Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware Infection - Freezes PC when using AntiMalware


  • This topic is locked This topic is locked
35 replies to this topic

#1 MikeyMike2014

MikeyMike2014

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 27 July 2014 - 03:12 PM

Good afternoon,

 

  After 2 years of no problems, it seems I may have been infected with Malware.  The hard drive spins constantly, making my laptop nearly worthless.  I rebooted my computer in Safe Mode and ran several programs to try and find/remove the Malware.  Some programs run OK and find nothing, but at least 3 programs run for a short time, then freeze up and the hard drive spins constantly.

 

  Here is what I've tried so far:

- Norton Power Eraser - Finds no problems

- Panda Cloud Cleaner - Did find and quarantine a few issues

- Kaspersky - I ran a through scan on everything - it took several hours and did find 2 infections.  Cleaned or quarantined both

- Malwarebytes - Gets to a certain point, then freezes.   Hard drive spins constantly

- ESET - Gets to a certain point, then freezes.  Hard drive spins constantly

- House Call - Gets to a certain point, then freezes.  Hard drive spins constantly

 

- AdwCleaner - Ran this, log looks clean except for 1 Firefox and 1 Google Chrome file that are listed

- Junkware Removal Tool - Only tried to run in Safe Mode w/ Networking.  Shows a command prompt screen, but nothing happens

- ComboFix - I have run this, can produce the log file if needed.

 

Any help you can give would be greatly appreciated!!



BC AdBot (Login to Remove)

 


#2 MikeyMike2014

MikeyMike2014
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 27 July 2014 - 03:14 PM

Here is the log from ComboFix:

 

