Jump to content

Please help - big problems!


fish11

Recommended Posts

I'm not super saavy at this process but I've been infected since last night. Lots of pop-ups, hidden start menu, fake warnings, etc. This is my work computer so I eventually will get someone to help but I'm hoping to find something sooner.

I've run Malwarebytes full scans twice and have found 5 different issues - all Hijack Start issues. I've removed them but am prompted to restart. I did the first time and then realized this is a problem.

Now I can't get the pop-ups to stop and would appreciate any help.

Thanks!

Devon

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by 551569 at 12:58:54 on 2011-10-15

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3956.1802 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Endpoint Security Client Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

.

============== Running Processes ===============

.

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

svchost.exe

svchost.exe

svchost.exe

C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Eraser\Eraser.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe

C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\Common Files\Check Point\UIFramework\cptray.exe

C:\Program Files (x86)\Pointsec\Pointsec for PC\P95tray.exe

C:\Program Files (x86)\Checkpoint\Endpoint Security\Endpoint Connect\TrGUI.exe

C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe

C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe

C:\Program Files (x86)\VeriSign\PKI Client\PKIClient.exe

C:\ProgramData\xXcnbsQjRkB.exe

C:\Program Files (x86)\Checkpoint\Endpoint Security\IClient.exe

C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

C:\ProgramData\6DSS92c31Apgjk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\551569\AppData\Local\Temp\wz7c31\mbam-setup-1.46.exe

C:\Users\551569\AppData\Local\Temp\is-C4GRA.tmp\mbam-setup-1.46.tmp

C:\Users\551569\AppData\Local\Temp\wz7c31\mbam-setup-1.46.exe

C:\Users\551569\AppData\Local\Temp\is-IQUDD.tmp\mbam-setup-1.46.tmp

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchFilterHost.exe

svchost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\cscript.exe

C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.boozallen.com/

uDefault_Page_URL = about:blank

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll

uRun: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [TP4EX] tp4ex.exe

mRun: [Check Point Endpoint Tray Application] C:\Program Files (x86)\Common Files\Check Point\UIFramework\cptray.exe

mRun: [Pointsec Tray] C:\Program Files (x86)\Pointsec\Pointsec for PC\P95Tray.exe

mRun: [Check Point Endpoint Connect] "C:\Program Files (x86)\Checkpoint\Endpoint Security\Endpoint Connect\TrGUI.exe"

mRun: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe

mRun: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun: [AgentUiRunKey] "C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe" -ni -sss -e http://localhost:16386/

mRun: [VeriSign PKI Client] C:\Program Files (x86)\VeriSign\PKI Client\PKIClient.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [xXcnbsQjRkB.exe] C:\ProgramData\xXcnbsQjRkB.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\551569\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 1 (0x1)

mPolicies-system: DisableCAD = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: C:\Windows\system32\PGPlsp.dll

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://nacvpn.usae.bah.com/auth/taweb.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://nacvpn.usae.bah.com/auth/CCALogin.CAB

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.disneyphotopass.com/software/ImageUploader4.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.bah.com/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{865762A9-6D47-448E-8E8C-83F1114809F8} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{865762A9-6D47-448E-8E8C-83F1114809F8}\04F4666696365634434454 : DhcpNameServer = 4.2.2.2 0.0.0.0 0.0.0.0

TCP: Interfaces\{865762A9-6D47-448E-8E8C-83F1114809F8}\3416279626F657 : DhcpNameServer = 205.139.50.143 63.209.206.118 4.2.2.2

TCP: Interfaces\{865762A9-6D47-448E-8E8C-83F1114809F8}\4657E6E62627F637 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{865762A9-6D47-448E-8E8C-83F1114809F8}\65562796A7F6E602353484D2C4341313024613464602355636572756 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{AAA68010-0CDE-4BF9-AAF3-C38D534130E8} : DhcpNameServer = 192.168.13.28

TCP: Interfaces\{F6DAC765-04B0-4F00-A72E-1A53A8CF49D7} : DhcpNameServer = 156.80.3.3 156.80.62.14 156.80.3.67

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll

AppInit_DLLs: PGPmapih.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

LSA: Notification Packages = scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll PGPpwflt

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll

BHO-X64: scriptproxy - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe

mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun-x64: [TP4EX] tp4ex.exe

mRun-x64: [Check Point Endpoint Tray Application] C:\Program Files (x86)\Common Files\Check Point\UIFramework\cptray.exe

mRun-x64: [Pointsec Tray] C:\Program Files (x86)\Pointsec\Pointsec for PC\P95Tray.exe

mRun-x64: [Check Point Endpoint Connect] "C:\Program Files (x86)\Checkpoint\Endpoint Security\Endpoint Connect\TrGUI.exe"

mRun-x64: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe

mRun-x64: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe

mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun-x64: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun-x64: [AgentUiRunKey] "C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe" -ni -sss -e http://localhost:16386/

mRun-x64: [VeriSign PKI Client] C:\Program Files (x86)\VeriSign\PKI Client\PKIClient.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [xXcnbsQjRkB.exe] C:\ProgramData\xXcnbsQjRkB.exe

mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

AppInit_DLLs-X64: PGPmapih.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 pgpfs;PGP File Sharing;C:\Windows\system32\Drivers\PGPfsfd.sys --> C:\Windows\system32\Drivers\PGPfsfd.sys [?]

