Results 1 to 10 of 24

Thread: Smitfraud-C.generic--Help w/ removal!

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 2012-06-20, 00:42 #1
    shelbs318
    shelbs318 is offline
    Junior Member
    Join Date
    Jun 2012
    Posts
    13

    Exclamation Smitfraud-C.generic--Help w/ removal!

    This virus refuses to leave my computer. I run spybot and the program claims the virus is fixed, but I can literally scan it a minute later and the Smitfraud-C.generic is back. Please help me remove this trojan from my pc permanently.

    I have Windows 7, 64 on a Dell Inspiron
    I also have Mcaffe, if that matters.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Shelby at 18:29:50 on 2012-06-19
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2186 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    -netsvcs
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files\McAfee\VirusScan\mcods.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120611170811.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    StartupFolder: C:\Users\Shelby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{23ABA2C2-32B0-4CD4-A2A1-593D5A68FE43} : DhcpNameServer = 192.168.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120611170811.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-9 257224]
    .
    =============== Created Last 30 ================
    .
    2012-06-13 21:14:55 -------- d-----w- C:\Users\Shelby\AppData\Local\Adobe
    2012-06-11 21:56:51 20480 ----a-w- C:\Windows\svchost.exe
    2012-06-11 19:29:29 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2012-06-11 19:29:28 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2012-06-11 19:29:28 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2012-06-11 19:29:28 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2012-06-11 19:29:27 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2012-06-11 19:29:27 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2012-06-11 19:29:27 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2012-06-11 19:25:26 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-06-11 19:25:25 2566144 ----a-w- C:\Windows\System32\esent.dll
    2012-06-11 19:25:25 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2012-06-11 19:25:25 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2012-06-11 19:25:25 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
    2012-06-11 19:25:24 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
    2012-06-11 19:25:24 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
    2012-06-11 19:25:24 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
    2012-06-11 19:25:23 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2012-06-11 19:25:23 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2012-06-11 19:25:22 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2012-06-11 18:55:04 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-06-11 18:55:04 -------- d-----w- C:\Windows\System32\Wat
    2012-06-10 20:36:57 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2012-06-10 20:36:57 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2012-06-10 20:12:12 311808 ----a-w- C:\Windows\System32\msv1_0.dll
    2012-06-10 20:12:12 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2012-06-10 19:52:54 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2012-06-10 19:52:54 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2012-06-10 19:52:54 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2012-06-10 19:52:54 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2012-06-10 19:52:54 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2012-06-10 19:52:54 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2012-06-10 19:52:54 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2012-06-10 19:52:54 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2012-06-10 19:52:54 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2012-06-10 19:52:54 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2012-06-10 19:27:45 80896 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-06-10 19:27:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-06-10 19:27:45 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-06-10 19:27:45 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-06-10 19:27:45 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-06-10 19:27:45 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-06-10 19:27:45 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-06-10 18:55:20 -------- d-----w- C:\Windows\PCHEALTH
    2012-06-10 18:52:02 -------- d-----w- C:\Users\Shelby\AppData\Local\Microsoft Help
    2012-06-10 17:48:56 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2012-06-10 17:46:44 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-06-10 17:46:44 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-06-10 17:46:43 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-06-10 17:46:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-06-10 17:46:31 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-06-10 17:46:31 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-06-10 17:46:26 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
    2012-06-10 17:46:25 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    2012-06-10 17:46:25 2085376 ----a-w- C:\Windows\System32\ole32.dll
    2012-06-10 17:46:24 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
    2012-06-10 17:46:00 2228224 ----a-w- C:\Windows\System32\mssrch.dll
    2012-06-10 17:44:39 422912 ----a-w- C:\Windows\System32\secproc_isv.dll
    2012-06-10 17:43:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-06-10 17:42:57 52224 ----a-w- C:\Windows\System32\rtutils.dll
    2012-06-10 17:41:44 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2012-06-10 17:40:14 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2012-06-10 17:40:11 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-06-10 17:40:09 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2012-06-10 17:40:08 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2012-06-10 17:40:06 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
    2012-06-10 17:40:06 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
    2012-06-10 17:40:06 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
    2012-06-10 17:40:01 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2012-06-10 17:40:01 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2012-06-10 17:40:00 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2012-06-10 17:40:00 108032 ----a-w- C:\Windows\System32\psisrndr.ax
    2012-06-10 17:38:59 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-06-10 17:37:55 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2012-06-10 17:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2012-06-10 17:37:54 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2012-06-10 17:37:53 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2012-06-10 17:37:53 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2012-06-10 17:37:44 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
    2012-06-10 17:25:41 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2012-06-10 17:25:40 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2012-06-10 17:25:37 634368 ----a-w- C:\Windows\System32\msvcrt.dll
    2012-06-10 17:25:36 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-06-10 17:25:33 112000 ----a-w- C:\Windows\System32\consent.exe
    2012-06-10 17:25:30 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2012-06-10 17:25:24 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2012-06-10 17:25:24 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2012-06-10 17:25:23 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2012-06-10 17:25:23 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2012-06-10 17:25:16 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2012-06-10 17:25:15 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2012-06-10 17:24:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-06-10 17:24:55 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-06-10 17:24:13 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-06-10 17:24:05 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2012-06-10 17:24:05 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-06-10 17:24:04 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-06-10 17:24:04 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2012-06-10 17:24:03 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2012-06-10 17:23:57 720896 ----a-w- C:\Windows\System32\odbc32.dll
    2012-06-10 17:23:56 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2012-06-10 17:23:56 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2012-06-10 17:23:55 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2012-06-10 17:23:55 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2012-06-10 17:23:55 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2012-06-10 17:23:54 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2012-06-10 17:23:53 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2012-06-10 17:23:53 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2012-06-10 17:23:53 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2012-06-10 17:23:34 1739160 ----a-w- C:\Windows\System32\ntdll.dll
    2012-06-10 17:23:33 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-06-10 17:19:56 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-06-10 17:19:55 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-06-10 13:05:44 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2012-06-10 13:05:44 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
    2012-06-10 07:15:54 -------- d-----w- C:\Windows\Panther
    2012-06-10 07:15:25 -------- d-----w- C:\Windows\System32\oem
    2012-06-10 06:49:54 -------- d-----w- C:\Windows.old
    2012-06-10 03:12:00 -------- d-----w- C:\Users\Shelby\AppData\Local\Microsoft Games
    2012-06-10 02:33:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-10 02:33:09 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-10 01:29:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-06-10 01:29:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-06-10 01:17:50 -------- d-----w- C:\Program Files (x86)\McAfee.com
    2012-06-10 01:17:38 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2012-06-10 01:17:38 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
    2012-06-10 01:16:44 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
    2012-06-10 01:16:44 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2012-06-10 01:16:44 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2012-06-10 01:16:44 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2012-06-10 01:16:44 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2012-06-10 01:16:44 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2012-06-10 01:16:32 -------- d-----w- C:\Program Files\McAfee.com
    2012-06-10 01:16:32 -------- d-----w- C:\Program Files\McAfee
    2012-06-10 01:16:32 -------- d-----w- C:\Program Files\Common Files\McAfee
    2012-06-10 01:16:29 -------- d-----w- C:\Program Files (x86)\McAfee
    2012-06-10 01:07:34 162192 ----a-w- C:\Windows\System32\mfevtps.exe
    2012-06-10 00:35:54 -------- d-----w- C:\Users\Shelby\AppData\Local\Diagnostics
    2012-06-10 00:27:50 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7250C547-3BEC-4613-AECF-28596846A027}\mpengine.dll
    2012-06-10 00:27:49 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-06-10 00:04:13 45056 ----a-r- C:\Users\Shelby\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
    2012-06-10 00:04:12 -------- d-----w- C:\Windows\SysWow64\vmm32
    2012-06-10 00:04:12 -------- d-----w- C:\Program Files (x86)\Dell
    2012-06-10 00:03:44 -------- d-sh--w- C:\Windows\Installer
    2012-06-09 23:58:08 89088 ----a-w- C:\Windows\SysWow64\atl71.dll
    2012-06-09 23:58:08 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-06-09 23:58:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-06-09 23:58:08 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
    2012-06-09 23:58:08 1047552 ----a-w- C:\Windows\SysWow64\MFC71u.dll
    2012-06-09 23:56:07 139264 ----a-w- C:\Windows\System32\cabview.dll
    2012-06-09 23:56:07 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
    2012-06-09 23:56:06 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-09 23:56:06 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-09 23:56:06 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-09 23:56:05 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-06-09 23:56:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-06-09 23:56:05 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-09 23:56:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-06-09 23:52:56 -------- d-sh--w- C:\Recovery
    .
    ==================== Find3M ====================
    .
    2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 18:32:10.84 ===============
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Shelby at 18:29:50 on 2012-06-19
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2186 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    -netsvcs
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files\McAfee\VirusScan\mcods.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120611170811.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    StartupFolder: C:\Users\Shelby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{23ABA2C2-32B0-4CD4-A2A1-593D5A68FE43} : DhcpNameServer = 192.168.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120611170811.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-9 257224]
    .
    =============== Created Last 30 ================
    .
    2012-06-13 21:14:55 -------- d-----w- C:\Users\Shelby\AppData\Local\Adobe
    2012-06-11 21:56:51 20480 ----a-w- C:\Windows\svchost.exe
    2012-06-11 19:29:29 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2012-06-11 19:29:28 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2012-06-11 19:29:28 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2012-06-11 19:29:28 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2012-06-11 19:29:27 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2012-06-11 19:29:27 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2012-06-11 19:29:27 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2012-06-11 19:25:26 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-06-11 19:25:25 2566144 ----a-w- C:\Windows\System32\esent.dll
    2012-06-11 19:25:25 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2012-06-11 19:25:25 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2012-06-11 19:25:25 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
    2012-06-11 19:25:24 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
    2012-06-11 19:25:24 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
    2012-06-11 19:25:24 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
    2012-06-11 19:25:23 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2012-06-11 19:25:23 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2012-06-11 19:25:22 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2012-06-11 18:55:04 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-06-11 18:55:04 -------- d-----w- C:\Windows\System32\Wat
    2012-06-10 20:36:57 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2012-06-10 20:36:57 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2012-06-10 20:12:12 311808 ----a-w- C:\Windows\System32\msv1_0.dll
    2012-06-10 20:12:12 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2012-06-10 19:52:54 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2012-06-10 19:52:54 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2012-06-10 19:52:54 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2012-06-10 19:52:54 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2012-06-10 19:52:54 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2012-06-10 19:52:54 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2012-06-10 19:52:54 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2012-06-10 19:52:54 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2012-06-10 19:52:54 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2012-06-10 19:52:54 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2012-06-10 19:27:45 80896 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-06-10 19:27:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-06-10 19:27:45 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-06-10 19:27:45 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-06-10 19:27:45 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-06-10 19:27:45 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-06-10 19:27:45 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-06-10 18:55:20 -------- d-----w- C:\Windows\PCHEALTH
    2012-06-10 18:52:02 -------- d-----w- C:\Users\Shelby\AppData\Local\Microsoft Help
    2012-06-10 17:48:56 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2012-06-10 17:46:44 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-06-10 17:46:44 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-06-10 17:46:43 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-06-10 17:46:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-06-10 17:46:31 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-06-10 17:46:31 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-06-10 17:46:26 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
    2012-06-10 17:46:25 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    2012-06-10 17:46:25 2085376 ----a-w- C:\Windows\System32\ole32.dll
    2012-06-10 17:46:24 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
    2012-06-10 17:46:00 2228224 ----a-w- C:\Windows\System32\mssrch.dll
    2012-06-10 17:44:39 422912 ----a-w- C:\Windows\System32\secproc_isv.dll
    2012-06-10 17:43:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-06-10 17:42:57 52224 ----a-w- C:\Windows\System32\rtutils.dll
    2012-06-10 17:41:44 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2012-06-10 17:40:14 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2012-06-10 17:40:11 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-06-10 17:40:09 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2012-06-10 17:40:08 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2012-06-10 17:40:06 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
    2012-06-10 17:40:06 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
    2012-06-10 17:40:06 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
    2012-06-10 17:40:01 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2012-06-10 17:40:01 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2012-06-10 17:40:00 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2012-06-10 17:40:00 108032 ----a-w- C:\Windows\System32\psisrndr.ax
    2012-06-10 17:38:59 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-06-10 17:37:55 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2012-06-10 17:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2012-06-10 17:37:54 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2012-06-10 17:37:53 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2012-06-10 17:37:53 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2012-06-10 17:37:44 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
    2012-06-10 17:25:41 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2012-06-10 17:25:40 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2012-06-10 17:25:37 634368 ----a-w- C:\Windows\System32\msvcrt.dll
    2012-06-10 17:25:36 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-06-10 17:25:33 112000 ----a-w- C:\Windows\System32\consent.exe
    2012-06-10 17:25:30 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2012-06-10 17:25:24 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2012-06-10 17:25:24 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2012-06-10 17:25:23 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2012-06-10 17:25:23 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2012-06-10 17:25:16 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2012-06-10 17:25:15 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2012-06-10 17:24:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-06-10 17:24:55 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-06-10 17:24:13 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-06-10 17:24:05 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2012-06-10 17:24:05 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-06-10 17:24:04 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-06-10 17:24:04 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2012-06-10 17:24:03 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2012-06-10 17:23:57 720896 ----a-w- C:\Windows\System32\odbc32.dll
    2012-06-10 17:23:56 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2012-06-10 17:23:56 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2012-06-10 17:23:55 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2012-06-10 17:23:55 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2012-06-10 17:23:55 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2012-06-10 17:23:54 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2012-06-10 17:23:53 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2012-06-10 17:23:53 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2012-06-10 17:23:53 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2012-06-10 17:23:34 1739160 ----a-w- C:\Windows\System32\ntdll.dll
    2012-06-10 17:23:33 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-06-10 17:19:56 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-06-10 17:19:55 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-06-10 13:05:44 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2012-06-10 13:05:44 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
    2012-06-10 07:15:54 -------- d-----w- C:\Windows\Panther
    2012-06-10 07:15:25 -------- d-----w- C:\Windows\System32\oem
    2012-06-10 06:49:54 -------- d-----w- C:\Windows.old
    2012-06-10 03:12:00 -------- d-----w- C:\Users\Shelby\AppData\Local\Microsoft Games
    2012-06-10 02:33:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-10 02:33:09 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-10 01:29:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-06-10 01:29:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-06-10 01:17:50 -------- d-----w- C:\Program Files (x86)\McAfee.com
    2012-06-10 01:17:38 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2012-06-10 01:17:38 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
    2012-06-10 01:16:44 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
    2012-06-10 01:16:44 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2012-06-10 01:16:44 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2012-06-10 01:16:44 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2012-06-10 01:16:44 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2012-06-10 01:16:44 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2012-06-10 01:16:32 -------- d-----w- C:\Program Files\McAfee.com
    2012-06-10 01:16:32 -------- d-----w- C:\Program Files\McAfee
    2012-06-10 01:16:32 -------- d-----w- C:\Program Files\Common Files\McAfee
    2012-06-10 01:16:29 -------- d-----w- C:\Program Files (x86)\McAfee
    2012-06-10 01:07:34 162192 ----a-w- C:\Windows\System32\mfevtps.exe
    2012-06-10 00:35:54 -------- d-----w- C:\Users\Shelby\AppData\Local\Diagnostics
    2012-06-10 00:27:50 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7250C547-3BEC-4613-AECF-28596846A027}\mpengine.dll
    2012-06-10 00:27:49 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-06-10 00:04:13 45056 ----a-r- C:\Users\Shelby\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
    2012-06-10 00:04:12 -------- d-----w- C:\Windows\SysWow64\vmm32
    2012-06-10 00:04:12 -------- d-----w- C:\Program Files (x86)\Dell
    2012-06-10 00:03:44 -------- d-sh--w- C:\Windows\Installer
    2012-06-09 23:58:08 89088 ----a-w- C:\Windows\SysWow64\atl71.dll
    2012-06-09 23:58:08 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-06-09 23:58:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-06-09 23:58:08 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
    2012-06-09 23:58:08 1047552 ----a-w- C:\Windows\SysWow64\MFC71u.dll
    2012-06-09 23:56:07 139264 ----a-w- C:\Windows\System32\cabview.dll
    2012-06-09 23:56:07 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
    2012-06-09 23:56:06 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-09 23:56:06 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-09 23:56:06 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-09 23:56:05 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-06-09 23:56:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-06-09 23:56:05 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-09 23:56:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-06-09 23:52:56 -------- d-sh--w- C:\Recovery
    .
    ==================== Find3M ====================
    .
    2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 18:32:10.84 ===============



    I have the other DDS log also; if it is needed.

    Thanks for your help in advance!
    Last edited by tashi; 2012-06-20 at 07:19. Reason: Moved from Spybot-S&D support as DDS log posted.
  2. 2012-06-20, 07:37 #2
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Download aswMBR to your desktop. Double click the aswMBR.exe to run it
    Click the Scan button to start scan

    On completion of the scan click save log, save it to your desktop and post in your next reply. Post attach.txt contents of DDS too.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  3. 2012-06-20, 18:22 #3
    shelbs318
    shelbs318 is offline
    Junior Member
    Join Date
    Jun 2012
    Posts
    13

    Smile

    Thanks for the speedy reply!

    Here is the AVAST scan:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-20 12:02:08
    -----------------------------
    12:02:08.978 OS Version: Windows x64 6.1.7600
    12:02:08.978 Number of processors: 2 586 0x170A
    12:02:08.978 ComputerName: SHELBY-PC UserName: Shelby
    12:02:16.432 Initialize success
    12:05:57.992 AVAST engine defs: 12062001
    12:13:09.485 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    12:13:09.485 Disk 0 Vendor: SAMSUNG_HM250HI 2AC101C4 Size: 238475MB BusType: 11
    12:13:09.495 Device \Driver\atapi -> MajorFunction fffffa80049e55e8
    12:13:09.495 Disk 0 MBR read successfully
    12:13:09.495 Disk 0 MBR scan
    12:13:09.555 Disk 0 Windows 7 default MBR code
    12:13:09.555 Disk 0 MBR hidden
    12:13:09.575 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    12:13:09.585 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
    12:13:09.605 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
    12:13:09.645 Disk 0 scanning C:\Windows\system32\drivers
    12:13:18.807 Service scanning
    12:13:45.525 Modules scanning
    12:13:45.535 Disk 0 trace - called modules:
    12:13:45.535 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80049e55e8]<<
    12:13:45.545 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800449c060]
    12:13:45.555 3 CLASSPNP.SYS[fffff880019aa43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040fd1f0]
    12:13:45.565 \Driver\atapi[0xfffffa80049e0550] -> IRP_MJ_CREATE -> 0xfffffa80049e55e8
    12:13:51.357 AVAST engine scan C:\Windows
    12:13:54.169 AVAST engine scan C:\Windows\system32
    12:18:05.778 AVAST engine scan C:\Windows\system32\drivers
    12:18:18.390 AVAST engine scan C:\Users\Shelby
    12:19:18.360 Disk 0 MBR has been saved successfully to "C:\Users\Shelby\Desktop\MBR.dat"
    12:19:18.442 The log file has been saved successfully to "C:\Users\Shelby\Desktop\aswMBR.txt"


    I am assuming that this is what you need DDS wise, but if not I can do another scan.

    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/9/2012 7:53:05 PM
    System Uptime: 6/19/2012 5:48:59 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0G848F
    Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | Microprocessor | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 218 GiB total, 139.151 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP9: 6/11/2012 9:39:41 PM - Windows Update
    RP10: 6/13/2012 3:13:23 PM - Windows Update
    RP11: 6/14/2012 12:11:30 PM - Windows Update
    RP12: 6/15/2012 10:24:29 AM - Windows Update
    RP13: 6/17/2012 4:48:41 PM - Windows Update
    RP14: 6/17/2012 5:39:52 PM - Windows Update
    RP15: 6/17/2012 7:29:00 PM - Windows Update
    RP16: 6/17/2012 7:57:02 PM - Windows Update
    RP17: 6/17/2012 8:33:52 PM - Windows Update
    RP18: 6/17/2012 10:29:34 PM - Windows Update
    RP19: 6/19/2012 4:43:23 PM - Windows Update
    RP20: 6/19/2012 5:57:08 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 11 ActiveX
    Dell Resource CD
    ERUNT 1.1j
    McAfee SecurityCenter
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    PowerDVD DX
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Spybot - Search & Destroy
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/19/2012 6:16:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).
    6/19/2012 5:51:34 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    6/19/2012 5:51:25 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    6/19/2012 5:49:51 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
    6/19/2012 5:49:46 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    6/19/2012 5:35:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    6/19/2012 5:28:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    6/19/2012 5:24:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/19/2012 5:24:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/19/2012 5:24:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    6/19/2012 5:24:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    6/19/2012 5:24:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/19/2012 5:24:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/19/2012 5:24:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    6/19/2012 5:24:05 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 5:24:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000044ab, 0x0000000000000002, 0x0000000000000001, 0xfffff80002a53995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061912-25240-01.
    6/19/2012 5:21:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000007fefed85, 0x0000000000000002, 0x0000000000000001, 0xfffff80002a53995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061912-25740-01.
    6/19/2012 4:39:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    6/17/2012 7:48:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
    6/17/2012 7:48:59 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/17/2012 7:48:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000020, 0xfffffa80036929b0, 0xfffffa8003692a30, 0x0000000004080001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061712-48937-01.
    6/17/2012 4:55:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002dc4fea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061712-57517-01.
    6/15/2012 6:36:53 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CYNTHIA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{23ABA2C2-32B0-4CD4-A2A1-593D5A68FE43}. The master browser is stopping or an election is being forced.
    6/15/2012 10:41:43 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    6/15/2012 10:41:43 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    6/15/2012 10:41:43 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
    6/15/2012 10:41:43 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    .
    ==== End Of File ===========================


    Thanks again for all of your help!
  4. 2012-06-20, 20:13 #4
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Yes, that was attach.txt log from DDS. Let's continue


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  5. 2012-06-20, 22:29 #5
    shelbs318
    shelbs318 is offline
    Junior Member
    Join Date
    Jun 2012
    Posts
    13

    Default

    Unfortunately, we have run into our first bump in the road. I have ran the combofix 3 times now, once as an administrator. Each time, my computer turns off and reloads, I sign in, and then the program says to wait until the log is produced. However, my computer always crashes (blue screen of death) before I can copy down a log to send to you. Any suggestions?...

    Thanks again.
  6. 2012-06-21, 06:22 #6
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default Let's try something else

    Hi,

    1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
    2. Execute the file TDSSKiller.exe.
    3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
    4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules