InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 1. |
Solve : AVG calls it a rootkit, having various problems? |
|
Answer» Quote Do you know what this is? Yes, it came with my automotive scan tool--for 'check engine' diagnosticsOkay. I see OBD2 TekLink in Add/Remove Programs also. I will not need the ComboFix log this time. 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and PRESSING Ctrl+C Code: [Select]KillAll:: DDS:: mURLSearchHooks: H - No File BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. I will not need the log this time. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze ---------- Go to Add or Remove Programs and uninstall:
---------- If there are no more malware issues we can finish up now. Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done. * Click START then RUN * Now type Combofix /Uninstall in the runbox * Make sure there's a space between Combofix and /Uninstall * Then hit Enter. The above procedure will: * Delete: ComboFix and its associated FILES and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ---------- Use the Secunia Software Inspector to check for out of date software. * Click Start Scanner * Check the box next to Enable thorough system inspection. * Click Start * Allow the scan to finish and scroll down to see if any updates are needed. * Update anything listed. ---------- Go to Microsoft Windows Update and get all critical updates. ---------- If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version DIRECTLY from Microsoft Internet Explorer 8: Home page. ---------- I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they PROVIDE no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. * Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before IMMUNIZING. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thanks Very Much for your time and patience, evilfantasy! I've got tons of updating to do now...... What a fascinating (besides being frustrating at first) ordeal. Wish I'd stayed in school, not-so-LOL.Your welcome. Safe surfing... |
|
| 2. |
Solve : Request for help!? |
|
Answer» You installed the Recovery Console with ComboFix.
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. Safe Surfing! Thank you so much for the help and recommendations for keeping myself safe in the future - I definitely appreciate it! |
|
| 3. |
Solve : Microsoft XP problems? |
|
Answer» ROOTREPEAL (c) AD, 2007-2009 |
|
| 5. |
Solve : Help!, I have a virus that will not remove? |
|
Answer» To learn more about how to PROTECT yourself while on the internet read this article by TONY Klien: So how did I get INFECTED in the first PLACE? |
|
| 6. |
Solve : I have a worm and spyware? |
|
Answer» Try 1/4, 1/5, etc., until it fits... Quote from: Broni on November 24, 2007, 03:26:28 PM Try 1/4, 1/5, etc., until it fits... I GIVE up. I have no clue. You want me sit here and mesaure in fifeths and everything else? No you are talking to a wrong person. I can't even sit here and time out a quarter. Quote The results of CCleaner are more then 1000 characters A ccleaner log is not needed anyway. We need the logs from here Quote from: evilfantasy on November 24, 2007, 03:30:01 PM QuoteThe results of CCleaner are more then 1000 characters You did not at all specified what log you wanted. There are a bunch of logs that site.3 logs all specifically asked for. Quote from: evilfantasy on November 24, 2007, 03:34:56 PM 3 logs Screw it I leave the worm on here along with spyware. 3 logs? There was nothing at all about 3 logs.What's wrong with you? Do you need any help, or not? We don't need any rudeness here.No problem, if you want to keep the infections you can. I wrote the guide, I know what logs it requests. Quote from: Broni on November 24, 2007, 03:39:46 PM What's wrong with you? Do you need any help, or not? I am sorry. I just need help. I do not see anything specified about 3 logs. There was nothing at all with 3 logs.Then you didn't actually read it good enough. There are details on what to run, how to configure the scanners, and how to save the logs for each scan. Quote Step 3 SUPERAntiSpyware Quote Step 4 Online Virus Scan Quote Step 6 HijackThisphp111, I understand your frustration here; computers can seem like a alien language if you're not familiar with using them. Just try to be patient and it will make it a lot easier for us to guide you through this process. Please follow evilfantasy's instructions completely and post the logs he has requested. I just ran a test and the upload folder appears to no longer be full, so try giving it another shot. |
|
| 7. |
Solve : Here's my HJT log as requested by Broni? |
|
Answer» Before this there was 44,739 and now there is 44,740. LOL!!!!!!OK, OK...where are they located?I'm leaving for the movies, right now, so we'll have to continue tomorrow.Thanks Broni for your help. My computer is definitely running faster even though all those pictures are still there. The words "Windows XP Home Edition" etc. How do I get rid of that?Where on your desktop is it? It may be not possible to remove it. Was it always there? The Windows XP Home Edition is on the lower right hand corner of my desktop. It was never there before. I find the pictures when I go to SEARCH and check pictures and videos. Some of my pictures are there but 95% of them are weird pictures and I have no idea how they got there.Since we did all that security cleaning, delete all those unwanted pictures, and watch closely, if they'll reappear.A friend told me not to delete them because they maybe related to programs. I'm afraid to delete them. When you do a search on your computer for pictures and videos how many do you have? Quote from: pepper on November 25, 2007, 03:17:11 PM I find the pictures when I go to search and check pictures and videos. Some of my pictures are there but 95% of them are weird pictures and I have no idea how they got there. Templates from photo editing programs?I don't know of any videos, being needed by your OS. There are some graphic files (like icons) needed by some programs, but they are located in particular program's folder. It'd helpful, if you state in what folder you have those files. I think they are all in different folders. When you do a search for pictures doesn't it check all the folders for pictures? Quote When you do a search for pictures doesn't it check all the folders for pictures?Yes. In that case, I think, you need to take couple of DAYS off, and check those pictures one-by-one. I can't imagine any other advice, since I don't want you to delete your own pictures.A word of advice...your HijackThis is in a temporary location where it (and its backups) will eventually be deleted. I would advise moving (or re-downloading) it to a new permanent location where it can be kept safely. Also...those pictures probably aren't anything to worry about. Most of them are probably from various programs/games/whatever. They should be harmless. However, if you would like to clear up some space, you could go through them all and try to determine if there are any you can safely get rid of. Keep in mind that this will probably take you quite AWHILE. |
|
| 8. |
Solve : I've received many trojan warnings!? |
|
Answer» Quote Windows recognized that new hardward had been installed....and?I uninstalled the DVD writer, and reinstalled it. I rebooted the computer. When windows came back up I got a popup saying new hardward had been installed. When I checked device manager, there is a yellow exclamation mark next to it. I right clicked on the drive and clicked on properties. I received a message that Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) I clicked on update driver and did install automatically. I received a message that windows could not find a better match. There is an option to LOCATE the driver manually, but I don't know what I'm looking for. I also checked driver details, and a list of drivers came up, but again I don't know what they are. Thanks for any help. Quote The driver may be corrupted or missing. (Code 39)Call it Micro$oft way. You don't need optical drives drivers since Win2K(?), but Micro$oft appears not to know about it, and gives you bogus error messages. Any other "yellow" error marks? You may need to update/reinstall your motherboard drivers. I only have yellow markers next to the CD writer and DVD writer.You may need to update/reinstall your motherboard drivers.That sounds scary - don't know if I have the guts for that.I'm not talking about flushing BIOS, I'm talking about motherboard drivers.I found an old post in another forum. APPARENTLY alot of people were having this same problem. Here's an answer that was given. Replys to this were all successful. Going into the registry sounds like another evil place Do you have any thoughts on this solution? ---------------- To fix this problem, I performed the following: Start Registry Editor (Start, RUN and type in regedit then click) Find "UpperFilters" and "LowerFilters" (and "UpperFilters.bak" "LowerFilters.bak", if they exist) value under the following key in the registry, and delete it: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318} Quit Registry Editor. Reboot. NOTE: You might need to reinstall any CD recording apps you have, if they start to not work COMPLETELY, after doing this. This is a very good find. I forgot about that solution. You're gonna be fine. Just backup your registry, first. Go Start>Run, type in: regedit Hit Enter. Go File>Export, and save your registry to know location.It worked! Thanks for taking the time to help Broni. And Evilfantasy - if you're still around (wouldn't blame you if you didn't look at this thread anymore) I can't thank you enough for all the time and help you've given me. You went above and beyond! Thank you! Thank you! Thank you!Still here, glad it worked. Safe surfing.Very nice job, people!!! Quote from: stomper on November 22, 2007, 02:48:28 PM As for SP1, I once tried the update to SP2 and it locked my system - or should I say crash. Windows wouldn't start at all - not even in safe mode. I tried to reload windows, and nothing. I eventually had to reformat. I don't want to go there again. Without SP2, you are fairly vulnerable, like evilfantasy MENTIONED earlier. As your computer appears to be clean now, you might want to consider trying SP2 again. It's quite possible that SP2 didn't work properly for you before because you installed it on an infected machine, which can cause problems. Of course, we can't force you to update...after all, we'd hate to be blamed if something went wrong again. Heh. |
|
| 9. |
Solve : Please help! HijackThis log? |
|
Answer» attached File:: * Save this as CFScript on the desktop. * Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! * ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang Next post please attach combofix.txt log New HijackThis logas requested [saving disk space - old attachment deleted by admin]Well combofix didn't delete all that I wanted it to. Enable Viewing Of Hidden System Files & Folders 1. Right Click Start. 2. Select Control Panel. 3. Select the Tools menu and click Folder Options. 4. Select the View Tab. 5. Under the Hidden files and folders HEADING select Show hidden files and folders. 6. Uncheck the Hide extensions for known file types option. 7. Uncheck the Hide protected operating system files (recommended) option. 8. Click Apply. 9. Click OK. === Open HijackThis and select "Do a system scan only" Place a check MARK next to: O4 - HKLM\..\Run: [b0b952d1] rundll32.exe "C:\WINDOWS\system32\losygkkw.dll",b O8 - Extra context menu item: &Search - ?p=ZUxdm082YYUS Next click "Fix CHECKED" On the desktop right click "My Computer" and "Open" Locate and delete the following file/folder (in bold): C:\WINDOWS\system32\losygkkw.dll (if there) I am going to look into the combofix entries and will post back when I know more. We are almost there. Also how is the computer now?My Computer seems fine. No more automatic resets to "accept all cookies", no more automatic redirects to an unknown webpage, no more annoying popups, and now I know why I kept getting the "error" at startup stating that the file C:\WINDOWS\system32\losygkkw.dll could not be found. It was deleted at some point as a virus file. You didn't ask for a logfile last post, so I will await your next for further instructions. Thanks for your continued assistance. I'm awaiting a second opinion on the combofix log. Probably won't until later but I will post back and let you know. Glad things are working better. OK we are rolling again. Delete these files/folders, as follows: * Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE): Quote File:: * Save this as CFScript on the desktop. * Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! * ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang Next post please add: combofix log New HijackThis log as requested, please see the attached [saving disk space - old attachment deleted by admin] That did it. The logs look fine now. Delete Find AWF and all of its logs. Delete any vundo programs used. Go to Start > Run and copy and paste next command in the field: ComboFix /u Make sure there's a space between Combofix and / Then hit Enter. This will uninstall Combofix, delete its related folders and files, reset your clock SETTINGS, hide file extensions, hide the system/hidden files and resets System Restore again To LEARN more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Are you having any problems now? If anything else comes back let us know. Great job! Thanks for all your help! If anything else comes up I know where to post.No problem. Safe surfing....... |
|
| 10. |
Solve : Odd Problem need a bit of help? |
|
Answer» k done all that problems gone i think BTW but heres the new log |
|
| 11. |
Solve : please help ? virus or what?? |
|
Answer» Will my system restore work now, should I try it?
I am a bit scared of mucking around with IE so I pray I don't lose the internet with doing it, will feel braver tomorrow. I have also uninstalled avast and will reinstal that and other things tomorrow. Can I just say that if I don't get anymore problems just a BIG thank you for your patience, skill and time. Is it wrong of me to offer to paypal you some money or the site for the profeesional advice, if so give me an email addy to use. If not goodnight and thank you. |
|
| 12. |
Solve : Can't reboot to Safemode, gets till mup.sys and them reboots again? |
|
Answer» Install Java. http://filehippo.com/download_java_runtime/Hi
---------- Then re-install it fresh.Sorry, there is nothing on the site (typical symantec) gets an empty page. Do u have another link or location of download Thanks JonHere is the direct download site. http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039Sorry it gives me "Internet Explorer cannot display the webpage" Thanks JonI uploaded it to Rapid Share. http://rapidshare.com/files/150117149/Norton_Removal_Tool.exe.htmlAmazing I downloaded it , but it want run, no idea why. In anycase I got to go now. Thank you very very much for all the Help and effort, the best support I got ever. I will be online again once I will get back, how you are going to be online too. Thanks A milion JonGlad you got it fixed. Let us know if anything else comes up.Hello Again I managed to run Norton Removal couple of times, but it wan't let me install Norton again, just opened the fixing instalation window and then stoped. Any suggestion, please help Thanks JonHonestly no. You might need to contact Norton. http://www.symantec.com/support/index.jsp Thanks I have ben a great help Thank you again Jon |
|
| 13. |
Solve : Threats!!!? |
|
Answer» Quote I've been waiting for so long, but no one has helped yet, guess CH is getting old!!Evilfantasy has tried to help you. I'm not sure, but did you look at the AVG section in the link? Also, there is no harm in posting the three requested logs. One last question. Squall, are you a Malware Specialists..... little higer then a novice, pc tech must cover all his bases. I was going to say you but which ever.Ivy. Nobody can just guess what's running on your computer. We need the logs, it's that simple. Quote C:\PROGRA~1\Grisoft\AVG7\avgemc.exe This is AVG 7, not 8.0. Your PC isn't PROTECTED. THANKYOU guys my comp is clean now, And we miss Broni!! Broni please come back to virus removal!!Thanks for the support!!You are most welcome !! I'm sorry , I hope I didn't offend you in anyway, actually that link clickin and that robotic help is too much for me, Broni's help was very simple and easy to understand and he has cleaned my comp of viruses that weren't cleaned even after reformat (gosh i remember those days) , so I just trust him a little more. But thankyou so much though If I saw anything in the HJT log that was a threat then I would have given specific instructions on how to clean it. I'm not that difficult to get along with. What I did see was taken care of in Reply #7. Temp files were/are infected. The malware that is being a big PAIN right now installs itself through Temp files. Without running the other scans you may still be infected. HJT isn't an antivirus and you need other tools to be sure. Your choice. Run a couple of scans from a guide that 21,759 PEOPLE have now viewed and not had a problem with or..... just wonder if you are still infected... glad its fixed but you should have tried what I mentioned. |
|
| 14. |
Solve : Buttons and links wont work on certain websites...?? |
|
Answer» Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.
. The above procedure will:
---------- DOWNLOAD OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed) 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia SOFTWARE Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Now try to install Antivirus Personalhi evil Unfortunately, I have hit another problem... I followed your instructions to run Combofix /u but I get an error message: C:\32788R22FWJFE/pv.cfexe is not a valid Win32 application. I also then get an alert from Spyware Doctor saying it has blocked a malicious action by cmd.cfexe and is a High Risk Trojan-PWS Bancos Any ideas? Thanks GinnyJust continue on with the rest of the steps.Hi mr evil Thanks for all your advice so far.. I have tried to install Windows Service Pack 3 for XP but I keep getting a message saying an internal error has occurred. I have tried a few times but still the same RESULT. Earlier on, after uninstalling all the components of Norton Antivirus, I installed a free Anti Virus called Cyberdefender. I have got an inkling that this is causing my problems. I ran a Malwarebytes scan and I have attached it for your perusal. Twice I have removed 11 or 12 infections referring to a Trojan.BHO.. Could you please let me know what this is and should I completely remove Cyberdefender from my machine? Also, is there a reliable Antivirus on the net that I could utilise? I still cant get Antivirus Personal to install properly. Many thanks Ginny [Saving space - attachment deleted by ADMIN]Yes completely remove Cyberdefender. It is a rouge antivirus and will just cause big problems. Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. ---------- Download the Norton Removal Tool (SymNRT) to your Desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart.
|
|
| 15. |
Solve : Help! Have Trojan and Spyware, need help removing (or making sure its gone).? |
|
Answer» Hmmm, I ran Dial and didn't get any errors.
Reset settings for Internet Explorer 6 Reset Explorer Settings IE 6 Reset Settings in Internet Explorer 7 Reset Explorer Settings IE 7 It worked, I was able to connect! Is there anything I need to do to make sure everything is off my computer? Keep checking with the SuperAnti and Malware programs? Thanks for all your help!
---------- Run this online scan. Requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.I hope this is good news # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3475 (20080926) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=29942a97464bdd4da321f7fbccd1a21 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-09-27 02:11:50 # local_time=2008-09-26 08:11:50 (-0700, Mountain Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=205805 # found=0 # scan_time=2820Yes that is good news. Download OTCleanIt.exe and save it to your Desktop.
---------- Delete temporary files Go to:
When prompted select the C: drive and click OK. Check the boxes for:
Click OK or Enter ---------- Disable the System Restore Utility to prevent re-infection from an old one 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-ENABLE System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SAFETY ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.I'm pretty sure it worked, thanks, but I still keep getting alerts from my McAfee virus scan of Generic Trojans that it finds in various places on my computer. My Norton's antivirus program doesn't show anything, but for some reason McAfee is. You shouldn't have two antivirus installed. They conflict with each other. The real-time protection of two antivirus programs may conflict with each other and cause the following: 1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) Conflicts: Your system may lock up due to both products attempting to access the same file at the same time. 3) Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen. |
|
| 16. |
Solve : over 5000 infections please help? |
|
Answer» I have no experience with the "MISTAKE edition" of windows |
|
| 17. |
Solve : Trojan "TR/crypt.XPACK.gen"? |
|
Answer» hi. sorry for my LATE response, the laptop that I'm using LAST time was decided by the owner to be format so i haven't done what you have advice, I'm so sorry, but i will post some other LOGS that have this the same problem. pls help me. i will post those logs later, thanksThanks for LETTING us know. |
|
| 18. |
Solve : Windows Antivirus 2009!HELP!!? |
|
Answer» SINCE you got the SCANS to RUN please continue in the other TOPIC and follow the directions there. I am locking this topic. |
|
| 19. |
Solve : Virus Infection: YUR1.exe? |
|
Answer» ComboFix 08-10-12.01 - Hoogoz 2008-10-13 22:01:58.3 - NTFSx86
---------- Run this online scan. Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to INSTALL 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. Also let me know how the computer is running now.# version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3521 (20081014) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=b8264b10c7d0b14fa7fde2a9a26da953 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-10-14 07:55:19 # local_time=2008-10-14 08:55:19 (+0000, GMT Standard Time) # country="United Kingdom" # osver=5.1.2600 NT Service Pack 2 # scanned=548343 # found=5 # scan_time=7305 C:\Documents and Settings\Hugo\Incomplete\JKAIBLHD2JG4HY3PAYT63UC7IS6XSTAU\Adobe_Photoshop_CS3.zip a variant of Win32/PTCasino application (deleted) 00000000000000000000000000000000 C:\Documents and Settings\Hugo\Incomplete\JKAIBLHD2JG4HY3PAYT63UC7IS6XSTAU\Adobe_Photoshop_CS3.zip »ZIP »Adobe_Photoshop_CS3/!bonus games/Europa Casino/SetupCasino.exe a variant of Win32/PTCasino application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\Documents and Settings\Hugo\Shared\Daughtry - What I Want.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) 0A0A0B47E35D557D949DC5288E100D51 C:\Documents and Settings\Hugo\Shared\Daughtry-What I want.mp3 WMA/TrojanDownloader.Wimad.N trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Documents and Settings\Hugo\Shared\pigeon detectives - this is an emergency.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) 54DE83A7879D2090651478E37BCEF695 My PC is running my better now, no popups and everything is as quick as it EVER is Run CCleaner. Final steps, let me know if you have any questions. Set a New Restore Point to prevent POSSIBLE reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thanks alot! I'll definetly come back if I get any other problems. I won't ofcourse thought... |
|
| 20. |
Solve : virus in my c drive? |
|
Answer» (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
---------- Download OTMoveIt2 by OldTimer and save it to your Desktop. Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator. 1. Double-click OTMoveIt2.exe to run it. 2. Copy the lines in the codebox below. Code: [Select][kill explorer] C:\WINDOWS\rdlll.exe C:\WINDOWS\iggbq.exe C:\WINDOWS\System32\ibli.dll EmptyTemp [start explorer] 3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste 4. Click the red Moveit! button. 5. Copy everything in the Results window (under the green bar) and paste it in your next reply. 6. Close OTMoveIt2 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.my internet gets disconnected every now and then and its very slow also....does this have anything to do with this virus problem?after i did the combo fix instructions,some kind of execution was done,but still the combo fix icon is there in my desktop. As for the Move it,I did and am pasting u the lines which were there under the green section. Explorer killed successfully C:\WINDOWS\rdlll.exe moved successfully. C:\WINDOWS\iggbq.exe moved successfully. File/Folder C:\WINDOWS\System32\ibli.dll not found. < EmptyTemp > File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF573F.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\Perflib_Perfdata_678.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFFF1D.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\Perflib_Perfdata_5b4.dat scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10142008_203050 the below is the log which was produced automatically when i restarted the PC Explorer killed successfully C:\WINDOWS\rdlll.exe moved successfully. C:\WINDOWS\iggbq.exe moved successfully. File/Folder C:\WINDOWS\System32\ibli.dll not found. < EmptyTemp > File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF573F.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\Perflib_Perfdata_678.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFFF1D.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\Perflib_Perfdata_5b4.dat scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10142008_203050 Files moved on Reboot... C:\DOCUME~1\user\LOCALS~1\Temp\~DF573F.tmp moved successfully. File C:\DOCUME~1\user\LOCALS~1\Temp\Perflib_Perfdata_678.dat not found! File C:\DOCUME~1\user\LOCALS~1\Temp\~DFFF1D.tmp not found! File C:\DOCUME~1\user\LOCALS~1\Temp\Perflib_Perfdata_5b4.dat not found! 1. Double click OTMoveIt2.exe to launch it. If using Vista Right-Click OTMoveIt and choose Run As Administrator 2. Click on the CLEANUP! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
---------- Run this online scan. This scanner requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. Also let me know how the computer is running now.my est online scanner log: # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3523 (20081015) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=5918490b6cdacc4ebe8c17850be876a7 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-10-15 01:32:23 # local_time=2008-10-15 09:32:23 (+0800, Malay Peninsula Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=145385 # found=0 # scan_time=2234 Looks fine. Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software INSPECTOR to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from MCAFEE SiteAdvisor are based on AUTOMATED safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thanks a lot for all the time and effort,It was a great help to save my PC.Thank you once again. |
|
| 21. |
Solve : Google virus page? |
|
Answer» Thank you so much. There was only one update required. It was Winamp.
Hi, evilfantasy! I tried getting MSN Plus from that link. I also did the MessnegerDisable. With MSN Plus, I get the following message. This version of Messenger Plus! requires MSN Messenger 8.0 (Windows Live Messenger) or above. Press OK to download a compatible version of MSN Plus!.As long as you don't install the sponsor software with Messenger Plus you will be fine.Here is an attachment ERROR of MSN Plus! once I uninstalled the MSN Messenger using MessengerDisable. [Saving space - attachment deleted by admin] |
|
| 22. |
Solve : Having computer issues? |
|
Answer» Sorry to say it didn't |
|
| 23. |
Solve : Please Help.. Please Help.... Logs Included...Please Help? |
|
Answer» I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your NEXT reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Here is the ESET scan log. Computer is now running good with zero redirects. The whitesmoke translator resurfaced and still MAY be LINGERING about. Here is the log. Thank you Dave. C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5c741ce8-2e6be660 multiple threats deleted - quarantined C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1aaeb971-35a8228b Java/Agent.U trojan deleted - quarantined C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\268abc7b-746d5370 Java/Agent.V trojan deleted - quarantined C:\Windows\Temp\bjxy\setup.exe a VARIANT of Win32/TrojanDownloader.FraudLoad.NAE trojan cleaned by deleting - quarantined Please update and run MBAM again and post the log.I updated MBAM and ran a scan, here is the log. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5572 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 1/22/2011 3:10:45 PM mbam-log-2011-01-22 (15-10-45).txt Scan type: Quick scan Objects scanned: 150792 Time elapsed: 2 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Windows\Temp\4143.tmp (PUP.BHO) -> Quarantined and deleted successfully. c:\Windows\System32\config\systemprofile\local settings\temporary internet files\Content.IE5\J8FR3DV1\whitesmoketoolbar[1].exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully. Good. Now please run the ESET scan again. |
|
| 24. |
Solve : mywebsearch? |
|
Answer» Quote Tried to download askremover but the link doesn't work.Darn. I even tried it before I posted it. Ok. Here's the direct link. http://ftp://ftp.GeekPolice.net/GPUser/Belahzur/AskRemover.zip Quote There are 36 items which are all unknown hidden files, but none of the have a check mark in the box next to them. Should I check them?If they don't have the green checkmark, leave them be. I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For ALTERNATE browsers only: (Microsoft INTERNET Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt That link still doesn't work, but here is the scan from eset. edit: It says "server not not found" when clicking on the link. [email PROTECTED] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=c6cb16463e0cd445aba844ae154874f0 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-01-13 08:38:39 # local_time=2011-01-13 12:38:39 (-0800, Pacific Standard Time) # country="United States" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 35362871 35362871 0 0 # compatibility_mode=768 16777215 100 0 10143063 10143063 0 0 # compatibility_mode=5891 16776573 100 100 0 24393876 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=115148 # found=3 # cleaned=3 # scan_time=14624 C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe Win32/SpeedUpMyPC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Mike\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Mike\Music\Documents\Downloads\registryboosterfe (1).exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C Sorry, that's the only link I have. You could try looking in your C: drive, probably under Program Files and deleting anything like Avery Toolbar or Ask. Let me know and then we'll do some cleanup.Alright I deleted avery and ask then rebooted. They are gone from the program files, but avery still shows up in the add/uninstall.To remove all of the tools we used and the files and folders they created do the following: Double click OTL.exe.
********************************************** To set a new Restore Point. Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode. Click the Start button , click Control Panel, click System and Maintenance, and then click System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK. This will give you a new, clean Restore Point. ********************************************************** Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. *************************************************** You may not have a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. *************************************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security ADDON for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable SHOPPING sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!Thanks spybot was able to remove all of the mywebsearch. One other thing. I have to double click everything (links, start menu items) that should be single click. When I click anything on the right side of the start menu (control panel etc) I have to right double click and then click open. I tried to see if I could change the mouse settings but I couldn't find anything for single or double click. Is this a virus or is this a settings issue? Quote from: flight on January 15, 2011, 12:41:55 PM Thanks spybot was able to remove all of the mywebsearch.I would suspect that it's a software issue. Post that question in the appropriate software forum. |
|
| 25. |
Solve : Malware or Adware infecting computer? |
|
Answer» The free SPACE on your C drive is dangerously low. Windows requires at least 15% (21 Gb) of free space to operate efficiently. You will NEED to free up some more space. You can do this by uninstalling programs you no LONGER want or use. You can also transfer videos, music, pictures and other important DOCUMENTS to an external drive or DVD's. Can you connect to the internet now? |
|
| 26. |
Solve : Problems on laptop. Vista. Now BSOD? |
|
Answer» You're welcome. I will LOCK this thread. If you NEED it re-opened, PLEASE SEND me a PM. |
|
| 27. |
Solve : Random files and folder appearing.? |
|
Answer» I believe it has SOMETHING to do with Virtual memory. See here.
Once finished a logfile will be created. You don't have to attach it to your next reply. ***************************************** I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 28. |
Solve : Slow startup because of some virus on my computer? |
|
Answer» Quote from: bombaykid on February 19, 2015, 09:56:50 AM On my desk top bottom right side has 10 PROGRAMS lines up, how can I put those 10 items in one folder so that there will be only one on item in bottom right corner rather the 10Could you please GIVE me a screenshot of this? How to post screenshots or images I got the scree shot and PASTE in to imageshack but it does not give me URL. How do i get url? I got following URL https://imageshack.com/a/OJRz/1 Is this good?Sorry, I can't see the screenshot.When I click on following link I can see the screen shot, Here is a link https://imageshack.com/a/OJRz/1 I still can't see it.what should i do so you can view it? any suggestion After you do HIT the Print screen button, open Paint and hit CTRL+V to paste the picture. Now save the picture to your computer and make sure it's saved as a jpeg file. Remember where you saved the file. When you make a new reply in this thread click on Attachments and other options just below. Browse to where you saved the file and click on post.here is the new massage [attachment deleted by admin to conserve space] Quote On my desk top bottom right side has 10 programs lines up, how can I put those 10 items in one folder so that there will be only one on item in bottom right corner rather the 10Sorry, the screenshot doesn't show the above problem.Here is new screen shot [attachment deleted by admin to conserve space]Ok, I don't see anything on the right hand bottom. Please point them out to me?Bottom right side has following buttons 1. ? 2. Magic jack 3. p.c, status 4. c.c.cleaner 5. Avast 6.Control center 7.Google chrom 8. Action center 9. Speaker 10. network 11. clck and date out of these 11 buttons most of them hidden in Action center button so my right side bottom had only 3 or 4 button. Can these button be hidden in one folder? It is not require to do this if it is too much trouble. I use to know how to do these but i forgot. You have been very helpful to me and working with me for long time. Let me know if this can be done, if not it is OK, no harm done. I can live with 11 buttons in bottom right side. I don't believe you can put them all in one folder but if you post this question in a software FORUM someone there may be able to help. Sorry.Dear SuperDave: Thank you very much for working with me in resolve my computer problem. BombaykidYou're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 29. |
Solve : Windows Security Service Can't Be Started? I have tried everything I could find.? |
|
Answer» That's good. Let's do some cleanup before you go.
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ENSURE a complete cleaning. ************************************************* Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security ADDON for your browser. It will keep you safe from online scams, identity theft, SPYWARE, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX CONTROLS are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to HELP keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! Awesome! Thank you so much for the help!You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 30. |
Solve : No Internet Access after virus removal :(? |
|
Answer» But do you remember when ComboFix told me he has discovered ZeroAcceess Trojan hidden in my TCP/IP protocol ? But do you remember when ComboFix told me he has discovered ZeroAcceess Trojan hidden in my TCP/IP protocol ?I never saw that in any of the scans that we ran. At this point the best thing you should do is to boot your computer with this rescue disk below, safe your important data and re-format. You could try posting the log but most important is to save your data. We are going to be using a Windows Recovery Environment to help disinfect the SYSTEM so it may boot again. Download the OTLPE Standard REATOGO Windows Recovery Environment.
But save only "My documents" folder, which contains all documents, and pictures.... That should work. Good luck.and If I transfer "My Documents" files into an external HDD... will I have clean files? or infected files? Quote from: nasroo7 on January 21, 2012, 08:02:15 PM and If I transfer "My Documents" files into an external HDD... will I have clean files? or infected files?You should scan your files with at least two good AV scanners before putting them back on your computer.If I scan them with Microsoft Security Essentials, Malwarebytes, and SuperAntiSpyware. is it enough? Quote from: nasroo7 on January 22, 2012, 04:43:14 PM If I scan them with Microsoft Security Essentials, Malwarebytes, and SuperAntiSpyware.You also should include a scan with Avast AV. ok. I'll do it thank you By the way, I have another last question: I was going to format the HDD, but just ran ComboFix (I know that if something happens, I don't care, since I'm going to reinstall Windows anyway =P ) and at the same time Microsoft Security Essentials told me that he detected items that have not been yet classified for risks, and will send them: "C:\32788R22FWJFW/iexplore.exe" Do you have any IDEA or opinion about it ? By the way, if people have the same problem. When your Network connection disappear... check your device manager, and chances are that you're going to see missing drivers for the network adapter... even if it was installed and working fine a couple of hours before! Quote Do you have any idea or opinion about it ?That's part of ComboFix. Quote QuoteThank'sQuote Thank you for all your help superdave! You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 31. |
Solve : Need help, completed the required steps, have logs for review.? |
|
Answer» Are you still getting the REDIRECTS?Nope, so far the problem seems to be fixed. It's even logged off and shut down pretty normally the last few times as well.Ok. Please do the stuff I suggested in REPLY # 19 and we will be done.Thanks SuperDave!! This is all really really APPRECIATED. You're welcome. I will LOCK this thread. If you need it re-opened, please SEND me a pm. |
|
| 32. |
Solve : Trojan Horse Agent_r.ATS? |
|
Answer» Quote I tried several more times, but no luck. However, I did not uninstall my AVG. If I do that, can I get it BACK?AVG is a RESOURCE hog. Here are some other free AV's. I would recommend MSE Avast! Home Edition Avira AntiVir Personal Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download Microsoft Security Essentials for Windows XP COMODO Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one) PC Tools AntiVirus Free Edition It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can RESULT in program conflicts and false VIRUS alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time. |
|
| 33. |
Solve : taskeng.exe running in dos window; registry has many new entries? |
|
Answer» That looks good. If there are no other issues, it's time for some cleanup.
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please MANUALLY restart the computer yourself to ensure a complete cleaning. ****************************************************** Use the Secunia Software Inspector to CHECK for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet SECURITY addon for your browser. It will keep you safe from online scams, identity theft, SPYWARE, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in SPYBOT - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 34. |
Solve : phony avira download led to trouble? |
|
Answer» Done. ESET found no threats. I don't notice any remaining problems. Thanks for your help!Then, it's TIME for some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
To remove all of the tools we used and the files and folders they created do the following: DOUBLE click OTL.exe.
*********************************************** Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be ANYWHERE from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ************************************************** Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious INTRUDERS. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. *************************************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like FIREFOX. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!Alrighty. Thanks again for the help.You're welcome. I will lock this thread. If you need it to be re-opened, please send me a pm. |
|
| 35. |
Solve : My hotmail account? |
|
Answer» Ah, ok, politics, thanks again BC What causes this 'flashing', i've attempted to research it, but found no answer. SuperDave, thanks for everything. Having trouble uninstalling combofix though, i've typed it in correctly. Even a search does not bring it up. Even though i can find it manually. Quote from: reddevilggg on March 11, 2011, 07:38:25 AM What causes this 'flashing', i've attempted to research it, but found no answer. It's probably some AJAX/Jquery running in the background to keep all the crazy new hotmail/live stuff properly refreshed. Or, (if it's only during page load) could be a all the various iframes loading sequentially (the stop button is only enabled in FF while a transfer is in progress... if a page finishes loading at then at some point later starts loading more data, the stop button will become enabled again. Not all Browser Stop Button's are CREATED EQUAL, it would seem. Quote Having trouble uninstalling combofix though, i've typed it in correctly. Even a search does not bring it up. Even though i can find it manually.That's probably because it is running from c:\users\Steve\Desktop\Mini Desktop\ComboFix.exe We'll have to do it this way. Delete the Combo-Fix.exe file, C:\Combo-Fix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combo-fix.txt and C:\Combo-Fix-quarantined-files.txt You may have a problem deleting one of the folders. In that CASE, just empty the folder of whatever files you can and LEAVE it. To set a new Restore Point. Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To TURN off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode. Click the Start button , click Control Panel, click System and Maintenance, and then click System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK. This will give you a new, clean Restore Point. |
|
| 36. |
Solve : Kept getting blocked/redirected on internet explorer? |
|
Answer» Deleted SDfix and ran ESET w/o any detections. Well, my computer's acting like it doesn't have a sound card...or a network adapter. A lot of the USB devices I use don't plug-and-play like they used to--they have to be plugged in before the computer is booted. I'm guessing the drivers for all that hardware must have been lost during this infection. Anyways, that's just a guess--shall I go to the "software" forum to get some help?Ok. We'll do some cleanup and you can start another thread in the software forum for the other stuff. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ***************************************************** Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and MALICIOUS intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software SOLUTION. Remember to use only one firewall at the same time. ********************************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet EXPLORER to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!Alright Dave, I got combofix uninstalled, got Comodo as my firewall, did some updating. You may recall that I'm having problems with my sound, networking, and usb that suggest missing drivers. That plot may have just thickened. I started a post in the "Drivers" forum and my expert suggested I look into Device Manager (via Control Panel-->System-->Hardware). The Device Manager window pulls up but displays no devices. Not a thing (even when I select "view hidden devices"). I also tried clicking on Add New Hardware. That window never opens. This seemed a bit fishy to me, so I thought I'd report it to you. If you don't believe its malware-related, I'll continue to pursue a solution in the "Drivers" forum. No, I don't believe it's malware related. If you still can't get it repaired in the other forum, we may have to re-visit it again. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 37. |
Solve : VistaAntispyware 2012 ???? |
|
Answer» Here is the cntrlV post; I hope I did this correctly; the black SCREEN opened up as you said but even if I had the 7z file within the USB not sure if it ever acted upon the unzip file; sorry if I screwed up. Also noticed when I went into device manager that there is a yellow caution sign besides Microsoft ASATAP adapter.Here's some information about that. Quote Should I still go ahead with the Vista MpsSvc.reg file "Merge?Yes, please.Did the merge and no change. Here is latest Farbar. Dave, perhaps let me know how to restart at initial settings (anything important has been on USB and is safe at work) unless you feel that some of my attempts were not perfectly done (could be). Farbar Service Scanner Version: 10-02-2012 Ran by Costa (administrator) on 20-02-2012 at 17:54:41 Running from "E:\FarBar" Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Boot Mode: Nerwork **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is OK. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. tdx Service is not running. Checking service configuration: The start type of tdx service is OK. The ImagePath of tdx service is OK. Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= MpsSvc Service is not running. Checking service configuration: The start type of MpsSvc service is OK. The ImagePath of MpsSvc service is OK. The ServiceDll of MpsSvc service is OK. Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist. bfe Service is not running. Checking service configuration: The start type of bfe service is set to Demand. The default start type is Auto. The ImagePath of bfe: "NADA". Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist. Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist. Firewall DISABLED Policy: ================== System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is OK. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist. VSS Service is not running. Checking service configuration: The start type of VSS service is OK. The ImagePath of VSS service is OK. System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK. Windows Defender: ============= WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit Attention! C:\Windows\system32\Drivers\tdx.sys is missing. C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll [2008-01-20 21:33] - [2008-01-20 21:33] - 0272952 ____A (Microsoft Corporation) 4575AA12561C5648483403541D0D7F2B C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** Quote Dave, perhaps let me know how to restart at initial settingsDo you mean to do a complete Recovery? Quote unless you feel that some of my attempts were not perfectly done (could be).No. I don't have a problem with how you performed the work at your end. It's just that C:\Windows\system32\Drivers\tdx.sys is missing. ComboFix said it replaced that file but for some reason it's still showing as MIA. If all your important data has been SAVED, perhaps a Recovery would be the best thing to do at this point. You can find the instructions in Reply # 42. Instead of Repair you should choose Windows Complete PC Restore Murphys Law has dictated that A valid backup location could not be found. Attach the backup hard disk or insert the final DVD from a backup set and retry. AAgghhThe only thing I can think of now is to find a Vista Home Basic disk to do the Restore.Hi SuperDave I want to thank you for all your help. Will try to find a disk somewhere; difficult to keep up as the desktop hard drive just crashed as well Thanks again MtlHab Quote from: MtlHab39 on March 01, 2012, 08:29:23 AM Hi SuperDaveYou're welcome and good luck getting into the playoffs. Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. If you want to help, please go here. Superdave.Hi SuperDave Which link in these forums is best for establishing security for 'new' HP lptop for teenager's usage, in terms of spyware, malware, etc? The desktop has been Spybot and Avast protected so far. BTW, Markov is back, the city is abuzz with the what-if?? Thanks again Mtl In reviewing your thread I just realized that there appears to be no Anti-Virus on your computer. If this is, in fact, to be TRUE please download and install one of these free AV's, then run a full scan. We also should do some cleanup Remember to only install one antivirus! 1) Avast! Home Edition 2) AVG Free Edition 3) Avira AntiVir Personal 4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download 4-a) Microsoft Security Essentials for Windows XP 5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one) 6) PC Tools AntiVirus Free Edition 7) ThreatFire It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time. *********************************************** Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ********************************************** Download this program and run it Uninstall ComboFix .It will remove ComboFix for you *********************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 38. |
Solve : Virus/ Trojan? Browser redirecting? |
|
Answer» That looks good. How's your computer running now? Any other issues?No issues, it's running better than before. I appreciate all your help. Am using MS Security Essentials - any other recommendations to keep it this way? Install Comodo Firewall maybe?
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ******************************************** You already have McAfee Firewall. Here are some other free firewalls. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my DEFAULT search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. ************************************************* Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet EXPLORER to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize FEATURE in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations ALWAYS update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 39. |
Solve : rundll error loading? |
|
Answer» Hi, |
|
| 40. |
Solve : SAS scan = Trojan.Agent/Gen-CDesc[VB-Packed] & Trojan.Agent/Gen-Kazy[Ico]? |
|
Answer» Thanks DAVE, SAS shows no infections. |
|
| 41. |
Solve : "application.exe has encountered a poblem and needs to close.."? |
|
Answer» Quote How are we doing so far SuperDave?Looks good. If there are no other issues, it's time for some cleanup. To uninstall COMBOFIX
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ************************************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest IMMUNIZATIONS ALWAYS update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! i stil cant install any new softwares.. ".exe" files when clicked automatically gives the error that "exe has encountered a poblem and needs to close.." am runnin opera.. now am receivin a new error"Opera.exe - Corrupt File" It says to un chkdsk utility Check Hard Disk For Errors: Press Start->Run, then copy/paste the following command into the box and press OK: Quote cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt" A blank command window will open on your desktop, then close in a few minutes. This is normal. A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file. The type of the file system is NTFS. Volume label is Y. WARNING! F parameter not specified. Running CHKDSK in read-only mode. CHKDSK is verifying files (stage 1 of 3)... CHKDSK is verifying indexes (stage 2 of 3)... CHKDSK is verifying security descriptors (stage 3 of 3)... 10482380 KB total disk space. 9060 KB in 296 files. 68 KB in 47 indexes. 0 KB in bad sectors. 55572 KB in use by the system. 54464 KB occupied by the log file. 10417680 KB available on disk. 4096 bytes in each allocation unit. 2620595 total allocation units on disk. 2604420 allocation units available on disk. Click Start, and then click Run. In Open, type cmd, and then press ENTER. To repair errors without scanning the volume for bad sectors, at the command prompt, type chkdsk volume:/f, and then press ENTER. After this if finished, try getting your updates. also installed an antivirus(avast) software after repeated trials... but after the installation boot process my laptop got hanged like anythin.. had to restore system with last woking config.. its so tough to install any av.. all the downloaded .exe files gave one error when installin them.. Did you run the chkdsk/f command as instructed in Reply # 19? Quote its so tough to install any av.. all the downloaded .exe files gave one error when installin them..What kind of error?yea tried that as u said.. can u suggest me a way to install any anti virus.. coz if i try to install the files i downloaded it says error.. so i tried installin it though an usb.. but the system got hanged after that.. am wonderin since installation of any new software shows error, is it possible to be msiexec virus?What happened when you did the chkdsk/f ?the type of file system is NTFS cannot lock current drive chkdsk cannot run because the volume is in use by another pocess. Please try this: Download DDS from HERE or HERE and save it to your desktop. Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copy and pasting it into the reply. |
|
| 42. |
Solve : Imbedded spywares? |
|
Answer» I have done the final items you suggested. Are there any other programs I should run other than these? I use Avira for anti-virus and Super antispyware and SPYBOT. I also have Advanced Complete Care by IObit, which seems to do a good job checking for spyware, malware and cleaning up the computer. Can these be used together. I use Zonealarm for my firewall which seems to do a good job. Any other suggestions other than what you have sent would be nice, but not necessary if these will do the job. Super antispyware and Spybot. I also have Advanced Complete Care by IObit, which seems to do a good job checking for spyware, malware and cleaning up the computer. Can these be used together. Yes. The only thing you shouldn't use more than one of is an AV program and a Firewall. Super antispyware and MBAM are not full-time scanners unless you buy them. But, they're good to have on your computer. UPDATE them and run them on regular basis. Quote I have another computer in the household that has some serious spyware/malware issues. Do you want to tackle that one or should I just put it out there for others to help with. Can I use the same procedures for it?Sure. Start another thread and post the information. It's not a good idea to use the same procedures because no two computer porblems are similar. I will LOCK this thread. If you need it re-opened, please send me a pm. |
|
| 43. |
Solve : Weird virus issue-I think I'm infected!!? |
|
Answer» Ok. Let's try to get it running this way. Ok. Let's try to get it running this way. Edit/Update: Oh yeah, nice job back there, OTL froze solid, ie would not run, task manager got royaly screwed and Explorer got dumped solid. Fortunetly restarting resulted in a blue screen of death, though it froze and gotstuck on the desktop before displaying it it seems, a hard; ACPI reboot purged these issues quickly... Pentium D 2.52Ghz processor, 4 GB RAM Windows 7 x64 bit Ultimate I don't know if there's another virus or something on my PC doing this or Combofix truly is Rogue and nobody has yet found this out yet. I have just ran combofix and now that I've install Photoshop Pro on my PC now, now IT'S corrupted, and gives the same error message when trying to run. Seriously WT*? Double edit: And now apparently Opening any window or link in Explorer opens double... Interesting. Superdave: I had to restart, apparently, so where would the combofix log be stored at? I checked the temp folder to no avail.I need to see the ComboFix log.Unfortunately Superdave, I was unable to get the Combofix log because Windows failed to boot recently... Yes, I know, I should've been trying to re-run the scan when I had the time, but my harddrive has been giving me weird clicks and whirs, and attempting to boot Windows 7 today...failed... It got stuck on the loading screen: 'Starting Windows' But no animation, it just got stuck like that... Data is still ACCESSIBLE and readable, though who knows for how long... I'm not sure, it also could be a rootkit attempting to run on my system at boot... how would I tell? Please help me, Avast only does scans to 32 bit OSes, so x64 bit I do not think is a possibility yet, and with my luck the rootkit already executed Plus I feel I cannot trust Combofix to run on Windows 7... god forbid it does something to my payed, and loved program Photoshop, I won't be getting a refund, my PC will, except where it'll go is in the parking lot. I'm not trying to be paranoid or something of this program, but I just cannot trust it because it was the last program I ran before noticing problems... Or.... Maybe Paint.NET is the virus...-D Quote 4. Please DO NOT run any other tools or scans while I am helping you.Here are two things I quoted you in my original reply. Yet, you went ahead and installed PhotoShop Pro. To Run the SFC /SCANNOW Command in Windows 7 1. Open an elevated command prompt. 2. To Scan and Repair System Files NOTE: Scans the integrity of all protected system files and repairs the system files if needed. A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below) NOTE: This may take some time to finish. B) Go to step 4. 3. To Only Verify if the System Files are Corrupted NOTE: Scans and only verifies the integrity of all proteced system files only. A) In the elevated command prompt, type sfc /verifyonly and press Enter. 4. When the scan is complete, hopefully you will see all is ok like the screenshot below. NOTE: If not, then you can attempt to run a System Restore using a restore point dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work. 5. When done, close the elevated command prompt. The ComboFix log should be here: C:\Combo-Fix folder Quote from: SuperDave on February 03, 2011, 12:46:10 PM Here are two things I quoted you in my original reply. Yet, you went ahead and installed PhotoShop Pro. This was on Windows Xp, my other harddrive, seen as C: whilst my windows 7 drive remains untouched. anyways, The Combofix folder apparently just links to the "My Computer" folder... Also, just wanted to add this: If I cannot boot from Windows 7, how would I run SFC on it? SFC from Xp on a 7 system will just heavily damage and may corrupt the OS, so I suppose you mean the Windows 7 repair disk correct? Ok. Will attempt to retrieve the combofix log from the drive anyways...You did not do as I asked in Reply # 3 for the HJT fix. Please do it now and post the new log. Also, you did not do as I asked in Reply # 9 for the OTL fix. Unless you do as I ask, I will discontinue my help.Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:46:13 PM, on 1/22/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: G:\Program Files\Alwil Software\Avast5\AvastUI.exe G:\Program Files (x86)\Mozilla Firefox\firefox.exe G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe G:\Program Files (x86)\Internet Explorer\iexplore.exe G:\Program Files (x86)\Internet Explorer\iexplore.exe G:\Program Files (x86)\CPUID\PC Wizard 2010\pcwizard.dll G:\Program Files (x86)\NoVirusThanks\Hijack Hunter\HijackHunter.exe G:\Program Files (x86)\Internet Explorer\iexplore.exe G:\Program Files (x86)\Trend Micro\HiJackThis\snipper.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: 74.208.10.249 gs.apple.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files (x86)\COMMON Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avast5] "G:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [NVIDIA nTune] "G:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "G:\Users\Administrator\AppData\Local\NVIDIA Corporation\nTune\Profiles\sysdflt.nsu" O4 - HKCU\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O15 - Trusted Zone: http://www.cnet.com O15 - Trusted Zone: http://www.crymod.com O15 - Trusted Zone: http://www.youtube.com O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: %SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - G:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - G:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: %SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - G:\Windows\System32\lsass.exe (file missing) O23 - Service: %systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - G:\Windows\system32\fxssvc.exe (file missing) O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe O23 - Service: Media Center Support Service (Jasmio.MediaCenter.Service) - Unknown owner - G:\Program Files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe O23 - Service: keyiso.dll,-100 (KeyIso) - Unknown owner - G:\Windows\system32\lsass.exe (file missing) O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - G:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: comres.dll,-2797 (MSDTC) - Unknown owner - G:\Windows\System32\msdtc.exe (file missing) O23 - Service: %SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - G:\Windows\system32\lsass.exe (file missing) O23 - Service: %windir%\system32\nfsrc.dll,-5001 (NfsClnt) - Unknown owner - G:\Windows\system32\nfsclnt.exe (file missing) O23 - Service: nTune Service (nTuneService) - NVIDIA - G:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - G:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: %systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - G:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - G:\Windows\system32\locator.exe (file missing) O23 - Service: %SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - G:\Windows\system32\lsass.exe (file missing) O23 - Service: %SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - G:\Windows\System32\snmptrap.exe (file missing) O23 - Service: %systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - G:\Windows\System32\spoolsv.exe (file missing) O23 - Service: %SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - G:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - g:\program files\idt\wdm\STacSV64.exe O23 - Service: %SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - G:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: %SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - G:\Windows\system32\lsass.exe (file missing) O23 - Service: %SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - G:\Windows\System32\vds.exe (file missing) O23 - Service: %systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - G:\Windows\system32\vssvc.exe (file missing) O23 - Service: %SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - G:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: %systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - G:\Windows\system32\wbengine.exe (file missing) O23 - Service: %Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - G:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - G:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8399 bytes I finished the OTL fix, it rebooted my PC... Though the desktop was unresponsive for what appeared to be a minute or two, I hit Ctrl+Alt+Delete and got task manager up, Runonce.exe was running and it might have been the OTL still running, so I ignored that, didn't seem too suspicious. I ran the OTL fix, all there is to it. If I'm correct, this is the OTL log file I found generated today: All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cnet.com\www\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crymod.com\www\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\documents%20and%20settings\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\driver_g\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\www\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localsvr\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\users\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\youtube.com\www\ not found. ========== COMMANDS ========== G:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Administrator ->Temp folder emptied: 48867464 bytes ->Temporary Internet Files folder emptied: 1036711 bytes ->Java cache emptied: 30985 bytes ->FireFox cache emptied: 60868747 bytes ->Flash cache emptied: 814 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 308422 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 106.00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02042011_170457 No, you did not follow the directions for HJT. I want you to fix the items listed. Quote from: SuperDave on February 04, 2011, 04:52:01 PM No, you did not follow the directions for HJT. I want you to fix the items listed. Yes, but they don't show up in the list to fix... *** EDIT: Nvm, I just didn't update the log... sorry, my mistake Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:15:47 PM, on 2/4/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: G:\Program Files\Alwil Software\Avast5\AvastUI.exe G:\Program Files (x86)\Internet Explorer\iexplore.exe G:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe G:\Program Files (x86)\Internet Explorer\iexplore.exe G:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe G:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe G:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe G:\Program Files (x86)\Trend Micro\HiJackThis\snipper.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - G:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - G:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [avast5] "G:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\RunOnce: [OTL] "G:\Users\Administrator\Downloads\OTL.exe" O4 - HKCU\..\Run: [NVIDIA nTune] "G:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "G:\Users\Administrator\AppData\Local\NVIDIA Corporation\nTune\Profiles\sysdflt.nsu" O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - G:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: %SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - G:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - G:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: %SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - G:\Windows\System32\lsass.exe (file missing) O23 - Service: %systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - G:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - G:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe O23 - Service: Media Center Support Service (Jasmio.MediaCenter.Service) - Unknown owner - G:\Program Files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe O23 - Service: keyiso.dll,-100 (KeyIso) - Unknown owner - G:\Windows\system32\lsass.exe (file missing) O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - G:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: comres.dll,-2797 (MSDTC) - Unknown owner - G:\Windows\System32\msdtc.exe (file missing) O23 - Service: %SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - G:\Windows\system32\lsass.exe (file missing) O23 - Service: %windir%\system32\nfsrc.dll,-5001 (NfsClnt) - Unknown owner - G:\Windows\system32\nfsclnt.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - G:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: %systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - G:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - G:\Windows\system32\locator.exe (file missing) O23 - Service: %SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - G:\Windows\system32\lsass.exe (file missing) O23 - Service: %SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - G:\Windows\System32\snmptrap.exe (file missing) O23 - Service: %systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - G:\Windows\System32\spoolsv.exe (file missing) O23 - Service: %SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - G:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - g:\program files\idt\wdm\STacSV64.exe O23 - Service: %SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - G:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: %SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - G:\Windows\system32\lsass.exe (file missing) O23 - Service: %SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - G:\Windows\System32\vds.exe (file missing) O23 - Service: %systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - G:\Windows\system32\vssvc.exe (file missing) O23 - Service: %SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - G:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: %systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - G:\Windows\system32\wbengine.exe (file missing) O23 - Service: %Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - G:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - G:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8331 bytes Anything else I need to do? And for some reason, not sure if I mentioned this or not, but running a search on Windows start menu and clicking 'see more resulsts' brings up an explorer window that should automatically search, but promptly disappears. An attempt to try again does nothing... What now?Alright I've ran SFC and now I'm officially stumped. What the Thread closed and your warning level is being increased to moderated posts. |
|
| 44. |
Solve : Toshiba Laptop....Application cannot be executed. The file *** is infected.? |
|
Answer» Sorry, I accidently closed the log out before I could copy it. Is there a way to retrieve it without running CF again?ComboFix 11-01-28.01 - dlcriss 01/28/2011 20:34:38.6.2 - x86 R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360] R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472] R4 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960] R4 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2008-02-27 594600] R4 PMObserv;PMObserv;c:\windows\system32\PMObserv.exe [2008-01-29 245907] R4 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [2009-03-11 497008] R4 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-03-11 685320] R4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976] S1 MpKsl3eddb6fc;MpKsl3eddb6fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C906E51-D88B-4053-B049-C63E1D17889B}\MpKsl3eddb6fc.sys [2011-01-28 28752] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-03-10 145936] S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736] S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [2010-01-12 33792] S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2008-04-01 52240] S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2009-12-04 230928] S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2009-12-04 36368] S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-03-10 256528] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] S3 Net6IM;Net6;c:\windows\system32\DRIVERS\net6im51.sys [2008-03-11 49008] S3 palmmdm;Palm Modem;c:\windows\system32\DRIVERS\palmmdm.sys [2006-01-30 9728] S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 13312] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-06 00:31] 2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-06 00:31] 2011-01-12 c:\windows\Tasks\Norton Security Scan for dlcriss.job - c:\program files\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2010-12-27 07:25] 2011-01-29 c:\windows\Tasks\User_Feed_Synchronization-{81085AE7-8547-4CAF-8B7B-7C7862EF7B5C}.job - c:\windows\system32\msfeedssync.exe [2008-07-29 06:33] 2011-01-28 c:\windows\Tasks\User_Feed_Synchronization-{D7F2A065-E402-48FD-AC2A-B89E2DC633E8}.job - c:\windows\system32\msfeedssync.exe [2008-07-29 06:33] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = FF - ProfilePath - c:\users\dlcriss\AppData\Roaming\Mozilla\Firefox\Profiles\vr2198ur.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 58970 FF - prefs.js: network.proxy.type - 4 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: vShare: [email PROTECTED] - %profile%\extensions\[email protected] . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-28 20:41 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] Denied: (A 2) (Everyone) ="FlashBroker" "LocalizedString"="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] ="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] Denied: (A 2) (Everyone) ="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] ="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2011-01-28 20:43:45 ComboFix-quarantined-files.txt 2011-01-29 01:43 ComboFix2.txt 2011-01-29 00:56 ComboFix3.txt 2011-01-27 00:06 ComboFix4.txt 2010-07-01 20:14 ComboFix5.txt 2011-01-29 01:33 Pre-Run: 84,811,530,240 bytes free Post-Run: 84,759,511,040 bytes free - - End Of File - - C4B96001218FC514B1539054D11060DB Quote The CF log shows two AV programs running on your computer; Microsoft Security Essentials and Trend Micro Client/Server Security Agent Antivirus. You can't have two AV programs active on your computer because they are not friendly toward one another. Please make sure that only one is activated.The log shows that you're still running two AV's . You need to de-activate/uninstall one of them. SysProt Antirootkit Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors). http://sites.google.com/site/sysprotantirootkit/ Unzip it into a folder on your desktop.
log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here. [/list]SysProt AntiRootkit v1.0.1.0 by swatkat ****************************************************************************************** ****************************************************************************************** No Hidden Processes found ****************************************************************************************** ****************************************************************************************** Kernel Modules: MODULE Name: \SystemRoot\System32\Drivers\dump_dumpata.sys Service Name: --- Module Base: 8FF2A000 Module End: 8FF35000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Service Name: --- Module Base: 8FF35000 Module End: 8FF3D000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_dumpfve.sys Service Name: --- Module Base: 8FF3D000 Module End: 8FF4E000 Hidden: Yes ****************************************************************************************** ****************************************************************************************** SSDT: Function Name: ZwCreateKey Address: 8A691FA0 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwCreateProcess Address: 8A6911E0 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwCreateProcessEx Address: 8A6914A0 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwCreateSection Address: 8A692C60 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwCreateThread Address: 8A693140 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwDeleteKey Address: 8A692520 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwDeleteValueKey Address: 8A6927E0 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwLoadDriver Address: 8A693480 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwOpenProcess Address: 8A691A20 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwOpenSection Address: 8A692E00 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwSetValueKey Address: 8A692260 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwTerminateProcess Address: 805C9620 Driver Base: 805BF000 Driver End: 805E1000 Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS Function Name: ZwWriteVirtualMemory Address: 8A692FA0 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwCreateThreadEx Address: 8A6932E0 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwCreateUserProcess Address: 8A691760 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ ****************************************************************************************** ****************************************************************************************** No Kernel Hooks found ****************************************************************************************** ****************************************************************************************** Hidden files/folders: Object: C:\Program Files\Research In Motion\BlackBerry\Transaction Manager\ComponentData\TraceLogs\ODSTRACE.XML Status: Access denied Object: C:\Program Files\Research In Motion\BlackBerry\Transaction Manager\ComponentData\TraceLogs\ODSTRACE_DSC1C9BEBAC1C9BEBA.XML Status: Access denied Object: C:\Qoobox\BackEnv\AppData.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Cache.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Cookies.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Desktop.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Favorites.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\History.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Music.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\NetHood.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Personal.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Pictures.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\PrintHood.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Profiles.Folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Programs.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Recent.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\SendTo.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\SetPath.bat Status: Access denied Object: C:\Qoobox\BackEnv\StartMenu.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\StartUp.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\SysPath.dat Status: Access denied Object: C:\Qoobox\BackEnv\Templates.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\VikPev00 Status: Access denied Object: C:\Windows\CSC\v2.0.6\namespace Status: Access denied Object: C:\Windows\CSC\v2.0.6\pq Status: Access denied Object: C:\Windows\CSC\v2.0.6\sm Status: Access denied Object: C:\Windows\CSC\v2.0.6\temp Status: Access denied Object: C:\Windows\CSC\v2.0.6 Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Microsoft-Windows-Backup.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl Status: Access denied I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET ONLINE Scanner\log.txt There were no threats found, and there was not a button "List of Found Threats". Here is the log; [email protected] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205) # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=7bd5abdcdc467d41a2266f9f80a0e7ab # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-02-01 12:43:11 # local_time=2011-01-31 07:43:11 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 78170056 78170056 0 0 # compatibility_mode=5892 16776573 100 100 18939261 133122795 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=194259 # found=0 # cleaned=0 # scan_time=5851 That looks great. If there are no other issues, it's time for some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Clean out your TEMPORARY internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * DEPENDING on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ************************************************ Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! Everything is working great! Thanks so much for your help. Quote from: 82Grad on February 02, 2011, 04:44:10 PM Everything is working great! Thanks so much for your help.That's good to hear. I will lock this thread. If you need it opened, please pm me. |
|
| 45. |
Solve : spyware and malware exe.file infected? |
|
Answer» I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and BEGIN scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a UNIQUE name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A LOG file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Have we finished with everything? i posted that last scan and haven't heard back from you . i keep getting an error message having SOMETHING to do with java. I need to see the log from the ESET scan. If it's ok, we can cleanup. |
|
| 46. |
Solve : Connection problems - here to see if I have a virus? |
|
Answer» Please download MiniToolBox to Desktop and run it.
Ran by doug (administrator) on 27-12-2012 at 17:46:22 Running from "C:\Users\doug\Desktop\virus" Windows Vista (TM) Home Premium Service Pack 2 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected) VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected) VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected) VirtualBox Host-Only Ethernet Adapter = Local Area Connection 2 (Connected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : doug-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter Physical Address. . . . . . . . . : 08-00-27-00-18-C1 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::fdf2:9873:44e2:79ea%26(Preferred) Autoconfiguration IPv4 Address. . : 169.254.121.234(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 436731943 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-88-94-B4-00-22-68-07-91-85 DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller Physical Address. . . . . . . . . : 00-22-68-07-91-85 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::25c0:5299:b507:443b%10(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, December 27, 2012 12:14:16 PM Lease Expires . . . . . . . . . . : Sunday, December 30, 2012 12:14:14 PM Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DHCPv6 IAID . . . . . . . . . . . : 234889832 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-88-94-B4-00-22-68-07-91-85 DNS Servers . . . . . . . . . . . : 192.168.2.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter VMware Network Adapter VMnet1: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1 Physical Address. . . . . . . . . : 00-50-56-C0-00-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::a5f2:6378:7c63:a62d%12(Preferred) Autoconfiguration IPv4 Address. . : 169.254.166.45(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 302010454 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-88-94-B4-00-22-68-07-91-85 DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter VMware Network Adapter VMnet8: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8 Physical Address. . . . . . . . . : 00-50-56-C0-00-08 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::bc0f:f6fe:c759:ec47%13(Preferred) Autoconfiguration IPv4 Address. . : 169.254.236.71(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 335564886 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-88-94-B4-00-22-68-07-91-85 DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{E0C456C5-FCC5-4E05-909B-EDC3DD13C4EE} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 14: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 16: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{B2205165-AD37-42F1-8540-3AD3042F4084} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 17: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{6059A36E-DB33-4713-9C8C-27A50B8D6123} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 13: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{69DE6067-93A0-4FFF-AD69-C6EE7006F35F} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: UnKnown Address: 192.168.2.1 Name: google.com Addresses: 2607:f8b0:4008:802::1002 74.125.229.232 74.125.229.233 74.125.229.238 74.125.229.224 74.125.229.225 74.125.229.226 74.125.229.227 74.125.229.228 74.125.229.229 74.125.229.230 74.125.229.231 Pinging google.com [74.125.229.238] with 32 bytes of data: Reply from 74.125.229.238: bytes=32 time=11ms TTL=55 Reply from 74.125.229.238: bytes=32 time=12ms TTL=55 Ping statistics for 74.125.229.238: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 11ms, Maximum = 12ms, Average = 11ms Server: UnKnown Address: 192.168.2.1 Name: yahoo.com Addresses: 98.138.253.109 98.139.183.24 72.30.38.140 Pinging yahoo.com [98.139.183.24] with 32 bytes of data: Reply from 98.139.183.24: bytes=32 time=784ms TTL=48 Reply from 98.139.183.24: bytes=32 time=779ms TTL=48 Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 779ms, Maximum = 784ms, Average = 781ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 26 ...08 00 27 00 18 c1 ...... VirtualBox Host-Only Ethernet Adapter 10 ...00 22 68 07 91 85 ...... Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller 12 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1 13 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8 1 ........................... Software Loopback Interface 1 11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface 27 ...00 00 00 00 00 00 00 e0 isatap.{E0C456C5-FCC5-4E05-909B-EDC3DD13C4EE} 15 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2 16 ...00 00 00 00 00 00 00 e0 isatap.{B2205165-AD37-42F1-8540-3AD3042F4084} 17 ...00 00 00 00 00 00 00 e0 isatap.{6059A36E-DB33-4713-9C8C-27A50B8D6123} 28 ...00 00 00 00 00 00 00 e0 isatap.{69DE6067-93A0-4FFF-AD69-C6EE7006F35F} =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 169.254.0.0 255.255.0.0 On-link 169.254.236.71 276 169.254.0.0 255.255.0.0 On-link 169.254.166.45 276 169.254.0.0 255.255.0.0 On-link 169.254.121.234 276 169.254.121.234 255.255.255.255 On-link 169.254.121.234 276 169.254.166.45 255.255.255.255 On-link 169.254.166.45 276 169.254.236.71 255.255.255.255 On-link 169.254.236.71 276 169.254.255.255 255.255.255.255 On-link 169.254.236.71 276 169.254.255.255 255.255.255.255 On-link 169.254.166.45 276 169.254.255.255 255.255.255.255 On-link 169.254.121.234 276 192.168.2.0 255.255.255.0 On-link 192.168.2.2 276 192.168.2.2 255.255.255.255 On-link 192.168.2.2 276 192.168.2.255 255.255.255.255 On-link 192.168.2.2 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 169.254.166.45 276 224.0.0.0 240.0.0.0 On-link 169.254.236.71 276 224.0.0.0 240.0.0.0 On-link 169.254.121.234 276 224.0.0.0 240.0.0.0 On-link 192.168.2.2 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 169.254.166.45 276 255.255.255.255 255.255.255.255 On-link 169.254.236.71 276 255.255.255.255 255.255.255.255 On-link 169.254.121.234 276 255.255.255.255 255.255.255.255 On-link 192.168.2.2 276 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 12 276 fe80::/64 On-link 13 276 fe80::/64 On-link 26 276 fe80::/64 On-link 10 276 fe80::/64 On-link 10 276 fe80::25c0:5299:b507:443b/128 On-link 12 276 fe80::a5f2:6378:7c63:a62d/128 On-link 13 276 fe80::bc0f:f6fe:c759:ec47/128 On-link 26 276 fe80::fdf2:9873:44e2:79ea/128 On-link 1 306 ff00::/8 On-link 12 276 ff00::/8 On-link 13 276 ff00::/8 On-link 26 276 ff00::/8 On-link 10 276 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Event log errors: =============================== Application errors: ================== Error: (12/27/2012 00:03:51 PM) (Source: Chrome) (User: NT AUTHORITY) Description: Chrome has encountered a fatal error. ver=23.0.1271.97;lang=;ID=;is_machine=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\b1ae483f-1876-45fb-9c1f-a10fe92f4d1a.dmp Error: (12/27/2012 10:08:41 AM) (Source: Perflib) (User: ) Description: PolicyAgent4 Error: (12/27/2012 10:08:41 AM) (Source: Perflib) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (12/27/2012 10:08:40 AM) (Source: Perflib) (User: ) Description: EmdCache4 Error: (12/26/2012 07:45:13 PM) (Source: System Restore) (User: ) Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x81000101). Error: (12/26/2012 07:42:50 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (12/26/2012 07:42:32 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (12/26/2012 07:42:32 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Error: (12/26/2012 07:42:00 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error: (12/26/2012 07:41:59 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. System errors: ============= Error: (12/27/2012 00:14:15 PM) (Source: Dhcp) (User: ) Description: The IP address lease 192.168.2.2 for the Network Card with network address 002268079185 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). Error: (12/24/2012 08:57:07 PM) (Source: Service Control Manager) (User: ) Description: Windows Modules Installer%%1053 Error: (12/24/2012 08:57:07 PM) (Source: Service Control Manager) (User: ) Description: 30000Windows Modules Installer Error: (12/24/2012 08:57:07 PM) (Source: DCOM) (User: ) Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (12/24/2012 08:51:12 PM) (Source: Service Control Manager) (User: ) Description: Beep Error: (12/24/2012 08:51:12 PM) (Source: Service Control Manager) (User: ) Description: LogMeIn Kernel Information Provider%%3 Error: (12/24/2012 08:51:12 PM) (Source: Service Control Manager) (User: ) Description: int15%%31 Error: (12/24/2012 08:51:12 PM) (Source: Service Control Manager) (User: ) Description: Intel(R) PRO/1000 NDIS 6 Adapter Driver%%1058 Error: (12/24/2012 08:48:12 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (12/24/2012 04:23:41 PM) (Source: Service Control Manager) (User: ) Description: PEVSystemStart Microsoft Office Sessions: ========================= Error: (02/17/2011 08:26:12 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7680 seconds with 720 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2012-12-18 17:27:07.621 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is SIGNED incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-18 17:27:06.190 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-18 17:26:58.125 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-18 17:26:56.799 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-18 17:26:29.499 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-18 17:26:28.220 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-18 10:25:18.018 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-18 10:25:16.457 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-18 10:19:41.643 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-18 10:19:40.052 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ========================= Memory info: =================================== Percentage of memory in use: 80% Total physical RAM: 7934.27 MB Available physical RAM: 1582.62 MB Total Pagefile: 16081.03 MB Available Pagefile: 10192.64 MB Total Virtual: 4095.88 MB Available Virtual: 3993.61 MB ========================= Partitions: ===================================== 1 Drive c: (OS) (Fixed) (Total:688.87 GB) (Free:363.09 GB) NTFS 2 Drive d: () (Fixed) (Total:111.78 GB) (Free:22.59 GB) NTFS 10 Drive l: (Old C Drive) (Fixed) (Total:232.88 GB) (Free:165.37 GB) NTFS ========================= Users: ======================================== User accounts for \\DOUG-PC __vmware_user__ Administrator doug Guest ZendUser **** End of log **** The connection looks ok.
19:29:56.0491 5172 ============================================================ 19:29:56.0491 5172 Current date / time: 2012/12/27 19:29:56.0491 19:29:56.0491 5172 SystemInfo: 19:29:56.0491 5172 19:29:56.0491 5172 OS Version: 6.0.6002 ServicePack: 2.0 19:29:56.0491 5172 Product type: Workstation 19:29:56.0491 5172 ComputerName: DOUG-PC 19:29:56.0492 5172 UserName: doug 19:29:56.0492 5172 Windows directory: C:\Windows 19:29:56.0492 5172 System windows directory: C:\Windows 19:29:56.0492 5172 Running under WOW64 19:29:56.0492 5172 Processor architecture: Intel x64 19:29:56.0492 5172 NUMBER of processors: 4 19:29:56.0492 5172 Page size: 0x1000 19:29:56.0492 5172 Boot type: Normal boot 19:29:56.0492 5172 ============================================================ 19:29:58.0703 5172 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:30:03.0797 5172 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:30:07.0937 5172 Drive \Device\Harddisk2\DR2 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:30:08.0101 5172 ============================================================ 19:30:08.0101 5172 \Device\Harddisk0\DR0: 19:30:08.0101 5172 MBR partitions: 19:30:08.0101 5172 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x561BC800 19:30:08.0101 5172 \Device\Harddisk1\DR1: 19:30:08.0103 5172 MBR partitions: 19:30:08.0103 5172 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800 19:30:08.0103 5172 \Device\Harddisk2\DR2: 19:30:08.0103 5172 MBR partitions: 19:30:08.0103 5172 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1 19:30:08.0103 5172 ============================================================ 19:30:08.0104 5172 C: <-> \Device\Harddisk0\DR0\Partition1 19:30:08.0167 5172 D: <-> \Device\Harddisk2\DR2\Partition1 19:30:08.0221 5172 L: <-> \Device\Harddisk1\DR1\Partition1 19:30:08.0221 5172 ============================================================ 19:30:08.0221 5172 Initialize success 19:30:08.0221 5172 ============================================================ 19:30:22.0169 0736 ============================================================ 19:30:22.0169 0736 Scan started 19:30:22.0169 0736 Mode: Manual; 19:30:22.0169 0736 ============================================================ 19:30:22.0543 0736 ================ Scan system memory ======================== 19:30:22.0543 0736 System memory - ok 19:30:22.0544 0736 ================ Scan services ============================= 19:30:22.0734 0736 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys 19:30:22.0740 0736 ACPI - ok 19:30:22.0797 0736 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys 19:30:22.0799 0736 adfs - ok 19:30:22.0935 0736 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe 19:30:22.0939 0736 AdobeActiveFileMonitor7.0 - ok 19:30:23.0077 0736 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:30:23.0079 0736 AdobeARMservice - ok 19:30:23.0229 0736 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 19:30:23.0234 0736 AdobeFlashPlayerUpdateSvc - ok 19:30:23.0279 0736 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 19:30:23.0288 0736 adp94xx - ok 19:30:23.0310 0736 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys 19:30:23.0317 0736 adpahci - ok 19:30:23.0326 0736 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 19:30:23.0329 0736 adpu160m - ok 19:30:23.0344 0736 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 19:30:23.0348 0736 adpu320 - ok 19:30:23.0405 0736 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:30:23.0406 0736 AeLookupSvc - ok 19:30:23.0471 0736 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys 19:30:23.0478 0736 AFD - ok 19:30:23.0525 0736 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys 19:30:23.0527 0736 agp440 - ok 19:30:23.0577 0736 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 19:30:23.0580 0736 aic78xx - ok 19:30:23.0609 0736 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe 19:30:23.0612 0736 ALG - ok 19:30:23.0645 0736 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys 19:30:23.0646 0736 aliide - ok 19:30:23.0702 0736 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 19:30:23.0707 0736 AMD External Events Utility - ok 19:30:23.0868 0736 AMD FUEL Service - ok 19:30:23.0896 0736 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys 19:30:23.0898 0736 amdide - ok 19:30:23.0948 0736 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys 19:30:23.0950 0736 amdiox64 - ok 19:30:23.0960 0736 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 19:30:23.0963 0736 AmdK8 - ok 19:30:24.0183 0736 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 19:30:24.0321 0736 amdkmdag - ok 19:30:24.0347 0736 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 19:30:24.0353 0736 amdkmdap - ok 19:30:24.0398 0736 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 19:30:24.0400 0736 AODDriver4.1 - ok 19:30:24.0446 0736 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll 19:30:24.0448 0736 Appinfo - ok 19:30:24.0525 0736 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 19:30:24.0527 0736 Apple Mobile Device - ok 19:30:24.0572 0736 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys 19:30:24.0574 0736 arc - ok 19:30:24.0602 0736 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys 19:30:24.0604 0736 arcsas - ok 19:30:24.0655 0736 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:30:24.0656 0736 AsyncMac - ok 19:30:24.0692 0736 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys 19:30:24.0693 0736 atapi - ok 19:30:24.0834 0736 [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 19:30:24.0909 0736 atikmdag - ok 19:30:24.0966 0736 [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys 19:30:24.0967 0736 AtiPcie - ok 19:30:25.0018 0736 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:30:25.0026 0736 AudioEndpointBuilder - ok 19:30:25.0037 0736 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll 19:30:25.0042 0736 AudioSrv - ok 19:30:25.0106 0736 [ 5E76DEBBA4311AC1C44DE83D59A9584E ] AVer88xHD C:\Windows\system32\drivers\AVer88xHD64.sys 19:30:25.0114 0736 AVer88xHD - ok 19:30:25.0243 0736 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 19:30:25.0247 0736 BBSvc - ok 19:30:25.0299 0736 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 19:30:25.0304 0736 BBUpdate - ok 19:30:25.0328 0736 Beep - ok 19:30:25.0387 0736 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll 19:30:25.0394 0736 BFE - ok 19:30:25.0447 0736 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll 19:30:25.0466 0736 BITS - ok 19:30:25.0495 0736 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 19:30:25.0497 0736 blbdrive - ok 19:30:25.0549 0736 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 19:30:25.0558 0736 Bonjour Service - ok 19:30:25.0602 0736 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:30:25.0605 0736 bowser - ok 19:30:25.0664 0736 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 19:30:25.0665 0736 BrFiltLo - ok 19:30:25.0712 0736 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 19:30:25.0714 0736 BrFiltUp - ok 19:30:25.0927 0736 [ A61D617F37456D9D32F98BF70EB5D414 ] BrlAPI C:\cygwin\bin\cygrunsrv.exe 19:30:26.0057 0736 BrlAPI - ok 19:30:26.0097 0736 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll 19:30:26.0099 0736 Browser - ok 19:30:26.0144 0736 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys 19:30:26.0147 0736 Brserid - ok 19:30:26.0156 0736 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 19:30:26.0159 0736 BrSerWdm - ok 19:30:26.0176 0736 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 19:30:26.0178 0736 BrUsbMdm - ok 19:30:26.0197 0736 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 19:30:26.0199 0736 BrUsbSer - ok 19:30:26.0209 0736 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 19:30:26.0211 0736 BTHMODEM - ok 19:30:26.0273 0736 [ 551BE1536B27DC056EA4D48275EFB089 ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys 19:30:26.0280 0736 CAXHWBS2 - ok 19:30:26.0299 0736 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:30:26.0301 0736 cdfs - ok 19:30:26.0329 0736 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:30:26.0331 0736 cdrom - ok 19:30:26.0364 0736 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll 19:30:26.0366 0736 CertPropSvc - ok 19:30:26.0397 0736 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 19:30:26.0399 0736 circlass - ok 19:30:26.0446 0736 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys 19:30:26.0454 0736 CLFS - ok 19:30:26.0555 0736 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:30:26.0558 0736 clr_optimization_v2.0.50727_32 - ok 19:30:26.0649 0736 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:30:26.0651 0736 clr_optimization_v2.0.50727_64 - ok 19:30:26.0762 0736 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:30:26.0765 0736 clr_optimization_v4.0.30319_32 - ok 19:30:26.0841 0736 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:30:26.0845 0736 clr_optimization_v4.0.30319_64 - ok 19:30:26.0885 0736 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:30:26.0887 0736 cmdide - ok 19:30:26.0904 0736 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 19:30:26.0906 0736 Compbatt - ok 19:30:26.0916 0736 COMSysApp - ok 19:30:26.0970 0736 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys 19:30:26.0972 0736 cpuz135 - ok 19:30:26.0993 0736 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 19:30:26.0996 0736 crcdisk - ok 19:30:27.0038 0736 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:30:27.0042 0736 CryptSvc - ok 19:30:27.0185 0736 [ A61D617F37456D9D32F98BF70EB5D414 ] cygserver C:\cygwin\bin\cygrunsrv.exe 19:30:27.0187 0736 cygserver - ok 19:30:27.0272 0736 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll 19:30:27.0295 0736 DcomLaunch - ok 19:30:27.0334 0736 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:30:27.0337 0736 DfsC - ok 19:30:27.0596 0736 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe 19:30:27.0647 0736 DFSR - ok 19:30:27.0710 0736 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 19:30:27.0713 0736 Dhcp - ok 19:30:27.0764 0736 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys 19:30:27.0766 0736 disk - ok 19:30:27.0853 0736 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:30:27.0856 0736 Dnscache - ok 19:30:27.0913 0736 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll 19:30:27.0918 0736 dot3svc - ok 19:30:27.0961 0736 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll 19:30:27.0965 0736 DPS - ok 19:30:28.0031 0736 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:30:28.0032 0736 drmkaud - ok 19:30:28.0106 0736 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:30:28.0119 0736 DXGKrnl - ok 19:30:28.0151 0736 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 19:30:28.0155 0736 E1G60 - ok 19:30:28.0174 0736 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll 19:30:28.0176 0736 EapHost - ok 19:30:28.0234 0736 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys 19:30:28.0238 0736 Ecache - ok 19:30:28.0384 0736 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe 19:30:28.0397 0736 ehRecvr - ok 19:30:28.0421 0736 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe 19:30:28.0424 0736 ehSched - ok 19:30:28.0463 0736 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll 19:30:28.0465 0736 ehstart - ok 19:30:28.0501 0736 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys 19:30:28.0508 0736 elxstor - ok 19:30:28.0620 0736 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll 19:30:28.0628 0736 EMDMgmt - ok 19:30:28.0679 0736 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:30:28.0681 0736 ErrDev - ok 19:30:28.0808 0736 [ 4D06D9A26227AC485305133916888DF1 ] ETService C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe 19:30:28.0809 0736 ETService - ok 19:30:28.0951 0736 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll 19:30:28.0987 0736 EventSystem - ok 19:30:29.0012 0736 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys 19:30:29.0016 0736 exfat - ok 19:30:29.0064 0736 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:30:29.0085 0736 fastfat - ok 19:30:29.0132 0736 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 19:30:29.0133 0736 fdc - ok 19:30:29.0171 0736 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll 19:30:29.0173 0736 fdPHost - ok 19:30:29.0187 0736 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll 19:30:29.0190 0736 FDResPub - ok 19:30:29.0206 0736 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:30:29.0208 0736 FileInfo - ok 19:30:29.0216 0736 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:30:29.0218 0736 Filetrace - ok 19:30:29.0391 0736 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 19:30:29.0402 0736 FLEXnet Licensing Service - ok 19:30:29.0429 0736 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 19:30:29.0430 0736 flpydisk - ok 19:30:29.0488 0736 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:30:29.0494 0736 FltMgr - ok 19:30:29.0578 0736 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll 19:30:29.0596 0736 FontCache - ok 19:30:29.0693 0736 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:30:29.0695 0736 FontCache3.0.0.0 - ok 19:30:29.0732 0736 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:30:29.0734 0736 Fs_Rec - ok 19:30:29.0768 0736 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 19:30:29.0771 0736 gagp30kx - ok 19:30:29.0843 0736 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:30:29.0845 0736 GEARAspiWDM - ok 19:30:29.0892 0736 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll 19:30:29.0904 0736 gpsvc - ok 19:30:29.0994 0736 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9619c54e0d3d C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:30:29.0996 0736 gupdate1c9619c54e0d3d - ok 19:30:30.0005 0736 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:30:30.0007 0736 gupdatem - ok 19:30:30.0049 0736 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 19:30:30.0052 0736 gusvc - ok 19:30:30.0100 0736 [ 8895D459BF7A26445ACD8512CBAE1679 ] hcmon C:\Windows\system32\drivers\hcmon.sys 19:30:30.0102 0736 hcmon - ok 19:30:30.0180 0736 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:30:30.0186 0736 HdAudAddService - ok 19:30:30.0263 0736 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 19:30:30.0279 0736 HDAudBus - ok 19:30:30.0315 0736 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys 19:30:30.0340 0736 HidBth - ok 19:30:30.0361 0736 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 19:30:30.0364 0736 HidIr - ok 19:30:30.0424 0736 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll 19:30:30.0426 0736 hidserv - ok 19:30:30.0467 0736 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 19:30:30.0468 0736 HidUsb - ok 19:30:30.0494 0736 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll 19:30:30.0497 0736 hkmsvc - ok 19:30:30.0536 0736 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 19:30:30.0538 0736 HpCISSs - ok 19:30:30.0613 0736 [ 9C369CBC5F19DA9968223197B5205F68 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys 19:30:30.0636 0736 HSF_DPV - ok 19:30:30.0684 0736 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:30:30.0694 0736 HTTP - ok 19:30:30.0705 0736 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys 19:30:30.0707 0736 i2omp - ok 19:30:30.0745 0736 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 19:30:30.0747 0736 i8042prt - ok 19:30:30.0779 0736 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 19:30:30.0785 0736 iaStorV - ok 19:30:30.0961 0736 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:30:30.0975 0736 idsvc - ok 19:30:30.0984 0736 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys 19:30:30.0987 0736 iirsp - ok 19:30:31.0043 0736 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll 19:30:31.0052 0736 IKEEXT - ok 19:30:31.0132 0736 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys 19:30:31.0134 0736 int15 - ok 19:30:31.0142 0736 IntcAzAudAddService - ok 19:30:31.0152 0736 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys 19:30:31.0154 0736 intelide - ok 19:30:31.0162 0736 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 19:30:31.0164 0736 intelppm - ok 19:30:31.0190 0736 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:30:31.0209 0736 IPBusEnum - ok 19:30:31.0258 0736 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:30:31.0284 0736 IpFilterDriver - ok 19:30:31.0334 0736 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:30:31.0339 0736 iphlpsvc - ok 19:30:31.0347 0736 IpInIp - ok 19:30:31.0403 0736 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 19:30:31.0405 0736 IPMIDRV - ok 19:30:31.0419 0736 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 19:30:31.0421 0736 IPNAT - ok 19:30:31.0590 0736 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 19:30:31.0601 0736 iPod Service - ok 19:30:31.0609 0736 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:30:31.0610 0736 IRENUM - ok 19:30:31.0633 0736 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:30:31.0635 0736 isapnp - ok 19:30:31.0712 0736 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 19:30:31.0716 0736 iScsiPrt - ok 19:30:31.0725 0736 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 19:30:31.0727 0736 iteatapi - ok 19:30:31.0735 0736 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys 19:30:31.0737 0736 iteraid - ok 19:30:31.0761 0736 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 19:30:31.0763 0736 kbdclass - ok 19:30:31.0803 0736 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 19:30:31.0805 0736 kbdhid - ok 19:30:31.0844 0736 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe 19:30:31.0846 0736 KeyIso - ok 19:30:31.0922 0736 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:30:31.0939 0736 KSecDD - ok 19:30:32.0026 0736 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 19:30:32.0027 0736 ksthunk - ok 19:30:32.0085 0736 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll 19:30:32.0093 0736 KtmRm - ok 19:30:32.0138 0736 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll 19:30:32.0143 0736 LanmanServer - ok 19:30:32.0172 0736 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:30:32.0178 0736 LanmanWorkstation - ok 19:30:32.0228 0736 [ 3C46290F7A5D45BA6EF32C248E22AA69 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys 19:30:32.0230 0736 Lbd - ok 19:30:32.0252 0736 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:30:32.0254 0736 lltdio - ok 19:30:32.0277 0736 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:30:32.0283 0736 lltdsvc - ok 19:30:32.0297 0736 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll 19:30:32.0299 0736 lmhosts - ok 19:30:32.0305 0736 LMIInfo - ok 19:30:32.0357 0736 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys 19:30:32.0359 0736 lmimirr - ok 19:30:32.0382 0736 LMIRfsClientNP - ok 19:30:32.0406 0736 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys 19:30:32.0409 0736 LMIRfsDriver - ok 19:30:32.0449 0736 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 19:30:32.0453 0736 LSI_FC - ok 19:30:32.0466 0736 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 19:30:32.0469 0736 LSI_SAS - ok 19:30:32.0478 0736 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 19:30:32.0482 0736 LSI_SCSI - ok 19:30:32.0515 0736 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys 19:30:32.0517 0736 luafv - ok 19:30:32.0678 0736 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys 19:30:32.0772 0736 LVUVC64 - ok 19:30:32.0859 0736 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 19:30:32.0860 0736 MBAMProtector - ok 19:30:32.0900 0736 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 19:30:32.0907 0736 MBAMScheduler - ok 19:30:32.0944 0736 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 19:30:32.0956 0736 MBAMService - ok 19:30:33.0016 0736 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys 19:30:33.0070 0736 mcdbus - ok 19:30:33.0113 0736 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 19:30:33.0116 0736 Mcx2Svc - ok 19:30:33.0141 0736 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 19:30:33.0143 0736 mdmxsdk - ok 19:30:33.0167 0736 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys 19:30:33.0169 0736 megasas - ok 19:30:33.0206 0736 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys 19:30:33.0214 0736 MegaSR - ok 19:30:33.0295 0736 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 19:30:33.0298 0736 Microsoft Office Groove Audit Service - ok 19:30:33.0315 0736 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll 19:30:33.0317 0736 MMCSS - ok 19:30:33.0332 0736 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys 19:30:33.0334 0736 Modem - ok 19:30:33.0364 0736 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:30:33.0365 0736 monitor - ok 19:30:33.0381 0736 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 19:30:33.0384 0736 mouclass - ok 19:30:33.0399 0736 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:30:33.0400 0736 mouhid - ok 19:30:33.0415 0736 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 19:30:33.0418 0736 MountMgr - ok 19:30:33.0462 0736 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 19:30:33.0465 0736 MozillaMaintenance - ok 19:30:33.0528 0736 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 19:30:33.0532 0736 MpFilter - ok 19:30:33.0563 0736 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys 19:30:33.0567 0736 mpio - ok 19:30:33.0594 0736 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:30:33.0597 0736 mpsdrv - ok 19:30:33.0643 0736 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll 19:30:33.0653 0736 MpsSvc - ok 19:30:33.0663 0736 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 19:30:33.0666 0736 Mraid35x - ok 19:30:33.0699 0736 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:30:33.0702 0736 MRxDAV - ok 19:30:33.0757 0736 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:30:33.0760 0736 mrxsmb - ok 19:30:33.0813 0736 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:30:33.0818 0736 mrxsmb10 - ok 19:30:33.0874 0736 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:30:33.0876 0736 mrxsmb20 - ok 19:30:33.0897 0736 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys 19:30:33.0899 0736 msahci - ok 19:30:33.0907 0736 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:30:33.0910 0736 msdsm - ok 19:30:33.0939 0736 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe 19:30:33.0943 0736 MSDTC - ok 19:30:33.0964 0736 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:30:33.0965 0736 Msfs - ok 19:30:34.0001 0736 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:30:34.0002 0736 msisadrv - ok 19:30:34.0024 0736 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:30:34.0028 0736 MSiSCSI - ok 19:30:34.0035 0736 msiserver - ok 19:30:34.0075 0736 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:30:34.0076 0736 MSKSSRV - ok 19:30:34.0126 0736 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 19:30:34.0128 0736 MsMpSvc - ok 19:30:34.0147 0736 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:30:34.0149 0736 MSPCLOCK - ok 19:30:34.0160 0736 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:30:34.0162 0736 MSPQM - ok 19:30:34.0194 0736 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:30:34.0201 0736 MsRPC - ok 19:30:34.0238 0736 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 19:30:34.0239 0736 mssmbios - ok 19:30:34.0329 0736 MSSQL$SQLEXPRESS - ok 19:30:34.0447 0736 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 19:30:34.0449 0736 MSSQLServerADHelper100 - ok 19:30:34.0467 0736 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:30:34.0470 0736 MSTEE - ok 19:30:34.0741 0736 [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe 19:30:34.0815 0736 msvsmon90 - ok 19:30:34.0862 0736 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys 19:30:34.0865 0736 Mup - ok 19:30:34.0923 0736 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll 19:30:34.0931 0736 napagent - ok 19:30:34.0982 0736 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:30:34.0986 0736 NativeWifiP - ok 19:30:35.0055 0736 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:30:35.0067 0736 NDIS - ok 19:30:35.0107 0736 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:30:35.0108 0736 NdisTapi - ok 19:30:35.0120 0736 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:30:35.0121 0736 Ndisuio - ok 19:30:35.0171 0736 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:30:35.0175 0736 NdisWan - ok 19:30:35.0210 0736 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:30:35.0212 0736 NDProxy - ok 19:30:35.0230 0736 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:30:35.0232 0736 NetBIOS - ok 19:30:35.0269 0736 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 19:30:35.0274 0736 netbt - ok 19:30:35.0302 0736 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe 19:30:35.0303 0736 Netlogon - ok 19:30:35.0342 0736 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll 19:30:35.0349 0736 Netman - ok 19:30:35.0365 0736 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll 19:30:35.0372 0736 netprofm - ok 19:30:35.0403 0736 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:30:35.0405 0736 NetTcpPortSharing - ok 19:30:35.0423 0736 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 19:30:35.0426 0736 nfrd960 - ok 19:30:35.0479 0736 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 19:30:35.0482 0736 NisDrv - ok 19:30:35.0539 0736 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 19:30:35.0546 0736 NisSrv - ok 19:30:35.0569 0736 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll 19:30:35.0574 0736 NlaSvc - ok 19:30:35.0614 0736 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:30:35.0616 0736 Npfs - ok 19:30:35.0647 0736 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll 19:30:35.0650 0736 nsi - ok 19:30:35.0660 0736 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:30:35.0662 0736 nsiproxy - ok 19:30:35.0734 0736 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:30:35.0758 0736 Ntfs - ok 19:30:35.0797 0736 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys 19:30:35.0798 0736 Null - ok 19:30:35.0850 0736 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:30:35.0853 0736 nvraid - ok 19:30:35.0861 0736 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:30:35.0864 0736 nvstor - ok 19:30:35.0873 0736 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:30:35.0877 0736 nv_agp - ok 19:30:35.0886 0736 NwlnkFlt - ok 19:30:35.0896 0736 NwlnkFwd - ok 19:30:35.0979 0736 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 19:30:35.0987 0736 odserv - ok 19:30:36.0034 0736 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 19:30:36.0036 0736 ohci1394 - ok 19:30:36.0088 0736 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:30:36.0091 0736 ose - ok 19:30:36.0150 0736 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll 19:30:36.0163 0736 p2pimsvc - ok 19:30:36.0180 0736 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll 19:30:36.0187 0736 p2psvc - ok 19:30:36.0234 0736 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys 19:30:36.0237 0736 Parport - ok 19:30:36.0276 0736 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:30:36.0279 0736 partmgr - ok 19:30:36.0353 0736 [ 55223EEFABFDB84A926515FEBAB50D9A ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys 19:30:36.0355 0736 pbfilter - ok 19:30:36.0388 0736 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll 19:30:36.0391 0736 PcaSvc - ok 19:30:36.0426 0736 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys 19:30:36.0430 0736 pci - ok 19:30:36.0483 0736 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys 19:30:36.0484 0736 pciide - ok 19:30:36.0511 0736 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 19:30:36.0516 0736 pcmcia - ok 19:30:36.0554 0736 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:30:36.0566 0736 PEAUTH - ok 19:30:36.0599 0736 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe 19:30:36.0602 0736 PerfHost - ok 19:30:36.0670 0736 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll 19:30:36.0692 0736 pla - ok 19:30:36.0743 0736 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:30:36.0750 0736 PlugPlay - ok 19:30:36.0769 0736 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 19:30:36.0777 0736 PNRPAutoReg - ok 19:30:36.0796 0736 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll 19:30:36.0805 0736 PNRPsvc - ok 19:30:36.0858 0736 [ A6D06378F37BDBA0C0019294C2AABBD0 ] Point64 C:\Windows\system32\DRIVERS\point64k.sys 19:30:36.0860 0736 Point64 - ok 19:30:36.0914 0736 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:30:36.0924 0736 PolicyAgent - ok 19:30:36.0978 0736 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:30:36.0981 0736 PptpMiniport - ok 19:30:37.0013 0736 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys 19:30:37.0014 0736 Processor - ok 19:30:37.0047 0736 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll 19:30:37.0052 0736 ProfSvc - ok 19:30:37.0076 0736 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe 19:30:37.0078 0736 ProtectedStorage - ok 19:30:37.0114 0736 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 19:30:37.0117 0736 PSched - ok 19:30:37.0145 0736 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 19:30:37.0147 0736 PxHlpa64 - ok 19:30:37.0197 0736 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys 19:30:37.0216 0736 ql2300 - ok 19:30:37.0227 0736 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 19:30:37.0230 0736 ql40xx - ok 19:30:37.0272 0736 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll 19:30:37.0279 0736 QWAVE - ok 19:30:37.0303 0736 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:30:37.0304 0736 QWAVEdrv - ok 19:30:37.0322 0736 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:30:37.0323 0736 RasAcd - ok 19:30:37.0359 0736 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll 19:30:37.0362 0736 RasAuto - ok 19:30:37.0395 0736 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:30:37.0399 0736 Rasl2tp - ok 19:30:37.0424 0736 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll 19:30:37.0431 0736 RasMan - ok 19:30:37.0480 0736 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:30:37.0482 0736 RasPppoe - ok 19:30:37.0526 0736 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:30:37.0529 0736 RasSstp - ok 19:30:37.0568 0736 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:30:37.0574 0736 rdbss - ok 19:30:37.0605 0736 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:30:37.0606 0736 RDPCDD - ok 19:30:37.0643 0736 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 19:30:37.0649 0736 rdpdr - ok 19:30:37.0656 0736 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:30:37.0657 0736 RDPENCDD - ok 19:30:37.0709 0736 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:30:37.0714 0736 RDPWD - ok 19:30:37.0733 0736 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll 19:30:37.0737 0736 RemoteAccess - ok 19:30:37.0765 0736 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:30:37.0770 0736 RemoteRegistry - ok 19:30:37.0827 0736 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe 19:30:37.0829 0736 RpcLocator - ok 19:30:37.0877 0736 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll 19:30:37.0886 0736 RpcSs - ok 19:30:37.0908 0736 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:30:37.0911 0736 rspndr - ok 19:30:37.0943 0736 RSUSBSTOR - ok 19:30:37.0989 0736 [ F8DA8FC39CE5859C0D8C0FE6524CE465 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys 19:30:37.0993 0736 RTHDMIAzAudService - ok 19:30:38.0002 0736 Rts516xIR - ok 19:30:38.0026 0736 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe 19:30:38.0028 0736 SamSs - ok 19:30:38.0060 0736 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:30:38.0063 0736 sbp2port - ok 19:30:38.0107 0736 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:30:38.0112 0736 SCardSvr - ok 19:30:38.0173 0736 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll 19:30:38.0187 0736 Schedule - ok 19:30:38.0228 0736 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll 19:30:38.0229 0736 SCPolicySvc - ok 19:30:38.0256 0736 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:30:38.0260 0736 SDRSVC - ok 19:30:38.0275 0736 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:30:38.0277 0736 secdrv - ok 19:30:38.0288 0736 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll 19:30:38.0291 0736 seclogon - ok 19:30:38.0303 0736 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll 19:30:38.0306 0736 SENS - ok 19:30:38.0321 0736 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 19:30:38.0322 0736 Serenum - ok 19:30:38.0336 0736 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys 19:30:38.0339 0736 Serial - ok 19:30:38.0371 0736 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys 19:30:38.0373 0736 sermouse - ok 19:30:38.0415 0736 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll 19:30:38.0418 0736 SessionEnv - ok 19:30:38.0427 0736 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:30:38.0429 0736 sffdisk - ok 19:30:38.0438 0736 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:30:38.0440 0736 sffp_mmc - ok 19:30:38.0449 0736 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:30:38.0450 0736 sffp_sd - ok 19:30:38.0458 0736 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 19:30:38.0460 0736 sfloppy - ok 19:30:38.0497 0736 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:30:38.0504 0736 SharedAccess - ok 19:30:38.0561 0736 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:30:38.0568 0736 ShellHWDetection - ok 19:30:38.0576 0736 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 19:30:38.0579 0736 SiSRaid2 - ok 19:30:38.0604 0736 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 19:30:38.0607 0736 SiSRaid4 - ok 19:30:38.0660 0736 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 19:30:38.0663 0736 SkypeUpdate - ok 19:30:38.0769 0736 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe 19:30:38.0808 0736 slsvc - ok 19:30:38.0857 0736 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll 19:30:38.0861 0736 SLUINotify - ok 19:30:38.0910 0736 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:30:38.0913 0736 Smb - ok 19:30:38.0947 0736 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:30:38.0950 0736 SNMPTRAP - ok 19:30:38.0997 0736 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys 19:30:38.0999 0736 spldr - ok 19:30:39.0051 0736 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe 19:30:39.0058 0736 Spooler - ok 19:30:39.0150 0736 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys 19:30:39.0150 0736 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB 19:30:39.0154 0736 sptd ( LockedFile.Multi.Generic ) - warning 19:30:39.0154 0736 sptd - detected LockedFile.Multi.Generic (1) 19:30:39.0192 0736 [ EB2FD937449B7ACEB39372F875EB8E78 ] SQLAgent$SQLEXPRESS c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE 19:30:39.0199 0736 SQLAgent$SQLEXPRESS - ok 19:30:39.0279 0736 [ 99DE6ACFA5CA83FAD6A765C81C6F129F ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 19:30:39.0284 0736 SQLBrowser - ok 19:30:39.0355 0736 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 19:30:39.0358 0736 SQLWriter - ok 19:30:39.0407 0736 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys 19:30:39.0416 0736 srv - ok 19:30:39.0461 0736 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:30:39.0465 0736 srv2 - ok 19:30:39.0490 0736 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:30:39.0493 0736 srvnet - ok 19:30:39.0543 0736 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:30:39.0548 0736 SSDPSRV - ok 19:30:39.0564 0736 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:30:39.0569 0736 SstpSvc - ok 19:30:39.0617 0736 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll 19:30:39.0628 0736 stisvc - ok 19:30:39.0657 0736 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys 19:30:39.0659 0736 swenum - ok 19:30:39.0754 0736 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 19:30:39.0763 0736 SwitchBoard - ok 19:30:39.0856 0736 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll 19:30:39.0865 0736 swprv - ok 19:30:39.0884 0736 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 19:30:39.0886 0736 Symc8xx - ok 19:30:39.0894 0736 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 19:30:39.0896 0736 Sym_hi - ok 19:30:39.0905 0736 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 19:30:39.0907 0736 Sym_u3 - ok 19:30:39.0960 0736 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll 19:30:39.0975 0736 SysMain - ok 19:30:39.0997 0736 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:30:40.0001 0736 TabletInputService - ok 19:30:40.0054 0736 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll 19:30:40.0061 0736 TapiSrv - ok 19:30:40.0088 0736 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll 19:30:40.0091 0736 TBS - ok 19:30:40.0166 0736 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:30:40.0189 0736 Tcpip - ok 19:30:40.0217 0736 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 19:30:40.0229 0736 Tcpip6 - ok 19:30:40.0260 0736 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:30:40.0262 0736 tcpipreg - ok 19:30:40.0291 0736 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:30:40.0292 0736 TDPIPE - ok 19:30:40.0301 0736 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:30:40.0303 0736 TDTCP - ok 19:30:40.0333 0736 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:30:40.0336 0736 tdx - ok 19:30:40.0367 0736 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 19:30:40.0369 0736 TermDD - ok 19:30:40.0419 0736 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll 19:30:40.0429 0736 TermService - ok 19:30:40.0461 0736 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll 19:30:40.0465 0736 Themes - ok 19:30:40.0505 0736 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll 19:30:40.0507 0736 THREADORDER - ok 19:30:That does not appear to be the complete TDSSKiller log. Could you please run it again and just post the bottom 10 lines of the log?14:04:57.0761 4580 ================ Scan global =============================== 14:04:57.0793 4580 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll 14:04:57.0834 4580 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 14:04:57.0851 4580 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 14:04:57.0897 4580 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe 14:04:57.0902 4580 [Global] - ok 14:04:57.0903 4580 ================ Scan MBR ================================== 14:04:57.0921 4580 [ B751AF1ACDDD7A1A71313731839F4ECB ] \Device\Harddisk0\DR0 14:05:00.0571 4580 \Device\Harddisk0\DR0 - ok 14:05:00.0586 4580 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1 14:05:00.0590 4580 \Device\Harddisk1\DR1 - ok 14:05:00.0596 4580 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2 14:05:00.0895 4580 \Device\Harddisk2\DR2 - ok 14:05:00.0896 4580 ================ Scan VBR ================================== 14:05:00.0901 4580 [ AB2522FC70605093AF8A9F7397AFBB75 ] \Device\Harddisk0\DR0\Partition1 14:05:00.0902 4580 \Device\Harddisk0\DR0\Partition1 - ok 14:05:00.0911 4580 [ F5BE331CDEDDC5FE4288744E7456CB28 ] \Device\Harddisk1\DR1\Partition1 14:05:00.0913 4580 \Device\Harddisk1\DR1\Partition1 - ok 14:05:00.0920 4580 [ 27693C0DC8219674FFDA01A04EF5AF78 ] \Device\Harddisk2\DR2\Partition1 14:05:00.0922 4580 \Device\Harddisk2\DR2\Partition1 - ok 14:05:00.0924 4580 ============================================================ 14:05:00.0925 4580 Scan finished 14:05:00.0925 4580 ============================================================ 14:05:00.0949 5484 Detected object count: 1 14:05:00.0949 5484 Actual detected object count: 1 14:05:21.0270 5484 sptd ( LockedFile.Multi.Generic ) - skipped by user 14:05:21.0270 5484 sptd ( LockedFile.Multi.Generic ) - User select action: Skip Please run TDSSKiller again and, this time, You need to choose action Cure Cure is not one of the options. I assume you mean Delete. See attached. [year+ old attachment deleted by admin] Quote from: zulubanshee on December 28, 2012, 05:37:59 PM Cure is not one of the options. I assume you mean Delete. See attached.Sorry, please use "delete".Machine was rebooted. I can't believe this is such a problem. Thanks very much for spending so much time on it. 18:17:23.0309 3720 ================ Scan global =============================== 18:17:23.0387 3720 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll 18:17:23.0574 3720 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 18:17:23.0652 3720 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 18:17:23.0870 3720 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe 18:17:23.0870 3720 [Global] - ok 18:17:23.0870 3720 ================ Scan MBR ================================== 18:17:23.0948 3720 [ B751AF1ACDDD7A1A71313731839F4ECB ] \Device\Harddisk0\DR0 18:17:26.0805 3720 \Device\Harddisk0\DR0 - ok 18:17:26.0884 3720 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1 18:17:26.0894 3720 \Device\Harddisk1\DR1 - ok 18:17:26.0907 3720 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2 18:17:27.0263 3720 \Device\Harddisk2\DR2 - ok 18:17:27.0264 3720 ================ Scan VBR ================================== 18:17:27.0298 3720 [ AB2522FC70605093AF8A9F7397AFBB75 ] \Device\Harddisk0\DR0\Partition1 18:17:27.0299 3720 \Device\Harddisk0\DR0\Partition1 - ok 18:17:27.0306 3720 [ F5BE331CDEDDC5FE4288744E7456CB28 ] \Device\Harddisk1\DR1\Partition1 18:17:27.0309 3720 \Device\Harddisk1\DR1\Partition1 - ok 18:17:27.0327 3720 [ 27693C0DC8219674FFDA01A04EF5AF78 ] \Device\Harddisk2\DR2\Partition1 18:17:27.0329 3720 \Device\Harddisk2\DR2\Partition1 - ok 18:17:27.0357 3720 ============================================================ 18:17:27.0357 3720 Scan finished 18:17:27.0357 3720 ============================================================ 18:17:27.0467 4396 Detected object count: 1 18:17:27.0467 4396 Actual detected object count: 1 18:17:32.0013 4396 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine 18:17:32.0132 4396 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot 18:17:32.0166 4396 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted on reboot 18:17:32.0953 4396 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot 18:17:32.0953 4396 sptd ( LockedFile.Multi.Generic ) - User select action: Delete Any change?Well like i said above, it's definitely better than it was, but still at least 25% of pages have problems loading. I'm starting to think that I might have to REFORMAT. Quote from: zulubanshee on December 30, 2012, 11:22:42 AM Well like i said above, it's definitely better than it was, but still at least 25% of pages have problems loading. I'm starting to think that I might have to reformat.That would be your best option which will give you virtually a new computer. Well thanks for your help dude. You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 47. |
Solve : Viruses that Won't Go Away? |
|
Answer» The first time I ran RogueKiller it said "Zero Access", and I realized I forgot to run it as an administrator. Here is the log from me RUNNING it as an Administrator:
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\69474096-2b932c23 multiple threats unable to clean C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\69474096-2b932c23 multiple threats deleted - quarantined Ok. If there are no other issues, we can do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ************************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in SPYBOT - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!Thanks so much for all your help! I really appreciate it!!!You're welcome. I will lock this thread. If you need it re-opened, please SEND me a pm. |
|
| 48. |
Solve : outlook express on windows xp worm/virus threat? |
|
Answer» Quote I've spoken to their helpline and they've said it's a known problem and all I need to do is change my security question name and leave it for about 24 hours. I have to say I'm dubious but if you agree I'll wait. Otherwise, have you any other insights?If it's Yahoo's problem, there's no much more I can do. We should do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the WORD ComboFix and the forward-slash.)
Click Start> Computer> right click the C DRIVE and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the CONFIRMATION screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ************************************************ Go to Microsoft Windows Update and get all critical UPDATES. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla BASED browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing and Seasons Greetings!Thanks Dave - some good housekeeping reminders there. I have to admit that I was getting a little sloppy. The problem with e-mail and Yahoo does appear to be solved so that's good news too. Hope you have a succesful and happy new year and thanks again for your help. GeoffYou're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 49. |
Solve : infected with NSAnti? |
|
Answer» Ok. If there are no other issues, we can do some clean-up.
(Note: Make sure there's a space between the WORD ComboFix and the forward-slash.)
If this doesn't remove ComboFix, please let me know. Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ********************************************* Go to Microsoft WINDOWS Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping SITES. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when RUNNING Mozilla based browsers like FIREFOX. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 50. |
Solve : Three day old laptop has bios malware.? |
|
Answer» It was a disaster, Dave. repair was slooow, system restore gave error msg 0800700b7, it rebooted R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2012-08-10 35256] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-06-26 272688] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-26 1255736] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-15 659976] S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-04-24 135952] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-09-04 82432] S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-06-26 3325232] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-03-15 198144] S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-26 75264] S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-10-26 173568] S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2010-10-26 81408] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2012-08-10 25528] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-14 95744] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-14 212992] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\system32\DRIVERS\usb3Hub.sys [2012-08-10 48096] S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys [2012-08-10 188384] . . Contents of the 'Scheduled Tasks' folder . 2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-25 15:40] . 2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 14:52] . 2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 14:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = Trusted Zone: dell.com TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{30861252-112E-48F6-8630-6E25E8AA6A2C}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{394E9F84-92E2-4F00-B847-65EB4B9B8137}: NameServer = 8.26.56.26,156.154.70.22 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run- - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-800581336-4103718171-1207583122-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-800581336-4103718171-1207583122-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] Denied: (A 2) (Everyone) ="FlashBroker" "LocalizedString"="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] ="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] Denied: (A 2) (Everyone) ="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] ="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] Denied: (A 2) (Everyone) ="FlashBroker" "LocalizedString"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] ="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] Denied: (A 2) (Everyone) ="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] ="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] ="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] ="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] ="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] ="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] ="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] ="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] Denied: (A 2) (Everyone) ="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] ="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] ="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] ="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] ="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] ="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] ="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] Denied: (A 2) (Everyone) ="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] ="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] Denied: (Full) (Everyone) . Completion time: 2012-12-01 09:41:54 ComboFix-quarantined-files.txt 2012-12-01 17:41 ComboFix2.txt 2012-11-28 23:54 ComboFix3.txt 2012-11-28 00:31 ComboFix4.txt 2012-11-27 18:17 ComboFix5.txt 2012-12-01 17:34 . Pre-Run: 595,053,076,480 bytes free Post-Run: 594,967,019,520 bytes free . - - End Of File - - F6D68AD5A4BC977D1AB10D9C2FC5C7A5 Well, that sucks. The only thing I can think of doing is what Dave Lembke suggested; go back to Dell and tell them the computer is malfunctioning.OK Dave. Well it's been fun. Thanks a lot for all your time and effort. Quote from: Valorus on December 01, 2012, 05:36:57 PM OK Dave. Well it's been fun. Thanks a lot for all your time and effort.Please let me know how it turns out?Hi Dave; I got a new computer from Dell and a healthy dose of paranoia. I still have the old one that has malware imbedded in flash memory? I replaced the hard drive with a new one, replaced the ram and still have the virus. If you or anyone else has any ideas on how to begin, I'd sure appreciate it. Replacing the motherboard wouldn't really be cost effective and I hate to throw it away or strip it for parts. Any ideas, let me know. This is a Dell N7010, Win 7, i5 w/4GB ram. Thanks for all your help, Norm Quote I still have the old one that has malware imbedded in flash memory? I replaced the hard driveWhat makes you think you have malware? None of the scans indicate that possibility.Hi Dave; Well, to begin with, I'm unable to reinstall Win 7. It starts normally then slows gradually until it stops completely. Any USB or SD cards, no matter what's on them read as though they're empty. The drivers associated with the wireless adapter are missing and any attempts to reinstall them fail. I'm not sure this is in the bios, but it MUST be in flash memory somewhere. HDD reformatting, or even a new hard drive didn't get rid of whatever this is. I've tried Bitdefender, Comodo and Avast (not at the same time), and they all fail during a scan. This isn't the three day old computer, Dell kindly took care of that, it's the one it replaced. Disk wiping programs won't run on this machine, I have to use a clean one. I eventually used a new 200GB HDD with brand new memory and the virus was still there, so I'm really at a loss. I don't WANT to take any more of your time and patience, from what we've done earlier I know enough to get myself in serious trouble, Dell techs in India recommended I replace the motherboard but I don't know if it's worth it. Thanks for listening; Norm If it is, indeed, a BIOS infection, it's the first time I've run up against it. Please try running this scanner and post the log. Also, you can read more about such a problem as this here. They recommend downloading and installing a new BIOS.I only called it a bios infection because it locked the security settings. I can't find a scanner.Sorry. Malwarebytes' Anti-Rootkit Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
this computer will be for the grandkids when they come, I won't be able to trust it for quite a while, but at least it's running. I can't thank you enough for all the time you put into this project, Dave. I can SEE how many folks you're helping and don't know how you do it. I don't suppose you do plumbing? Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2012.12.16.02 Windows 7 x64 FAT32 Internet Explorer 8.0.7600.16385 Norm orig :: NORMORIG-PC [administrator] 12/15/2012 6:22:10 PM mbar-log-2012-12-15 (18-22-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 41332 Time elapsed: 6 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Quote I replaced the bios and everything is "normal" now. Malwarebytes found nothing so I guessGood job. Congrats. You now have a new BIOS and new hard drive so it should be just like a new computer. I will provide some information about keeping your computer safe while on-line below. As you may have read there was a very good chance that your BIOS was infected in-house. Quote Dave. I can see how manyYup, plumbing, carpentry, electrical, new floors, ceramics and I'll provide some background music if you need it. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. |
|