Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

McAfee get disabled on it own - Spyware


  • Please log in to reply
36 replies to this topic

#1 KannanM

KannanM

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 08 June 2015 - 03:37 AM

Hi

i am using win 7 in desktop

McAfee get disabled on it own, tried various methods to get rid of spyware but in vain

some process is running diabling mcafee

please help to get rid of the same

files are attached

 

i have tried the following but in vain

updated mcafee - but no use

removed and reinstalled the McAfee, get disabled again

once formatted the disk and reinstalled the os, ok for few days, again mcafee got disabled - seems to be infection got activated again

 

mcafee scan / malwarbyets scan / zonal alaram anti virus scan not found anything

but i am sure my system is infected

it infects other connected laptop also

it spread through my home network

i wish to remove virus / spyware from all systems and home network

 

please help

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-06-2015
Ran by Kannan (administrator) on MK-HOUSE on 08-06-2015 13:52:28
Running from C:\Users\Kannan\Downloads
Loaded Profiles: Kannan (Available Profiles: Kannan)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Users\Kannan\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [netxpert] => C:\Program Files\Airtel NetXpert\bin\sprtcmd.exe [206120 2011-06-03] (SupportSoft, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [337440 2013-12-04] (McAfee, Inc.)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [243568 2015-04-21] (McAfee, Inc.)
HKU\S-1-5-21-372485353-1562579083-3871174217-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31346784 2015-02-27] (Skype Technologies S.A.)
HKU\S-1-5-21-372485353-1562579083-3871174217-1000\...\Run: [OneDrive] => C:\Users\Kannan\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-24] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-03-22] (Microsoft Corporation)
Startup: C:\Users\Kannan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-03-21]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kannan\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kannan\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kannan\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kannan\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kannan\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-24] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-372485353-1562579083-3871174217-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-372485353-1562579083-3871174217-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-in/?ocid=iehp
BHO: Zonealarm Helper Object -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20150530153248.dll [2015-05-30] (McAfee, Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2015-04-17] (Sun Microsystems, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2015-04-17] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files\Common Files\McAfee\SystemCore [2015-05-30]
 
Chrome: 
=======
CHR Profile: C:\Users\Kannan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kannan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-21]
CHR Extension: (Google Drive) - C:\Users\Kannan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kannan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-21]
CHR Extension: (YouTube) - C:\Users\Kannan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-21]
CHR Extension: (Google Search) - C:\Users\Kannan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-21]
CHR Extension: (Google Finance) - C:\Users\Kannan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2015-03-21]
CHR Extension: (Google Sheets) - C:\Users\Kannan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-21]
CHR Extension: (MSN Homepage) - C:\Users\Kannan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2015-03-21]
CHR Extension: (Bookmark Manager) - C:\Users\Kannan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kannan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-21]
CHR Extension: (Skype Click to Call) - C:\Users\Kannan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-21]
CHR Extension: (Google Wallet) - C:\Users\Kannan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-21]
CHR Extension: (Gmail) - C:\Users\Kannan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-21]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKU\S-1-5-21-372485353-1562579083-3871174217-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - https://clients2.google.com/service/update2/crx
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [127520 2013-12-04] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [221320 2015-05-30] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [208936 2015-04-21] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [209472 2015-05-30] (McAfee, Inc.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-06-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488032 2014-06-11] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [264976 2015-05-30] (McAfee, Inc.)
R3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [51472 2015-05-30] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [142848 2015-05-30] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [258016 2015-05-30] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [69776 2015-05-30] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [79864 2015-05-30] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [376792 2015-05-30] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [656920 2015-05-30] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [52720 2015-05-30] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94432 2015-05-30] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [218128 2015-05-30] (McAfee, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-08-13] (Check Point Software Technologies Ltd.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-06-11] (Kaspersky Lab ZAO)
U3 mfeavfk01; No ImagePath
S3 MFE_RR; \??\C:\Users\Kannan\AppData\Local\Temp\mfe_rr.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-08 13:52 - 2015-06-08 13:53 - 00015968 _____ C:\Users\Kannan\Downloads\FRST.txt
2015-06-08 13:52 - 2015-06-08 13:52 - 00000000 ____D C:\FRST
2015-06-08 13:51 - 2015-06-08 13:51 - 01147904 _____ (Farbar) C:\Users\Kannan\Downloads\FRST.exe
2015-06-07 20:34 - 2014-08-29 07:14 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-07 19:17 - 2014-09-05 07:22 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-06-07 13:19 - 2015-06-07 13:19 - 00003288 ____N C:\bootsqm.dat
2015-06-06 20:32 - 2015-06-06 20:45 - 00000000 ____D C:\Windows\system32\MRT
2015-06-06 20:32 - 2015-04-30 10:07 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-04 21:36 - 2015-06-04 21:36 - 00152944 _____ C:\Windows\Minidump\060415-14875-01.dmp
2015-05-30 15:33 - 2015-05-30 15:31 - 00376792 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2015-05-30 15:32 - 2015-05-30 15:31 - 00656920 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2015-05-30 15:32 - 2015-05-30 15:31 - 00264976 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeaack.sys
2015-05-30 15:32 - 2015-05-30 15:31 - 00258016 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2015-05-30 15:32 - 2015-05-30 15:31 - 00218128 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2015-05-30 15:32 - 2015-05-30 15:31 - 00209472 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-05-30 15:32 - 2015-05-30 15:31 - 00142848 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2015-05-30 15:32 - 2015-05-30 15:31 - 00094432 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2015-05-30 15:32 - 2015-05-30 15:31 - 00079864 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfedisk.sys
2015-05-30 15:32 - 2015-05-30 15:31 - 00069776 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfebopk.sys
2015-05-30 15:32 - 2015-05-30 15:31 - 00052720 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeplk.sys
2015-05-30 15:32 - 2015-05-30 15:31 - 00051472 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeaacsk.sys
2015-05-30 15:32 - 2015-05-30 15:31 - 00041496 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnk.sys
2015-05-30 15:31 - 2015-05-30 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-05-30 15:28 - 2015-05-30 15:36 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-05-30 15:22 - 2015-05-30 15:22 - 00000000 ____D C:\Windows\system32\appmgmt
2015-05-30 15:08 - 2014-05-08 14:36 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-05-30 15:00 - 2015-05-30 15:02 - 00000000 ____D C:\Users\Kannan\Downloads\McAfee VirusScan Enterprise + Antispyware 8.8 patch 5
2015-05-30 14:55 - 2015-05-30 14:55 - 00002606 _____ C:\Users\Kannan\Desktop\µTorrent.lnk
2015-05-30 14:55 - 2015-05-30 14:55 - 00002606 _____ C:\Users\Kannan\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-05-30 14:52 - 2015-05-30 15:20 - 00000000 ____D C:\Users\Kannan\AppData\Roaming\uTorrent
2015-05-30 14:52 - 2015-05-30 14:52 - 01994592 _____ (BitTorrent Inc.) C:\Users\Kannan\Downloads\uTorrent.exe
2015-05-30 14:43 - 2015-05-30 14:43 - 00003794 _____ C:\Windows\system32\lvcoinst.log