R0 Pgpwdefs;Pgpwdefs;C:\Windows\system32\DRIVERS\Pgpwdefs.sys --> C:\Windows\system32\DRIVERS\Pgpwdefs.sys [?]

R0 prot_2k;prot_2k;C:\Windows\System32\drivers\prot_2k.sys [2011-3-8 221736]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]

R1 pagent_;pagent_;\??\C:\Windows\system32\pagent_.sys --> C:\Windows\system32\pagent_.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AgentService;AgentService;C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [2011-5-3 7580576]

R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]

R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]

R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 LenovoRd;LenovoRd;C:\Windows\system32\Drivers\LenovoRd.sys --> C:\Windows\system32\Drivers\LenovoRd.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 vna_ap;Check Point Virtual Network Adapter - Apollo;C:\Windows\system32\DRIVERS\vnaap.sys --> C:\Windows\system32\DRIVERS\vnaap.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 EracentARPC;Eracent ARPCollector;C:\Eracent\EPA\arpcollector.sys [2011-3-11 17408]

S3 LV_Tracker;LV_Tracker;C:\Windows\system32\DRIVERS\LV_Tracker64.sys --> C:\Windows\system32\DRIVERS\LV_Tracker64.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

.

=============== Created Last 30 ================

.

2011-10-15 13:12:56 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2011-10-15 13:01:19 709968 ----a-w- C:\Windows\isRS-000.tmp

2011-10-15 08:13:04 -------- d--h--w- C:\Users\551569\AppData\Roaming\Malwarebytes

2011-10-15 08:12:54 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-10-15 08:12:53 -------- d--h--w- C:\ProgramData\Malwarebytes

2011-10-15 08:12:52 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-15 08:12:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-15 07:24:43 -------- d--h--w- C:\ProgramData\McAfee Security Scan

2011-10-15 07:24:33 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan

2011-10-15 06:47:26 348160 ---ha-w- C:\ProgramData\6DSS92c31Apgjk.exe

2011-10-15 06:09:56 467968 ----a-w- C:\ProgramData\xXcnbsQjRkB.exe

2011-09-26 12:08:06 -------- d--h--w- C:\Users\551569\AppData\Roaming\Juniper Networks

2011-09-23 20:02:26 -------- d--h--w- C:\Cisco

.

==================== Find3M ====================

.

2011-10-15 13:05:54 17920 ----a-w- C:\Windows\System32\rpcnetp.exe

2011-10-15 13:05:52 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll

2011-10-15 13:05:51 96784 ----a-w- C:\Windows\SysWow64\WPRO_41_1742woem.tmp

2011-10-03 17:50:45 242224 ----a-w- C:\Windows\System32\cryptocore64.dll

2011-10-03 17:50:45 161792 ----a-w- C:\Windows\System32\LogonAgentAPI64.dll

2011-10-03 17:50:45 1227944 ----a-w- C:\Windows\System32\pssocm32.dll

2011-10-03 17:50:44 285992 ----a-w- C:\Windows\System32\drivers\prot_2k.sys

2011-10-03 17:50:44 206896 ----a-w- C:\Windows\System32\drivers\ccore64.sys

2011-10-03 17:50:44 1367720 ----a-w- C:\Windows\System32\pcp.dll

2011-10-03 17:50:44 1229992 ----a-w- C:\Windows\System32\pssogina.dll

2011-08-23 23:39:34 1585664 ----a-w- C:\Windows\System32\pagent_.exe

2011-08-23 23:39:32 66112 ----a-w- C:\Windows\System32\pagent_.sys

2011-08-23 23:39:32 1585664 ----a-w- C:\Windows\System32\pagent.exe

2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 13:00:24.50 ===============

Attach.txt

DDS.txt

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Thank you for your reply. The instructions state to "attach" the .txt files - I wasn't aware you should copy and paste the results contained within the file.

I finally realized my Malwarebytes was infected too. I then unhid my start and desktop (used some code I found on bleeping computer). This let me save a new copy of Malwarebytes onto my desktop. I ran it and it found 3 problems - 2 PUM.hijackstartmenu and 1 Fake Ads. I removed them and rebooted. Ran Malwarebytes again, found 2 more issues - Fake Ads. Removed those. Then rebooted and ran the scan a third time, this time restoring all other setttings that had been altered (desktop background, etc) and no problems were found. Ran McAfee as well - all clean.

My machine is working great so you can close my post.

I appreciate the fact you all are here to help us novice users get things straightened out.

Thanks!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.