ComboFix 14-07-25.01 - Paul 07/27/2014  15:18:18.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3873.2950 [GMT -4:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
c:\windows\SysWow64\lsm.exe
c:\windows\SysWow64\mfevtps.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-27 to 2014-07-27  )))))))))))))))))))))))))))))))
.
.
2014-07-27 19:26 . 2014-07-27 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-27 18:42 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-27 18:41 . 2014-07-27 19:01 -------- d-----w- C:\AdwCleaner
2014-07-26 16:55 . 2014-07-26 16:55 -------- d-----w- c:\program files (x86)\ESET
2014-07-26 16:20 . 2014-03-25 13:15 60400 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2014-07-26 16:20 . 2014-07-26 16:20 -------- d-----w- c:\users\Paul\AppData\Roaming\Panda Security
2014-07-26 16:19 . 2014-07-26 16:21 -------- d-----w- c:\program files (x86)\Panda Security
2014-07-26 16:18 . 2014-07-26 16:20 -------- d-----w- c:\programdata\Panda Security
2014-07-25 19:52 . 2014-07-25 19:52 -------- d-----w- c:\programdata\Kaspersky Lab
2014-07-25 19:16 . 2014-07-25 19:28 -------- d-----w- C:\NPE
2014-07-25 19:13 . 2014-07-26 04:18 -------- d-----w- c:\users\Paul\AppData\Local\NPE
2014-07-25 19:13 . 2014-07-25 19:13 -------- d-----w- c:\programdata\Norton
2014-07-25 17:20 . 2014-07-25 17:20 0 ----a-w- c:\windows\SysWow64\winlogon.exe
2014-07-25 17:20 . 2014-07-25 17:20 0 ----a-w- c:\windows\SysWow64\smss.exe
2014-07-25 17:20 . 2014-07-25 17:20 0 ----a-w- c:\windows\SysWow64\services.exe
2014-07-25 17:20 . 2014-07-25 17:20 0 ----a-w- c:\windows\SysWow64\lsass.exe
2014-07-25 14:09 . 2014-07-25 14:09 -------- d-----w- c:\users\Paul\AppData\Roaming\QuickScan
2014-07-25 07:11 . 2014-07-25 07:11 -------- d-----w- C:\found.001
2014-07-25 06:04 . 2014-07-26 21:51 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-25 06:04 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-25 06:04 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-25 06:04 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-25 05:38 . 2014-07-25 05:38 -------- d-----w- C:\found.000
2014-07-25 04:20 . 2014-07-25 06:04 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-21 03:15 . 2014-07-21 03:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-07-21 03:15 . 2014-07-11 07:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-19 07:18 . 2014-07-25 09:30 -------- d-----w- c:\program files (x86)\Java
2014-07-19 07:16 . 2014-06-06 04:39 46704 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-07-13 04:47 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-07-13 04:47 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-13 04:47 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-13 04:47 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-13 04:47 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-13 04:47 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-13 04:47 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-13 04:45 . 2014-06-19 00:53 48640 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-07-13 04:43 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-13 04:43 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-13 04:43 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-13 04:41 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2014-07-13 04:41 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-21 03:04 . 2013-02-19 01:20 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2014-07-19 07:15 . 2014-01-02 01:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-19 07:15 . 2014-01-02 01:17 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-26 21:40 . 2013-02-19 03:02 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-05-08 09:32 . 2014-06-11 01:11 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-11 01:11 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-05-06 07:21 . 2014-05-06 07:21 132128 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2014-05-05 12:37 . 2014-05-05 12:37 106016 ----a-w- c:\windows\system32\drivers\PSINReg.sys
2014-05-05 12:36 . 2014-05-05 12:36 121888 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2014-05-05 00:21 . 2014-05-05 00:21 195616 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2014-05-05 00:21 . 2014-05-05 00:21 119840 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2014-05-05 00:21 . 2014-05-05 00:21 160800 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2014-05-02 14:42 . 2014-05-02 14:42 109088 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
2014-05-02 14:42 . 2014-05-02 14:42 261152 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
2014-05-02 14:42 . 2014-05-02 14:42 169504 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2014-05-02 14:42 . 2014-05-02 14:42 115744 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
2014-05-02 14:42 . 2014-05-02 14:42 306720 ----a-w- c:\windows\system32\drivers\NNSProt.sys
2014-05-02 14:42 . 2014-05-02 14:42 125984 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
2014-05-02 14:42 . 2014-05-02 14:42 95776 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
2014-05-02 14:42 . 2014-05-02 14:42 70176 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys
2014-05-02 14:42 . 2014-05-02 14:42 115232 ----a-w- c:\windows\system32\drivers\NNSIds.sys
2014-05-02 14:42 . 2014-05-02 14:42 112160 ----a-w- c:\windows\system32\drivers\NNSHttps.sys
2014-05-02 14:42 . 2014-05-02 14:42 96800 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
2014-05-02 14:42 . 2014-05-02 14:42 162336 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
2014-05-02 02:37 . 2014-06-11 01:11 116736 ----a-w- c:\windows\system32\drivers\UMDF\WUDFUsbccidDriver.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSDOCKAPP"="c:\program files\TOSHIBA\dynadock_II\TosDockApp.exe" [2011-05-25 270720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-18 3331312]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
"PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2014-05-06 37624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2014-05-12 54072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-9-1 48248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK.sys [x]
R1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
R1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
R1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
R1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
R1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
R1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
R1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
R1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
R1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
R1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
R1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
R1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
R2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [x]
R2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x]
R2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
R2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
R2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
R2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
R2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;c:\windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47157.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbIo_x64_7.2.47157.0.sys [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [x]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [x]
S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-02 07:15]
.
2014-07-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1750860567-4278297160-2481828036-1000Core.job
- c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-29 03:33]
.
2014-07-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1750860567-4278297160-2481828036-1000UA.job
- c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-29 03:33]
.
2014-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06 02:11]
.
2014-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4c946bb4507e.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06 02:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"TOSDOCKAPP"="c:\program files\TOSHIBA\dynadock_II\TosDockApp.exe" [2011-05-25 270720]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-10 8151040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\w1nzdt6o.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-MBAMSwissArmy
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-27  15:28:33
ComboFix-quarantined-files.txt  2014-07-27 19:28
.
Pre-Run: 225,071,030,272 bytes free
Post-Run: 224,866,181,120 bytes free
.
- - End Of File - - 675B93411112F247C7370672D04A36A7
 



#3 MikeyMike2014

MikeyMike2014
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 27 July 2014 - 03:29 PM

Here is the DDS.txt log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.65.2
Run by Paul at 16:21:30 on 2014-07-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3873.3144 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [TOSDOCKAPP] C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{081D57E0-7D04-491A-AEE9-79C33FA353A2} : DHCPNameServer = 10.0.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [TOSDOCKAPP] C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe
x64-Run: [Cm106Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\w1nzdt6o.default\
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2013-5-30 15664]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-9 784760]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-11-9 346760]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-20 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-20 328928]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-2-20 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-2-20 189912]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2014-5-4 141560]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2014-5-6 38136]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-10-3 129512]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-10-3 394728]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-9 70592]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-28 169584]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-9 522360]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
S1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2013-2-20 66040]
S1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2014-5-2 96800]
S1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2014-5-2 162336]
S1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2014-5-2 112160]
S1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2014-5-2 115232]
S1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2014-5-2 95776]
S1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2014-5-2 125984]
S1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2014-5-2 306720]
S1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2014-5-2 169504]
S1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2014-5-2 115744]
S1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2014-5-2 261152]
S1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2014-5-2 109088]
S1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2014-5-4 195616]
S2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2013-2-18 379520]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2013-5-9 8998800]
S2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-20 328928]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-25 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-25 860472]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-20 328928]
S2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-2-20 178528]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-20 328928]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-20 328928]
S2 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2013-9-27 74560]
S2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-2-20 1041192]
S2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
S2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-5-22 61688]
S2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2014-5-4 160800]
S2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2014-5-4 119840]
S2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2014-5-5 121888]
S2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2014-5-6 132128]
S2 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2014-5-5 106016]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-18 2656280]
S3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.2.47157.0.sys [2013-4-10 44944]
S3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2013-5-30 389936]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-2-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-4-22 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-13 111616]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-28 317440]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-7-25 25816]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-25 122584]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-25 63704]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-9 311856]
S3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-3-18 441264]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-3-18 96592]
S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2014-7-26 60400]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-18 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-24 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-18 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;C:\Windows\System32\drivers\CM10664.sys [2013-5-30 1308160]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-18 1255736]
S4 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2014-5-2 70176]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: PhotoPlus Starter Edition.exe: open=C:\PROGRA~2\Serif\PHOTOP~1\3.0\Program\PHOTOP~1.EXE "%1"
.
=============== Created Last 30 ================
.
2014-07-27 19:28:37 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-27 19:16:44 98816 ----a-w- C:\Windows\sed.exe
2014-07-27 19:16:44 256000 ----a-w- C:\Windows\PEV.exe
2014-07-27 19:16:44 208896 ----a-w- C:\Windows\MBR.exe
2014-07-27 19:16:39 -------- d-----w- C:\ComboFix
2014-07-27 18:42:43 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-07-27 18:41:40 -------- d-----w- C:\AdwCleaner
2014-07-26 16:55:29 -------- d-----w- C:\Program Files (x86)\ESET
2014-07-26 16:20:23 60400 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2014-07-26 16:20:03 -------- d-----w- C:\Users\Paul\AppData\Roaming\Panda Security
2014-07-26 16:19:45 -------- d-----w- C:\Program Files (x86)\Panda Security
2014-07-26 16:18:27 -------- d-----w- C:\ProgramData\Panda Security
2014-07-25 19:52:25 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-07-25 19:16:08 -------- d-----w- C:\NPE
2014-07-25 19:13:55 -------- d-----w- C:\Users\Paul\AppData\Local\NPE
2014-07-25 19:13:55 -------- d-----w- C:\ProgramData\Norton
2014-07-25 17:20:41 0 ----a-w- C:\Windows\SysWow64\winlogon.exe
2014-07-25 17:20:41 0 ----a-w- C:\Windows\SysWow64\smss.exe
2014-07-25 17:20:41 0 ----a-w- C:\Windows\SysWow64\services.exe
2014-07-25 17:20:41 0 ----a-w- C:\Windows\SysWow64\lsass.exe
2014-07-25 17:20:41 0 ----a-w- C:\Windows\SysWow64\csrss.exe
2014-07-25 14:09:15 -------- d-----w- C:\Users\Paul\AppData\Roaming\QuickScan
2014-07-25 07:11:02 -------- d-----w- C:\found.001
2014-07-25 06:04:36 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-25 06:04:27 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-25 06:04:27 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-25 06:04:27 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-07-25 05:38:56 -------- d-----w- C:\found.000
2014-07-25 04:20:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-21 03:15:16 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-19 07:16:09 46704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-07-13 04:47:22 519168 ----a-w- C:\Windows\System32\aepdu.dll
2014-07-13 04:47:19 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-13 04:47:17 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-13 04:47:16 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-13 04:47:16 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-13 04:47:16 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-13 04:47:15 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-13 04:43:02 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-07-13 04:43:01 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-13 04:43:00 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-07-13 04:41:50 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-07-13 04:41:49 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
==================== Find3M  ====================
.
2014-07-21 03:04:46 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2014-07-19 07:15:20 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-19 07:15:20 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-05-06 07:21:33 132128 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
2014-05-05 12:37:08 106016 ----a-w- C:\Windows\System32\drivers\PSINReg.sys
2014-05-05 12:36:32 121888 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
2014-05-05 00:21:19 195616 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
2014-05-05 00:21:19 119840 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
2014-05-05 00:21:18 160800 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
2014-05-02 14:42:44 109088 ----a-w- C:\Windows\System32\drivers\NNStlsc.sys
2014-05-02 14:42:43 261152 ----a-w- C:\Windows\System32\drivers\NNSStrm.sys
2014-05-02 14:42:43 169504 ----a-w- C:\Windows\System32\drivers\NNSPrv.sys
2014-05-02 14:42:43 115744 ----a-w- C:\Windows\System32\drivers\NNSSmtp.sys
2014-05-02 14:42:42 306720 ----a-w- C:\Windows\System32\drivers\NNSProt.sys
2014-05-02 14:42:42 125984 ----a-w- C:\Windows\System32\drivers\NNSPop3.sys
2014-05-02 14:42:41 95776 ----a-w- C:\Windows\System32\drivers\NNSpicc.sys
2014-05-02 14:42:41 70176 ----a-w- C:\Windows\System32\drivers\NNSPihsw.sys
2014-05-02 14:42:40 115232 ----a-w- C:\Windows\System32\drivers\NNSIds.sys
2014-05-02 14:42:40 112160 ----a-w- C:\Windows\System32\drivers\NNSHttps.sys
2014-05-02 14:42:39 96800 ----a-w- C:\Windows\System32\drivers\NNSAlpc.sys
2014-05-02 14:42:39 162336 ----a-w- C:\Windows\System32\drivers\NNSHttp.sys
2014-05-02 02:37:13 116736 ----a-w- C:\Windows\System32\drivers\UMDF\WUDFUsbccidDriver.dll
.
============= FINISH: 16:22:57.17 ===============