2015-05-30 14:43 - 2015-05-30 14:43 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-05-30 14:43 - 2012-08-23 20:18 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-05-30 14:43 - 2012-08-23 20:14 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-05-30 14:43 - 2012-08-23 16:42 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-05-30 14:42 - 2013-10-02 06:12 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-05-30 14:42 - 2013-10-02 06:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-05-30 14:42 - 2013-10-02 06:00 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-05-30 14:42 - 2013-10-02 05:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-05-30 14:42 - 2013-10-02 05:44 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-05-30 14:42 - 2013-10-02 05:28 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-05-30 14:42 - 2013-10-02 05:15 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-05-30 14:42 - 2013-10-02 04:38 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-05-30 14:42 - 2013-10-02 04:30 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-05-30 14:42 - 2013-10-02 04:23 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-05-30 14:42 - 2013-10-02 04:04 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-05-30 14:40 - 2015-05-30 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-30 14:40 - 2015-05-30 14:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-30 14:30 - 2015-06-08 13:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-30 14:28 - 2015-05-30 14:28 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-30 14:28 - 2015-05-30 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-30 14:28 - 2015-05-30 14:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-05-30 14:28 - 2015-05-30 14:28 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-05-30 14:28 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-30 14:28 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-30 14:28 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-30 14:25 - 2015-04-11 08:37 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-30 14:24 - 2015-04-28 00:41 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-30 14:24 - 2015-04-28 00:41 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-30 14:24 - 2015-04-28 00:41 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-30 14:24 - 2015-04-28 00:41 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-30 14:24 - 2015-04-28 00:38 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-30 14:24 - 2015-04-28 00:35 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-30 14:24 - 2015-04-28 00:35 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-30 14:24 - 2015-04-28 00:35 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-30 14:24 - 2015-04-28 00:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-30 14:24 - 2015-04-28 00:35 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-30 14:24 - 2015-04-28 00:35 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-30 14:24 - 2015-04-28 00:35 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-30 14:24 - 2015-04-28 00:35 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-30 14:24 - 2015-04-28 00:35 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-30 14:24 - 2015-04-28 00:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-30 14:24 - 2015-04-28 00:35 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-30 14:24 - 2015-04-28 00:35 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-30 14:24 - 2015-04-28 00:34 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-30 14:24 - 2015-04-28 00:34 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-30 14:24 - 2015-04-28 00:34 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-30 14:24 - 2015-04-28 00:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-30 14:24 - 2015-04-28 00:34 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-30 14:24 - 2015-04-28 00:34 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-30 14:24 - 2015-04-28 00:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-30 14:24 - 2015-04-28 00:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-30 14:24 - 2015-04-28 00:34 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-30 14:24 - 2015-04-28 00:34 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-30 14:24 - 2015-04-28 00:34 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-30 14:24 - 2015-04-28 00:34 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-30 14:24 - 2015-04-28 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-30 14:24 - 2015-04-28 00:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-30 14:24 - 2015-04-28 00:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-30 14:24 - 2015-04-28 00:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-30 14:24 - 2015-04-28 00:29 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-30 14:24 - 2015-04-28 00:29 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-30 14:24 - 2015-04-27 23:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-30 14:24 - 2015-03-14 08:34 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-30 14:24 - 2015-03-14 08:34 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-30 14:23 - 2015-05-30 14:27 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Kannan\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-30 14:03 - 2015-05-30 15:23 - 00000000 ____D C:\Program Files\TeamViewer
2015-05-30 14:03 - 2015-05-30 14:03 - 00001001 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-05-30 14:03 - 2015-05-30 14:03 - 00000989 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-05-30 14:03 - 2015-05-30 14:03 - 00000000 ____D C:\Users\Kannan\AppData\Roaming\TeamViewer
2015-05-30 14:01 - 2015-05-30 14:02 - 08006912 _____ (TeamViewer GmbH) C:\Users\Kannan\Downloads\TeamViewer_Setup_en-ioc.exe
2015-05-23 19:16 - 2015-05-01 18:46 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-23 15:12 - 2015-01-29 08:32 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-23 14:45 - 2015-05-05 06:42 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-23 14:45 - 2015-04-20 08:26 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-23 14:45 - 2015-04-20 08:26 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-23 14:45 - 2015-04-20 07:33 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-23 14:45 - 2015-04-18 08:26 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-23 14:45 - 2015-04-13 08:49 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-23 14:44 - 2015-04-22 07:18 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-23 14:44 - 2015-04-21 21:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-23 14:44 - 2015-04-21 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-23 14:44 - 2015-04-21 21:54 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-23 14:44 - 2015-04-21 21:41 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-23 14:44 - 2015-04-21 21:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-23 14:44 - 2015-04-21 21:40 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-23 14:44 - 2015-04-21 21:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-23 14:44 - 2015-04-21 21:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-23 14:44 - 2015-04-21 21:34 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-23 14:44 - 2015-04-21 21:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-23 14:44 - 2015-04-21 21:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-23 14:44 - 2015-04-21 21:30 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-23 14:44 - 2015-04-21 21:28 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-23 14:44 - 2015-04-21 21:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-23 14:44 - 2015-04-21 21:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-23 14:44 - 2015-04-21 21:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-23 14:44 - 2015-04-21 21:21 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-23 14:44 - 2015-04-21 21:18 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-23 14:44 - 2015-04-21 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-23 14:44 - 2015-04-21 21:09 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-23 14:44 - 2015-04-21 21:08 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-23 14:44 - 2015-04-21 21:06 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-23 14:44 - 2015-04-21 21:01 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-23 14:44 - 2015-04-21 20:56 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-23 14:44 - 2015-04-21 20:56 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-23 14:44 - 2015-04-21 20:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-23 14:44 - 2015-04-21 20:54 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-23 14:44 - 2015-04-21 20:47 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-23 14:44 - 2015-04-21 20:32 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-23 14:44 - 2015-04-21 20:28 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-23 14:44 - 2015-04-21 20:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-23 14:38 - 2015-03-04 09:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-23 14:38 - 2015-03-04 09:40 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-23 14:38 - 2015-03-04 09:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-23 14:38 - 2015-03-04 09:40 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-23 14:32 - 2015-04-08 08:44 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-23 14:32 - 2015-04-08 08:44 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-23 14:29 - 2015-02-18 12:36 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-09 20:09 - 2015-05-09 20:09 - 00001179 _____ C:\Users\Kannan\Desktop\SyncBackFree.lnk
2015-05-09 20:09 - 2015-05-09 20:09 - 00000000 ____D C:\Users\Kannan\AppData\Roaming\2BrightSparks
2015-05-09 20:09 - 2015-05-09 20:09 - 00000000 ____D C:\Users\Kannan\AppData\Local\2BrightSparks
2015-05-09 20:09 - 2015-05-09 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks
2015-05-09 20:09 - 2015-05-09 20:09 - 00000000 ____D C:\Program Files\2BrightSparks
2015-05-09 20:04 - 2015-05-09 20:05 - 14134064 _____ (2BrightSparks Pte Ltd ) C:\Users\Kannan\Downloads\SyncBack_Setup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-08 13:52 - 2015-03-21 10:53 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-08 13:36 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\Microsoft.NET
2015-06-08 13:33 - 2015-03-21 11:14 - 00000000 ____D C:\Users\Kannan\AppData\Roaming\Skype
2015-06-08 13:25 - 2015-03-21 06:09 - 01140563 _____ C:\Windows\WindowsUpdate.log
2015-06-08 13:10 - 2009-07-14 10:04 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 13:10 - 2009-07-14 10:04 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 13:04 - 2015-03-30 19:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-08 13:01 - 2015-03-21 10:53 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-08 13:01 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 13:01 - 2009-07-14 10:09 - 00003178 _____ C:\Windows\setupact.log
2015-06-06 20:59 - 2015-05-06 23:36 - 00008969 ____H C:\Windows\system32\BTImages.dat
2015-06-05 11:05 - 2015-04-06 14:42 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-05 11:05 - 2015-03-21 06:15 - 00000000 ____D C:\Users\Kannan
2015-06-05 11:05 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\system32\wfp
2015-06-05 11:05 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\registration
2015-06-05 11:03 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\system32\LogFiles
2015-06-04 21:36 - 2015-03-26 19:12 - 00000000 ____D C:\Windows\Minidump
2015-06-04 21:35 - 2015-03-26 19:12 - 170527497 _____ C:\Windows\MEMORY.DMP
2015-06-01 18:13 - 2015-03-21 06:18 - 00773536 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-30 15:36 - 2015-03-21 06:31 - 00000000 ____D C:\ProgramData\McAfee
2015-05-30 15:31 - 2015-03-21 06:31 - 00094600 _____ (McAfee, Inc.) C:\Windows\system32\MfeOtlkAddin.dll
2015-05-30 15:31 - 2015-03-21 06:31 - 00025088 _____ (McAfee, Inc.) C:\Windows\system32\MFEOtlk.dll
2015-05-30 15:28 - 2015-03-21 06:30 - 00000000 ____D C:\Program Files\McAfee
2015-05-30 15:25 - 2009-07-14 10:03 - 00434160 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-30 15:25 - 2009-07-14 08:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-30 15:24 - 2015-03-21 11:21 - 00065888 _____ C:\Windows\PFRO.log
2015-05-30 14:20 - 2015-03-21 10:52 - 00111520 _____ C:\Users\Kannan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-29 17:14 - 2015-05-06 22:44 - 00000000 ____D C:\Users\Kannan\AppData\Local\DoNotTrackPlus
2015-05-27 23:05 - 2015-03-21 11:14 - 00000000 ___RD C:\Program Files\Skype
2015-05-26 13:56 - 2015-03-21 11:06 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-24 19:10 - 2015-03-25 15:32 - 00002121 _____ C:\Users\Kannan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-05-24 19:06 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-23 19:15 - 2015-03-21 11:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-23 19:15 - 2015-03-21 11:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-23 19:08 - 2009-07-14 07:34 - 00000478 _____ C:\Windows\win.ini
2015-05-23 19:07 - 2009-07-14 13:20 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-23 17:20 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\rescache
2015-05-13 17:13 - 2015-03-22 11:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-09 14:13 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\AppCompat
2015-05-09 14:08 - 2015-03-22 09:32 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-05-09 14:08 - 2015-03-22 09:32 - 00000000 ____D C:\Windows\system32\appraiser
 
