Jump to content

malware bytes scan exits early


Recommended Posts

Hi Folks,

I am using Win7 and was hit by happli redirect, since then malwarebytes on my system is not working. I had cleaned my laptop using other anti spyware and it fixed happli. however malwarebytes is unable to perform scan and exits in few minutes when i try to scan.

I have already retried uninstalling and installing malware bytes on machine but it still exits during scan. As read in forum I am attaching the DDS and Attach log. please advise if you need any further information.

Thanks in advance for your assitance.

************DDS.Log**************

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24

Run by asingh at 23:30:08 on 2012-05-09

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.5973 [GMT -7:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\ibmpmsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\windows\System32\spoolsv.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

C:\windows\system32\crypserv.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\windows\system32\CxAudMsg64.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

C:\Program Files\McAfee\DLP\Agent\fcags.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\windows\system32\mfevtps.exe

C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe

C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\windows\SysWOW64\SAsrv.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

C:\windows\system32\conhost.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\McAfee\DLP\Agent\fcagswd.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Lenovo\System Update\SUService.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\taskhost.exe

C:\Program Files\McAfee\DLP\Agent\fcag.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\windows\system32\rundll32.exe

C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE

C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE

C:\windows\system32\Dwm.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Program Files\McAfee\DLP\Agent\FCAGTE.EXE

C:\windows\Explorer.EXE

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe

C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe

C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe

C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Windows\SysWOW64\rundll32.exe

C:\windows\system32\rundll32.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\SysWOW64\RunDll32.exe

C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\igfxsrvc.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://my.oracle.com/index.htm

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = *.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.oracle.com;*.oraclecorp.com;*.oracleportal.com;<local>

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll

BHO: BargainMatch Extension: {a1f60e28-5d50-447b-b4d9-3b4ab0d674e7} - C:\Program Files (x86)\BargainMatch IE-Extension\bmext.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"

mRun: [safeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"

mRun: [safeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRunOnce: [ClickToCallConfig] C:\ProgramData\Oracle\BaseImage\config\realplayerent_config.exe /SS=YES

dRunOnce: [iPCConfig] C:\ProgramData\Oracle\BaseImage\config\cisco_ipcommunicator-cfg.exe /SS=YES

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 1 (0x1)

IE: {A1F60E28-5D50-447B-B4D9-3B4AB0D674E7} - res://C:\Program Files (x86)\BargainMatch IE-Extension\bmext.dll/content|js|bargainmatchoptions.hta

IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

Trusted Zone: oracle.com\login

Trusted Zone: oraclecorp.com\global-ebusiness

Trusted Zone: oraclecorp.com\global-erp

Trusted Zone: oraclecorp.com\global-hrms

Trusted Zone: oraclecorp.com\global-service

Trusted Zone: oracleoutsourcing.com\dnsh8j

Trusted Zone: oraclevpn.com\myaccess

Trusted Zone: oracle.com\login

Trusted Zone: oraclecorp.com\global-ebusiness

Trusted Zone: oraclecorp.com\global-erp

Trusted Zone: oraclecorp.com\global-hrms

Trusted Zone: oraclecorp.com\global-service

Trusted Zone: oraclevpn.com\myaccess

DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - hxxps://strtc.oracle.com/imtapp/res/jar/cnsload.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intercall.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{4F6DDEC7-1A70-44AB-9A01-182CD865B854} : DhcpNameServer = 130.35.249.52 130.35.249.41 192.135.82.132

TCP: Interfaces\{A839BABA-1EA6-440C-9BBD-75DFE6E1C4D6} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A839BABA-1EA6-440C-9BBD-75DFE6E1C4D6}\169627C696E6B6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A839BABA-1EA6-440C-9BBD-75DFE6E1C4D6}\25F697723702E4564777F627B6 : DhcpNameServer = 10.0.1.1

TCP: Interfaces\{A839BABA-1EA6-440C-9BBD-75DFE6E1C4D6}\2616C616B627963786E616E2233303 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{A839BABA-1EA6-440C-9BBD-75DFE6E1C4D6}\36C6561627D27657563747 : DhcpNameServer = 148.87.1.22 148.87.112.101

TCP: Interfaces\{A839BABA-1EA6-440C-9BBD-75DFE6E1C4D6}\44271696E6F6 : DhcpNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{A839BABA-1EA6-440C-9BBD-75DFE6E1C4D6}\D44434 : DhcpNameServer = 192.168.1.254

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll

BHO-X64: Fantapper - No File

BHO-X64: BargainMatch Extension: {A1F60E28-5D50-447B-B4D9-3B4AB0D674E7} - C:\Program Files (x86)\BargainMatch IE-Extension\bmext.dll

BHO-X64: BargainMatchExtension - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll

BHO-X64: NetAssistantBHO - No File

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun-x64: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun-x64: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"

mRun-x64: [safeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"

mRun-x64: [safeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"

mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {A1F60E28-5D50-447B-B4D9-3B4AB0D674E7} - res://C:\Program Files (x86)\BargainMatch IE-Extension\bmext.dll/content|js|bargainmatchoptions.hta

IE-X64: {c95fe080-8f5d-11d2-a20b-00aa003c157a}

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\asingh\AppData\Roaming\Mozilla\Firefox\Profiles\jbngptf4.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.oracle.com/site/nasc

FF - prefs.js: network.proxy.type - 2

FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\components\McFFPlg.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.y2layers.installId - 4aa93d11-10ec-4b0e-bd56-106eafa1ffac

FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,

.

============= SERVICES / DRIVERS ===============

.

R0 DzHDD64;DzHDD64;C:\windows\system32\DRIVERS\DzHDD64.sys --> C:\windows\system32\DRIVERS\DzHDD64.sys [?]

R0 MfeEERM;MfeEERM;C:\Windows\System32\drivers\MfeEERM.sys [2010-12-17 226504]

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]

R0 SBAlg;SBAlg;C:\Windows\System32\drivers\SbAlg.sys [2008-8-13 60128]

R0 SBAlg00;SBAlg00;C:\Windows\System32\drivers\SbAlg00.sys [2009-6-4 18176]

R0 SBAlg01;SBAlg01;C:\Windows\System32\drivers\SbAlg01.sys [2009-6-4 18176]

R0 SBAlg11;SBAlg11;C:\Windows\System32\drivers\SbAlg11.sys [2009-6-4 36096]

R0 SBAlg12;SBAlg12;C:\Windows\System32\drivers\SbAlg12.sys [2009-6-4 60160]

R0 SbCe;SbCe;C:\Windows\System32\drivers\SbCe.sys [2010-12-17 698312]

R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2010-10-12 15688]

R1 hdlpflt;hdlpflt;C:\windows\system32\DRIVERS\hdlpflt.sys --> C:\windows\system32\DRIVERS\hdlpflt.sys [?]

R1 lenovo.smi;Lenovo System Interface Driver;C:\windows\system32\DRIVERS\smiifx64.sys --> C:\windows\system32\DRIVERS\smiifx64.sys [?]

R1 RsvLock;RsvLock;C:\Windows\System32\drivers\RsvLock.sys [2010-10-12 58184]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 SbFlop;SbFlop;C:\Windows\System32\drivers\SbFlop.sys [2010-10-12 23368]

R1 SbRegFlt;SbRegFlt;C:\Windows\System32\drivers\SbRegFlt.sys [2010-10-12 15688]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 CipcCdp;Cisco IP Communicator driver for CDP;C:\windows\system32\DRIVERS\CipcCdp.sys --> C:\windows\system32\DRIVERS\CipcCdp.sys [?]

R2 CxAudMsg;Conexant Audio Message Service;C:\windows\system32\CxAudMsg64.exe --> C:\windows\system32\CxAudMsg64.exe [?]

R2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224]

R2 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2011-4-15 39840]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-9-6 40808]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-11-30 101736]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-9-6 59240]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-11-30 133992]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-10 654408]

R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624]

R2 McAfeeDLPAgentService;McAfee DLP Agent Service;C:\Program Files\McAfee\DLP\Agent\fcags.exe [2011-4-10 8445248]

R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-10-22 20792]

R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-5-19 120128]

R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2010-10-22 181480]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-10-22 66880]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\system32\mfevtps.exe --> C:\windows\system32\mfevtps.exe [?]

R2 MyDesktopWindows;MyDesktopService;C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe [2011-10-28 1038848]

R2 QOSMyDesktop;QOS MyDesktop;C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe [2009-10-13 470016]

R2 risdxc;risdxc;C:\windows\system32\DRIVERS\risdxc64.sys --> C:\windows\system32\DRIVERS\risdxc64.sys [?]

R2 SafeBootClientManager;SafeBoot Client Manager;C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [2010-10-12 380988]

R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-11-30 446592]

R2 SbCeCoreService;McAfee Endpoint Encryption Core Service;C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe [2010-12-17 203080]

R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-11-30 446800]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-11-30 145256]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-11-30 142696]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-30 2656280]

R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-6-10 641464]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\windows\system32\DRIVERS\e1c62x64.sys --> C:\windows\system32\DRIVERS\e1c62x64.sys [?]

R3 FirehkMP;FirehkMP;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?]

R3 hdlpctrl;hdlpctrl;C:\windows\system32\drivers\hdlpctrl.sys --> C:\windows\system32\drivers\hdlpctrl.sys [?]

R3 hdlpdbk;hdlpdbk;C:\windows\system32\drivers\hdlpdbk.sys --> C:\windows\system32\drivers\hdlpdbk.sys [?]

R3 hdlpevnt;hdlpevnt;C:\windows\system32\drivers\hdlpevnt.sys --> C:\windows\system32\drivers\hdlpevnt.sys [?]

R3 HIPK;McAfee Inc. HIPK;C:\windows\system32\drivers\HIPK.sys --> C:\windows\system32\drivers\HIPK.sys [?]

R3 HIPPSK;McAfee Inc. HIPPSK;C:\windows\system32\drivers\HIPPSK.sys --> C:\windows\system32\drivers\HIPPSK.sys [?]

R3 HIPQK;McAfee Inc. HIPQK;C:\windows\system32\drivers\HIPQK.sys --> C:\windows\system32\drivers\HIPQK.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]

R3 mfesmfk;McAfee Inc. mfesmfk;C:\windows\system32\drivers\mfesmfk.sys --> C:\windows\system32\drivers\mfesmfk.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]

R3 SbCeCd;SbCeCd;C:\Windows\System32\drivers\SbCeCd.sys [2010-12-17 132808]

R3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]

R3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]

R3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 253600]

S3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]

S3 dmvsc;dmvsc;C:\windows\system32\drivers\dmvsc.sys --> C:\windows\system32\drivers\dmvsc.sys [?]

S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-9-6 478056]

S3 Firehk;McAfee NDIS Intermediate Filter;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]

S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-9-6 89152]

S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-9-6 175168]

S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 hdlpnetf;hdlpnetf;C:\windows\system32\drivers\hdlpnetf.sys --> C:\windows\system32\drivers\hdlpnetf.sys [?]

.

=============== Created Last 30 ================

.

2012-05-10 06:08:59 47080 ----a-w- C:\windows\System32\HIPIS0e011b5.dll

2012-05-10 06:08:59 40328 ----a-w- C:\windows\SysWow64\HIPIS0e011b5.dll

2012-05-03 16:40:34 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-05-03 16:40:32 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DDE367E5-7D4E-4339-A6B3-565182D98944}\mpengine.dll

2012-04-19 18:11:11 -------- d---a-w- C:\Users\asingh\AppData\Roaming\.purple.bak.1

2012-04-19 18:10:51 -------- d-----w- C:\Program Files (x86)\Pidgin

2012-04-14 19:41:53 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys

2012-04-14 19:41:52 81408 ----a-w- C:\windows\System32\imagehlp.dll

2012-04-14 19:41:52 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll

2012-04-14 19:41:50 5120 ----a-w- C:\windows\SysWow64\wmi.dll

2012-04-14 19:41:50 5120 ----a-w- C:\windows\System32\wmi.dll

2012-04-14 19:41:50 220672 ----a-w- C:\windows\System32\wintrust.dll

2012-04-14 19:41:50 172544 ----a-w- C:\windows\SysWow64\wintrust.dll

.

==================== Find3M ====================

.

2012-05-03 07:17:08 143008 ----a-w- C:\windows\SysWow64\KevlarSigs.dll

2012-04-09 22:50:47 736494 ----a-w- C:\windows\SysWow64\PacesetterFY12-Cloud.scr

2012-04-04 22:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-03-29 06:26:29 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-29 06:26:29 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-02-28 06:39:37 1188864 ----a-w- C:\windows\System32\wininet.dll

2012-02-28 05:38:52 981504 ----a-w- C:\windows\SysWow64\wininet.dll

2012-02-28 04:31:38 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2012-02-28 03:52:27 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-02-24 17:36:50 230952 ----a-w- C:\windows\System32\drivers\PCTSD64.sys

2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll

.

============= FINISH: 23:33:19.03 ===============

***********Attach.Log******************

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 9/7/2011 4:46:06 AM

System Uptime: 5/9/2012 11:08:32 PM (0 hours ago)

.

Motherboard: LENOVO | | 2537R84

Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz | CPU | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 100 GiB total, 49.59 GiB free.

D: is FIXED (NTFS) - 189 GiB total, 171.833 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco Systems VPN Adapter for 64-bit Windows

Device ID: ROOT\NET\0001

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter for 64-bit Windows

PNP Device ID: ROOT\NET\0001

Service: CVirtA

.

==== System Restore Points ===================

.

RP63: 4/23/2012 5:35:03 PM - Scheduled Checkpoint

RP64: 5/1/2012 1:39:06 PM - Scheduled Checkpoint

RP65: 5/8/2012 6:45:07 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.2)

Adobe SVG Viewer 3.0

Advanced Outlook Password Recovery (remove only)

BargainMatch IE-Extension version 1.0.1.1142

Cisco AnyConnect VPN Client

Cisco IP Communicator

Cisco VPN Client 5.0.07.0290

Cisco WebEx Meetings

Compare It!

Fantapper Player

FileZilla Client 3.5.2

Freeze.com NetAssistant

GoToMeeting 4.8.0.723

GTK+ Runtime 2.14.7 rev a (remove only)

Intel PROSet Wireless

Intel® Control Center

Intel® Identity Protection Technology 1.0.74.0

Intel® Management Engine Components

Intel® Processor Graphics

Java Auto Updater

Java™ 6 Update 24

Lenovo Patch Utility

Lenovo Screen Reading Optimizer

Malwarebytes Anti-Malware version 1.61.0.1400

McAfee Agent

McAfee AntiSpyware Enterprise Module

McAfee Endpoint Encryption for Files and Folders

McAfee Endpoint Encryption for PC

McAfee Host Intrusion Prevention

McAfee SiteAdvisor Enterprise Plus

McAfee VirusScan Enterprise

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Visio Viewer 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visio Viewer

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 11.0 (x86 en-US)

Mozilla Thunderbird (3.1.7)

NetAssistant

Nucleus Kernel Outlook Password Recovery ver 10.08.01

NX Client for Windows 3.5.0-7

Oracle Beehive Conferencing

Oracle Beehive Extensions for Outlook

Oracle Beehive for Outlook

Oracle Data Protection 1.8.0.0

Oracle Online Assistance

Oracle Open Office 3.3

Oracle Web Conferencing Console

Pacesetter Spheres Screensaver

Pidgin

prerequisite

PrimoPDF

Projette

PuTTY .60 with WinSCP4

RealPlayer Enterprise

RICOH_Media_Driver_v2.14.18.01

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

System Update

ThinkPad Power Manager

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

.

==== Event Viewer Messages From Past Week ========

.

5/9/2012 11:09:02 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

5/9/2012 11:08:59 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

5/9/2012 11:08:56 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

5/9/2012 11:00:47 AM, Error: Schannel [36887] - The following fatal alert was received: 47.

5/3/2012 1:54:19 PM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 552.

5/3/2012 1:54:19 PM, Error: Schannel [36884] - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is ldap.gdns.oraclecorp.com. The SSL connection request has failed. The attached data contains the server certificate.

5/2/2012 6:16:17 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ASKHURAN-E4310 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4F6DDEC7-1A70-44AB-9A01-182CD865B854}. The master browser is stopping or an election is being forced.

5/2/2012 1:14:05 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ADMIN-US that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4F6DDEC7-1A70-44AB-9A01-182CD865B854}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello and :welcome:

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

  • 5 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.