windows\system32\tzres.dll
2014-02-06 09:36:36 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-06 09:36:36 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2014-02-06 09:36:36 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-02-06 09:36:34 738816 ----a-w- c:\windows\system32\inetcomm.dll
2014-02-06 09:33:52 49152 ----a-w- c:\windows\system32\csrsrv.dll
2014-02-06 09:33:52 375808 ----a-w- c:\windows\system32\winsrv.dll
2014-02-06 09:30:44 61440 ----a-w- c:\windows\system32\msasn1.dll
2014-02-06 09:19:57 1645568 ----a-w- c:\windows\system32\connect.dll
2014-02-06 08:13:21 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2014-02-06 08:13:08 -------- d-----w- c:\program files\McAfeeMOBK
2014-02-06 08:13:07 66296 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2014-02-06 08:13:07 -------- d-----w- c:\users\trinadee booboo\appdata\local\McAfee File Lock
2014-02-06 08:12:50 27045040 ----a-w- c:\program files\common files\lpuninstall.exe
2014-02-06 08:12:49 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2014-02-06 08:12:46 -------- d-----w- c:\program files\McAfee Online Backup
2014-02-06 08:12:11 -------- d-----w- c:\program files\SafeKey
2014-02-06 08:11:29 -------- d-----w- c:\program files\McAfee.com
2014-02-06 08:11:27 -------- d-----w- c:\program files\McAfee
2014-02-06 07:53:52 174488 ----a-w- c:\windows\system32\mfevtps.exe
2014-02-06 07:53:51 -------- d-----w- c:\program files\common files\McAfee
2014-02-05 22:07:21 -------- d-sh--w- C:\$RECYCLE.BIN
2014-02-05 22:07:14 -------- d-----w- c:\users\trinadee booboo\appdata\local\temp
2014-02-05 22:00:21 98816 ----a-w- c:\windows\sed.exe
2014-02-05 22:00:21 256000 ----a-w- c:\windows\PEV.exe
2014-02-05 22:00:21 208896 ----a-w- c:\windows\MBR.exe
2014-02-05 21:42:15 -------- d-----w- c:\users\trinadee booboo\appdata\local\LogMeIn Rescue Applet
2014-02-05 21:00:03 -------- d-----w- c:\users\trinadee booboo\appdata\local\Adobe
2014-02-05 20:56:56 351232 ----a-w- c:\windows\system32\WSDApi.dll
2014-02-05 20:56:50 531968 ----a-w- c:\windows\system32\comctl32.dll
2014-02-05 20:56:20 91136 ----a-w- c:\windows\system32\avifil32.dll
2014-02-05 20:56:20 82944 ----a-w- c:\windows\system32\mciavi32.dll
2014-02-05 20:56:20 65024 ----a-w- c:\windows\system32\avicap32.dll
2014-02-05 20:56:20 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2014-02-05 20:56:20 31744 ----a-w- c:\windows\system32\msvidc32.dll
2014-02-05 20:56:20 22528 ----a-w- c:\windows\system32\msyuv.dll
2014-02-05 20:56:20 13312 ----a-w- c:\windows\system32\msrle32.dll
2014-02-05 20:56:20 123904 ----a-w- c:\windows\system32\msvfw32.dll
2014-02-05 20:56:20 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2014-02-05 20:56:00 276992 ----a-w- c:\windows\system32\schannel.dll
2014-02-05 20:49:08 -------- d-----w- C:\a10193cb52f90105b1ba
2014-02-05 20:02:05 -------- d-----w- c:\windows\system32\%tmp%
2014-02-05 19:30:48 -------- d-----w- c:\users\trinadee booboo\appdata\local\MigWiz
2014-02-05 19:25:59 -------- d-----w- C:\Intel
2014-02-05 18:47:58 296960 ----a-w- c:\windows\system32\gdi32.dll
2014-02-05 18:46:51 157184 ----a-w- c:\windows\system32\t2embed.dll
2014-02-05 18:45:59 43520 ----a-w- c:\windows\system32\msdxm.tlb
2014-02-05 18:45:59 18432 ----a-w- c:\windows\system32\amcompat.tlb
2014-02-05 18:45:50 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-05 18:45:50 511488 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-05 18:45:50 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-05 18:45:50 472064 ----a-w- c:\windows\system32\secproc.dll
2014-02-05 18:45:50 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-05 18:45:50 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-05 18:45:49 329216 ----a-w- c:\windows\system32\msdrm.dll
2014-02-05 18:45:49 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-05 18:45:49 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-05 18:44:11 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2014-02-05 18:44:11 94720 ----a-w- c:\windows\system32\logagent.exe
2014-02-05 18:43:45 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2014-02-05 18:43:08 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-02-05 18:42:57 281600 ----a-w- c:\windows\system32\raschap.dll
2014-02-05 18:42:57 244224 ----a-w- c:\windows\system32\rastls.dll
2014-02-05 18:42:50 7680 ----a-w- c:\windows\system32\spwmp.dll
2014-02-05 18:42:50 4096 ----a-w- c:\windows\system32\msdxm.ocx
2014-02-05 18:42:50 4096 ----a-w- c:\windows\system32\dxmasf.dll
2014-02-05 18:42:50 310784 ----a-w- c:\windows\system32\unregmp2.exe
2014-02-05 18:42:50 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2014-02-05 18:42:50 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2014-02-05 18:42:50 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2014-02-05 18:25:51 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2014-02-05 18:25:43 98304 ----a-w- c:\windows\system32\cabview.dll
2014-02-05 16:07:36 -------- d-----w- c:\programdata\Partner
2014-02-05 15:59:37 -------- d-----w- C:\DOCS
2014-02-05 15:59:03 4 --sh--r- c:\windows\system32\drivers\taishop.sys
2014-02-05 15:55:30 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2014-02-05 15:55:27 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2014-02-05 15:54:19 -------- d-----w- c:\program files\common files\Toshiba Shared
2014-02-05 15:48:02 -------- d-----w- c:\users\trinadee booboo\appdata\local\Toshiba
2014-02-05 15:47:57 -------- d-----w- c:\users\trinadee booboo\appdata\local\Google
2014-02-05 15:47:48 -------- d-----w- c:\users\trinadee booboo\appdata\roaming\Symantec
2014-02-05 15:47:23 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2014-02-05 15:47:18 16 --sh--r- c:\windows\system32\drivers\fbd.sys
2014-02-05 15:47:16 -------- d-----w- c:\users\trinadee booboo\appdata\local\VirtualStore
2014-02-05 15:47:16 -------- d-----w- c:\program files\Jumpstart
2014-02-05 15:44:41 919552 ----a-w- c:\windows\system32\drivers\athr.sys
2014-02-05 15:44:40 53248 ----a-w- c:\windows\system32\athihvui.dll
2014-02-05 15:44:40 516096 ----a-w- c:\windows\system32\S64CPA.exe
2014-02-05 15:44:40 393216 ----a-w- c:\windows\system32\athihvs.dll
2014-02-05 15:44:40 -------- d-----w- c:\windows\system32\nn-NO
2014-02-05 15:44:21 -------- d-----w- c:\program files\Atheros
2014-02-05 15:44:20 -------- d-----w- c:\program files\Cisco
2014-02-05 15:44:17 -------- d-----w- c:\programdata\Atheros
2014-02-05 15:41:17 -------- d-----w- c:\program files\Synaptics
2014-02-05 15:39:09 -------- d-----w- c:\windows\system32\ENU
2014-02-05 15:39:08 1034776 ----a-w- c:\windows\system32\imsmudlg.exe
2014-02-05 15:39:01 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2014-02-05 15:37:24 77824 ----a-w- c:\windows\system32\tosmreg.exe
2014-02-05 15:37:24 491520 ----a-w- c:\windows\system32\cselect.exe
2014-02-05 15:37:24 45056 ----a-w- c:\windows\system32\csellang.dll
2014-02-05 15:37:24 -------- d-----w- c:\program files\ltmoh
2014-02-05 15:36:49 -------- d-----w- c:\windows\Options
2014-02-05 15:35:28 -------- d-----w- c:\windows\system32\RTCOM
2014-02-05 15:31:48 920088 ----a-w- c:\windows\system32\igxpun.exe
2014-02-05 15:31:48 319456 ----a-w- c:\windows\system32\difxapi.dll
2014-02-05 15:31:48 -------- d-----w- c:\windows\system32\Lang
2014-02-05 15:27:21 -------- d-----w- c:\program files\Microsoft Office Suite Activation Assistant
2014-02-05 15:18:43 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2014-02-05 15:18:43 32592 ----a-w- c:\windows\system32\msonpmon.dll
2014-02-05 15:18:01 -------- d-----w- c:\windows\PCHEALTH
2014-02-05 15:16:53 -------- d-----w- c:\windows\SHELLNEW
.
==================== Find3M  ====================
.
2014-02-05 15:34:52 319456 ----a-w- c:\windows\DIFxAPI.dll
2014-02-05 15:34:49 315392 ----a-w- c:\windows\HideWin.exe
2013-12-05 23:29:02 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-12-05 23:22:20 213392 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-12-05 23:16:44 572688 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-12-05 23:14:48 365416 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-12-05 23:14:02 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-12-05 23:13:14 236000 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-12-05 23:12:06 133992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-11-27 04:06:42 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-11-27 04:06:22 80752 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-11-27 04:06:00 319808 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
.
============= FINISH: 11:02:50.34 ===============

 

Attached Files



#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:30 PM

Posted 06 February 2014 - 12:24 PM

Hi RealMcCoy890

Thank you for the log. I can see you have attached a folder with nothing in. Can you please post Attach.txt instead of attaching it this time.

Thank you.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 RealMcCoy890

RealMcCoy890
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 06 February 2014 - 12:30 PM

Ok, sorry

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-05.02)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 2/5/2014 10:13:49 AM
System Uptime: 2/6/2014 10:34:11 AM (1 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Genuine Intel® CPU             585  @ 2.16GHz | CPU | 2161/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 105.646 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Reader 9
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
CD/DVD Drive Acoustic Silencer
DVD MovieFactory for TOSHIBA
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java™ 6 Update 6
McAfee All Access – Total Protection
McAfee Online Backup
McAfee SafeKey(uninstall only)
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetZero Internet Access Installer
Picasa 2
QuickBooks Financial Center
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Encoder (KB2447961)
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
WildTangent Games
Windows Media Encoder 9 Series
.
==== End Of File ===========================
 



#7 RealMcCoy890

RealMcCoy890
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 06 February 2014 - 12:35 PM

 .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-05.02)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 2/5/2014 10:13:49 AM
System Uptime: 2/6/2014 10:34:11 AM (1 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Genuine Intel® CPU             585  @ 2.16GHz | CPU | 2161/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 105.638 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP97: 2/5/2014 1:15:29 PM - Removed Adobe Flash Player 9 ActiveX.
RP98: 2/5/2014 1:16:25 PM - Removed Adobe Reader 9.
RP100: 2/5/2014 1:17:36 PM - Removed Amazon Links
RP101: 2/5/2014 1:18:16 PM - Removed Cisco EAP-FAST Module
RP102: 2/5/2014 1:19:03 PM - Removed Cisco LEAP Module
RP103: 2/5/2014 1:20:00 PM - Removed Cisco PEAP Module
RP104: 2/5/2014 1:20:44 PM - Removed Compatibility Pack for the 2007 Office system
RP106: 2/5/2014 1:22:48 PM - Removed Ulead DVD MovieFactory
RP108: 2/5/2014 1:23:34 PM - Removed Ulead DVD Tweak and Fit
RP110: 2/5/2014 1:24:25 PM - Removed Ulead DVD DiscRecorder
RP111: 2/5/2014 1:58:17 PM - Removed Java™ 6 Update 6
RP112: 2/5/2014 2:59:11 PM - Removed Adobe Reader 9.
RP114: 2/5/2014 3:01:31 PM - Removed NetZero Internet Access Installer
RP115: 2/5/2014 5:36:23 PM - Mcafee
RP116: 2/6/2014 3:42:22 AM - Windows Update
RP117: 2/6/2014 7:48:39 AM - Windows Update
RP118: 2/6/2014 7:48:40 AM - my restore
RP119: 2/6/2014 10:28:09 AM - Windows Modules Installer
.
==== Installed Programs ======================
.
Adobe Reader 9
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
CD/DVD Drive Acoustic Silencer
DVD MovieFactory for TOSHIBA
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java™ 6 Update 6
McAfee All Access – Total Protection
McAfee Online Backup
McAfee SafeKey(uninstall only)
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetZero Internet Access Installer
Picasa 2
QuickBooks Financial Center
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Encoder (KB2447961)
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
WildTangent Games
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
2/6/2014 9:43:53 AM, Error: EventLog [6008]  - The previous system shutdown at 9:36:17 AM on 2/6/2014 was unexpected.
2/6/2014 8:04:23 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  to the user TRINADEEBOO-PC\trinadee booboo SID (S-1-5-21-2458215479-1800353450-28691853-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/6/2014 7:24:53 AM, Error: Service Control Manager [7000]  - The McAfee Inc. mfeapfk service failed to start due to the following error:  The specified service does not exist.
2/6/2014 5:06:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070026: Update for Windows Vista (KB973687).
2/6/2014 5:06:01 AM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update 973687-52_neutral_PACKAGE from package KB973687(Update) into Absent(Absent) state
2/6/2014 5:06:01 AM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update 973687-51_neutral_PACKAGE from package KB973687(Update) into Absent(Absent) state
2/6/2014 5:06:01 AM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update 973687-50_neutral_PACKAGE from package KB973687(Update) into Absent(Absent) state
2/6/2014 5:06:01 AM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update 973687-5_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