Files to move or delete:
====================
C:\Users\Kannan\agent.exe
C:\Users\Kannan\DRTCP021.exe
C:\Users\Kannan\launchAgent.bat
C:\Users\Kannan\launchDrTCP.bat
C:\Users\Kannan\startAgent.bat
 
 
Some files in TEMP:
====================
C:\Users\Kannan\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-28 12:42
 
==================== End of log ============================

 

 

regards

kannan

Attached Files



BC AdBot (Login to Remove)

 


#2 KannanM

KannanM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 11 June 2015 - 01:19 AM

hi

i request virus removal team to help me in this request

thanks

 

regards

kannan



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:38 PM

Posted 12 June 2015 - 08:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

BHO: Zonealarm Helper Object -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll No File
CHR HKU\S-1-5-21-372485353-1562579083-3871174217-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - https://clients2.google.com/service/update2/crx
U3 mfeavfk01; No ImagePath
S3 MFE_RR; \??\C:\Users\Kannan\AppData\Local\Temp\mfe_rr.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\Minidump\060415-14875-01.dmp


End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#4 KannanM

KannanM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 13 June 2015 - 02:43 AM

Hi
thanks for reply
i have done the tasks as listed by you
i have enclosed all the logs as generated
please go through and confirm is the infection / spyware was removed
is it safe now to make internet transactions

thanks
 
regards
kannan

txt files were attached here

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.2 (06.12.2015:1)
OS: Windows 7 Ultimate x86
Ran by Kannan on Sat 06/13/2015 at 11:11:20.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_C59D621D4849118019D69D7F0FAEE904
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Kannan\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Kannan\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Kannan\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Kannan\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/13/2015 at 11:25:21.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 07-06-2015
Ran by Kannan at 2015-06-13 11:37:15 Run:1
Running from C:\Users\Kannan\Downloads
Loaded Profiles: Kannan (Available Profiles: Kannan)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
CloseProcesses:
 
BHO: Zonealarm Helper Object -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll No File
CHR HKU\S-1-5-21-372485353-1562579083-3871174217-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - https://clients2.google.com/service/update2/crx
U3 mfeavfk01; No ImagePath
S3 MFE_RR; \??\C:\Users\Kannan\AppData\Local\Temp\mfe_rr.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\Minidump\060415-14875-01.dmp
 
 
End
*****************
 
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} => key not found. 
HKCR\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} => key not found. 
"HKU\S-1-5-21-372485353-1562579083-3871174217-1000\SOFTWARE\Google\Chrome\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim" => key removed successfully.
mfeavfk01 => Service removed successfully.
MFE_RR => Service removed successfully.
Synth3dVsc => Service removed successfully.
tsusbhub => Service removed successfully.
VGPU => Service removed successfully.
C:\Windows\Minidump\060415-14875-01.dmp => moved successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 11:37:17 ====
 
