Jump to content

Recommended Posts

Great............

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I hope I did this right. I tried my best to disable my McAfee the webpage that shows you how to disable it wasnt applying to the McAfee service I have.

Any way here is the text.

ComboFix 12-08-17.03 - nietoa1 08/17/2012 16:28:03.1.4 - x86

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3493.2483 [GMT -7:00]

Running from: c:\users\nietoa1\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\programdata\Roaming

c:\users\Administrator\AppData\Roaming\3VR

c:\windows\system32\msMAsk32.ocx

.

.

((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))

.

.

2012-08-16 03:39 . 2012-08-16 03:58 -------- d-----w- c:\program files\Free Window Registry Repair

2012-08-16 03:05 . 2012-08-16 03:05 -------- d--h--w- c:\windows\system32\WLANProfiles

2012-08-16 03:04 . 2012-08-16 03:04 -------- d-----w- c:\users\Public\Roaming

2012-08-16 03:04 . 2012-08-16 03:04 -------- d-----w- c:\users\Default\Roaming

2012-08-16 03:04 . 2012-08-16 03:04 -------- d-----w- c:\users\Administrator\Roaming

2012-08-16 03:04 . 2012-08-16 03:04 -------- d-----w- c:\programdata\Intel

2012-08-16 02:31 . 2012-08-16 02:31 -------- d-----w- c:\program files\ThinkPad

2012-08-16 01:36 . 2012-08-16 01:36 -------- d-----w- c:\programdata\PPR_KPI

2012-08-15 17:05 . 2012-08-15 17:05 -------- d-----w- c:\programdata\Malwarebytes

2012-08-15 16:48 . 2012-08-15 16:48 14664 ----a-w- c:\windows\stinger.sys

2012-08-15 16:47 . 2012-08-15 17:01 -------- d-----w- c:\program files\stinger

2012-08-15 15:19 . 2012-08-15 15:27 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-14 00:58 . 2012-08-17 23:29 -------- d-----w- C:\Quarantine

2012-08-14 00:57 . 2012-08-14 00:57 -------- d-----w- c:\windows\Sun

2012-08-09 00:42 . 2012-08-09 00:42 -------- d--h--w- c:\programdata\CanonIJScan

2012-08-09 00:20 . 2012-08-09 00:38 -------- d-----w- c:\program files\Canon

2012-08-09 00:20 . 2012-08-09 00:20 -------- d-----w- c:\programdata\Canon IJ Network Tool

2012-08-09 00:16 . 2012-08-09 00:16 -------- d-----w- c:\windows\system32\STRING

2012-08-09 00:16 . 2010-02-05 17:37 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL

2012-08-09 00:16 . 2010-02-05 17:37 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL

2012-08-08 22:59 . 2012-08-08 22:59 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-08-08 22:58 . 2012-08-08 22:58 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-08-08 02:50 . 2012-08-16 03:04 -------- d-----w- c:\users\Temp

2012-08-08 02:06 . 2012-08-08 02:06 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2012-08-08 02:05 . 2012-08-08 02:05 -------- d--h--w- c:\programdata\CanonBJ

2012-08-08 02:05 . 2010-08-25 12:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA9.DLL

2012-08-08 02:05 . 2010-08-25 12:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA9.DLL

2012-08-08 02:05 . 2010-08-25 12:00 290816 ----a-w- c:\windows\system32\CNMLMA9.DLL

2012-08-08 02:04 . 2010-03-19 02:25 307200 ----a-w- c:\windows\system32\CNC495L.dll

2012-08-08 02:04 . 2010-03-19 00:12 1335296 ----a-w- c:\windows\system32\CNC495C.dll

2012-08-08 02:04 . 2010-03-19 00:12 114688 ----a-w- c:\windows\system32\CNC495I.dll

2012-08-08 02:04 . 2010-03-19 00:11 106496 ----a-w- c:\windows\system32\CNC495U.dll

2012-08-08 02:04 . 2008-08-26 01:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll

2012-08-07 23:17 . 2012-08-16 03:04 -------- d-----w- c:\users\nietoa1

2012-08-02 07:08 . 2012-08-02 03:14 -------- d-----w- c:\windows\Panther

2012-08-02 06:52 . 2010-07-26 22:08 51472 ----a-w- c:\windows\system32\drivers\tcusb.sys

2012-08-02 06:11 . 2012-08-16 03:04 -------- d-----w- c:\program files\Common Files\Intel

2012-08-02 06:11 . 2012-08-16 03:04 -------- d-----w- c:\program files\Intel

2012-08-02 06:11 . 2012-08-02 06:11 -------- d-----w- C:\Intel

2012-08-02 04:18 . 2012-08-02 04:17 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll

2012-08-02 04:18 . 2012-08-02 04:17 22816 ----a-w- c:\windows\system32\MFEOtlk.dll

2012-08-02 04:18 . 2012-08-02 04:17 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-08-02 04:18 . 2012-08-15 16:47 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-08-02 04:18 . 2012-08-02 04:17 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-08-02 04:18 . 2012-08-02 04:17 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-08-02 04:18 . 2012-08-02 04:17 119968 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-08-02 04:18 . 2012-08-15 16:47 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-08-02 04:18 . 2012-08-15 16:47 159608 ----a-w- c:\windows\system32\mfevtps.exe

2012-08-02 04:18 . 2012-08-02 04:17 164840 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-08-02 04:17 . 2012-08-02 04:18 -------- d-----w- c:\program files\Common Files\McAfee

2012-08-02 04:17 . 2012-08-02 04:17 -------- d-----w- c:\users\Administrator\AppData\Roaming\McAfee

2012-08-02 04:16 . 2012-08-08 01:22 -------- d-----w- c:\programdata\McAfee

2012-08-02 04:16 . 2012-08-07 23:31 -------- d-----w- c:\program files\McAfee

2012-08-02 04:15 . 2012-08-02 04:15 -------- d-----w- c:\users\Default\AppData\Local\MochaSoft

2012-08-02 04:15 . 2012-08-02 04:15 -------- d-----w- c:\users\Administrator\AppData\Local\MochaSoft

2012-08-02 04:15 . 2012-08-02 04:15 -------- d-----w- c:\program files\MochaSoft

2012-08-02 04:11 . 2012-08-02 04:12 -------- d-----w- c:\windows\system32\CCM

2012-08-02 04:11 . 2012-08-02 04:11 -------- d-----w- c:\windows\ms

2012-08-02 04:11 . 2012-08-02 04:13 -------- d-----w- c:\windows\system32\ccmsetup

2012-08-02 04:10 . 2012-08-08 23:01 -------- d-----w- c:\program files\Microsoft Office Communicator

2012-08-02 04:07 . 2012-08-02 04:07 -------- d-----w- c:\programdata\Diebold, Incorporated

2012-08-02 04:07 . 2012-08-02 04:07 40960 ----a-w- c:\windows\Diebold We Won't Rest.dll

2012-08-02 04:07 . 2012-08-02 04:07 406556 ----a-w- c:\windows\Diebold We Won't Rest.scr

2012-08-02 04:07 . 2012-08-02 04:07 18192 ----a-w- c:\windows\Diebold We Won't Rest.dat

2012-08-02 04:07 . 2012-08-02 04:07 1165670 ----a-w- c:\windows\Diebold We Won't Rest.exe

2012-08-02 04:07 . 2012-08-02 04:07 40960 ----a-w- c:\windows\Diebold - We Won't Rest.dll

2012-08-02 04:07 . 2012-08-02 04:07 406556 ----a-w- c:\windows\Diebold - We Won't Rest.scr

2012-08-02 04:07 . 2012-08-02 04:07 18192 ----a-w- c:\windows\Diebold - We Won't Rest.dat

2012-08-02 04:07 . 2012-08-02 04:07 1035063 ----a-w- c:\windows\Diebold - We Won't Rest.exe

2012-08-02 04:06 . 2012-08-02 04:07 -------- d-----w- c:\program files\Diebold Protect Screensaver

2012-08-02 04:06 . 2012-08-02 04:06 -------- d-----w- c:\program files\Microsoft Office Communications Server 2007 R2

2012-08-02 04:06 . 2012-08-02 04:06 -------- d-----w- c:\program files\LaGard

2012-08-02 04:06 . 2012-08-02 04:06 -------- d-----w- c:\program files\Kaba Mas

2012-08-02 04:05 . 2012-08-02 04:05 -------- d-----w- c:\program files\Microsoft SQL Server

2012-08-02 04:05 . 2012-08-02 04:05 -------- d-----w- c:\programdata\Verint

2012-08-02 04:04 . 2012-08-02 04:04 -------- d-----w- c:\program files\ArcaTech Systems

2012-08-02 04:04 . 2012-08-02 04:04 -------- d-----w- C:\SwTool 4.0.0.1

2012-08-02 04:03 . 2008-07-29 20:40 48296 ----a-w- c:\windows\system32\drivers\aksifdh.sys

2012-08-02 04:03 . 2008-07-29 20:40 34472 ----a-w- c:\windows\system32\drivers\aksup.sys

2012-08-02 04:03 . 2010-04-30 18:48 107808 ----a-w- c:\windows\system32\iKeyUI.dll

2012-08-02 04:03 . 2010-04-30 18:48 91424 ----a-w- c:\windows\system32\iKeyAPI.dll

2012-08-02 04:03 . 2010-04-30 18:48 75040 ----a-w- c:\windows\system32\iKey2k.dll

2012-08-02 04:03 . 2010-04-30 18:48 165152 ----a-w- c:\windows\system32\iKeyDI.dll

2012-08-02 04:03 . 2012-08-02 04:03 -------- d--h--w- c:\program files\InstallShield Installation Information

2012-08-02 04:03 . 2010-04-29 14:16 21472 ----a-w- c:\windows\system32\drivers\RNBTOKEN.SYS

2012-08-02 04:03 . 2010-04-29 14:16 18080 ----a-w- c:\windows\system32\drivers\IKEYIFD.SYS

2012-08-02 04:03 . 2010-04-29 14:16 11616 ----a-w- c:\windows\system32\drivers\IKEYENUM.SYS

2012-08-02 04:03 . 2012-08-02 04:03 -------- d-----w- c:\program files\SafeNet

2012-08-02 04:02 . 2012-08-02 04:02 -------- d-----w- c:\program files\Verex IP Module Config101

2012-08-02 04:02 . 2012-08-02 04:02 -------- d-----w- c:\program files\HyperTerminal XP

2012-08-02 04:02 . 2012-08-02 04:02 -------- d-----w- c:\program files\Hirsch Snib2Config

2012-08-02 04:02 . 2012-08-02 04:02 -------- d-----w- c:\program files\ENA Process Notes

2012-08-02 04:02 . 2012-08-02 04:02 -------- d-----w- c:\program files\DeLaRue Test Tool

2012-08-02 04:02 . 2012-08-02 04:02 -------- d-----w- C:\Link

2012-08-02 04:01 . 2012-08-02 04:01 -------- d-----w- C:\GMS

2012-08-02 04:01 . 2012-08-02 04:01 -------- d-----w- c:\program files\Business Objects

2012-08-02 04:00 . 2012-08-02 04:00 -------- d-----w- c:\program files\Common Files\InstallShield

2012-08-02 03:59 . 2012-08-02 03:59 -------- d-----w- c:\program files\Common Files\MainConcept

2012-08-02 03:59 . 2012-08-02 03:59 -------- d-----w- c:\program files\3VR Security

2012-08-02 03:55 . 2012-08-02 03:58 -------- d-----w- c:\program files\TRDB

2012-08-02 03:54 . 2012-08-02 03:55 -------- d-----w- c:\program files\WKLCALLS

2012-08-02 03:54 . 2012-08-02 03:54 286720 ------w- c:\windows\Setup1.exe

2012-08-02 03:54 . 2012-08-02 03:54 73216 ----a-w- c:\windows\ST6UNST.EXE

2012-08-02 03:53 . 2012-08-02 03:53 -------- d-----w- c:\program files\Performance Profile Report

2012-08-02 03:52 . 2012-08-02 03:52 -------- d-----w- c:\program files\IMAP

2012-08-02 03:51 . 2009-07-14 01:15 126976 ----a-w- c:\windows\system32\msdart32.dll

2012-08-02 03:51 . 2011-05-13 13:05 22016 ----a-w- c:\windows\system32\MSWINSCK.oca

2012-08-02 03:51 . 2010-03-26 18:31 92160 ----a-w- c:\windows\system32\MSCAL.OCX

2012-08-02 03:51 . 2010-03-26 18:31 77824 ----a-w- c:\windows\system32\Msbind.dll

2012-08-02 03:51 . 2010-03-26 18:31 202752 ----a-w- c:\windows\system32\dblist32.ocx

2012-08-02 03:51 . 2010-03-26 18:31 147512 ----a-w- c:\windows\system32\temp.007

2012-08-02 03:51 . 2010-03-26 18:31 12288 ----a-w- c:\windows\system32\temp.008

2012-08-02 03:51 . 2012-08-02 03:51 -------- d-----w- C:\temp

2012-08-02 03:51 . 2010-03-26 18:31 16384 ----a-w- c:\windows\system32\GzipWrapper.dll

2012-08-02 03:51 . 2012-08-02 03:53 -------- d-----w- c:\program files\WAS

2012-08-02 03:50 . 2012-08-02 03:50 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe

2012-08-02 03:50 . 2012-08-02 03:51 -------- d-----w- C:\TechResourceCDS

2012-08-02 03:50 . 2012-08-02 03:50 -------- d-----w- c:\program files\Common Files\Lanex Shared

2012-08-02 03:50 . 2007-02-18 22:26 1046288 ----a-w- c:\windows\system32\msjet35.dll

2012-08-02 03:50 . 2007-02-18 22:26 570128 ----a-w- c:\windows\system32\dao350.dll

2012-08-02 03:48 . 2012-08-02 03:48 -------- d-----w- C:\Opteva DLINK DEVICE DRIVER

2012-08-02 03:46 . 2012-08-02 03:46 -------- dc----w- c:\windows\system32\DRVSTORE

2012-08-02 03:46 . 2011-12-15 12:25 54552 ----a-w- c:\windows\system32\acnamfdbctl.dll

2012-08-02 03:46 . 2011-12-15 12:25 173808 ----a-w- c:\windows\system32\drivers\acnamfd.sys

2012-08-02 03:46 . 2011-12-15 12:34 39376 ----a-w- c:\windows\system32\acnamihv.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-28 17:50 . 2012-07-11 12:34 859382 ----a-w- c:\windows\Diebold_Security.scr

2012-06-25 23:05 . 2012-06-25 23:05 3039024 ----a-w- c:\windows\system32\wlihvui.dll

2012-06-25 23:05 . 2012-06-25 23:05 2007856 ----a-w- c:\windows\system32\iwmssvc.dll

2012-06-18 07:14 . 2012-07-11 12:57 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6EB28F21-C60E-48A1-B8D1-0620D5BD0F79}\mpengine.dll

2012-06-12 02:40 . 2012-07-11 13:29 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-06-06 05:05 . 2012-07-11 13:04 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:05 . 2012-07-11 13:04 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:03 . 2012-07-11 13:01 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-06-02 22:19 . 2012-07-11 12:33 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-07-11 12:33 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-07-11 12:32 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-07-11 12:32 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-07-11 12:33 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-07-11 12:33 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-07-11 12:32 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-07-11 12:32 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:12 . 2012-07-11 12:32 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 04:45 . 2012-07-11 13:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:45 . 2012-07-11 13:04 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:40 . 2012-07-11 13:04 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 04:40 . 2012-07-11 13:04 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:39 . 2012-07-11 13:04 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-31 16:25 . 2012-07-11 12:57 237072 ----a-w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Communicator"="KEY" [X]

"McAfeeUpdaterUI"="KEY" [X]

"ShStatEXE"="E" [X]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-12-15 527312]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WAS Update.lnk - c:\program files\WAS\WiseUpdt.exe [2012-8-1 166518]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoAutorun"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"RestrictWelcomeCenter"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ EpePcNp32 scecli

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-18574106-1352478796-824651971-250630\Scripts\Logon\0\0]

"Script"=FwcTool.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-18574106-1352478796-824651971-250630\Scripts\Logon\0\1]

"Script"=FwcTool.exe

.

R2 PrtPort;PrtPort; [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [x]

R3 MFE_RR;MFE_RR;c:\users\nietoa1\AppData\Local\Temp\mfe_rr.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]

R3 pcg_nt;pcg_nt;d:\pcg_2k.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]

R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 MfeEEAlg;MfeEEAlg; [x]

S0 MfeEpeOpal;MfeEpeOpal; [x]

S0 MfeEpePc;MfeEpePc; [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S1 acnamfd;Cisco AnyConnect Network Access Manager Filter Driver;c:\windows\system32\DRIVERS\acnamfd.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 ciscod.exe;Cisco Security Service;c:\program files\Cisco\Cisco HostScan\bin\ciscod.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]

S2 nam;Cisco AnyConnect Network Access Manager;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe [x]

S2 namlm;Cisco AnyConnect Network Access Manager Logon Module;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\acnamlogonagent.exe [x]

S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc86.sys [x]

S2 SACSrv;SACSrv;c:\program files\SafeNet\Authentication\SAC\x32\SACSrv.exe [x]

S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]

S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]

S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [x]

S3 acwebsecagent;Cisco AnyConnect Web Security Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\acwebsecagent.exe [x]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [x]

S3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\DRIVERS\ikeyenum.sys [x]

S3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\DRIVERS\ikeyifd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://doc2.diebold.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

Trusted Zone: dbdfxz

Trusted Zone: diebold.com\secureauth

Trusted Zone: diebold.com\usncclm01.ad

Trusted Zone: skillport.com

Trusted Zone: srvs

Trusted Zone: suth.com\diebold

Trusted Zone: suth.com\dieboldsurvey

Trusted Zone: dbdfxz

Trusted Zone: diebold.com\usncclm01.ad

Trusted Zone: skillport.com

Trusted Zone: srvs

Trusted Zone: suth.com\diebold

Trusted Zone: suth.com\dieboldsurvey

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

DPF: {53A8AEF8-5503-4B78-A091-634BB68DEECE} - hxxps://secureauth.diebold.com/secureauth3/4420/SecureAuth.cab

DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - vpnweb.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE

HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE

HKLM-Run-Persistence - DOWS\SYSTEM32\IGFXPERS.EXE

HKLM-Run-APSDaemon - .EXE

HKLM-Run-Adobe ARM - FILES\ADOBE\ARM\1.0\ADOBEARM.EXE

HKLM-Run-BCSSync - C.EXE

HKLM-Run-SafeNetCertMngr - ITOR.EXE

HKLM-Run-DieboldProtectScrnsave - SVR.VBS

HKLM-Run-MfeEpePcMonitor - ITOR.EXE

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

Notify-!SASWinLogon - (no file)

SafeBoot-29337598.sys

SafeBoot-35808088.sys

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(664)

c:\windows\system32\EpePcNp32.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files\McAfee\VirusScan Enterprise\mfeann.exe

c:\windows\system32\conhost.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\CCM\CcmExec.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\windows\system32\conhost.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\msiexec.exe

c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE

c:\windows\system32\sppsvc.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

c:\windows\system32\wbem\WmiApSrv.exe

.

**************************************************************************

.

Completion time: 2012-08-17 16:40:00 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-17 23:39

.

Pre-Run: 221,864,919,040 bytes free

Post-Run: 221,937,004,544 bytes free

.

- - End Of File - - EC30C18280C6A598D59401BE1FF9BCFD

Link to post
Share on other sites

Try this.......

Click Start, click Run, type services.msc, and then click OK.

Double-click Plug and Play.

If you receive a Configuration Manager message, click OK.

In the Startup Type list, click Automatic, and then click OK.

Close Services.

Restart the computer.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.