2/6/2014 5:06:01 AM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update 973687-49_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
2/6/2014 5:06:01 AM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update 973687-47_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
2/6/2014 5:06:01 AM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update 973687-44_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
2/6/2014 5:06:01 AM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update 973687-41_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
2/6/2014 5:06:01 AM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update 973687-4_neutral_GDR from package KB973687(Update) into Staging(Staging) state
2/6/2014 5:06:01 AM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update 973687-35_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
2/6/2014 5:06:01 AM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update 973687-34_neutral_GDR from package KB973687(Update) into Staging(Staging) state
2/6/2014 5:06:01 AM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update 973687-32_neutral_GDR from package KB973687(Update) into Staging(Staging) state
2/6/2014 5:06:01 AM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update 973687-2_neutral_GDR from package KB973687(Update) into Staging(Staging) state
2/6/2014 5:06:01 AM, Error: Microsoft-Windows-Servicing [4375]  - Windows Servicing failed to complete the process of setting package KB973687 (Update) into Staged(Staged) state
2/6/2014 5:06:01 AM, Error: Microsoft-Windows-Servicing [4375]  - Windows Servicing failed to complete the process of setting package KB973687 (Update) into Install Requested(Install Requested) state
.
==== End Of File ===========================
 



#8 RealMcCoy890

RealMcCoy890
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 06 February 2014 - 12:37 PM

 Had to run the scan again, seems part of it dissappered



#9 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:30 PM

Posted 06 February 2014 - 01:55 PM

Hello RealMcCoy890

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.
Step 1
Download ADWCleaner to your desktop:
http://www.bleepingcomputer.com/download/adwcleaner/

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 2
1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

Image1.png

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

Image2.png

7. The following image opens, select Update

Image3.png

8. When the Update completes, select Next

Image4.png

9. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

MBAntiRKclean.png

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

MBAntiRKclean1.png

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

Image6.png

13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown

Image10.png


Post those two logs in your reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#10 RealMcCoy890

RealMcCoy890
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 06 February 2014 - 03:05 PM

Ok,

 

 

# AdwCleaner v3.018 - Report created 06/02/2014 at 13:09:55
# Updated 28/01/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 1 (32 bits)
# Username : trinadee booboo - TRINADEEBOO-PC
# Running from : C:\Users\trinadee booboo\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Partner Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18527

*************************

AdwCleaner[R0].txt - [1622 octets] - [06/02/2014 13:08:30]
AdwCleaner[S0].txt - [1575 octets] - [06/02/2014 13:09:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1635 octets] ##########

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6001 Windows Vista Service Pack 1 x86

Account is Administrative

Internet Explorer version: 7.0.6001.18000

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.161000 GHz
Memory total: 3082039296, free: 1810898944

Downloaded database version: v2014.02.06.07
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     02/06/2014 13:23:40
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps32.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\MOBK.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\jswpslwf.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\RTSTOR.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\McPvDrv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\cfwids.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff862ba520
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff85331028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff862ba520, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff862ba148, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff862ba520, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85331028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6D7DF5DF

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 294373376
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 297447424  Numsec = 15132672
    Partition is not bootable
Hidden partition VBR is not infected.