RogueKiller V10.8.2.0 [Jun  9 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Kannan [Administrator]
Started from : C:\Users\Kannan\Downloads\RogueKiller.exe
Mode : Delete -- Date : 06/13/2015  12:02:17
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 9 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\RK_Software_ON_D_41E1\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03} -> Not selected
[PUP] HKEY_LOCAL_MACHINE\RK_Software_ON_D_41E1\Microsoft\Internet Explorer\Toolbar | {687578b9-7132-4a7a-80e4-30ee31099e03} : uTorrentControl2 Toolbar  -> Not selected
[PUP] HKEY_USERS\RK_Administrator_ON_D_5E14\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {687578B9-7132-4A7A-80E4-30EE31099E03} :   -> Not selected
[PUP] HKEY_USERS\RK_Administrator_ON_D_5E14\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {687578b9-7132-4a7a-80e4-30ee31099e03} :   -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\RK_Software_ON_D_41E1\Microsoft\Windows\CurrentVersion\Run | TV Card Remote Control Device Monitor : C:\WINDOWS\713xRMTMon.exe [x] -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MFE_RR (\??\C:\Users\Kannan\AppData\Local\Temp\mfe_rr.sys) -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-21-372485353-1562579083-3871174217-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_D_3D8C\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1F028E25-D615-4A01-825A-166B876F2E01} | NameServer : 203.145.184.32,203.145.184.40 [X][X]  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_D_3D8C\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1F028E25-D615-4A01-825A-166B876F2E01} | NameServer : 203.145.184.32,203.145.184.40 [X][X]  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 10 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - RegCreateKeyW : Unknown @ 0x3380f9e (jmp 0x8bdffb2a)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - RegOpenKeyExW : Unknown @ 0x3380fb9 (jmp 0x8bdfc9c4)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - RegCreateKeyExW : Unknown @ 0x3380f83 (jmp 0x8bdfcf22)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - RegOpenKeyW : Unknown @ 0x3380fd4 (jmp 0x8bdfec1b)
[IAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - LoadLibraryExW : Unknown @ 0x2200faf (jmp 0x8c57be26)
[IAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - LoadLibraryW : Unknown @ 0x2200fca (jmp 0x8c571fd8)
[IAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - CreateFileA : Unknown @ 0x2200fef (jmp 0x8c5724de)
[IAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - VirtualProtect : Unknown @ 0x2200f9e (jmp 0x8c57e2c1)
[IAT:Inl(Hook.IEAT)] (explorer.exe) WININET.dll - InternetOpenW : Unknown @ 0x2220fd4 (jmp 0x8b3086b4)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - RegOpenKeyA : Unknown @ 0x3380fef (jmp 0x8be0443a)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] 99a4964946eaacad659577ad20cf58f6
[BSP] 1d13c9210243db142bd4b7b78c96179b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99899 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204800000 | Size: 200000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 614400000 | Size: 176939 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST3250310AS ATA Device +++++
--- User ---
[MBR] f306f8b2e3dbdee3c4726b8ec9b8b07f
[BSP] 7a68d49e9bebcdde350049334cff9528 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 49999 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 102398310 | Size: 188465 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_06132015_115131.log - RKreport_SCN_06132015_115923.log - RKreport_DEL_06132015_120156.log - RKreport_DEL_06132015_120205.log
 
 Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
ZoneAlarm Free Firewall Antivirus   
McAfee VirusScan Enterprise         
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 26  
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Google Chrome (43.0.2357.65) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 McAfee VirusScan Enterprise VsTskMgr.exe  
 McAfee VirusScan Enterprise mfeann.exe  
 McAfee VirusScan Enterprise SHSTAT.EXE  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 CheckPoint ZoneAlarm ZaPrivacyService.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 7% 
````````````````````End of Log`````````````````````` 
 


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:38 PM

Posted 13 June 2015 - 08:46 AM

Windows Firewall Enabled!
ZoneAlarm Free Firewall Antivirus


Make sure that you enable only one Firewall.
You should never run two Firewall in real time.

===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 31 for the 64 bit Operating system.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java™ 6 Update 26
===

Reported by the RogueKiller tool.

[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_D_3D8C\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1F028E25-D615-4A01-825A-166B876F2E01} | NameServer : 203.145.184.32,203.145.184.40 [X][X] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_D_3D8C\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1F028E25-D615-4A01-825A-166B876F2E01} | NameServer : 203.145.184.32,203.145.184.40 [X][X] -> Not selected


The IP addresses are from Airtel Broadband in India. If you can relate to them them leave them alone.
http://whatismyipaddress.com/ip/203.145.184.32

===

If the IP addresses above are good then you can start you bank transactions.
I would suggest you change your password.

How is the computer running now?

#6 KannanM

KannanM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 14 June 2015 - 08:47 AM

Hi

thanks

i have some observation and doubts, please clarify

please clarify in the same order, so that i can understand it well

 

1) is there any specific spyware/malware removed from my system - please name them, so that i can aware and careful about it in future to avoid reinfection

 

2) while my computer is shutting down, it shown some unknown program runs - no name in the s/d window - i suspect some spyware process running - this was there before cleaning also - now also it is happening - this is my concern

 

3) when we start computer McAfee, shows oas disabled and icon shows cross mark, later only it is in protection mode, is it because of virus attack, this is happening after cleaning also

4) if you need i can copy and send mcAfee security log for the blocks it has made

 

5) is java update is must, it shows update number different now on line, if it is must, i can update the java from the link you have provided

 

6) i have also checked about the ip address given by the rogue killer it shows airtlel broad band, i am using only airtel broad band, but is it necessary, else we can remove those entry from registry, if internet work without those entry, we can remove the same on safer side - 

 

7) if the system is stable, and confirmed no virus / spyware, i can remove zonal alarm and malware bytes from the startup / - please give tips how to remove it from the start menu - later if required i can add the same

 

other doubts with regards to system

i have chosen McAfee maximum production while install, it is problem to update file

even ms updates are not running as intended, how to white list windows update while mcafee maximum protection is on

 

also my one drive is not sync , because mcafee is blocking, i have added skydrive.exe in white list, still it is not getting updated, how to solve this problems

what is file name for Microsoft updater - this i can white list and try

 

thanks for the support

 

i want to reconfirm my system is with out any infection

 

regards

kannan



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:38 PM

Posted 14 June 2015 - 01:12 PM

1) is there any specific spyware/malware removed from my system - please name them, so that i can aware and careful about it in future to avoid reinfection


What I removed can be seen in my fixes.
Do not open any document you do not know where it comes from. Never...

If you install free programs make sure you do not get the Unwanted programs.
http://nasdaq.spywareinfoforum.org/AdwCleaner_log.html
===

2) while my computer is shutting down, it shown some unknown program runs - no name in the s/d window - i suspect some spyware process running - this was there before cleaning also - now also it is happening - this is my concern


Next time you shut down the computer make sure you closed all running programs.
Let me know what the problem persists.
===

3) when we start computer McAfee, shows oas disabled and icon shows cross mark, later only it is in protection mode, is it because of virus attack, this is happening after cleaning also
4) if you need i can copy and send mcAfee security log for the blocks it has made

I suspect that McAfee it checking for updates. When all is well the icon is restored.
Check with them I'm not sure on this one.
===

5) is java update is must, it shows update number different now on line, if it is must, i can update the java from the link you have provided

The version you have running will be shown in the Add/Remove Progams list. Check it out agains what you will get from the link.

6) i have also checked about the ip address given by the rogue killer it shows airtlel broad band, i am using only airtel broad band, but is it necessary, else we can remove those entry from registry, if internet work without those entry, we can remove the same on safer side

These are also used by the router. I would not change them.

7) if the system is stable, and confirmed no virus / spyware, i can remove zonal alarm and malware bytes from the startup / - please give tips how to remove it from the start menu - later if required i can add the same

From the Start Run box executed MSCONFIG
Remove the check mark agains the programs with wish to stop.
Click the OK button.

You can restore them later.

===

Let see what we can find about the Windows updates. Will take it from there.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#8 KannanM

KannanM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 15 June 2015 - 12:18 PM

Hi

thanks for the prompt reply

 

with respect to windows shutdown, i have closed all know programs running and nothing is shown in the task bar

still some unknown process not allows windows shutdown and later windows forcefully shut down - this is my doubt area

 

i have run fss - txt is pasted here

 

please help to fix all issues

thanks

 

regards

kannan

 

Farbar Service Scanner Version: 17-01-2015
Ran by Kannan (administrator) on 15-06-2015 at 22:43:55
Running from "C:\Users\Kannan\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:38 PM

Posted 16 June 2015 - 06:56 AM

How to perform a clean boot in Windows Vista, W7, W8.
http://support.microsoft.com/kb/929135

Read and follow the instructions on the page before proceeding.

Did you find any conflicting issues?
===

#10 KannanM

KannanM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 16 June 2015 - 09:06 PM

hi

i have gone through clean boot instructions

my doubt is as follows

 

i am totally aware my mcafee, total protection is blocking writing to registry and other windows install operation

i am also aware, while installing mcafee, if we use normal protection mcafee allows all these programs, only in maximum protection mode it blocks, it is blocking ms products is my surprise and irritation

this is also blocking one drive to update files in cloud

once i disable manually the access protection both works

but i felt this is risk, during this disabled time, other programs also can write and access to registry

hence i wish to white list windows updater and onedrive / sky drive suitably in mcafee

other than this i think no problem in windows update / one drive upload

how to handle this

 

what about some process not getting shut down

whether we have to run some other advanced scanners / spyware killers /root kit removal etc

 

regards

kannan



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:38 PM

Posted 17 June 2015 - 07:38 AM

what about some process not getting shut down
whether we have to run some other advanced scanners / spyware killers /root kit removal etc


This could be caused by many thing.
One most likely it is a programs not releasing it's handle and must be forced out.

Try to fix the issues with Mcafee which may be the cause.

===

How to add an application to the McAfee Firewall Program Permissions list
http://service.mcafee.com/faqdocument.aspx?id=TS100813

#12 KannanM

KannanM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 18 June 2015 - 07:02 AM

hi

thanks

the link is not useful

 

i am using McAfee corporate version, no much user interface in this version.( mcafee virus scan enterprise and antispyware enterprise 8.8 is my version of mcafee)

 

i need in this mcafee console, how to white list microsoft updates and skydrive / one drive update / zonal alaram updates

all this are being blocked by mcafee firwall - once i disable temporarily, and run updates, all are working

 

i have my doubt, still virus or spyware may be there, is there any advanced method to check in my system  - can we use combo fix etc

 

another doubt, i understand, ms window 10 is getting released on june 29, if i upgarde from win 7 to win 10, because registry etc are same, same virus or spyware will affect or i have to format everything and install win 7 new and upgrade to win 10 ( free upgrade)

 

or if i format and reinstall win 7, how i can do all updates on one stroke

it take 3- 6 days for updates to work and it is cuber some process

 

if i am sure my system is clean, i can use confidently, else what are good options

please suggest

 

thanks

 

regards

kannan



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:38 PM

Posted 18 June 2015 - 08:25 AM


I suggest you contact McAfee to get the information you are looking for.
I never used that software.

===

i have my doubt, still virus or spyware may be there, is there any advanced method to check in my system - can we use combo fix etc


Yes lets check it out.

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

another doubt, i understand, ms window 10 is getting released on june 29, if i upgarde from win 7 to win 10, because registry etc are same, same virus or spyware will affect or i have to format everything and install win 7 new and upgrade to win 10 ( free upgrade)


I would not install it if you have any difficulties with your computer.

When all is well and you really need it then install it.

I know I wont. I always wait before installing a new operating system.
===

or if i format and reinstall win 7, how i can do all updates on one stroke
it take 3- 6 days for updates to work and it is cuber some process


The last time I reinstalled Wind 7 It took only a few hours to get all the updates.

#14 KannanM

KannanM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 20 June 2015 - 04:10 AM

hi

thanks

 

now i have only one desktop with all suspicious spyware

i donot have laptop now

under this scenario, if any issues faced in combo fix, how to recover or restart the system

is it safe - please clarify

 

secondly, i have noticed one process csrss.exe - is it good or bad ( in my task manager, clicking property, it is not showing anything - i suspect it may be unwanted stuff - please confirm)

 

when i reinstall win 7, every time it updates some updates and takes more time - my question is by single click, or one time can we update all till the date of update

 

thanks

 

regards

kannan



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:38 PM

Posted 20 June 2015 - 08:37 AM

under this scenario, if any issues faced in combo fix, how to recover or restart the system
is it safe - please clarify


You asked if you could run the ComboFix tool.

I said yes.
If you have any difficulties running it to the end let me know.
Post the log.

===

secondly, i have noticed one process csrss.exe - is it good or bad


It's probably bad.
I do not see it on any of your logs.

Now it's important to run Combofix.
---


when i reinstall win 7, every time it updates some updates and takes more time - my question is by single click, or one time can we update all till the date of update

Your computer is infected. You should not try to the the Updates until your computer is clean.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users