Here is the attach file after running DDS

Attached Files



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 01 August 2014 - 03:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542435 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 MikeyMike2014

MikeyMike2014
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 01 August 2014 - 04:30 PM

Hello, and thanks for the reply.  Yes, I'm still having the same issue, a full description can be found in my first post above.  I do not have the Windows CD/DVD available, my ASUS has the Windows backup supposedly on a protected portion of the hard drive.

 

DDS file and attachment can be found below:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.65.2
Run by Paul at 17:16:29 on 2014-08-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3873.2992 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [TOSDOCKAPP] C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{081D57E0-7D04-491A-AEE9-79C33FA353A2} : DHCPNameServer = 10.0.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [TOSDOCKAPP] C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe
x64-Run: [Cm106Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\w1nzdt6o.default\
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2013-5-30 15664]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-9 784760]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-11-9 346760]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-20 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-20 328928]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-2-20 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-2-20 189912]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2014-5-4 141560]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2014-5-6 38136]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-10-3 129512]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-10-3 394728]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-9 70592]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-28 169584]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-9 522360]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
S1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2013-2-20 66040]
S1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2014-5-2 96800]
S1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2014-5-2 162336]
S1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2014-5-2 112160]
S1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2014-5-2 115232]
S1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2014-5-2 95776]
S1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2014-5-2 125984]
S1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2014-5-2 306720]
S1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2014-5-2 169504]
S1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2014-5-2 115744]
S1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2014-5-2 261152]
S1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2014-5-2 109088]
S1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2014-5-4 195616]
S2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2013-2-18 379520]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2013-5-9 8998800]
S2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-20 328928]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-25 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-25 860472]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-20 328928]
S2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-2-20 178528]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-20 328928]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-20 328928]
S2 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2013-9-27 74560]
S2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-2-20 1041192]
S2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
S2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-5-22 61688]
S2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2014-5-4 160800]
S2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2014-5-4 119840]
S2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2014-5-5 121888]
S2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2014-5-6 132128]
S2 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2014-5-5 106016]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-18 2656280]
S3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.2.47157.0.sys [2013-4-10 44944]
S3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2013-5-30 389936]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-2-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-4-22 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-13 111616]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-28 317440]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-7-25 25816]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-25 122584]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-25 63704]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-9 311856]
S3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-3-18 441264]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-3-18 96592]
S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2014-7-26 60400]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-18 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-24 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-18 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;C:\Windows\System32\drivers\CM10664.sys [2013-5-30 1308160]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-18 1255736]
S4 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2014-5-2 70176]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: PhotoPlus Starter Edition.exe: open=C:\PROGRA~2\Serif\PHOTOP~1\3.0\Program\PHOTOP~1.EXE "%1"
.
=============== Created Last 30 ================
.
2014-07-27 19:28:37 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-27 19:16:44 98816 ----a-w- C:\Windows\sed.exe
2014-07-27 19:16:44 256000 ----a-w- C:\Windows\PEV.exe
2014-07-27 19:16:44 208896 ----a-w- C:\Windows\MBR.exe
2014-07-27 19:16:39 -------- d-----w- C:\ComboFix
2014-07-27 18:42:43 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-07-27 18:41:40 -------- d-----w- C:\AdwCleaner
2014-07-26 16:55:29 -------- d-----w- C:\Program Files (x86)\ESET
2014-07-26 16:20:23 60400 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2014-07-26 16:20:03 -------- d-----w- C:\Users\Paul\AppData\Roaming\Panda Security
2014-07-26 16:19:45 -------- d-----w- C:\Program Files (x86)\Panda Security
2014-07-26 16:18:27 -------- d-----w- C:\ProgramData\Panda Security
2014-07-25 19:52:25 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-07-25 19:16:08 -------- d-----w- C:\NPE
2014-07-25 19:13:55 -------- d-----w- C:\Users\Paul\AppData\Local\NPE
2014-07-25 19:13:55 -------- d-----w- C:\ProgramData\Norton
2014-07-25 17:20:41 0 ----a-w- C:\Windows\SysWow64\winlogon.exe
2014-07-25 17:20:41 0 ----a-w- C:\Windows\SysWow64\smss.exe
2014-07-25 17:20:41 0 ----a-w- C:\Windows\SysWow64\services.exe
2014-07-25 17:20:41 0 ----a-w- C:\Windows\SysWow64\lsass.exe
2014-07-25 17:20:41 0 ----a-w- C:\Windows\SysWow64\csrss.exe
2014-07-25 14:09:15 -------- d-----w- C:\Users\Paul\AppData\Roaming\QuickScan
2014-07-25 07:11:02 -------- d-----w- C:\found.001
2014-07-25 06:04:36 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-25 06:04:27 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-25 06:04:27 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-25 06:04:27 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-07-25 05:38:56 -------- d-----w- C:\found.000
2014-07-25 04:20:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-21 03:15:16 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-19 07:16:09 46704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-07-13 04:47:22 519168 ----a-w- C:\Windows\System32\aepdu.dll
2014-07-13 04:47:19 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-13 04:47:17 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-13 04:47:16 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-13 04:47:16 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-13 04:47:16 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-13 04:47:15 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-13 04:43:02 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-07-13 04:43:01 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-13 04:43:00 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-07-13 04:41:50 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-07-13 04:41:49 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
==================== Find3M  ====================
.
2014-07-21 03:04:46 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2014-07-19 07:15:20 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-19 07:15:20 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-05-06 07:21:33 132128 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
2014-05-05 12:37:08 106016 ----a-w- C:\Windows\System32\drivers\PSINReg.sys
2014-05-05 12:36:32 121888 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
2014-05-05 00:21:19 195616 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
2014-05-05 00:21:19 119840 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
2014-05-05 00:21:18 160800 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
.
============= FINISH: 17:16:36.25 ===============

Attached Files



#6 polskamachina

polskamachina

  • Malware Response Team
  • 3,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:23 AM

Posted 01 August 2014 - 10:54 PM

Hi MikeyMike2014 :)

 

My name is polskamachina and I will be assisting you with your malware problems. Please give me some time to review your situation and I will get back to you with further instructions.

 

polskamachina



#7 MikeyMike2014

MikeyMike2014
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 02 August 2014 - 12:51 PM

Thank you.  If you need further info. from me, please let me know.



#8 polskamachina

polskamachina

  • Malware Response Team
  • 3,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:23 AM

Posted 04 August 2014 - 01:00 PM

Hi MikeyMike2014 :)

 

I am still reviewing your situation. Thank you for your patience.

 

polskamachina



#9 MikeyMike2014

MikeyMike2014
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 04 August 2014 - 09:52 PM

Thanks, hope to hear from you soon, I'm looking forward to getting this resolved and getting my laptop back in full working order :guitar:



#10 polskamachina

polskamachina

  • Malware Response Team
  • 3,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:23 AM

Posted 05 August 2014 - 09:01 AM

Hi MikeyMike2014,

 

Sorry for the delay. We try to get things right the first time around here. :)
 
I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either McAfee Total Protection or Panda Devices Agent. In fact, once you select which product you want to remove, you should remove all the products that are listed by that company's name in the program list.

 

Let me know if you have any questions. How is your computer performing now?

 

polskamachina



#11 MikeyMike2014

MikeyMike2014
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 05 August 2014 - 10:18 AM

Thanks for your reply, polskamachina

 

  I have removed all anti-virus programs from my laptop except for McAfee, which I don't think is running in Safe Mode.  Let me know if I should remove McAfee during this process as well (obviously I can reinstall it after the PC is fixed).   After removing all programs, I tried to run ESET, which is Cloud-based, and it still freezes.

  It may be worth noting that, when this all started, I only had McAfee on my PC.  The first program other than McAfee that I installed to try and fix this was Malwarebytes, and it started freezing up after running for just a few moments, the hard drive would spin constantly, and that's all that would happen.  

 

  Please help :( 



#12 polskamachina

polskamachina

  • Malware Response Team
  • 3,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:23 AM

Posted 05 August 2014 - 11:33 AM

Hi MikeyMike2014 :)
 
Let's run chkdsk. If you're not familiar with it, it will check the integrity of the files on your hard disk. Directions are here. Note that you may have to be logged in with administrator privileges to get the program to run. Directions are here. When you restart your computer, chkdsk will automatically launch before the system boots. When it completes, the system will restart again and boot back to your desktop.
 
Let me know if you have any questions or noticed any improvement.
 
polskamachina


Edited by polskamachina, 05 August 2014 - 11:35 AM.


#13 MikeyMike2014

MikeyMike2014
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 05 August 2014 - 08:55 PM

Verifying that all anti-virus programs have been removed except for McAfee.   Regarding the Chkdsk, that one is interesting.  If my computer locks up (usually when running a scan with Malwarebytes and it freezes and the hard drive spins constantly) and I hold down the power button until the laptop shuts off and then I start it up again, Chkdsk runs automatically and runs completely and finds no problems.  However, if I'm in safe mode and I run chkdsk by running chkdsk.exe, it will run until it reaches 48%, and then the hard drive starts spinning constantly and chkdsk freezes.   If I close the chkdsk window, it closes the window and the hard drive goes back to idle and stops spinning almost immediately.

 

In other words, if Chkdsk is run when the computer first boots and before Windows is open in Safe Mode, it runs completely, no problems found.  If I try and run Chkdsk AFTER windows is started in Safe Mode, Chkdsk locks up after it gets to 48% in I believe stage 2.

 

Please help!! :(


Edited by MikeyMike2014, 05 August 2014 - 09:30 PM.


#14 polskamachina

polskamachina

  • Malware Response Team
  • 3,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:23 AM

Posted 06 August 2014 - 02:07 PM

Hi MikeyMike2014
 
Let's run some software that will thoroughly check your drive. But before proceeding, please back up your hard drive! I know you want to get up and running ASAP but there is always some risk when running hard disk repair tools that something could go wrong. There are many free programs to back up your hard drive. If you need help selecting one, let me know. Once you have completely backed up your drive, then you can continue to the next paragraph. :)
 
Click on the link here and download the Seatools for DOS software. The reason you want to select the DOS version is that you will make a bootable USB drive and then there won't be any interference from Windows running in the background. Next, click on I ACCEPT and your download will proceed.
 
The user guide is located here. Since the user guide is rather old and dated, it assumes that most computers can't boot from a USB drive. That isn't true anymore. Therefore, the best option would be to use a USB drive and then you can copy the logs to it after all the tests and repairs are completed. One other note, when you boot your pc with the image file, the drive lettering may change. Make sure you select the correct drive to test!
 
Let me know if you have any questions and please paste the log in your next reply to me.
 
polskamachina



#15 MikeyMike2014

MikeyMike2014
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 06 August 2014 - 09:06 PM

polskamachina,

 

 For some reason, SeaTools for DOS does not work for me.   I backed up my hard drive, downloaded the link, burned to a CD, changed the boot order in BIOS so the CD drive would boot first, and rebooted my PC.  SeaTools for DOS started, I accepted the agreement, and at the next screen, it only gives me an option to Exit.  It finds no Hard Drives.   This is ODD, because if I remove the CD and reboot, my laptop boots fine, windows starts up, and everything operates, so obviously I have a working hard drive.   I have attached a photo of what the SeaTools for DOS screen looks like.

 

Regarding your comments in your first paragraph, forgive me if I seem eager to get this computer working again, but it'll be 2 weeks tomorrow when this laptop first started acting up, I'm just hoping for a resolution.   Please help. :spidy:

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users