Jump to content

dds logs

creichert
 Share

Recommended Posts

creichert

creichert

Posted
Posted

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7600.17115 BrowserJavaVersion: 10.21.2

Run by CReicher at 12:36:20 on 2013-05-10

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3892.2577 [GMT -4:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\ngvpnmgr.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe

C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Copiun\x64\AgtAdmSvc.exe

C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe

c:\epa.epa\EPAService.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe

C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Windows\system32\mfevtps.exe

C:\notes\ntmulti.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k regsvc

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\saHookMain.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Windows\system32\taskhost.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe

C:\Program Files\LENOVO\HOTKEY\shtctky.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe

C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe

C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Digital Line Detect\DLG.exe

C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe

C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.societylink.org/

uSearch Bar = Preserve

mWinlogon: Userinit = userinit.exe,

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\creicher\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GLOBAL~1.LNK - C:\Users\creicher\GlobalMeet for Desktop\StartUp.bat

StartupFolder: C:\Users\creicher\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoSimpleStartMenu = dword:1

uPolicies-Explorer: NoAutoTrayNotify = dword:1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoAutorun = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: legalnoticecaption = Acceptable Use Logon Banner

mPolicies-System: legalnoticetext = NOTICE: This system is the property of the American Cancer Society and may be accessed only by authorized users in accordance with the Society’s Acceptable Use Policy. It is subject to monitoring to ensure compliance with the Society’s policies. Use of this system constitutes consent to monitoring. You have no expectation of privacy as to any activities/information on this system. If monitoring reveals evidence of unauthorized use, it may be used for criminal or administrative action.

mPolicies-System: SoftwareSASGeneration = dword:3

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - <orphaned>

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - <orphaned>

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

Trusted Zone: acscan.org

Trusted Zone: acsevents.org

Trusted Zone: acsgiftshop.com

Trusted Zone: adobe.com

Trusted Zone: adp.com

Trusted Zone: atlnhohl01

Trusted Zone: blip.tv

Trusted Zone: cancer.org

Trusted Zone: convio.com

Trusted Zone: convio.net

Trusted Zone: dell.com

Trusted Zone: fleet.com

Trusted Zone: gotomeeting.com

Trusted Zone: ibm.com

Trusted Zone: java.com

Trusted Zone: lenovo.com

Trusted Zone: lotusnotes.com

Trusted Zone: macromedia.com

Trusted Zone: microsoft.com

Trusted Zone: mindleaders.com

Trusted Zone: outtask.com

Trusted Zone: paymentnet.com

Trusted Zone: peopleclick.com

Trusted Zone: relayforlife.org

Trusted Zone: searchtofight.org

Trusted Zone: shserv.org

Trusted Zone: siebel.com

Trusted Zone: stlu.com

Trusted Zone: sumtotalsystems.com

Trusted Zone: sun.com

Trusted Zone: webex.com

Trusted Zone: windowsupdate.com

Trusted Zone: acscan.org

Trusted Zone: acsevents.org

Trusted Zone: acsgiftshop.com

Trusted Zone: adobe.com

Trusted Zone: adp.com

Trusted Zone: atlnhohl01

Trusted Zone: blip.tv

Trusted Zone: cancer.org

Trusted Zone: convio.com

Trusted Zone: convio.net

Trusted Zone: dell.com

Trusted Zone: fleet.com

Trusted Zone: gotomeeting.com

Trusted Zone: ibm.com

Trusted Zone: java.com

Trusted Zone: lenovo.com

Trusted Zone: lotusnotes.com

Trusted Zone: macromedia.com

Trusted Zone: microsoft.com

Trusted Zone: mindleaders.com

Trusted Zone: outtask.com

Trusted Zone: paymentnet.com

Trusted Zone: peopleclick.com

Trusted Zone: relayforlife.org

Trusted Zone: searchtofight.org

Trusted Zone: shserv.org

Trusted Zone: siebel.com

Trusted Zone: stlu.com

Trusted Zone: sumtotalsystems.com

Trusted Zone: sun.com

Trusted Zone: webex.com

Trusted Zone: windowsupdate.com

DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.4.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{70F507A8-4E70-46B9-B62E-3E55CE9F4224} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{70F507A8-4E70-46B9-B62E-3E55CE9F4224}\34F636F616245616E6562797 : DHCPNameServer = 68.87.77.130 68.87.72.130

TCP: Interfaces\{A9DA7C0B-990E-40F0-9A4E-EACED2FABDED} : DHCPNameServer = 10.110.55.30 10.155.55.30 10.139.2.97

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

LSA: Notification Packages = EpePcNp64 scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll

x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll

x64-IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

x64-IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - <orphaned>

x64-IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - <orphaned>

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

x64-IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>

x64-IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - <orphaned>

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2013-1-11 29512]

R0 MfeEEAlg;MfeEEAlg;C:\Windows\System32\drivers\MfeEEAlg.sys [2012-2-22 71016]

R0 MfeEpeOpal;MfeEpeOpal;C:\Windows\System32\drivers\MfeEpeOpal.sys [2012-4-20 87368]

R0 MfeEpePc;MfeEpePc;C:\Windows\System32\drivers\MfeEpePc.sys [2012-4-20 140648]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-10-1 642952]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-10-1 283744]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-28 25416]

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2013-1-11 15472]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-8-16 75672]

R2 Copiun Administrative Service;Copiun Administrative Service;C:\Program Files (x86)\Copiun\x64\AgtAdmSvc.exe [2012-11-30 133120]

R2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [2011-9-12 641336]

R2 EPAService;EPAService;c:\epa.epa\EPAService.exe delay=900 --> c:\epa.epa\EPAService.exe delay=900 [?]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2013-1-11 43584]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2013-2-6 127072]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-1-11 62016]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2013-1-11 133992]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-26 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-26 701512]

R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe [2012-4-20 1699840]

R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2011-10-24 165440]

R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-11-15 132672]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2011-9-14 209760]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-10-1 208272]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-10-1 158832]

R2 NgVpnMgr;Aventail VPN Client;C:\Windows\System32\ngvpnmgr.exe [2012-6-26 532328]

R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2013-1-11 61952]

R2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2013-2-6 127120]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2013-2-6 125504]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-11 2533400]

R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232]

R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2013-1-11 167040]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2013-1-11 54824]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-1-11 35104]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2013-1-11 292864]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2013-1-11 342704]

R3 FireNfcp;McAfee Inc. FireNfcp;C:\Windows\System32\drivers\FireNfcp.sys [2012-10-1 48840]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2013-1-11 56344]

R3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-1 195024]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2013-1-11 158976]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-1-11 317440]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-26 25928]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-10-1 228752]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-10-1 481504]

R3 NgLog;Aventail VPN Logging;C:\Windows\System32\drivers\nglog.sys [2012-6-23 31304]

R3 NgVpn;Aventail VPN Adapter;C:\Windows\System32\drivers\ngvpn.sys [2012-6-23 103496]

R3 NgWfp;Aventail VPN Callout;C:\Windows\System32\drivers\ngwfp.sys [2012-6-23 28744]

R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-1-11 27960]

R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2011-5-29 40248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-10-1 199008]

S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2013-1-11 478056]

S3 IFCoEMP;IFCoEMP;C:\Windows\System32\drivers\ifM52x64.sys [2012-5-29 339728]

S3 IFCoEVB;IFCoEVB;C:\Windows\System32\drivers\ifP52x64.sys [2012-5-29 65808]

S3 iSSetup;iSSetup;C:\Windows\System32\drivers\iSSetup.sys [2012-5-29 189664]

S3 LNSUSvc;Lotus Notes Smart Upgrade Service;C:\Notes\SUService.exe [2011-9-16 189832]

S3 Lotus Notes Diagnostics;Lotus Notes Diagnostics;C:\notes\nsd.exe -svcinvoke -ini "C:\ProgramData\Lotus\Notes\Data\notes.ini" --> C:\notes\nsd.exe -svcinvoke -ini C:\ProgramData\Lotus\Notes\Data\notes.ini [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-10-1 100904]

S3 NgFilter;Aventail VPN Filter;C:\Windows\System32\drivers\ngfilter.sys [2012-6-23 26184]

S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2013-1-11 1662560]

S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2013-1-11 1665120]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-3 1255736]

.

=============== Created Last 30 ================

.

2013-05-10 07:40:51 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A84E844-BAE6-4625-B486-320FECF1CEE8}\offreg.dll

2013-05-10 07:39:07 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A84E844-BAE6-4625-B486-320FECF1CEE8}\mpengine.dll

2013-05-09 22:08:20 -------- d-----w- C:\Users\creicher\Relay Pic Ideas

2013-05-08 12:47:52 -------- d-----w- C:\Users\creicher\AppData\Roaming\smkits

2013-05-01 15:55:56 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-05-01 15:55:56 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-05-01 15:55:51 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-01 15:52:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-01 15:52:27 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-04-26 17:26:28 -------- d-----w- C:\Users\creicher\AppData\Roaming\Malwarebytes

2013-04-26 17:25:50 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-26 17:25:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-26 17:25:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-23 23:23:37 -------- d-----w- C:\Users\creicher\AppData\Local\CrashDumps

2013-04-23 19:46:56 -------- d-----w- C:\Windows\pss

2013-04-23 17:57:48 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2013-04-23 17:31:32 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2013-04-23 17:17:50 -------- d-----w- C:\Users\creicher\AppData\Local\NPE

2013-04-23 17:17:50 -------- d-----w- C:\ProgramData\Norton

.

==================== Find3M ====================

.

2013-05-10 16:16:55 160 ----a-w- C:\Windows\SysWow64\settings.bin

2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-24 12:38:25 15859416 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-02-21 14:57:44 3024456 ----a-w- C:\Users\creicher\GlobalMeet_ScreenShare_update_860_windows.exe

.

============= FINISH: 12:37:04.27 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/11/2013 5:26:17 PM

System Uptime: 5/10/2013 12:12:47 PM (0 hours ago)

.

Motherboard: LENOVO | | 2522DQ9

Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz | None | 2400/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 203.105 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP73: 5/8/2013 5:49:23 PM - Scheduled Checkpoint

RP74: 5/10/2013 3:38:42 AM - Windows Update

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

7-Zip 9.20 (x64 edition)

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

Adobe Shockwave Player 12.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Aventail Connect

Bonjour

Burn.Now 4.5

Burn.Now Lenovo Edition

Camtasia Studio 7

Conexant 20585 SmartAudio HD

Copiun Data Manager

Definition update for Microsoft Office 2010 (KB982726)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

FileNet IDM Viewer 4.0

Fingerprint Software Patch

GlobalMeet Desktop Tools

GlobalMeet for Desktop

GlobalMeet ScreenShare

Google Update Helper

Integrated Camera Driver Installer Package Ver.1.1.0.48

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless WiFi Software

IrfanView (remove only)

iTunes

Java 7 Update 21

Java Auto Updater

Java™ 6 Update 17

Java™ 6 Update 17 (64-bit)

Lenovo Auto Scroll Utility

Lenovo Patch Utility

Lenovo Patch Utility 64 bit

Lenovo Power Management Driver

Lenovo System Interface Driver

Lenovo System Update

Lotus Notes 8.5.3

Malwarebytes Anti-Malware version 1.75.0.1300

McAfee Agent

McAfee Endpoint Encryption Agent

McAfee Endpoint Encryption for PC v6

McAfee Host Intrusion Prevention

McAfee SiteAdvisor Enterprise

McAfee VirusScan Enterprise

Media Player Codec Pack 4.2.2

MER for ePO

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Project MUI (English) 2010

Microsoft Office Project Standard 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Project Standard 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

On Screen Display

PDFCreator

Power Manager

Quest Secure Password Extension x64

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

RICOH R5U230 Media Driver ver.2.06.02.02

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2584066)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Snagit 10

swMSM

System Information Reporter

ThinkPad Bluetooth with Enhanced Data Rate Software

ThinkPad FullScreen Magnifier

ThinkPad Modem Adapter

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

ThinkVantage Access Connections

ThinkVantage Active Protection System

ThinkVantage Communications Utility

ThinkVantage Fingerprint Software

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

Windows XP Mode

.

==== Event Viewer Messages From Past Week ========

.

5/9/2013 6:03:12 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/9/2013 10:47:30 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

5/8/2013 8:49:39 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The attribute syntax specified to the directory service is invalid. .

5/8/2013 8:49:16 AM, Error: Application Management Group Policy [103] - The removal of the assignment of application McAfee Agent from policy mcaffeagent failed. The error was : %%2

5/8/2013 8:03:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

5/8/2013 7:50:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache3.0.0.0 service.

5/8/2013 2:56:48 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

5/6/2013 7:42:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

5/5/2013 9:22:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcSvc service.

5/5/2013 9:21:17 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{70F507A8-4E70-46B9-B62E-3E55CE9F4224} because another computer on the network has the same name. The server could not start.

5/4/2013 12:05:09 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 6 time(s).

5/4/2013 11:49:20 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/4/2013 11:42:27 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/4/2013 11:39:31 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 1 time(s).

5/4/2013 11:37:38 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/4/2013 11:37:25 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the System Update service to connect.

5/4/2013 11:37:25 AM, Error: Service Control Manager [7000] - The System Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/4/2013 11:31:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

5/10/2013 12:23:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee McShield service to connect.

5/10/2013 12:23:46 PM, Error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/10/2013 12:23:09 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/10/2013 12:16:06 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .

5/10/2013 12:14:16 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

5/10/2013 12:13:08 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain PA due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

.

==== End Of File ===========================

Link to post
Share on other sites
Robybel

Robybel

Posted
Posted

Hi and Welcome!! creichert :)

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! ;)

=================================

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Next

AdwCleaner

  • Please download "]http://general-changelog-team.fr/en/tools/15-adwcleaner"] AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Next

  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept