Jump to content

ckmcdonald

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Posts posted by ckmcdonald

    Trojan.Fakealert Recovery Help Needed

    in General Windows PC Help

    Posted

    Ron:

    Thanks and sorry for posting in the wrong forum. I ran DDS and started a new thread in "Malware Removal" and attached the logs. Hopefully I will get a little assistance with restoring my system from that thread.

    In the mean time, I purchased Malwarebytes and installed in on my other PC, run it and it picked up some garbage I didn't know I had and removed it. I'm sold. I'll buy it for my infected machine too, as soon as I get it cleaned up and running normally. It's painfully difficult to use now with all the menus blank, icons missing, user directory hidden, etc.

    Cal

    Trojan.Fakealert Recovery Help Needed

    in Resolved Malware Removal Logs

    Posted

    Merged post

    I got hit with Fakealert. I removed it with Malwarebytes. Log attached.

    Subsequent scans show the computer is now clean.

    But now I'm suffering the after-affects....

    -- Blank start menu

    -- Black desktop

    -- Redirected (empty) home directory

    -- No shortcuts on taskbar

    -- etc.

    I ran dds.com -- DDS.txt and Attach.txt logs attached.

    Please provide points how to restore my system.

    Thanks

    Cal

    Here is my DDS.txt log:

    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 9.0.8112.16421

    Run by Elizabeth at 12:25:25 on 2012-03-01

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5775 [GMT -7:00]

    .

    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\svchost.exe -k RPCSS

    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\WLANExt.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

    C:\Windows\system32\svchost.exe -k bthsvcs

    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

    C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\System32\svchost.exe -k HPZ12

    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    C:\Program Files (x86)\Retrospect\Retrospect Client\RemotSvc.exe

    C:\Program Files (x86)\Retrospect\Retrospect Client\retroclient.exe

    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\System32\rundll32.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

    C:\Windows\System32\rundll32.exe

    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

    C:\Program Files\Dell\QuickSet\quickset.exe

    C:\Program Files\Microsoft Security Client\msseces.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

    C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe

    C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\Windows\system32\svchost.exe -k SDRSVC

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\SysWOW64\cscript.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk

    mWinlogon: Userinit=userinit.exe,

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

    mRun: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

    mRun: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

    mRun: [bDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

    mRun: [<NO NAME>]

    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

    mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

    StartupFolder: C:\Users\ELIZAB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BLOGGI~1.LNK - C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe

    StartupFolder: C:\Users\ELIZAB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files (x86)\Intel\TurboBoost\SignalIslandUi.exe

    mPolicies-explorer: NoActiveDesktop = 1 (0x1)

    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

    TCP: DhcpNameServer = 24.116.2.50 24.116.2.34

    TCP: Interfaces\{3D77DD7E-FE3A-4E40-B62E-D25310B200C3} : NameServer = 208.67.222.222,208.67.220.220

    TCP: Interfaces\{3D77DD7E-FE3A-4E40-B62E-D25310B200C3} : DhcpNameServer = 24.116.2.50 24.116.2.34

    TCP: Interfaces\{3D77DD7E-FE3A-4E40-B62E-D25310B200C3}\D697177756374763939333 : NameServer = 208.67.222.222,208.67.220.220

    TCP: Interfaces\{3D77DD7E-FE3A-4E40-B62E-D25310B200C3}\D697177756374763939333 : DhcpNameServer = 192.168.0.1 205.171.3.25

    TCP: Interfaces\{5E08DF36-6C52-4BB6-B9BF-695412A44286} : DhcpNameServer = 13.36.0.102

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO-X64: AcroIEHelperStub - No File

    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    BHO-X64: URLRedirectionBHO - No File

    BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

    mRun-x64: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

    mRun-x64: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

    mRun-x64: [bDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

    mRun-x64: [(Default)]

    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

    mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\9qll8t8m.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

    FF - prefs.js: network.proxy.type - 0

    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

    FF - plugin: C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll

    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]

    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

    R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]

    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-11-29 98208]

    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]

    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]

    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]

    R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]

    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-1 652360]

    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-29 1999168]

    R2 Retrospect Client;Retrospect Client;C:\Program Files (x86)\Retrospect\Retrospect Client\RemotSvc.exe [2009-11-10 61440]

    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-29 1692480]

    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-17 380224]

    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

    R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-29 2656280]

    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]

    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]

    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]

    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]

    R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]

    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

    R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]

    R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

    R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]

    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

    R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

    R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

    R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-2-1 25072]

    R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]

    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

    S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/11/29 20:04:54;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2011-8-11 248304]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-10 136176]

    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]

    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-10 136176]

    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]

    S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

    S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]

    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

    S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]

    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

    S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    .

    =============== Created Last 30 ================

    .

    2012-03-01 16:19:52 -------- d-----w- C:\Users\Elizabeth\AppData\Roaming\Malwarebytes

    2012-03-01 16:19:39 -------- d-----w- C:\ProgramData\Malwarebytes

    2012-03-01 16:19:38 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

    2012-03-01 16:19:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2012-03-01 16:18:49 9502424 ----a-w- C:\Users\Elizabeth\mbam--setup-1.60.1.1000.exe

    2012-03-01 16:09:18 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A56ED0EC-B9D1-40FA-82FC-FC649F57254F}\mpengine.dll

    2012-02-20 03:15:46 -------- d--h--w- C:\Users\Elizabeth\.FamilySearchIndexing

    2012-02-20 03:15:30 -------- d-----w- C:\Program Files (x86)\FamilySearch Indexing

    2012-02-16 16:42:55 515584 ----a-w- C:\Windows\System32\timedate.cpl

    2012-02-16 16:42:55 509952 ----a-w- C:\Windows\System32\ntshrui.dll

    2012-02-16 16:42:55 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

    2012-02-16 16:42:55 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

    2012-02-16 16:42:54 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

    2012-02-16 16:42:54 3145728 ----a-w- C:\Windows\System32\win32k.sys

    2012-02-16 16:42:52 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

    2012-02-16 16:42:52 634880 ----a-w- C:\Windows\System32\msvcrt.dll

    2012-02-11 00:34:37 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

    2012-02-11 00:34:22 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD0AC647-DC4C-4C8E-BA47-C0772DF1C315}\gapaengine.dll

    2012-02-10 21:02:31 -------- d-----w- C:\Program Files\Dell Support Center

    2012-02-02 00:28:36 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2012-02-01 00:22:44 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

    2012-02-01 00:22:37 -------- d-----w- C:\Program Files\Microsoft Security Client

    .

    ==================== Find3M ====================

    .

    2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

    2011-12-29 16:11:00 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll

    2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll

    2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

    2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

    2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

    2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

    2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    .

    ============= FINISH: 12:25:53.25 ===============

    I updated and ran MBAM - log follows:

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000

    www.malwarebytes.org

    Database version: v2012.03.01.07

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    Elizabeth :: DAISY [administrator]

    Protection: Enabled

    3/1/2012 3:58:55 PM

    mbam-log-2012-03-01 (15-58-55).txt

    Scan type: Full scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 358335

    Time elapsed: 42 minute(s), 23 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    Attach.txt

    DDS.txt

    mbam-log-2012-03-01 (09-21-12).txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.