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-3074048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-297447424-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

 

 

 

 

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.06.07

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
trinadee booboo :: TRINADEEBOO-PC [administrator]

2/6/2014 1:23:53 PM
mbar-log-2014-02-06 (13-23-53).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 207121
Time elapsed: 35 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#11 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:30 PM

Posted 06 February 2014 - 04:03 PM

Hi RealMcCoy890

More information about Installing and run Combofix can be found HERE

Please download ComboFix from one of the following locations:**IMPORTANT! Save ComboFix to your Desktop. Read the following thoroughly
  • Close any open browsers.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on 'ComboFix.exe' & follow the prompts.
  • If ComboFix finds any Updates, Please allow ComboFix to run them.
  • ComboFix will now disconnect your computer from the Internet and start scanning for Malware so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection. please be patient.
  • When the scan finished, it will delete the malware found and reboot your computer automatically. Don't reboot your computer manually, let ComboFix do it.
  • Once your computer is rebooted, ComboFix will start preparing a log. Please let it do so unhindered.
  • If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

    Please include the contents of C:\ComboFix.txt in your next reply.

    Please Enable your Anti-virus Software again !!

    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    3. ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
    4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#12 RealMcCoy890

RealMcCoy890
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 06 February 2014 - 04:31 PM

OK, when I try to download, something tries to copy, then says I do not have permission to download to this file. Was downloading to the desktop just the same as the others.



#13 RealMcCoy890

RealMcCoy890
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 06 February 2014 - 04:33 PM

 Then McAfee says it caught a trojen called "Artemis!4611BC286A01" tried 4 times. Same results



#14 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:30 PM

Posted 06 February 2014 - 04:39 PM

Hi RealMcCoy890

You will need to disable McAfee.

If you open McAfee you should be-able to disable by going to SecurityCenter > Navigation > General Settings and Alerts > Access Protection

Remember after you have run Combofix and got the log to Enable McAfee Realtime Scanner.
 


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#15 RealMcCoy890

RealMcCoy890
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 06 February 2014 - 05:32 PM

ok, here ya go...

 

 

ComboFix 14-02-05.02 - trinadee booboo 02/06/2014  16:03:22.2.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.1.1033.18.2939.1678 [GMT -6:00]
Running from: c:\users\trinadee booboo\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-06 to 2014-02-06  )))))))))))))))))))))))))))))))
.
.
2014-02-06 22:12 . 2014-02-06 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-06 19:23 . 2014-02-06 19:23 -------- d-----w- c:\programdata\Malwarebytes
2014-02-06 19:23 . 2014-02-06 20:00 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-06 19:23 . 2014-02-06 19:23 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-06 19:22 . 2014-02-06 19:22 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-06 19:07 . 2014-02-06 19:09 -------- d-----w- C:\AdwCleaner
2014-02-06 16:33 . 2014-02-06 16:33 -------- d-----w- C:\inetpub
2014-02-06 13:49 . 2009-11-08 16:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2014-02-06 13:49 . 2009-11-08 16:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2014-02-06 13:49 . 2009-11-08 16:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2014-02-06 13:49 . 2009-11-08 16:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2014-02-06 13:49 . 2009-11-08 16:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2014-02-06 13:48 . 2009-11-03 19:53 411136 ----a-w- c:\windows\system32\drivers\http.sys
2014-02-06 13:48 . 2009-11-03 22:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2014-02-06 13:48 . 2009-11-03 22:15 31232 ----a-w- c:\windows\system32\httpapi.dll
2014-02-06 13:47 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2014-02-06 13:47 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2014-02-06 13:46 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2014-02-06 13:45 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2014-02-06 13:45 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2014-02-06 10:01 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2014-02-06 10:01 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-06 10:01 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2014-02-06 10:01 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2014-02-06 10:01 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2014-02-06 10:01 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2014-02-06 09:54 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2014-02-06 09:54 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2014-02-06 09:49 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2014-02-06 09:42 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2014-02-06 09:42 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2014-02-06 09:42 . 2009-10-23 17:42 714240 ----a-w- c:\windows\system32\timedate.cpl
2014-02-06 09:40 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2014-02-06 09:40 . 2010-06-28 16:15 1315840 ----a-w- c:\windows\system32\ole32.dll
2014-02-06 09:40 . 2010-06-28 14:31 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2014-02-06 09:40 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2014-02-06 09:40 . 2011-02-18 13:31 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2014-02-06 09:40 . 2010-01-29 16:22 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2014-02-06 09:40 . 2011-02-22 12:51 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2014-02-06 09:38 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2014-02-06 09:38 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2014-02-06 09:38 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2014-02-06 09:38 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-02-06 09:38 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2014-02-06 09:38 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2014-02-06 09:38 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll
2014-02-06 09:38 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2014-02-06 09:38 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2014-02-06 09:37 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2014-02-06 09:36 . 2008-08-28 03:40 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-06 09:36 . 2008-08-28 03:40 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-02-06 09:36 . 2008-08-28 03:40 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2014-02-06 09:36 . 2011-05-02 15:58 738816 ----a-w- c:\windows\system32\inetcomm.dll
2014-02-06 09:33 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2014-02-06 09:33 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll
2014-02-06 09:30 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2014-02-06 09:19 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll
2014-02-06 08:13 . 2013-09-23 19:48 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2014-02-06 08:13 . 2013-09-09 17:11 66296 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2014-02-06 08:12 . 2014-02-06 09:29 27045040 ----a-w- c:\program files\Common Files\lpuninstall.exe
2014-02-06 08:12 . 2014-02-06 08:12 -------- dc----w- c:\windows\system32\DRVSTORE
2014-02-06 08:12 . 2010-04-14 02:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2014-02-06 08:12 . 2014-02-06 08:12 -------- d-----w- c:\program files\McAfee Online Backup
2014-02-06 08:12 . 2014-02-06 09:30 -------- d-----w- c:\program files\SafeKey
2014-02-06 08:11 . 2014-02-06 08:44 -------- d-----w- c:\program files\McAfee
2014-02-06 07:53 . 2013-12-05 23:21 174488 ----a-w- c:\windows\system32\mfevtps.exe
2014-02-06 07:53 . 2014-02-06 08:13 -------- d-----w- c:\program files\Common Files\McAfee
2014-02-06 07:53 . 2014-02-06 18:50 -------- d-----w- c:\programdata\McAfee
2014-02-05 20:56 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2014-02-05 20:56 . 2010-08-31 15:40 531968 ----a-w- c:\windows\system32\comctl32.dll
2014-02-05 20:56 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2014-02-05 20:56 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2014-02-05 20:56 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2014-02-05 20:56 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2014-02-05 20:56 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2014-02-05 20:56 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2014-02-05 20:56 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2014-02-05 20:56 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2014-02-05 20:56 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2014-02-05 20:56 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll
2014-02-05 20:49 . 2014-02-05 20:49 -------- d-----w- C:\a10193cb52f90105b1ba
2014-02-05 20:02 . 2014-02-05 20:36 -------- d-----w- c:\windows\system32\%tmp%
2014-02-05 19:25 . 2014-02-05 19:25 -------- d-----w- C:\Intel
2014-02-05 18:47 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2014-02-05 18:46 . 2010-08-26 16:07 157184 ----a-w- c:\windows\system32\t2embed.dll
2014-02-05 18:45 . 2009-07-14 08:30 43520 ----a-w- c:\windows\system32\msdxm.tlb
2014-02-05 18:45 . 2009-07-14 08:30 18432 ----a-w- c:\windows\system32\amcompat.tlb
2014-02-05 18:45 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-05 18:45 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2014-02-05 18:45 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-05 18:45 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-05 18:45 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-05 18:45 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-05 18:45 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-05 18:45 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-05 18:45 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2014-02-05 18:44 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2014-02-05 18:44 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2014-02-05 18:43 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2014-02-05 18:43 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-02-05 18:42 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2014-02-05 18:42 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2014-02-05 18:42 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2014-02-05 18:42 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2014-02-05 18:42 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
2014-02-05 18:42 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2014-02-05 18:42 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2014-02-05 18:42 . 2009-07-14 10:59 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2014-02-05 18:42 . 2009-07-14 10:58 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2014-02-05 18:25 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2014-02-05 18:25 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2014-02-05 15:59 . 2014-02-05 15:59 -------- d-----w- C:\DOCS
2014-02-05 15:59 . 2014-02-05 15:59 4 --sh--r- c:\windows\system32\drivers\taishop.sys
2014-02-05 15:55 . 2008-07-19 02:52 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2014-02-05 15:55 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2014-02-05 15:54 . 2014-02-05 15:55 -------- d-----w- c:\program files\Common Files\Toshiba Shared
2014-02-05 15:47 . 2008-04-29 00:59 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2014-02-05 15:47 . 2014-02-05 15:47 16 --sh--r- c:\windows\system32\drivers\fbd.sys
2014-02-05 15:47 . 2014-02-05 15:47 -------- d-----w- c:\program files\Jumpstart
2014-02-05 15:46 . 2014-02-06 11:19 -------- d-----w- c:\users\trinadee booboo
2014-02-05 15:44 . 2008-07-28 23:53 919552 ----a-w- c:\windows\system32\drivers\athr.sys
2014-02-05 15:44 . 2014-02-05 15:44 -------- d-----w- c:\windows\system32\nn-NO
2014-02-05 15:44 . 2008-07-28 22:31 516096 ----a-w- c:\windows\system32\S64CPA.exe
2014-02-05 15:44 . 2008-07-28 22:31 53248 ----a-w- c:\windows\system32\athihvui.dll
2014-02-05 15:44 . 2008-07-28 22:30 393216 ----a-w- c:\windows\system32\athihvs.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-05 23:29 . 2013-12-05 23:29 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-12-05 23:22 . 2013-12-05 23:22 213392 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-12-05 23:16 . 2013-09-25 02:45 572688 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-12-05 23:14 . 2013-12-05 23:14 365416 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-12-05 23:14 . 2013-12-05 23:14 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-12-05 23:13 . 2013-12-05 23:13 236000 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-12-05 23:12 . 2013-09-25 02:42 133992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-11-27 04:06 . 2013-11-27 04:06 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-11-27 04:06 . 2013-11-27 04:06 80752 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-11-27 04:06 . 2013-11-27 04:06 319808 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9DB059B3-DD36-4a55-846C-59BE42A1202A}]
2014-02-06 09:29 728560 ----a-w- c:\program files\SafeKey\LPToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{61D700C1-7D8D-43c5-9C13-4FF85157CFE6}"= "c:\program files\SafeKey\LPToolbar.dll" [2014-02-06 728560]
.
[HKEY_CLASSES_ROOT\clsid\{61d700c1-7d8d-43c5-9c13-4ff85157cfe6}]
[HKEY_CLASSES_ROOT\LPToolbar.LPToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{0A715D8A-947C-4ab1-AF67-62881ED45206}]
[HKEY_CLASSES_ROOT\LPToolbar.LPToolbarBand]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-02-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 516912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ    PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: McAfee SafeKey Fill Forms - file://c:\users\trinadee booboo\AppData\LocalLow\safekey\context.html?cmd=fillforms
IE: safekey - file://c:\users\trinadee booboo\AppData\LocalLow\safekey\context.html?cmd=lastpass
IE: SafeKey Fill Forms - file://c:\users\trinadee booboo\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-06 16:17
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????g?R,$??h?????????????????
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4916)
c:\program files\McAfee Online Backup\MOBKshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
c:\windows\system32\mfevtps.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\rundll32.exe
c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\McAfee\MSC\McAPExe.exe
c:\program files\Common Files\McAfee\AMCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\McAfee Online Backup\MOBKbackup.exe
c:\program files\McAfee Online Backup\MOBKbackup.exe
c:\windows\system32\vssvc.exe
c:\progra~1\COMMON~1\McAfee\Platform\mcuicnt.exe
c:\program files\McAfee\MAT\McPvTray.exe
c:\windows\System32\wsqmcons.exe
.
**************************************************************************
.
Completion time: 2014-02-06  16:26:34 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-06 22:25
ComboFix2.txt  2014-02-05 22:07
.
Pre-Run: 112,332,820,480 bytes free
Post-Run: 112,032,804,864 bytes free
.
- - End Of File - - 3C13B557CA72D4B61902EDD2BE82A924
5B5E648D12FCADC244C1EC30318E1EB9
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users