Jump to content

Search the Community

Showing results for tags 'Trojan.FakeMS'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 8 results

  1. What is Update Driver?The Malwarebytes research team has determined that Update Driver is bundleware. Bundleware of this kind gets installed by bundlers.How do I know if my computer is affected by Update Driver?You may see this warning during install:and this entry in your list of installed Programs and Features:You may see this running process:How did Update Driver get on my computer?Bundlers use different methods for distributing themselves. This particular one was offered by a software promoting site as a driver updater.How do I remove Update Driver?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Update Driver? No, Malwarebytes removes Update Driver completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this bundler.As you can see below the full version of Malwarebytes would have protected you against the Update Driver bundler. It would have blocked the installer before it became too late. Technical details for expertsPossible signs in FRST logs: (Microsoft) [File not signed] C:\Users\{username}\AppData\Roaming\Update Driver LLP\Update Driver\SearchIndexr.exe Startup: C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SearchIndexr.exe.lnk [2019-08-26] ShortcutTarget: SearchIndexr.exe.lnk -> C:\Users\{username}\AppData\Roaming\Update Driver LLP\Update Driver\SearchIndexr.exe (Microsoft) [File not signed] Startup: C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SearchIndexr.lnk [2019-08-26] ShortcutTarget: SearchIndexr.lnk -> C:\Users\{username}\AppData\Roaming\Update Driver LLP\Update Driver\SearchIndexr.exe (Microsoft) [File not signed] C:\Users\{username}\AppData\Roaming\Update Driver LLP (Update Driver LLP) C:\Users\{username}\Desktop\WRCFree.exe Update Driver (HKLM-x32\...\{D0B2E436-1FF5-4D95-AC82-36A6D693759B}) (Version: 1.0.0 - Update Driver LLP) Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Installer\{D0B2E436-1FF5-4D95-AC82-36A6D693759B} Adds the file iconfinder_DatabaseCloud_379336.exe"="8/26/2019 9:27 AM, 110447 bytes, RA In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Adds the file SearchIndexr.exe.lnk"="8/26/2019 9:27 AM, 1282 bytes, A Adds the file SearchIndexr.lnk"="8/26/2019 9:27 AM, 2238 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Update Driver LLP\Update Driver Adds the file installationdate.txt"="8/26/2019 9:27 AM, 11 bytes, A Adds the file SearchIndexr.exe"="3/1/2019 4:58 PM, 594944 bytes, A Adds the file SearchIndexr.exe.config"="2/24/2019 2:19 PM, 607 bytes, A Adds the file SearchIndexr.pdb"="3/1/2019 4:58 PM, 130560 bytes, A Adds the file SearchIndexr.vshost.exe"="3/1/2019 4:57 PM, 11600 bytes, A Adds the file SearchIndexr.vshost.exe.config"="2/24/2019 2:19 PM, 607 bytes, A Adds the file SearchIndexr.xml"="3/1/2019 4:58 PM, 2935 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0B2E436-1FF5-4D95-AC82-36A6D693759B}] "AuthorizedCDFPrefix"="REG_SZ", "" "Comments"="REG_SZ", "This installer database contains the logic and data required to install Update Driver." "Contact"="REG_SZ", "" "DisplayName"="REG_SZ", "Update Driver" "DisplayVersion"="REG_SZ", "1.0.0" "EstimatedSize"="REG_DWORD", 722 "HelpLink"="REG_SZ", "" "HelpTelephone"="REG_SZ", "" "InstallDate"="REG_SZ", "20190826" "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Update Driver LLP\Update Driver\" "InstallSource"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Update Driver LLP\Update Driver 1.0.0\install\" "Language"="REG_DWORD", 1033 "ModifyPath"="REG_EXPAND_SZ, "MsiExec.exe /I{D0B2E436-1FF5-4D95-AC82-36A6D693759B}" "Publisher"="REG_SZ", "Update Driver LLP" "Readme"="REG_SZ", "" "Size"="REG_SZ", "" "UninstallString"="REG_EXPAND_SZ, "MsiExec.exe /I{D0B2E436-1FF5-4D95-AC82-36A6D693759B}" "URLInfoAbout"="REG_SZ", "" "URLUpdateInfo"="REG_SZ", "" "Version"="REG_DWORD", 16777216 "VersionMajor"="REG_DWORD", 1 "VersionMinor"="REG_DWORD", 0 "WindowsInstaller"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\634E2B0D5FF159D4CA28636A6D3957B9] "AdvertiseFlags"="REG_DWORD", 388 "Assignment"="REG_DWORD", 0 "AuthorizedLUAApp"="REG_DWORD", 0 "Clients"="REG_MULTI_SZ, ": " "DeploymentFlags"="REG_DWORD", 2 "InstanceType"="REG_DWORD", 0 "Language"="REG_DWORD", 1033 "PackageCode"="REG_SZ", "9F0551E762011A4438F730F0DC7E9F6B" "ProductIcon"="REG_EXPAND_SZ, "%APPDATA%\Microsoft\Installer\{D0B2E436-1FF5-4D95-AC82-36A6D693759B}\iconfinder_DatabaseCloud_379336.exe" "ProductName"="REG_SZ", "Update Driver" "Version"="REG_DWORD", 16777216 [HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\634E2B0D5FF159D4CA28636A6D3957B9\SourceList] "LastUsedSource"="REG_EXPAND_SZ, "n;1;C:\Users\{username}\AppData\Roaming\Update Driver LLP\Update Driver 1.0.0\install\" "PackageName"="REG_SZ", "Update_Driver_xyz.msi" [HKEY_CURRENT_USER\Software\Update Driver LLP\Update Driver] "Path"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Update Driver LLP\Update Driver\" "Version"="REG_SZ", "1.0.0" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/26/19 Scan Time: 9:42 AM Log File: ffc619a2-c7d4-11e9-9274-00ffdcc6fdfc.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.12183 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236211 Threats Detected: 6 Threats Quarantined: 6 Time Elapsed: 6 min, 58 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 Trojan.FakeMS, C:\USERS\{username}\APPDATA\ROAMING\UPDATE DRIVER LLP\UPDATE DRIVER\SEARCHINDEXR.EXE, Quarantined, [3079], [639598],1.0.12183 Module: 1 Trojan.FakeMS, C:\USERS\{username}\APPDATA\ROAMING\UPDATE DRIVER LLP\UPDATE DRIVER\SEARCHINDEXR.EXE, Quarantined, [3079], [639598],1.0.12183 Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 4 Trojan.FakeMS, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\SearchIndexr.exe.lnk, Quarantined, [3079], [639598],1.0.12183 Trojan.FakeMS, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\SearchIndexr.lnk, Quarantined, [3079], [639598],1.0.12183 Trojan.FakeMS, C:\USERS\{username}\APPDATA\ROAMING\UPDATE DRIVER LLP\UPDATE DRIVER\SEARCHINDEXR.EXE, Quarantined, [3079], [639598],1.0.12183 PUP.Optional.LoadPC, C:\USERS\{username}\DESKTOP\WRCFREE.EXE, Quarantined, [13694], [724582],1.0.12183 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is CPUID CPU-Z?The Malwarebytes research team has determined that CPUID CPU-Z is a trojan.This particular one injects downloaded JavaScript (JS) files into browser sessions and sets a proxy accompanied with a false SSL certificate to perform a man-in-the-middle (MITM) attack.How do I know if my computer is affected by CPUID CPU-Z?You may see this entry in your list of installed software:and this icon in your startmenu and on your desktop:How did CPUID CPU-Z get on my computer?Trojans use different methods for distributing themselves. This particular one was bundled with other software.How do I remove CPUID CPU-Z?Our program Malwarebytes can detect and remove this malware. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of CPUID CPU-Z? No, Malwarebytes removes CPUID CPU-Z completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the CPUID CPU-Z hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and it blocks the domains where the trojn was downloaded from by the bundler: and even if you should get infected it blocks the exploit that the trojan uses to perform the man-in-the-middle attack: Technical details for expertsPossible signs in FRST logs: (Microsoft Corporation) C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe.bak (Microsoft Corporation) C:\ProgramData\Microsoft\Windows\GPR\network\svcnetwk.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows\GPR\browser\svchostctl.exe ProxyEnable: [S-1-5-21-{user GUID}] => Proxy is enabled. ProxyServer: [S-1-5-21-{user GUID}] => http=127.0.0.1:8080;https=127.0.0.1:8080 R2 winamgr; C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe [9875968 2018-04-10] (Microsoft Corporation) [File not signed] C:\Users\Public\Desktop\CPUID CPU-Z.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID C:\Program Files\CPUID CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) FirewallRules: [TCP Query User{D3E7F7AC-72C7-4000-8B93-DD0DA199AD56}C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe] => (Allow) C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe FirewallRules: [UDP Query User{79ED0071-EA4B-4214-BD80-E472E1505F7A}C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe] => (Allow) C:\programdata\microsoft\windows\gpr\network\svcnetwk.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files\CPUID\CPU-Z Adds the file cpuz.exe"="12/20/2017 1:10 PM, 3517688 bytes, A Adds the file cpuz.ini"="12/20/2017 1:15 PM, 594 bytes, A Adds the file cpuz_eula.txt"="8/12/2015 8:57 PM, 7651 bytes, A Adds the file cpuz_readme.txt"="12/20/2017 1:14 PM, 26325 bytes, A Adds the file unins000.dat"="4/10/2018 8:40 AM, 3245 bytes, A Adds the file unins000.exe"="4/10/2018 8:40 AM, 725157 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Audio Adds the file winamgr.exe"="4/10/2018 8:40 AM, 9875968 bytes, A Adds the file winamgr.exe.bak"="1/29/2018 2:03 PM, 9342976 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\GPR\browser Adds the file svchostctl.exe"="4/10/2018 8:40 AM, 216576 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\GPR\func Adds the file ca.crt"="4/10/2018 8:40 AM, 1094 bytes, A Adds the file ca.key"="4/10/2018 8:40 AM, 887 bytes, A Adds the file cert8.db"="4/10/2018 8:40 AM, 65536 bytes, A Adds the file certutil.exe"="4/10/2018 8:40 AM, 103936 bytes, A Adds the file chrome.exe"="4/10/2018 8:40 AM, 140736 bytes, A Adds the file freebl3.dll"="4/10/2018 8:40 AM, 222208 bytes, A Adds the file key3.db"="4/10/2018 8:40 AM, 16384 bytes, A Adds the file libnspr4.dll"="4/10/2018 8:40 AM, 199680 bytes, A Adds the file libplc4.dll"="4/10/2018 8:40 AM, 14336 bytes, A Adds the file libplds4.dll"="4/10/2018 8:40 AM, 12288 bytes, A Adds the file libvlc.dll"="4/10/2018 8:40 AM, 87040 bytes, A Adds the file libvlcwk.dll"="4/10/2018 8:40 AM, 195072 bytes, A Adds the file msvcr100.dll"="4/10/2018 8:40 AM, 773968 bytes, A Adds the file nss3.dll"="4/10/2018 8:40 AM, 798720 bytes, A Adds the file nssckbi.dll"="4/10/2018 8:40 AM, 370176 bytes, A Adds the file nssdbm3.dll"="4/10/2018 8:40 AM, 108544 bytes, A Adds the file nssutil3.dll"="4/10/2018 8:40 AM, 93696 bytes, A Adds the file secmod.db"="4/10/2018 8:40 AM, 16384 bytes, A Adds the file smime3.dll"="4/10/2018 8:40 AM, 97792 bytes, A Adds the file softokn3.dll"="4/10/2018 8:40 AM, 172544 bytes, A Adds the file sqlite3.dll"="4/10/2018 8:40 AM, 423936 bytes, A Adds the file ssl3.dll"="4/10/2018 8:40 AM, 190976 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\GPR\network Adds the file default_cse.js"="4/10/2018 8:40 AM, 5900 bytes, A Adds the file general.js"="4/10/2018 8:40 AM, 2252 bytes, A Adds the file svcnetwk.exe"="4/10/2018 8:40 AM, 11952128 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z Adds the file CPU-Z.lnk"="4/10/2018 8:40 AM, 893 bytes, A Adds the file Edit CPU-Z Config File.lnk"="4/10/2018 8:40 AM, 893 bytes, A Adds the file Uninstall CPU-Z.lnk"="4/10/2018 8:40 AM, 917 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file CPUID CPU-Z.lnk"="4/10/2018 8:40 AM, 869 bytes, A In the existing folder C:\Users\Public\Documents Adds the file {DE764086-1C0A-4DD3-90BA-0B93BDD794BE}"="4/10/2018 8:41 AM, 34 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail] "ChannelId"="REG_SZ", "icbusa20" [HKEY_LOCAL_MACHINE\SOFTWARE\CPUID\CPU-Z] "PATH"="REG_SZ", "C:\Program Files\CPUID\CPU-Z" "PRODUCT_NAME"="REG_SZ", "CPUID CPU-Z" "VERSION"="REG_SZ", "1.82.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\483A0ECB697A7E8FE5FB5DBCA52C7F82D70D8239] "Blob"="REG_BINARY, ................ ...........................................................................................................................................................................................................K........................................................................................................................................................................................ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CPUID CPU-Z_is1] "DisplayIcon"="REG_SZ", "C:\Program Files\CPUID\CPU-Z\cpuz.exe" "DisplayName"="REG_SZ", "CPUID CPU-Z 1.82.1" "DisplayVersion"="REG_SZ", "1.82.1" "EstimatedSize"="REG_DWORD", 4166 "Inno Setup: App Path"="REG_SZ", "C:\Program Files\CPUID\CPU-Z" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "CPUID\CPU-Z" "Inno Setup: Language"="REG_SZ", "default" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.5.9 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20180410" "InstallLocation"="REG_SZ", "C:\Program Files\CPUID\CPU-Z\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 82 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "QuietUninstallString"="REG_SZ", ""C:\Program Files\CPUID\CPU-Z\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files\CPUID\CPU-Z\unins000.exe"" "VersionMajor"="REG_DWORD", 1 "VersionMinor"="REG_DWORD", 82 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CPUZ] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\winamgr] "Description"="REG_SZ", "Windows Audio Manager" "Display"="REG_SZ", "Windows Audio Manager" "DisplayName"="REG_SZ", "Windows Audio Manager" "ErrorControl"="REG_DWORD", 0 "ImagePath"="REG_EXPAND_SZ, ""C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe" -s" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 "WOW64"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable"= REG_DWORD, 1 "ProxyServer"="REG_SZ", "http=127.0.0.1:8080;https=127.0.0.1:8080" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/10/18 Scan Time: 8:54 AM Log File: fdd2c3b4-3c8b-11e8-87ee-080027235d76.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.4674 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 245556 Threats Detected: 46 Threats Quarantined: 46 Time Elapsed: 2 min, 43 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 2 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\browser\svchostctl.exe, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\network\svcnetwk.exe, Quarantined, [1117], [505207],1.0.4674 Module: 3 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\browser\svchostctl.exe, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\network\svcnetwk.exe, Quarantined, [1117], [505207],1.0.4674 Trojan.Agent, C:\PROGRAMDATA\MICROSOFT\WINDOWS\AUDIO\WINAMGR.EXE, Quarantined, [383], [489320],1.0.4674 Registry Key: 2 Trojan.Egguard.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [1117], [-1],0.0.0 Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\winamgr, Quarantined, [383], [489320],1.0.4674 Registry Value: 6 Trojan.Egguard.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [1117], [-1],0.0.0 Trojan.Egguard.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [1117], [-1],0.0.0 Trojan.Egguard.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [1117], [-1],0.0.0 Trojan.Egguard.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [1117], [-1],0.0.0 Trojan.Egguard.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [1117], [-1],0.0.0 Trojan.FakeMS, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINAMGR|IMAGEPATH, Quarantined, [3025], [506363],1.0.4674 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 4 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\browser, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\network, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\PROGRAMDATA\MICROSOFT\WINDOWS\GPR, Quarantined, [1117], [505207],1.0.4674 File: 29 Trojan.Egguard.PrxySvrRST, C:\PROGRAMDATA\MICROSOFT\WINDOWS\GPR\NETWORK\GENERAL.JS, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\browser\svchostctl.exe, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\ca.crt, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\ca.key, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\cert8.db, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\certutil.exe, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\chrome.exe, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\freebl3.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\key3.db, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\libnspr4.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\libplc4.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\libplds4.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\libvlc.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\libvlcwk.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\msvcr100.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\nss3.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\nssckbi.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\nssdbm3.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\nssutil3.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\secmod.db, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\smime3.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\softokn3.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\sqlite3.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\func\ssl3.dll, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\network\default_cse.js, Quarantined, [1117], [505207],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\ProgramData\Microsoft\Windows\GPR\network\svcnetwk.exe, Quarantined, [1117], [505207],1.0.4674 Trojan.Agent, C:\PROGRAMDATA\MICROSOFT\WINDOWS\AUDIO\WINAMGR.EXE, Quarantined, [383], [489320],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\USERS\{username}\DESKTOP\CPU-Z.EXE, Quarantined, [1117], [505199],1.0.4674 Trojan.Egguard.PrxySvrRST, C:\DOWNLOADS\CPU-Z.EXE, Quarantined, [1117], [505199],1.0.4674 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. Hello, I have three different versions of the Microsoft.WindowsMobile.Forms.dll files as found in three different versions of Windows Mobile SDK being detected today. These files have scanned many times before and their digitial signature still seems to be intact. I am guessing (hoping) these are false-positives. Files and log attached. TIA Microsoft.WindowsMobile.Forms.zip
  4. A full scan found this: Files Detected: 1 C:\Windows\winsxs\amd64_microsoft-windows-nslookup_31bf3856ad364e35_6.1.7601.17514_none_29a6795f7d1218c6\nslookup.exe (Trojan.FakeMS) -> No action taken. I did some google searches and though there was confusing info out there, my feeling is it was likely a False Positive, so I took no action. I did a full scan within 12 hours and nothing was found. So, what do the experts think, was this a False Positive? Thanks, Matt
  5. I ran a full scan and 2 files were found infected. Is this a false positive or a true infection? What should i do? Below is the last portion of the log: Files Detected: 2 C:\OEM\Preload\Autorun\APP\Bing Bar\OEM\Packages\default\SearchEnhancementPackSetup.EXE (Trojan.FakeMS) -> No action taken. C:\OEM\Preload\Autorun\DRV\Synaptics Touchpad\WinWDF\x86\dpinst.exe (Trojan.FakeMS) -> No action taken. Advice and guidance is appreciated.
  6. I noticed my computer was slower than usual, then I started getting redirected to unknown web sites. That's when I knew there was a problem. I tried updating my McAfee anti-virus, and got an error message (The ordinal 1112 could not be located in the dynamic link library WSOCK32.DLL). I then ran anti-malwarebytes and it found a Trojan.FakeMS and deleted it, subsequent scans have turned up nothing, but I am still being redirected on Internet Explorer. My Java was out of date, I have since updated it. I am on a different computer. Thank you in advance for any help you may offer. I copied and pasted the Anti-Malware log, and the DDS.scr logs below.... Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.29.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Admin :: LWD-LAPTOP [administrator] 6/29/2013 4:24:12 PM mbam-log-2013-06-29 (16-24-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216884 Time elapsed: 11 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\$Recycle.Bin\S-1-5-21-299159482-988141774-3347236119-1000\$R63CCE0DA (Trojan.FakeMS) -> Quarantined and deleted successfully. (end) Below is the DDS.txt log; DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.25.2 Run by Admin at 19:11:39 on 2013-07-01 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3453.2531 [GMT -5:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\SYSTEM32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Windows\system32\aestsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\Dwm.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\Explorer.EXE C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Windows\SYSTEM32\taskeng.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\U.S. Cellular Broadband Connect\mptserv.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Program Files\U.S. Cellular Broadband Connect\AvqAutorun.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGBA.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\system32\STacSV.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\wmiprvse.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uWindow Title = Internet Explorer provided by Dell uSearch Bar = Preserve BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan enterprise\ScriptCl.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: {E16DC1FE-7C34-43F2-B754-F3AD12DDF97C} - <orphaned> uRun: [WorkForce 630(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigba.exe /fu "c:\windows\temp\E_SDC72.tmp" /EF "HKCU" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Netvue] c:\program files\codeheadz\netvue\Netvue.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [dscactivate] c:\dell\dsca.exe 3 mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey mRun: [sigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [{9ABA99F9-A8FE-7E89-8E99-AE8b85E9AE9B}] "c:\program files\u.s. cellular broadband connect\avqautorun.exe" "c:\program files\u.s. cellular broadband connect\mphonetools.exe" /OnPlug=%s mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll LSP: mswsock.dll TCP: NameServer = 192.168.0.1 TCP: Interfaces\{1A61FE8B-0DB9-45F4-9009-8F353BD146C7} : DHCPNameServer = 192.168.0.1 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2007-10-16 31784] R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-2-28 72680] R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-2-28 33960] R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-2-28 171272] S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2011-1-3 54544] S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2011-1-3 22032] S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2011-1-3 12048] S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2011-1-3 160400] S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2011-1-3 115216] S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2011-1-3 160400] . =============== Created Last 30 ================ . 2013-06-29 22:03:40 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-06-29 14:16:55 -------- d-sh--w- c:\windows\system32\%APPDATA% . ==================== Find3M ==================== . 2013-06-29 22:03:14 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-06-29 22:03:14 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-29 14:54:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-29 14:54:58 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 19:13:26.26 =============== Below is the Attach.txt log; . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume3 Install Date: 11/15/2007 4:49:14 AM System Uptime: 7/1/2013 6:56:47 PM (1 hours ago) . Motherboard: Dell Inc. | | 0KY766 Processor: AMD Turion 64 X2 Mobile Technology TL-58 | Microprocessor | 1800/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 220 GiB total, 61.032 GiB free. D: is FIXED (NTFS) - 10 GiB total, 6.429 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0027 Manufacturer: Microsoft Name: isatap.{BE309BD6-766E-4A24-BB81-BC6F17E6B991} PNP Device ID: ROOT\*ISATAP\0027 Service: tunnel . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.3.1 Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Control Center ATI PCI Express (3GIO) Filter Driver Avanquest update Bonjour Broadcom Management Programs Browser Address Error Redirector Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish Conexant HDA D330 MDC V.92 Modem D3DX10 Dell System Customization Wizard Dell Touchpad Dell Wireless WLAN Card Digital Line Detect Epson Event Manager Epson FAX Utility Epson PC-FAX Driver EPSON Scan EPSON WorkForce 630 Series Printer Uninstall EpsonNet Print EpsonNet Setup 3.3 Garmin Communicator Plugin Garmin Lifetime Updater Garmin POI Loader Garmin USB Drivers Garmin WebUpdater Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP ENVY 110 series Basic Device Software iTunes Java 7 Update 25 Java Auto Updater Java SE Runtime Environment 6 Logitech Desktop Messenger Logitech Harmony Remote Software 7 Malwarebytes Anti-Malware version 1.75.0.1300 McAfee AntiSpyware Enterprise Module McAfee VirusScan Enterprise Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mobile PhoneTools Modem Diagnostic Tool Move Networks Media Player for Internet Explorer MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OpenOffice.org 3.3 PANTECH USB Modem V2 Picasa 3 PowerDVD Product Documentation Launcher QuickSet QuickTime Remote Control USB Driver Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler Roxio MyDVD DE Roxio Update Manager Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Skins Sonic Activation Module TurboTax 2012 TurboTax 2012 WinPerFedFormset TurboTax 2012 WinPerReleaseEngine TurboTax 2012 WinPerTaxSupport TurboTax 2012 wmoiper TurboTax 2012 wrapper U.S. Cellular Broadband Connect Update for Microsoft .NET Framework 3.5 SP1 (KB963707) User's Guides Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) WOT for Internet Explorer . ==== End Of File ===========================
  7. So i decided to run malwarebytes because i havent and was really surprised by the results, the items were quarantined and deleted and i reset my computer and ran the test again and found nothing. I'm kind of lost here. I changed all my passwords of any importance but what else should I do? This looks like i'm really screwed. Here's the log. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.31.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Steve G :: SAMSUNG-RF711 [administrator] 3/31/2013 1:57:58 AM mbam-log-2013-03-31 (01-57-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 237472 Time elapsed: 7 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\Steve G\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully. Files Detected: 146 C:\Users\Steve G\AppData\Roaming\crypted.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\Google Update.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-2748390831-3824878692-2093164985-1001\$RJL996W.exe (VirTool.Obfuscator) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-08-29-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-08-30-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-08-31-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-01-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-02-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-03-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-10-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-11-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-12-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-13-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-14-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-15-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-16-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-17-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-19-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-20-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-21-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-22-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-23-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-24-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-25-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-26-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-27-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-28-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-29-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-30-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-01-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-02-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-03-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-04-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-05-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-08-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-09-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-10-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-11-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-12-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-13-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-14-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-15-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-16-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-17-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-18-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-19-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-20-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-21-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-22-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-23-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-24-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-26-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-27-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-28-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-29-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-30-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-31-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-01-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-02-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-03-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-04-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-05-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-06-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-07-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-08-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-10-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-11-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-12-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-13-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-14-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-15-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-16-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-17-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-18-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-19-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-20-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-21-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-22-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-23-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-24-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-25-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-26-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-27-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-28-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-29-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-30-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-01-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-02-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-03-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-04-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-05-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-06-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-07-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-08-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-09-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-10-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-11-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-12-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-13-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-14-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-15-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-16-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-17-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-18-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-19-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-20-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-21-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-22-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-23-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-27-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-28-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-29-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-01-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-02-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-03-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-04-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-05-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-06-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-07-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-13-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-14-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-15-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-16-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-17-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-18-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-19-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-20-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-21-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-22-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-23-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-24-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-25-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-26-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-27-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-28-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-29-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-31-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-01-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-02-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-03-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-04-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-05-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-06-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-07-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-08-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-09-7.dc (Stolen.Data) -> Quarantined and deleted successfully. (end) bumping my thread.
  8. Hello, I'm seeking expert assistance with removal of the following malware on a Windows 7 machine. Trojan.FakeAlert Trojan.FakeMS PUM.Hijack.StartMenu (two registry entries) I initially observed a rapid series of cascading dialogs stating "Unable to Load Attrib.exe" ." I immediately cut power to the machine. On normal reboot I see a similar series of cascading dialogs stating "Disk Errors Found," then the machine restarts on its own. In safe mode most of my program icons were not visible and many folders were empty. I managed to run a full scan with mbam which found the 4 items as listed above. I quarantined them and did a normal reboot but the cascading error dialogs were still present and another scan with mbam in safe mode reveals the same threats. So they're still hiding out somewhere in this PC. After reading the FAQs and Tips section of the forum on another machine, I was able to unhide everything in safe mode, giving me to access the forum via Firefox. I am reluctant to do another normal reboot until I have taken additional action, per one of your expert's recommendations. The DDS output files below were obtained after running mbam and removing the threats. Please let me know if a normal reboot and rerun of DDS is needed. Thank you in advance for your time. Here's the dds.txt file: DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_19 Run by Tom at 18:30:42 on 2012-01-22 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8183.7121 [GMT -5:00] . . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\notepad.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111227141022.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Google Update] "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe uRun: [tSUpODctlIrm.exe] C:\ProgramData\tSUpODctlIrm.exe mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRunOnce: [GrpConv] grpconv -o StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\CORELF~1.LNK - C:\Program Files (x86)\Corel\Print House Magic\cffrem.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{E359A986-72D7-4EFE-8E38-051C9AA41F29} : DhcpNameServer = 10.0.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll BHO-X64: McAfee Phishing Filter - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111227141022.dll BHO-X64: scriptproxy - No File BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r mRun-x64: [CTxfiHlp] CTXFIHLP.EXE mRun-x64: [updReg] C:\Windows\UpdReg.EXE mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRunOnce-x64: [GrpConv] grpconv -o . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\4imqfxt1.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - component: C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.93\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: XULRunner: {3DEBA5A5-6ACB-4AC6-8ACC-69A62A45D9F7} - C:\Users\Tom\AppData\Local\{3DEBA5A5-6ACB-4AC6-8ACC-69A62A45D9F7} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: XUL Cache: {86c56d72-0491-4ff9-a2a0-aa4a68b83970} - %profile%\extensions\{86c56d72-0491-4ff9-a2a0-aa4a68b83970} FF - Ext: XUL Cache: {0244c830-c8f9-491b-8d2a-f63a68b17c6a} - %profile%\extensions\{0244c830-c8f9-491b-8d2a-f63a68b17c6a} . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] S1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648] S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-23 135664] S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-27 249936] S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-27 249936] S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-7 199272] S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-7 208536] S2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-7 161168] S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?] S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-30 656624] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?] S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-1-29 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-1-29 79360] S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?] S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?] S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?] S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?] S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-23 135664] S3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 PaeFireStudio;PreSonus FireStudio;C:\Windows\system32\Drivers\PaeFireStudio.sys --> C:\Windows\system32\Drivers\PaeFireStudio.sys [?] S3 PaeFireStudioAudio;PreSonus FireStudio Audio;C:\Windows\system32\drivers\PaeFireStudioAudio.sys --> C:\Windows\system32\drivers\PaeFireStudioAudio.sys [?] S3 PaeFireStudioMidi;PreSonus FireStudio MIDI;C:\Windows\system32\drivers\PaeFireStudioMidi.sys --> C:\Windows\system32\drivers\PaeFireStudioMidi.sys [?] S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\Windows\system32\DRIVERS\MarvinAVS64.sys --> C:\Windows\system32\DRIVERS\MarvinAVS64.sys [?] S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-01-22 02:33:45 -------- d-sh--w- C:\found.000 2012-01-22 00:32:29 453512 ----a-w- C:\ProgramData\tSUpODctlIrm.exe 2012-01-11 11:32:48 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-01-11 11:32:47 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-01-11 11:32:46 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-01-11 11:32:45 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-01-11 11:32:41 1739160 ----a-w- C:\Windows\System32\ntdll.dll 2012-01-11 11:32:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-01-11 11:32:36 77312 ----a-w- C:\Windows\System32\packager.dll 2012-01-11 11:32:34 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-01-01 17:25:10 -------- d-----w- C:\ProgramData\McAfee Security Scan 2012-01-01 17:25:09 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-01 17:25:09 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan . ==================== Find3M ==================== . 2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys 2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll 2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec 2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll . ============= FINISH: 18:30:53.32 =============== and attach.txt: DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 2/5/2010 9:25:26 PM System Uptime: 1/22/2012 4:41:41 PM (2 hours ago) . Motherboard: DELL Inc. | | 0X501H Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | CPU 1 | 2660/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 689 GiB total, 596.583 GiB free. D: is CDROM () E: is CDROM () H: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: eHome Infrared Receiver (USBCIR) Device ID: USB\VID_04EB&PID_E033\SN:CIR-00080612011700000000 Manufacturer: Microsoft Name: eHome Infrared Receiver (USBCIR) PNP Device ID: USB\VID_04EB&PID_E033\SN:CIR-00080612011700000000 Service: usbcir . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: McAfee Inc. mfehidk Device ID: ROOT\LEGACY_MFEHIDK\0000 Manufacturer: Name: McAfee Inc. mfehidk PNP Device ID: ROOT\LEGACY_MFEHIDK\0000 Service: mfehidk . Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318} Description: Consumer IR Devices Device ID: ROOT\SYSTEM\0001 Manufacturer: Microsoft Name: Consumer IR Devices PNP Device ID: ROOT\SYSTEM\0001 Service: circlass . ==== System Restore Points =================== . RP125: 12/11/2011 1:20:23 PM - Scheduled Checkpoint RP126: 12/14/2011 10:57:51 PM - Windows Update RP127: 12/23/2011 10:47:35 AM - Scheduled Checkpoint RP128: 12/31/2011 10:42:37 AM - Scheduled Checkpoint RP129: 1/8/2012 9:58:58 AM - Scheduled Checkpoint RP130: 1/10/2012 9:46:42 PM - Windows Update RP131: 1/11/2012 7:57:22 AM - Windows Update RP132: 1/18/2012 8:27:29 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.7 Amazon MP3 Downloader 1.0.10 Apple Application Support Apple Software Update ASIO4ALL ATI Catalyst Control Center Bing Bar Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Compatibility Pack for the 2007 Office system Corel Applications CorelDRAW 10 Creative Audio Control Panel Creative Software AutoUpdate Creative Sound Blaster Properties x64 Edition Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Getting Started Guide Dell Support Center (Support Software) DirectXInstallService Dolby Digital Live Pack EMC 10 Content Emicsoft FLV Converter FLV to WMV Convert 2.7 Google Chrome Google Toolbar for Internet Explorer Google Update Helper GoToAssist 8.0.0.514 i-Fun Viewer Internet TV for Windows Media Center Java Auto Updater Java™ 6 Update 19 Junk Mail filter update Knoll Light Factory EZ Studio Magic Bullet Looks Studio Malwarebytes Anti-Malware version 1.60.0.1800 McAfee Security Scan Plus McAfee SecurityCenter Microsoft Choice Guard Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Mozilla Firefox (3.6) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Octoshape add-in for Adobe Flash Player Pinnacle Studio 14 Pinnacle Studio Ultimate Collection Plugins PowerDVD DX QualXServ Service Agreement QuickTime RealPlayer RealUpgrade 1.0 Red Giant ToonIt Studio Roxio Activation Module Roxio BackOnTrack Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy CD and DVD Burning Roxio Express Labeler 3 Roxio Update Manager Security Update for CAPICOM (KB931906) Skins Sonic CinePlayer Decoder Pack Sound Blaster X-Fi SureThing Express Labeler Trapcode 3DStroke Studio Trapcode Particular Studio Trapcode Shine Studio Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Media Center Add-in for Flash WinX DVD Player 3.1.1 WinX DVD Ripper Platinum 6.3.5 WinX Free DVD Ripper 4.5.14 . ==== Event Viewer Messages From Past Week ======== . 1/22/2012 9:41:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 1/22/2012 9:41:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 1/22/2012 6:41:35 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 6:41:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache RxFilter spldr Wanarpv6 1/22/2012 5:11:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR10. 1/22/2012 5:11:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR9. 1/22/2012 5:10:55 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR8. 1/22/2012 5:10:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR7. 1/22/2012 5:10:27 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR6. 1/22/2012 5:10:13 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5. 1/22/2012 5:09:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3. 1/22/2012 5:08:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2. 1/22/2012 5:08:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:45:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 1/22/2012 4:42:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 1/22/2012 4:42:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 1/22/2012 4:42:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 1/22/2012 4:42:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 1/22/2012 4:42:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/22/2012 4:42:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 1/22/2012 4:41:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfenlfk mfewfpk NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr Tcpip tdx Wanarpv6 WfpLwf 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 1/22/2012 4:41:54 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start. 1/22/2012 11:13:34 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 1/21/2012 9:55:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter 1/21/2012 9:55:49 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified. 1/21/2012 9:55:02 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. 1/21/2012 9:52:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.