Didn't find a thing i'm afraid!
Didn't find a thing i'm afraid!
Here is the log (i think)
Hi,
Go to Start > type or copy/paste the following in the search program and files textbox, then press Enter
diskmgmt.msc
Capture and attach a screenshot of what you see there.
---
Please download MBRCheck.exe to your desktop.
Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Have attached!
Hi again,
Uninstall your current Adobe shockwave player and get the fresh one here if needed.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 7 Update 1.
- Click the
Download
button to the right.- Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-7u1-windows-i586.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
* Go here to run an online scanner from ESET.
- Note: You will need to use Internet explorer for this scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
- Click Scan
- Wait for the scan to finish.
Post back its report & a fresh dds.txt log. Are there still issues left?
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hiya, all updated now I think.
I did the scan and it found three threats:
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application
Should I run the scan again this time deleting them?
DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tanith at 23:35:12 on 2011-11-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2351 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Users\Tanith\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111107112340.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
uRun: [Facebook Update] "C:\Users\Tanith\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjA4OTQ2NTIxLVhPMTArMTItTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCsxNTEyNy1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRE4rMS1UQisxLVUxMCsx"&"prod=90"&"ver=10.0.1410
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Tanith\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tanith\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{77FCBF1A-3BE4-4D96-9544-182ABCE6C2FA} : DhcpNameServer = 10.0.0.1 10.0.0.2 10.0.0.5
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\37C61646562627F6F6B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\57E62656C69656671626C65602A6566666021212121212121212121212 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\6796379647F627E65647 : DhcpNameServer = 172.19.0.67 172.19.0.73
TCP: Interfaces\{FE5FE923-5BD9-4991-876A-D95E1D582F7E}\C496675626F687D224232383 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111107112340.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjA4OTQ2NTIxLVhPMTArMTItTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCsxNTEyNy1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRE4rMS1UQisxLVUxMCsx"&"prod=90"&"ver=10.0.1410
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-11-6 199008]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-11-6 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-23 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-2 705856]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-9-23 2152152]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-10-6 25072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-24 22:24:29 -------- d-----w- C:\Program Files (x86)\ESET
2011-11-24 00:00:48 -------- d-----w- C:\$RECYCLE.BIN
2011-11-23 23:08:09 98816 ----a-w- C:\Windows\sed.exe
2011-11-23 23:08:09 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-23 23:08:09 256000 ----a-w- C:\Windows\PEV.exe
2011-11-23 23:08:09 208896 ----a-w- C:\Windows\MBR.exe
2011-11-23 23:06:58 -------- d-----w- C:\ComboFix
2011-11-23 13:52:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-23 13:52:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-23 13:12:54 -------- d-----w- C:\Users\Tanith\AppData\Local\{DBC01FED-2B40-4434-8CD6-2859D48F023A}
2011-11-23 13:12:37 -------- d-----w- C:\Users\Tanith\AppData\Local\{BFB2635E-0D37-473C-BB6E-27DFADF3F620}
2011-11-19 22:28:48 -------- d-----w- C:\Users\Tanith\AppData\Local\{9FB1F30F-7A5A-4D2C-A386-4912FBB42F23}
2011-11-19 22:28:09 -------- d-----w- C:\Users\Tanith\AppData\Local\{EA4D5175-B904-4FE7-8B0C-23BA09B63561}
2011-11-19 22:25:07 -------- d-----w- C:\Users\Tanith\AppData\Local\{0912ADC1-D1CE-4633-9B51-A2EDF9942229}
2011-11-19 03:01:03 -------- d-----w- C:\Users\Tanith\AppData\Local\{AD2503F0-DDFB-48B8-AB85-63465EB4677D}
2011-11-18 14:47:34 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-18 14:47:33 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-18 14:47:31 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-18 14:47:24 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-18 14:39:20 -------- d-----w- C:\Users\Tanith\AppData\Local\{B1A15B3F-0440-4B11-899F-FDE3DE89D843}
2011-11-18 14:38:43 -------- d-----w- C:\Users\Tanith\AppData\Local\{2EC0F061-FA0F-4BFC-A16A-0D4107531793}
2011-11-18 13:41:06 -------- d-----w- C:\ProgramData\PrevxCSI
2011-11-18 12:44:11 -------- d-----w- C:\Users\Tanith\AppData\Local\{E2D4F302-19D0-45A8-B879-3629C3D81305}
2011-11-18 12:43:45 -------- d-----w- C:\Users\Tanith\AppData\Local\{5E071281-44EA-4ACF-B793-F40BFA46ADE6}
2011-11-17 10:30:39 -------- d-----w- C:\Users\Tanith\AppData\Roaming\Malwarebytes
2011-11-17 10:30:26 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-17 10:30:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-17 09:56:51 -------- d-----w- C:\Users\Tanith\AppData\Local\{BE910464-35AD-4C81-AA60-E7AA1567B35B}
2011-11-17 09:56:28 -------- d-----w- C:\Users\Tanith\AppData\Local\{5D284CA4-BC4F-4B71-8D92-A02586BC5D23}
2011-11-16 11:57:14 -------- d-----w- C:\Users\Tanith\AppData\Local\{33D92708-4B97-41C9-BB64-2D245C70F244}
2011-11-16 11:56:37 -------- d-----w- C:\Users\Tanith\AppData\Local\{F07597DF-4592-444C-931C-D1676DA74ACA}
2011-11-15 03:23:54 -------- d-----w- C:\Users\Tanith\AppData\Local\{0D0009C4-D6CA-4FCC-8B75-AD2DAF50672C}
2011-11-15 03:23:34 -------- d-----w- C:\Users\Tanith\AppData\Local\{4EECE56F-7387-47F0-B1A8-59D5E507AF17}
2011-11-14 12:02:58 -------- d-----w- C:\Users\Tanith\AppData\Local\{1A45BFC3-91E0-414E-9222-67F3857626A4}
2011-11-14 12:02:42 -------- d-----w- C:\Users\Tanith\AppData\Local\{A740FED3-4B25-4A6A-9BFE-83A8C3EA5298}
2011-11-14 11:43:33 -------- d-----w- C:\Users\Tanith\AppData\Local\{DFE21E41-4E81-4AFC-A908-D23D463C1913}
2011-11-12 17:38:06 -------- d-----w- C:\Users\Tanith\AppData\Local\{18D19A18-62FB-43E0-ADE7-A62AE91856A7}
2011-11-12 12:21:24 -------- d-----w- C:\Users\Tanith\AppData\Local\{C8CC5C48-D4CC-4F8D-ADCF-6CF3497E93B3}
2011-11-12 12:20:59 -------- d-----w- C:\Users\Tanith\AppData\Local\{C23CAE0B-87B2-4F61-A328-A1F7D9A6ACF8}
2011-11-11 10:46:02 -------- d-----w- C:\Users\Tanith\AppData\Local\{97C8D1E7-B66C-4F82-814C-3C6F94CE3B98}
2011-11-10 11:23:21 -------- d-----w- C:\Users\Tanith\AppData\Local\{9277D914-3828-4853-9F08-3CA675557268}
2011-11-10 11:22:56 -------- d-----w- C:\Users\Tanith\AppData\Local\{9AEF334F-92E4-414C-A89D-5E01375BC65D}
2011-11-09 23:18:59 -------- d-----w- C:\Users\Tanith\AppData\Local\{A4DD0C41-8E81-4F47-8628-120373E35463}
2011-11-09 11:17:52 -------- d-----w- C:\Users\Tanith\AppData\Local\{63393B40-84DF-4F24-A206-BB5B7F02669F}
2011-11-08 11:22:25 -------- d-----w- C:\Users\Tanith\AppData\Local\{8B5E1CDC-AE87-4C74-B813-3FCA799FE02B}
2011-11-08 11:21:47 -------- d-----w- C:\Users\Tanith\AppData\Local\{2B1B5D26-A8E0-4DD7-98C5-048FF22B47AD}
2011-11-07 11:23:12 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-11-07 11:22:06 -------- d-----w- C:\Users\Tanith\AppData\Local\{1F7F710F-DCDF-45E7-972D-E98904248B13}
2011-11-07 11:21:53 -------- d-----w- C:\Users\Tanith\AppData\Local\{839D1A7D-C6DC-42FB-A45C-D16A886691DB}
2011-11-06 18:02:46 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2011-11-06 18:02:39 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2011-11-06 18:02:38 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2011-11-06 18:02:06 -------- d-----w- C:\Program Files (x86)\McAfee.com
2011-11-06 18:01:52 28504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2011-11-06 18:01:47 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-11-06 18:01:04 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-11-06 18:01:04 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-11-06 18:01:04 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-11-06 18:01:04 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-11-06 18:01:04 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-11-06 18:00:54 -------- d-----w- C:\Program Files\McAfee.com
2011-11-06 18:00:54 -------- d-----w- C:\Program Files\Common Files\McAfee
2011-11-06 18:00:53 -------- d-----w- C:\Program Files\McAfee
2011-11-06 17:36:25 -------- d-----w- C:\Program Files\iTunes
2011-11-06 17:36:25 -------- d-----w- C:\Program Files\iPod
2011-11-06 17:32:54 -------- d-----w- C:\Program Files\Bonjour
2011-11-06 17:32:54 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-06 17:32:34 158832 ----a-w- C:\Windows\System32\mfevtps.exe
2011-11-06 17:31:13 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-11-06 17:31:13 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-11-06 17:31:13 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-11-06 17:31:11 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-11-06 17:30:43 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-11-06 17:30:43 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-11-06 17:30:43 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-11-06 17:30:43 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-11-06 17:18:32 -------- d-----w- C:\Users\Tanith\AppData\Local\{73F0A4AB-86E8-40BA-BA09-09810BE12428}
2011-11-06 17:17:25 -------- d-----w- C:\Users\Tanith\AppData\Local\{8E1B952E-A161-4BBF-B090-0A4D2397E657}
2011-11-02 14:36:45 -------- d-----w- C:\Users\Tanith\AppData\Local\{D9BB5074-4F05-439F-A9E6-9D2D62932828}
.
==================== Find3M ====================
.
2011-11-24 22:20:53 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-24 14:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 14:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-30 23:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-30 23:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-30 23:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-30 23:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-30 23:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-30 23:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-30 23:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-30 23:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
.
============= FINISH: 23:43:40.79 ===============
Hi again, my system is still doing the same thing - occasionally redirecting my searches and funny things running in my task manager. I have attached a screen shot of what is going on in task manager with nothing open. IE seems to be using a lot of cpu (sometimes it is even more) and it isnt even open. I'm also worried about the things that have no description or user? Are they normal?
I have also uninstalled chrome and firefox as neither were working (crashing/sending task manager into overload).
Thank you so much for your help so far!
Hi,
Please download mbrfix.exe from here.
Scroll down to locate mbrfix.exe and in the lower right corner of the tool info, you'll see the Download link. It's important that you save it directly to the C:\ drive and extract it to that same location.
Double click the mbrfix folder and drag the mbrfix64.exe out of that folder so it's location is C:\mbrfix64.exe
Click start->in search box type cmd.exe, right click cmd.exe and select run as administrator.
If all went well you should have black window with Administrator: Command Prompt title open.
At the prompt, type in the following and press Enter:
cd /d c:\
( Note - there is a space between cd and /d and another space between /d and c:\ )
You should now be at the C:\> prompt.
Type in the following and press Enter:
MbrFix64_/drive_0_savembr_MBRNormalmode
(Note - I've placed underscores where spaces should be. Do not type in the underscore, just hit the space bar. Also, the 0 you see in the command, is the numeral 0.)
Next, type exit and press Enter.
--
Next, restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
At the prompt, type in the following and press Enter:
cd /d c:\
( Note - there is a space between cd and /d and another space between /d and c:\ )
You should now be at the C:\> prompt.
Type in the following and press Enter:
MbrFix64_/drive_0_savembr_MBRREmode
(Again, note - I've placed underscores where spaces should be. Do not type in the underscore, just hit the space bar. Also, the 0 you see in the command, is the numeral 0.)
Next, type exit and press Enter and restart the machine.
Navigate to C:\MBRNormalmode file. Right click it to zip it up, and please attach it to your next post. Repeat with C:\MBRREmode file.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi, I've tried to follow your steps, but after clicking repair your computer it says windows is loading files and then never finishes loading!
Don't know what to do next.
Hi,
Do you have Windows 7 installation media available?
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.