Jump to content

Freddy02

Members
 View Profile  See their activity

  • Posts

    18

  • Joined

  • Last visited

 Content Type 

Everything posted by Freddy02

  1. Freddy02
    Screen317 - Sorry this response took so long, I'm in the middle of helping my parents move to an assisted living facility. Spare time is at a premium. So, ... -------------------------------------------------------------------------------------------------------------- Ignore Combofix's warning. Right!! OK, back to Posting #8 .... I had already run exeHelper and it seemed to work. F-secure has been totally uninstalled. Got a fresh copy of Combofix.exe and copied it to my desktop as Sega.com and then executed it via the RUN box with the command: %userprofile%/desktop/sega.com /killall As instructed, I let it run through the Webroot warning. It's log file is posted below. I also updated MBAM including it's data base & ran a Quick scan. The log file is posted below. You also wanted me to describe any (other?) issues that my computer is currently experiencing. Three that have become apparent can be seen in the three attached 'photo's. The one thing that has always bothered me, and with this situation, it is screaming at me: how to protect my laptop. I thought I had a handle on it, but it seems that I was really fooling myself. become apparent. By the way, my e-mail service is COMCAST via MS Outlook. freddy02
  2. Freddy02
    Hi Screen317 - This is the second time I've had to start over because the browser took me back to previous webpage. Going forward back to this one - all data was lost. ( ) doesn't even begin to capture my mood. I'm going type this in Notepad. I did what you said - with the same result, '... Webroot running ...'. See attachment #1. In my previous posting, I told you I had removed Webroot. I did, via "Programs & features". While I waited for your reply, I did a search for "webroot" in Unsafe User (can't search in SAFE MODE), plus 'User' is where the problem started. When I saw the extent of the listings, I was blown away!! I could identify a few things, but ... wow!!. I decided that you should see the output, but I didn't know how to capture the output, so I made 'photo's of each 'page', then combined them into a single photo. See attachment #2. If it doesn't help - Oh Well! Am I correct to halt execution when that warning is presented? This is taking forever! I talked to some friends, you know - that huge depository of all the knowledge in the world - that is so tempting to take as gospel? One suggested just reinstalling Windows 7. I would have to reinstall all my software, too. He suggested putting all data I wanted to save in "My Documents". What about all the e-mail I've saved since I got this laptop? Hmmmmm. I would have had use of my laptop weeks ago. There has to be a downside - what is it? Another suggested looking for all those processes, programs, etc that don't have a corresponding extention defined. But then I wondered, how do you find all the 'camouflaged' stuff? Comments? Happy New Year !!! Freddy02 Attachment #1 Attachment #2
  3. Freddy02
    Screen317 - Perhaps I wasn't aware enough, but the only times (that I remember), that I felt adrift at sea, was in trying to decide from which user (Admin or regular user) and whether to use SAFE mode or try to execute your instruction in Unsafe mode, so I just tried to be logical (whatever THAT means :-) ). OK, ran exeHelper.com - in unsafe Admin - so I would have permission to change 'things'. It ran. After several tries, all seems to be working 'OK' - and a little faster. It did create a log file. I am enclosing it here just in case it might be pertinent. Next, F-secure. I seem to have failed to mention that the uninstall is already done . NEXT, update ComboFix and run it. Updated. The Combofix instructions speak of disabling all anti-malware progs, & firewalls before executing it. Since the last time I tried to exq ComboFix, it told me that Windows Defender was running and to disable it before proceeding. This time I just tried to do that before exq'g ComboFix. I got the sameresult as last time, so I 'took a picture' of it and am enclosing it below. I'm executing ComboFix, 'just in case'. It stopped, like last time, and without creating a text file. However, it did not find Wind Windows Defender, but it did find Webroot AntiVirus with SpySweeper - which is surprising because in my last posting I spoke of the difficulty getting it 'disabled' - so I uninstalled it. Now combofix says it found it - STILL!! How can this BE? Freddy02 P.S. M.S. keeps trying to send me a bunch of updates and gives me 15 min to abort the update, else it will reboot my machine. I think because the exeHelper ran, besides 'fixing' my laptop, it also allowed externals to xeq 'things', so MS is trying update me and also, some others, but I don't want them to do anything - yet - till I'm cleaned up. I keep clicking to postpone it, but that is only for 15-20 min or so. Anything I can do to make them go away for a day or two? Opps, I don't know why, but I shut the laptop down - then M.S. downloaded the rest of the files and wouldn't let me abort it's 'mission'. When it finished, it turned the laptop off. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ exeHelper.com Log +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ exeHelper by Raktor Build 20100414 Run at 23:50:22 on 12/30/11 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 'Picture' of the Defender Access Problem (attached) +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  4. Freddy02
    Screen317 - Merry Christmas (belated)! Apologies accepted. I have a question concerning your most recent post. Quoting from your recent posting, "Thank you ... information. It looks like it wasn't tailored to your specific setup.". My question is: WHAT wasn't tailored to my specific setup? I was in a huff last year to get 'protected' and wasn't very careful about what I was doing. After installing both anti-virus programs, I noticed my laptop running slowly. Since it was new, and those were the only new programs, I disabled F-Secure since Webroot came with a 3-computer license. I had thought that that was enough. However, after booting up in the (un-safe) user where all these problems originated, when I attempted to uninstall F-Secure, through 'Add or Remove Programs', a window came up telling me I had to pick an executable program to execute 'this' (my paraphrase). Previously, while in this user, any program I tried to execute, ended up presenting me with this window. Rebooting into Un-safe Administrator, I attempted to unistall F-secure as before. This time, the msi executed, uninstalling F-secure. It finished requesting a reboot. I complied, booting back into unsafe administrator. Checking for F-Secure in 'Add or Remove ...', in which the computed booted, I didn't find it - so it's gone. Exiting 'Programs and Features, I executed MBAM, which presented a window to me, saying "the latest version of Malwarebyte's Anti-Malware had been downloaded. Malwarebyte's Anti-Malware will now close and install the latest version.", and presented me with the choice of two buttons, "OK", and "Cancel". I chose "OK". Another window came up saying that version 1.60.0.1800 would be installed. I clicked 'NEXT'. Among the new features, was the ability to run even when the computer was infected. THAT WILL BE GREAT IF IT ACTUALLY WORKS !!!! Installation finished and rebooted - into unsafe Admin. Clicking on START/Malwarebyte's Anti-Malware/ instead of getting more links, it executed, and was ready to scan. Clicking on the UPDATE Tab, it told me I was using database v2011.12.24.05. I told it to check for updates. It downloaded v2011.12.28.03. Back to tab SCANNER. I started it doing a full scan, on Drives c:\, D:\, & Q:\. updated itself and scanned my laptop. The log is posted below. Oh! Man! All is not well in Mudville, tonight! I couldn't get ESET to run! Here's what happened.... I was in unsafe admin and MBAM had just finished. ESET was to run next, but since it had to run in I.E., I thought it would be OK to do it in unsafe user mode. In unsafe user, I tried to execute I.E., but the system wouldn't allow it! When I tried to execute I.E. (and several other programs, too), the result was a dialogue window telling me to "select the program you want to use to execute this file" ('this' file being the .exe file I just tried to execute!). This is the same window that comes up, in normal execution, when the user 2clicks on a data file, the extension of which is not registered (is unknown to the system). I thought that maybe I could get around the problem and get I.E. executing by 2clicking on a I.E. shortcut. It worked. However, I noticed 2 things: 1) An I.E. message box came up saying that I.E. was not the default browser and wanted to know if I wanted to make it the default browser. I choose NO because I wanted to find out what the default browser was; and 2) in the area just below the Favorites toolbar,the following text: "Your computer security settings put your computer at risk. Click here to change your security settings.". The text was preceeded by an icon that looked like a red shield with a large 'X' on it and a grey border all around. I decided that clicking on it would open a can of worms that I didn't want to play with, so I ignored the warning. I typed www.google.com into the address box, "ESET" in the search key box, and 2clicked on the result, "ESET Online Scanner". After getting to the download window, accepting the EULA, and then clicking START, an informational dialogue came up saying, 'to display the webpage again, the web browser needs to resend the info you've previously submitted. If you were making a purchase ... cancel ... otherwise click retry ...'. Retry Clicked. A seperate I.E. warning dilogue window came up asking, "Do you want to install this software? Name: Onlinescanner.cab ...". I clicked INSTALL. ESET is running. A warning note existed on the screen, saying 'Another anti-virus program is running. 2 or more anti-virus programs running together will mess things up here'. It was Windows Defender. To disable it, I typed "defender" in Win 7's search window next to the START button. Windows Defender appeared at the top of the results window. Clicking on it resulted in a Windows Defender window coming up, but it contained a warning message box with a "!" shield, saying, 'Service is starting ...", then another statement, "A problem caused this program's service to stop. To restart, click the START NOW button. Clicking it brings up another Windows Defender Error Message box saying, "The specified service does not exist as an installed service. (Error code 0x80070424)" At this point, I gave up, because SAFE MODE does not allow me to use the search utility. The malwarbyte's log files follows. The first one is the mbam file, as requested. The second file is the protection file. I'm including it because when I looked at it, I saw that it contained the word 'Error' several times. Freddy02 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ MBAM File +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Malwarebytes Anti-Malware (Trial) 1.60.0.1800 www.malwarebytes.org Database version: v2011.12.28.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Bill :: ZXXXY [administrator] Protection: Enabled 12/28/2011 11:38:19 AM mbam-log-2011-12-28 (11-38-19).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 719636 Time elapsed: 1 hour(s), 41 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PROTECTION File +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 10:52:37 Strider MESSAGE Scheduled update executed successfully 11:13:42 Bill MESSAGE Protection started successfully 11:13:45 Bill ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 11:20:01 Bill MESSAGE Protection started successfully 11:20:04 Bill ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2011/12/28 11:30:11 -0700 ZXXXY Bill MESSAGE Starting protection 2011/12/28 11:30:13 -0700 ZXXXY Bill MESSAGE Protection started successfully 2011/12/28 11:30:16 -0700 ZXXXY Bill MESSAGE Starting IP protection 2011/12/28 11:30:16 -0700 ZXXXY Bill ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 2011/12/28 11:35:44 -0700 ZXXXY Bill MESSAGE Starting database refresh 2011/12/28 11:35:46 -0700 ZXXXY Bill MESSAGE Database refreshed successfully 2011/12/28 21:36:58 -0700 ZXXXY Strider MESSAGE Executing scheduled update: Daily 2011/12/28 21:37:04 -0700 ZXXXY Strider MESSAGE Scheduled update executed successfully: database updated from version v2011.12.28.03 to version v2011.12.29.01 2011/12/28 21:46:30 -0700 ZXXXY Bill MESSAGE Starting protection 2011/12/28 21:46:32 -0700 ZXXXY Bill MESSAGE Protection started successfully 2011/12/28 21:46:35 -0700 ZXXXY Bill MESSAGE Starting IP protection 2011/12/28 21:46:35 -0700 ZXXXY Bill ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  5. Freddy02
    Hi Screen317 - I tried (really hard) to follow your instructions, but it seemed like everything that could mess me up, did. Most everything did not turn out the way all the written instructions and guides implied they should. So, I flew by the seat of my pants (now I know why they had that 'trap-door' on the under-wear - ha!). I'm describing what happened and what I did in some detail in hopes that more light is shed on the problem. If I am running off at the perverbial mouth, please let me know. Part of executing combofix.exe is reading the instructions on how to execute it. After downloading Combofix.exe, the reader is instructed to insure that all antivirus, antispyware, and firewall programs are disabled. Toward that end, the user is directed to bleepingcomputer.com/forums/topic114351 ("How to Temporarily Disable Your Anti-virus, Firewall and Anti-malware Programs"), which includes directions on how to disable the windows 7 firewall. They begin with "1. Click START and then click CONTROL PANEL; 2. Click SYSTEM AND SECURITY; ...". I was directed to either click CHECK FIREWALL STATUS or TURN WINDOWS FIREWALL ON OR OFF, depending on the setting of "View by". I wasn't able to find any "View by", so that implies checking firewall status, and then under Control Panel Home, clicking on CHECK FIREWALL STATUS. That's what I did, er, tried to do. CONTROL PANEL - yes. But, it didn't containSYSTEM AND SECURITY - only SYSTEM. Clicking on that, I see Control Panel Home, but NO System and Security and NO Check Firewall Status. Why, I don't know. I can only assume that the firewall is turned off (BIG SURPRISE!!!). So, I continue disabling the antivirus, etc. programs .... Webroot is not available, neither is Spy Sweeper - because I'm in SAFE MODE? I have already turned F-Secure off. How about Windows Defender? Searching CONTROL PANEL for Windows Defender yields nothing. SAFE MODE again? Continuing, comes Malwarebytes. The instructions begin with "right-click on the icon in the System Tray...." There is nothing there. Attempting to execute Mbam (or any other program) from the START-menu results in a window entitled "Open with". Under the title bar is the phrase, "Choose the program you want to use to open this file:" Under that line is the line, "File: mbam.exe". Under that phrase and within the window is a large display box en-titled "Recommended Programs". Listed is one program - "Adobe Reader 9.1". Under it is the title, "Other Programs", which include Internet Explorer, iTunes, MS Word, Paint, and others, but no mbam. At the bottom is the statement "If the program you want is not in the list oron your computer, you can 'look for the appropriate program on the Web'. That is totally bogus behavior and I attribute it to whatever it was that took over my laptop. I tried rebooting into 'Un-safe' Administrator to try these techniques again, but when it came up, there was NO START WITH WINDOWS box under General Settings on the PROTECTION TAB. That figures! None of these seemed to exist, so I decided to xeq Combofix, but noticed that the laptop had locked up before I could. Powered down. Booted into Unsafe Admin again. Welcome screen, but never got to the login screen. Powered down. Booted into SAFE Admin. Restarted into Unsafe Admin and xeq'd Combofix. Extracted files, but then detected Webroot with Spy Sweeper running. Combofix wanted me to halt it before continuing. It wouldn't allow me to halt Combofix. I tried (several times) but it wouldn't let me. I found out later that that capability was not built into the verion I have. The system seemed unresponsive, then a Malwarebytes error message appeared saying, "[OPEN EVENT] Failed to perform desired action.Error code 2.". Clicked OK and waited - no response, couldn't Shut down, so I powered down. Booted to SAFE Admin. Rebooted to Unsafe Admin. System hung. Powered down. Booted to SAFE Admin. Rebooted to Unsafe Admin. Selected Admin icon, typed PW. System hangs before desktop appears so, back to SAFE Admin. Ran Combofix. halts with message about Webroot running (as before). Tried different ways to disable Webroot, but Combofix kept finding it. Finally, I uninstalled Webroot. Rebooting and re-xeq'ing Combofix - and it found Webroot - again ... even after it had been uninstalled!! Rebooted and xeq'd Combofix. It found Webroot again! Decided to ignore the warning and continue. Combofix ran to completion. The log file follows. Xeq'd dds.scr. It's log follows the Combofix log, below. I'm uploading all this from SAFE Admin. ++++++++++++++++++++++++++++++ LOG FILE POSTINGS ++++++++++++++++++++++++++++ =========================== Combofix Log file =============================== ComboFix 11-12-19.03 - Bill 12/20/2011 3:52.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5941.4468 [GMT -7:00] Running from: c:\users\Bill\Desktop\ComboFix.exe AV: F-Secure Anti-Virus 2011 10.51 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E} SP: F-Secure Anti-Virus 2011 10.51 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Strider\Documents\DPE.DUS c:\users\Strider\Documents\xcopy.exe . . ((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 ))))))))))))))))))))))))))))))) . . 2011-12-20 10:58 . 2011-12-20 10:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-20 10:35 . 2011-12-20 10:35 -------- d-----w- c:\users\Bill\AppData\Local\PackageAware 2011-12-18 05:22 . 2011-12-18 05:22 -------- d-----w- c:\program files (x86)\MSECache 2011-12-15 23:32 . 2011-12-15 23:32 -------- d-----w- c:\users\Bill\AppData\Roaming\IrfanView 2011-12-15 23:32 . 2011-12-15 23:32 -------- d-----w- c:\program files (x86)\IrfanView 2011-12-13 16:19 . 2011-12-14 14:54 -------- d-----w- C:\- - Malwarebytes Misc (fr USD Sata) 2011-12-08 10:04 . 2011-12-08 10:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2011-12-04 15:56 . 2011-12-04 15:56 -------- d-----w- c:\users\Bill\AppData\Roaming\Malwarebytes 2011-12-03 00:14 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66F6E6BD-DD67-40C0-9082-41BC5041C06B}\mpengine.dll 2011-12-02 00:58 . 2011-12-02 00:59 -------- d-----w- c:\program files\iTunes 2011-12-02 00:58 . 2011-12-02 00:59 -------- d-----w- c:\program files (x86)\iTunes 2011-12-02 00:58 . 2011-12-02 00:58 -------- d-----w- c:\program files\iPod . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-03 21:08 . 2011-06-24 02:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-25 01:32 . 2011-10-18 08:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-10-25 01:32 . 2011-10-18 08:30 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-10-25 01:32 . 2011-10-18 08:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-10-25 01:32 . 2011-09-21 22:11 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2011-10-22 08:18 . 2011-09-21 22:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-10-22 08:18 . 2011-09-21 22:12 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-10-22 08:18 . 2011-09-21 22:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-10-18 08:30 . 2011-10-18 08:30 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-10-06 04:49 . 2011-10-06 04:49 5197 ----a-w- C:\DetectionData.tmp 2011-10-06 04:49 . 2011-10-06 04:49 49012 ----a-w- C:\InformationalData.tmp 2011-10-01 03:25 . 2011-10-13 05:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-10-01 02:42 . 2011-10-13 05:51 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-09-29 16:29 . 2011-11-09 02:19 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-09-29 04:03 . 2011-11-09 02:19 3144704 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736] . c:\users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2011-7-30 294912] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-02-23 194728] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2011-02-23 41896] R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [2011-02-23 27304] R4 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\F-Secure\ORSP Client\fsorsp.exe [2011-02-23 63992] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\F-Secure\HIPS\drivers\fshs.sys [2011-02-23 61960] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x] S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2011-02-23 15016] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-12-20 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . 2011-12-20 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = g.msn.com/USCON/1 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 LSP: c:\program files (x86)\F-Secure\FSPS\program\FSLSP.DLL Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-12-20 04:00:26 ComboFix-quarantined-files.txt 2011-12-20 11:00 . Pre-Run: 439,703,302,144 bytes free Post-Run: 440,374,124,544 bytes free . - - End Of File - - AE261AD1E3AB06C9C08DA99315106D1A =========================== dds.scr Log file =============================== . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by Bill at 4:07:32 on 2011-12-20 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5941.4195 [GMT -7:00] . AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E} AV: F-Secure Anti-Virus 2011 10.51 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} SP: F-Secure Anti-Virus 2011 10.51 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\System32\StikyNot.exe C:\Program Files\FinePixViewer\QuickDCF2.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = g.msn.com/USCON/1 uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [AppleSyncNotifier] "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\Bill\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EXIFLA~1.LNK - C:\Program Files\FinePixViewer\QuickDCF2.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL Trusted Zone: intuit.com\ttlc DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C1930B58-E91F-4FBB-A473-48D12EC70B0C} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C1930B58-E91F-4FBB-A473-48D12EC70B0C}\C696E6B6379737 : DhcpNameServer = 69.145.232.4 69.144.49.30 69.146.17.3 TCP: Interfaces\{C1930B58-E91F-4FBB-A473-48D12EC70B0C}\E4F626C6560284F6573756 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{CE87ECB4-6AA4-4FE1-8CCA-41952F7D3D79} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [AppleSyncNotifier] "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [2011-2-23 61960] R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys --> C:\Windows\system32\drivers\fses.sys [?] R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys --> C:\Windows\system32\drivers\fsdfw.sys [?] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2011-2-23 15016] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-3 98208] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-15 366152] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-3 689472] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-3 2533400] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-2-23 194728] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsfilter.sys [2011-2-23 41896] S4 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [2011-2-23 221864] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsrec.sys [2011-2-23 27304] S4 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [2011-2-23 63992] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-12-20 10:35:58 -------- d-----w- C:\Users\Bill\AppData\Local\PackageAware 2011-12-20 10:24:20 98816 ----a-w- C:\Windows\sed.exe 2011-12-20 10:24:20 518144 ----a-w- C:\Windows\SWREG.exe 2011-12-20 10:24:20 256000 ----a-w- C:\Windows\PEV.exe 2011-12-20 10:24:20 208896 ----a-w- C:\Windows\MBR.exe 2011-12-18 05:22:49 -------- d-----w- C:\Program Files (x86)\MSECache 2011-12-15 23:32:42 -------- d-----w- C:\Users\Bill\AppData\Roaming\IrfanView 2011-12-15 23:32:42 -------- d-----w- C:\Program Files (x86)\IrfanView 2011-12-13 16:19:11 -------- d-----w- C:\- - Malwarebytes Misc (fr USD Sata) 2011-12-04 15:56:08 -------- d-----w- C:\Users\Bill\AppData\Roaming\Malwarebytes 2011-12-03 00:14:46 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66F6E6BD-DD67-40C0-9082-41BC5041C06B}\mpengine.dll 2011-12-02 00:58:30 -------- d-----w- C:\Program Files\iTunes 2011-12-02 00:58:30 -------- d-----w- C:\Program Files\iPod 2011-12-02 00:58:30 -------- d-----w- C:\Program Files (x86)\iTunes . ==================== Find3M ==================== . 2011-12-03 21:08:36 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2011-10-06 04:49:03 5197 ----a-w- C:\DetectionData.tmp 2011-10-06 04:49:03 49012 ----a-w- C:\InformationalData.tmp 2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 4:07:44.89 =============== ++++++++++++++++++++++++++++++++ END of FILE, END of DATA ++++++++++++++++++++++++++
  6. Freddy02
    Screen317 - Thanks for the reply, I was starting to go nuts - so much so that my wife gave me this list of things to do around the house just to get me thinking about something else - ha! My impatience showed early. I figured out how to get on in SAFE MODE - in both users. I found my copy of mbam.exe. I decided that since it should have run and didn't, I would manually run it now, so I did. It updated itself and proceeded to do a scan, the resulting log-file (01) of which is posted below. Since Webroot should have run and also didn't, I executed it also, the results showing the quarantined items, but no log-file. I created jpgs of the data shown via the PrntScr key. The list of quarantined items is shown in 3 parts (02a,b,c), which include items quarrantined prior to this incident, but I don't know which ones in the list they are. The 3 JPGs showing them are posted below following the mbam log-file. Subsequently, I deleated the quarrantined files. I re-ran mbam to see if anything was left behind. Nothing was found. The log file (03) is posted below following the jpgs. Wanting to do a backup, and in SAFE MODE, not finding te data in the other user, plus thinking that ADMINISTRATOR was untouched, or unaffected, I logged on as ADMINISTRATOR (normally, not in SAFE MODE) copied the data to a new folder on the C:\ drive (accessable by all users) and shut down. In SAFE MODE, I proceeded to backup my data, to my Win 2K Sony Vaio via an external USB drive. That kept me entertained - ha! I ran TDSSKiller.exe several times. It did not find anything, but it made a log file each time and they (04a,b) (05-2a,b) are posted below. NOTE: TDSSKiller did not prompt me to reboot, but I did (each time) anyway. I ran DDS.scr and '05-1) dds.txt' will be posted following the TDSSKiller log-files 04a,b, below and before the TDSSKiller log-files 05-2a,b. The above 2 paragraphs are the summary of my actions. Following are the details. I'm not sure you will be interested, but just in case .... If not, search for "+++++++" to find the beginning of my postings. ---------------------- After running TDSSKiller in SAFE Admin mode and finding the log file (relabeled it to 4), I realized that I had killed the window without seeing anything about rebooting, so I decided to rerun TDSSKiller. This time, I booted into Un-SAFE Admin, & ran TDSSKiller. While waiting for it to do something, the screen dimmed and a warning message came up by the User Account Control saying, "..... allow ... make changes to ... computer?" I answered in the affirmative. The message went away, the screen undimmed, the circular "I'm computing" came up - but only in the folder window containing TDSSKiller.exe. Waited @ 10 min. Attempted to Shut Down ... it wouldn't, so I powered down. Rebooted into SAFE Admin again to determine if a log file had been created - it had not. Changed UAC from 'Default' to 'Never'. Rebooted into 'Un-Safe' Admin & xeq'd TDSKiller. It Initialized, a start screen came up indicating execution. A final screen came up saying "No threats found". I killed the screen, found the log file created (renamed the file 4b). When I attempted to rename the previous log file (4) to (4a), the window dimmed and the address box at the top began turning green from left to right and the curser turned to a rotating circle. At this time, Malwarebyte's program displayed an error notice (error #2). I waited another 5 min, but the screen wasn't 'released'. When I attempted to Shut Down - no response. Powered down. Booted into SAFE Admin mode. Renamed the (4) log file to (4a). Xeq'd dds.scr. The log file came up in Notepad. Read it briefly and closed the editor expecting to find the file on the desktop. Not there. Finally found it and copied it to the desktop as '05-1) dds.txt'. Began wondering if there was any use running these programs in SAFE MODE, since it is not a 'normal' execution. Shut Down and booted into Un-SAFE Admin mode & xeq'd dds. The computer seemed to go into 'Never-Never Land'. Then Malwarebyte's error screen (error #2) came up. Decided to kill the notice and try xeq'ing DDS again - no response. Tried to Shut Down - no response. Attempted to xeq the Task Manager. Response to get to the menu seemed slow, but I waited. The screen changed to black with a white curser, and there it hung. Powered down. Attempted to boot into SAFE Other User (not Admin) in order to xeq the 2 programs. While attempting to open TDSSKiller's folder (on Admin's desktop), I received a "C:\Users\Bill\Cookies is not accessible" message. From this I deduced that TDSSKiller's location was not unimportant and tried to copy it over entryOther User's desktop. Execution inside the WE window seemed to hang, so killed the window. 2-clicking on My Computer to get another WE window up - no response. I powered down. I booted into SAFE Other User, looked for any dds log files from the previous execution attempts and found none. I copied TDSSKiller's folder and DDS.scr from Admin's desktop to Other User's desktop. Shut Down (no problem). Booted into UnSAFE Other User. After the WELCOME screen went away, the desktop never appeared. Then a dialogue window at the bottom left of the screen appeared. 'Windows not responding. It may respond if you wait. End Process or Wait?' I chose End Process. No apparent result, but I did notice the hard drive indicator light was blinking rapidly. I decided to Power Down. I Booted into UnSAFE Other User mode again. The WELCOME screen seemed to take forever (5+ min), so I powered down. At this point, I decided that I would create my next entry to the forum. While typing this description, I found that my notes weren't clear about how I started, so I reran TDSSKiller in both SAFE (05-2a) & UnSafe (05-2b) Admin to be sure of the sequence of events. Both times, no threats were found and the program ran to completion. Afterwards, in UnSafe Admin, Malwarebytes Error #2 notice came up. When I attempted to access the log files just created, the address box in the WE window began turning green and the moving circle appreared next to the curser. The system acted 'hung'. Shut Down - no response. Powered Down. Attempted to boot into UnSafe Other User (where all my problems originally began) and run the programs. The desktop screen came up, but when I tried to click into the TDSSKiller folder, there was no response. 2-clicking on any icon had no response. I powered down and booted into SAFE Admin to write this and send it off. I have modifed the names of the log files by inserting a sequence code at the beginning of the file names to ease tracking the execution sequence. In my first attempt to post my reply, the website refused my upload saying it was too long. The TDSSKiller log files are fairly long and I have included 2 sets. I will remove the last set, leaving the references to them. That way, if you would like to see them, too I can upload them in response to your request. My second attempt to upload is still too long. Is that the same as too large? If so, I don't understand, because next to the "Attach this file" button it says I have used 782.18K of my 10Mb global upload quota, with the maximum single file size being 9.24Mb. The JPGs are 158.45 Kb, 163.48 Kb, & 168.94 Kb, t2.otaling 490.87, which when subtracted from the 782.18 Kb, gives 291.31 Kb! That's @ .8 Mb, nowhere close to 10 Mb. Never-the-less, I'll remove some more log file results - that of the second mbam scan. Third attempt. Now, I'll remove the JPGs. Fourth Attempt. I'll remove the 2nd TDSSKiller log, Freddy02 ++++++++++++++++++++++++++++++ LOG FILE POSTINGS ++++++++++++++++++++++++++++ ============ mbam log-file {01) mbam-log-2011-12-05 (05-08-16).txt} ============ Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8314 Windows 6.1.7601 Service Pack 1 (Safe Mode) Internet Explorer 8.0.7601.17514 12/5/2011 5:08:33 AM mbam-log-2011-12-05 (05-08-16).txt Scan type: Full scan (C:\|E:\|F:\|) Objects scanned: 716897 Time elapsed: 1 hour(s), 2 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open \command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Strider\AppData\Local \loy.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: c:\Users\Strider\AppData\Local\loy.exe (Trojan.FakeAlert) -> No action taken. c:\Users\Strider\AppData\Local\Temp\eib.dll (Trojan.FakeAlert) -> No action taken. c:\Users\Strider\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> No action taken. c:\Users\Strider\AppData\Local\Temp\xwbrqdsofl (Trojan.FakeAlert) -> No action taken. c:\Users\Strider\AppData\LocalLow\Sun\Java\deployment\cache\6.0\0\433baf00-451ace23 (Trojan.FakeAlert) -> No action taken. c:\Users\Strider\Desktop\zip drive backups\16 gb (bill's)\bill (3.68 gb)\- ; progs to check out \Others 6\amawat25.exe (Adware.BargainBuddy) -> No action taken. c:\Users\Strider\Desktop\zip drive backups\16 gb (bill's)\bill (3.68 gb)\- ; progs to check out \Others 6\oclife25.exe (Adware.BargainBuddy) -> No action taken. c:\Users\Strider\documents\lmv3xxd63.exe (Trojan.FakeAlert) -> No action taken. ============ Webroot 'log' files {02e-g) Webroot Scan Results.jpg} ============ 02e) Webroot Scan Results.jpg ..... Removed 02f) Webroot Scan Results.jpg ..... Removed 02g) Webroot Scan Results.jpg ..... Removed ============ mbam log-file {03) mbam-log-2011-12-06 (18-26-59).txt} ============ ..... Removed ============ TDSSKiller log-files {04a) (mode, user) TDSSKiller ... _log.txt} ============ 20:20:46.0552 1620 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31 20:20:47.0005 1620 ============================================================ 20:20:47.0005 1620 Current date / time: 2011/12/13 20:20:47.0005 20:20:47.0005 1620 SystemInfo: 20:20:47.0005 1620 20:20:47.0005 1620 OS Version: 6.1.7601 ServicePack: 1.0 20:20:47.0005 1620 Product type: Workstation 20:20:47.0005 1620 ComputerName: ZXXXY 20:20:47.0005 1620 UserName: Bill 20:20:47.0005 1620 Windows directory: C:\Windows 20:20:47.0005 1620 System windows directory: C:\Windows 20:20:47.0005 1620 Running under WOW64 20:20:47.0005 1620 Processor architecture: Intel x64 20:20:47.0005 1620 Number of processors: 4 20:20:47.0005 1620 Page size: 0x1000 20:20:47.0005 1620 Boot type: Safe boot with network 20:20:47.0005 1620 ============================================================ 20:20:47.0301 1620 Initialize success 20:21:14.0320 1340 ============================================================ 20:21:14.0320 1340 Scan started 20:21:14.0320 1340 Mode: Manual; 20:21:14.0320 1340 ============================================================ 20:21:14.0554 1340 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows \system32\drivers\1394ohci.sys 20:21:14.0554 1340 1394ohci - ok 20:21:14.0617 1340 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows \system32\drivers\ACPI.sys 20:21:14.0617 1340 ACPI - ok 20:21:14.0710 1340 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows \system32\drivers\acpipmi.sys 20:21:14.0710 1340 AcpiPmi - ok 20:21:14.0757 1340 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows \system32\DRIVERS\adp94xx.sys 20:21:14.0773 1340 adp94xx - ok 20:21:14.0882 1340 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows \system32\DRIVERS\adpahci.sys 20:21:14.0882 1340 adpahci - ok 20:21:14.0960 1340 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows \system32\DRIVERS\adpu320.sys 20:21:14.0976 1340 adpu320 - ok 20:21:15.0100 1340 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows \system32\drivers\afd.sys 20:21:15.0116 1340 AFD - ok 20:21:15.0163 1340 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows \system32\drivers\agp440.sys 20:21:15.0163 1340 agp440 - ok 20:21:15.0241 1340 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows \system32\drivers\aliide.sys 20:21:15.0241 1340 aliide - ok 20:21:15.0303 1340 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows \system32\drivers\amdide.sys 20:21:15.0303 1340 amdide - ok 20:21:15.0366 1340 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows \system32\DRIVERS\amdk8.sys 20:21:15.0381 1340 AmdK8 - ok 20:21:15.0397 1340 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows \system32\DRIVERS\amdppm.sys 20:21:15.0397 1340 AmdPPM - ok 20:21:15.0459 1340 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows \system32\drivers\amdsata.sys 20:21:15.0459 1340 amdsata - ok 20:21:15.0537 1340 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows \system32\DRIVERS\amdsbs.sys 20:21:15.0553 1340 amdsbs - ok 20:21:15.0646 1340 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows \system32\drivers\amdxata.sys 20:21:15.0646 1340 amdxata - ok 20:21:15.0709 1340 AppID (89a69c3f2f319b43379399547526d952) C:\Windows \system32\drivers\appid.sys 20:21:15.0724 1340 AppID - ok 20:21:15.0834 1340 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows \system32\DRIVERS\arc.sys 20:21:15.0834 1340 arc - ok 20:21:15.0849 1340 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows \system32\DRIVERS\arcsas.sys 20:21:15.0849 1340 arcsas - ok 20:21:15.0896 1340 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows \system32\DRIVERS\asyncmac.sys 20:21:15.0896 1340 AsyncMac - ok 20:21:16.0005 1340 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows \system32\drivers\atapi.sys 20:21:16.0005 1340 atapi - ok 20:21:16.0146 1340 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows \system32\DRIVERS\bxvbda.sys 20:21:16.0146 1340 b06bdrv - ok 20:21:16.0270 1340 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows \system32\DRIVERS\b57nd60a.sys 20:21:16.0270 1340 b57nd60a - ok 20:21:16.0426 1340 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows \system32\DRIVERS\bcmwl664.sys 20:21:16.0426 1340 BCM43XX - ok 20:21:16.0520 1340 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows \system32\DRIVERS\bcmvwl64.sys 20:21:16.0520 1340 BcmVWL - ok 20:21:16.0614 1340 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows \system32\drivers\Beep.sys 20:21:16.0614 1340 Beep - ok 20:21:16.0645 1340 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows \system32\DRIVERS\blbdrive.sys 20:21:16.0660 1340 blbdrive - ok 20:21:16.0801 1340 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows \system32\DRIVERS\bowser.sys 20:21:16.0801 1340 bowser - ok 20:21:16.0848 1340 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows \system32\DRIVERS\BrFiltLo.sys 20:21:16.0848 1340 BrFiltLo - ok 20:21:16.0910 1340 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows \system32\DRIVERS\BrFiltUp.sys 20:21:16.0910 1340 BrFiltUp - ok 20:21:16.0941 1340 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows \System32\Drivers\Brserid.sys 20:21:16.0957 1340 Brserid - ok 20:21:16.0972 1340 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows \System32\Drivers\BrSerWdm.sys 20:21:16.0972 1340 BrSerWdm - ok 20:21:17.0019 1340 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows \System32\Drivers\BrUsbMdm.sys 20:21:17.0019 1340 BrUsbMdm - ok 20:21:17.0050 1340 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows \System32\Drivers\BrUsbSer.sys 20:21:17.0050 1340 BrUsbSer - ok 20:21:17.0097 1340 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows \system32\DRIVERS\bthmodem.sys 20:21:17.0097 1340 BTHMODEM - ok 20:21:17.0175 1340 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows \system32\DRIVERS\cdfs.sys 20:21:17.0191 1340 cdfs - ok 20:21:17.0300 1340 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows \system32\drivers\cdrom.sys 20:21:17.0316 1340 cdrom - ok 20:21:17.0409 1340 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows \system32\DRIVERS\circlass.sys 20:21:17.0409 1340 circlass - ok 20:21:17.0440 1340 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows \system32\CLFS.sys 20:21:17.0456 1340 CLFS - ok 20:21:17.0581 1340 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows \system32\DRIVERS\CmBatt.sys 20:21:17.0581 1340 CmBatt - ok 20:21:17.0612 1340 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows \system32\drivers\cmdide.sys 20:21:17.0612 1340 cmdide - ok 20:21:17.0674 1340 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows \system32\Drivers\cng.sys 20:21:17.0674 1340 CNG - ok 20:21:17.0784 1340 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows \system32\DRIVERS\compbatt.sys 20:21:17.0784 1340 Compbatt - ok 20:21:17.0830 1340 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows \system32\drivers\CompositeBus.sys 20:21:17.0830 1340 CompositeBus - ok 20:21:17.0924 1340 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows \system32\DRIVERS\crcdisk.sys 20:21:17.0924 1340 crcdisk - ok 20:21:18.0002 1340 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows \system32\DRIVERS\CtClsFlt.sys 20:21:18.0018 1340 CtClsFlt - ok 20:21:18.0127 1340 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows \system32\Drivers\dfsc.sys 20:21:18.0127 1340 DfsC - ok 20:21:18.0174 1340 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows \system32\drivers\discache.sys 20:21:18.0189 1340 discache - ok 20:21:18.0283 1340 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows \system32\DRIVERS\disk.sys 20:21:18.0283 1340 Disk - ok 20:21:18.0408 1340 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows \system32\drivers\drmkaud.sys 20:21:18.0408 1340 drmkaud - ok 20:21:18.0486 1340 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows \System32\drivers\dxgkrnl.sys 20:21:18.0501 1340 DXGKrnl - ok 20:21:18.0642 1340 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows \system32\DRIVERS\evbda.sys 20:21:18.0813 1340 ebdrv - ok 20:21:18.0954 1340 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows \system32\DRIVERS\elxstor.sys 20:21:18.0969 1340 elxstor - ok 20:21:19.0000 1340 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows \system32\drivers\errdev.sys 20:21:19.0000 1340 ErrDev - ok 20:21:19.0063 1340 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows \system32\drivers\exfat.sys 20:21:19.0063 1340 exfat - ok 20:21:19.0172 1340 F-Secure Filter (872a4de096f1b4b5d0cdfa369abf9388) C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys 20:21:19.0172 1340 F-Secure Filter - ok 20:21:19.0203 1340 F-Secure Gatekeeper (b0828e57f64688495b66ee736c36db92) C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys 20:21:19.0203 1340 F-Secure Gatekeeper - ok 20:21:19.0266 1340 F-Secure HIPS (1c8ab0d7d5451c58962940539f913473) C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys 20:21:19.0266 1340 F-Secure HIPS - ok 20:21:19.0297 1340 F-Secure Recognizer (504f83be6d94346e5288fc5881a38a9b) C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys 20:21:19.0297 1340 F-Secure Recognizer - ok 20:21:19.0390 1340 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows \system32\drivers\fastfat.sys 20:21:19.0390 1340 fastfat - ok 20:21:19.0422 1340 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows \system32\DRIVERS\fdc.sys 20:21:19.0422 1340 fdc - ok 20:21:19.0468 1340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows \system32\drivers\fileinfo.sys 20:21:19.0484 1340 FileInfo - ok 20:21:19.0484 1340 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows \system32\drivers\filetrace.sys 20:21:19.0484 1340 Filetrace - ok 20:21:19.0515 1340 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows \system32\DRIVERS\flpydisk.sys 20:21:19.0515 1340 flpydisk - ok 20:21:19.0562 1340 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows \system32\drivers\fltmgr.sys 20:21:19.0578 1340 FltMgr - ok 20:21:19.0609 1340 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows \system32\drivers\FsDepends.sys 20:21:19.0609 1340 FsDepends - ok 20:21:19.0656 1340 FSES (81491719ad2f5bb3563334f87c82f734) C:\Windows \system32\drivers\fses.sys 20:21:19.0656 1340 FSES - ok 20:21:19.0671 1340 FSFW (b5b3d6eb4f40abfc4f28be0e5b5538e5) C:\Windows \system32\drivers\fsdfw.sys 20:21:19.0671 1340 FSFW - ok 20:21:19.0718 1340 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows \system32\DRIVERS\fssfltr.sys 20:21:19.0718 1340 fssfltr - ok 20:21:19.0827 1340 fsvista (8a920e6cff3163c843c06e14cf787bd8) C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys 20:21:19.0827 1340 fsvista - ok 20:21:19.0921 1340 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows \system32\drivers\Fs_Rec.sys 20:21:19.0921 1340 Fs_Rec - ok 20:21:19.0968 1340 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows \system32\DRIVERS\fvevol.sys 20:21:19.0968 1340 fvevol - ok 20:21:19.0999 1340 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows \system32\DRIVERS\gagp30kx.sys 20:21:19.0999 1340 gagp30kx - ok 20:21:20.0077 1340 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows \system32\DRIVERS\GEARAspiWDM.sys 20:21:20.0077 1340 GEARAspiWDM - ok 20:21:20.0108 1340 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows \system32\drivers\hcw85cir.sys 20:21:20.0108 1340 hcw85cir - ok 20:21:20.0170 1340 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows \system32\drivers\HDAudBus.sys 20:21:20.0170 1340 HDAudBus - ok 20:21:20.0202 1340 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows \system32\DRIVERS\HECIx64.sys 20:21:20.0202 1340 HECIx64 - ok 20:21:20.0233 1340 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows \system32\DRIVERS\HidBatt.sys 20:21:20.0233 1340 HidBatt - ok 20:21:20.0248 1340 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows \system32\DRIVERS\hidbth.sys 20:21:20.0264 1340 HidBth - ok 20:21:20.0295 1340 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows \system32\DRIVERS\hidir.sys 20:21:20.0295 1340 HidIr - ok 20:21:20.0389 1340 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows \system32\drivers\hidusb.sys 20:21:20.0389 1340 HidUsb - ok 20:21:20.0467 1340 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows \system32\drivers\HpSAMD.sys 20:21:20.0467 1340 HpSAMD - ok 20:21:20.0576 1340 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows \system32\drivers\HTTP.sys 20:21:20.0607 1340 HTTP - ok 20:21:20.0654 1340 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows \system32\drivers\hwpolicy.sys 20:21:20.0654 1340 hwpolicy - ok 20:21:20.0748 1340 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows \system32\drivers\i8042prt.sys 20:21:20.0748 1340 i8042prt - ok 20:21:20.0794 1340 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows \system32\DRIVERS\iaStor.sys 20:21:20.0810 1340 iaStor - ok 20:21:20.0904 1340 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows \system32\drivers\iaStorV.sys 20:21:20.0904 1340 iaStorV - ok 20:21:21.0106 1340 igfx (31569a2e836c12014148bf7342716946) C:\Windows \system32\DRIVERS\igdkmd64.sys 20:21:21.0294 1340 igfx - ok 20:21:21.0372 1340 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows \system32\DRIVERS\iirsp.sys 20:21:21.0387 1340 iirsp - ok 20:21:21.0418 1340 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows \system32\DRIVERS\Impcd.sys 20:21:21.0418 1340 Impcd - ok 20:21:21.0496 1340 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows \system32\drivers\RTKVHD64.sys 20:21:21.0559 1340 IntcAzAudAddService - ok 20:21:21.0668 1340 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows \system32\DRIVERS\IntcDAud.sys 20:21:21.0668 1340 IntcDAud - ok 20:21:21.0699 1340 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows \system32\drivers\intelide.sys 20:21:21.0699 1340 intelide - ok 20:21:21.0746 1340 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows \system32\DRIVERS\intelppm.sys 20:21:21.0746 1340 intelppm - ok 20:21:21.0886 1340 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows \system32\DRIVERS\ipfltdrv.sys 20:21:21.0886 1340 IpFilterDriver - ok 20:21:21.0918 1340 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows \system32\drivers\IPMIDrv.sys 20:21:21.0933 1340 IPMIDRV - ok 20:21:21.0996 1340 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows \system32\drivers\ipnat.sys 20:21:21.0996 1340 IPNAT - ok 20:21:22.0042 1340 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows \system32\drivers\irenum.sys 20:21:22.0042 1340 IRENUM - ok 20:21:22.0074 1340 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows \system32\drivers\isapnp.sys 20:21:22.0074 1340 isapnp - ok 20:21:22.0136 1340 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows \system32\drivers\msiscsi.sys 20:21:22.0136 1340 iScsiPrt - ok 20:21:22.0183 1340 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows \system32\drivers\kbdclass.sys 20:21:22.0183 1340 kbdclass - ok 20:21:22.0230 1340 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows \system32\drivers\kbdhid.sys 20:21:22.0230 1340 kbdhid - ok 20:21:22.0292 1340 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows \system32\Drivers\ksecdd.sys 20:21:22.0292 1340 KSecDD - ok 20:21:22.0339 1340 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows \system32\Drivers\ksecpkg.sys 20:21:22.0339 1340 KSecPkg - ok 20:21:22.0370 1340 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows \system32\drivers\ksthunk.sys 20:21:22.0370 1340 ksthunk - ok 20:21:22.0464 1340 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows \system32\DRIVERS\L1C62x64.sys 20:21:22.0464 1340 L1C - ok 20:21:22.0526 1340 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows \system32\DRIVERS\lltdio.sys 20:21:22.0526 1340 lltdio - ok 20:21:22.0682 1340 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows \system32\DRIVERS\lsi_fc.sys 20:21:22.0682 1340 LSI_FC - ok 20:21:22.0713 1340 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows \system32\DRIVERS\lsi_sas.sys 20:21:22.0713 1340 LSI_SAS - ok 20:21:22.0744 1340 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows \system32\DRIVERS\lsi_sas2.sys 20:21:22.0744 1340 LSI_SAS2 - ok 20:21:22.0791 1340 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows \system32\DRIVERS\lsi_scsi.sys 20:21:22.0791 1340 LSI_SCSI - ok 20:21:22.0807 1340 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows \system32\drivers\luafv.sys 20:21:22.0822 1340 luafv - ok 20:21:22.0932 1340 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows \system32\drivers\mbam.sys 20:21:22.0932 1340 MBAMProtector - ok 20:21:22.0978 1340 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows \system32\DRIVERS\megasas.sys 20:21:22.0978 1340 megasas - ok 20:21:22.0994 1340 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows \system32\DRIVERS\MegaSR.sys 20:21:23.0010 1340 MegaSR - ok 20:21:23.0025 1340 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows \system32\drivers\modem.sys 20:21:23.0025 1340 Modem - ok 20:21:23.0088 1340 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows \system32\DRIVERS\monitor.sys 20:21:23.0088 1340 monitor - ok 20:21:23.0134 1340 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows \system32\drivers\mouclass.sys 20:21:23.0134 1340 mouclass - ok 20:21:23.0212 1340 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows \system32\DRIVERS\mouhid.sys 20:21:23.0228 1340 mouhid - ok 20:21:23.0290 1340 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows \system32\drivers\mountmgr.sys 20:21:23.0290 1340 mountmgr - ok 20:21:23.0322 1340 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows \system32\drivers\mpio.sys 20:21:23.0322 1340 mpio - ok 20:21:23.0400 1340 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows \system32\drivers\mpsdrv.sys 20:21:23.0400 1340 mpsdrv - ok 20:21:23.0446 1340 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows \system32\drivers\mrxdav.sys 20:21:23.0446 1340 MRxDAV - ok 20:21:23.0493 1340 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows \system32\DRIVERS\mrxsmb.sys 20:21:23.0493 1340 mrxsmb - ok 20:21:23.0556 1340 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows \system32\DRIVERS\mrxsmb10.sys 20:21:23.0556 1340 mrxsmb10 - ok 20:21:23.0602 1340 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows \system32\DRIVERS\mrxsmb20.sys 20:21:23.0602 1340 mrxsmb20 - ok 20:21:23.0649 1340 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows \system32\drivers\msahci.sys 20:21:23.0665 1340 msahci - ok 20:21:23.0727 1340 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows \system32\drivers\msdsm.sys 20:21:23.0727 1340 msdsm - ok 20:21:23.0821 1340 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows \system32\drivers\Msfs.sys 20:21:23.0821 1340 Msfs - ok 20:21:23.0883 1340 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows \System32\drivers\mshidkmdf.sys 20:21:23.0883 1340 mshidkmdf - ok 20:21:23.0930 1340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows \system32\drivers\msisadrv.sys 20:21:23.0930 1340 msisadrv - ok 20:21:24.0039 1340 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows \system32\drivers\MSKSSRV.sys 20:21:24.0039 1340 MSKSSRV - ok 20:21:24.0117 1340 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows \system32\drivers\MSPCLOCK.sys 20:21:24.0117 1340 MSPCLOCK - ok 20:21:24.0148 1340 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows \system32\drivers\MSPQM.sys 20:21:24.0148 1340 MSPQM - ok 20:21:24.0195 1340 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows \system32\drivers\MsRPC.sys 20:21:24.0211 1340 MsRPC - ok 20:21:24.0258 1340 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows \system32\drivers\mssmbios.sys 20:21:24.0258 1340 mssmbios - ok 20:21:24.0289 1340 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows \system32\drivers\MSTEE.sys 20:21:24.0289 1340 MSTEE - ok 20:21:24.0320 1340 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows \system32\DRIVERS\MTConfig.sys 20:21:24.0320 1340 MTConfig - ok 20:21:24.0351 1340 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows \system32\Drivers\mup.sys 20:21:24.0351 1340 Mup - ok 20:21:24.0460 1340 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows \system32\DRIVERS\nwifi.sys 20:21:24.0460 1340 NativeWifiP - ok 20:21:24.0523 1340 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows \system32\drivers\ndis.sys 20:21:24.0554 1340 NDIS - ok 20:21:24.0648 1340 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows \system32\DRIVERS\ndiscap.sys 20:21:24.0648 1340 NdisCap - ok 20:21:24.0679 1340 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows \system32\DRIVERS\ndistapi.sys 20:21:24.0679 1340 NdisTapi - ok 20:21:24.0772 1340 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows \system32\DRIVERS\ndisuio.sys 20:21:24.0772 1340 Ndisuio - ok 20:21:24.0804 1340 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows \system32\DRIVERS\ndiswan.sys 20:21:24.0804 1340 NdisWan - ok 20:21:24.0850 1340 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows \system32\drivers\NDProxy.sys 20:21:24.0850 1340 NDProxy - ok 20:21:24.0897 1340 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows \system32\DRIVERS\netbios.sys 20:21:24.0897 1340 NetBIOS - ok 20:21:24.0944 1340 NetBT (09594d1089c523423b32a4229263f068) C:\Windows \system32\DRIVERS\netbt.sys 20:21:24.0944 1340 NetBT - ok 20:21:24.0991 1340 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows \system32\DRIVERS\nfrd960.sys 20:21:24.0991 1340 nfrd960 - ok 20:21:25.0053 1340 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows \system32\drivers\Npfs.sys 20:21:25.0069 1340 Npfs - ok 20:21:25.0131 1340 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows \system32\drivers\nsiproxy.sys 20:21:25.0131 1340 nsiproxy - ok 20:21:25.0194 1340 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows \system32\drivers\Ntfs.sys 20:21:25.0256 1340 Ntfs - ok 20:21:25.0287 1340 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows \system32\drivers\Null.sys 20:21:25.0287 1340 Null - ok 20:21:25.0350 1340 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows \system32\drivers\nvraid.sys 20:21:25.0350 1340 nvraid - ok 20:21:25.0396 1340 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows \system32\drivers\nvstor.sys 20:21:25.0396 1340 nvstor - ok 20:21:25.0443 1340 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows \system32\drivers\nv_agp.sys 20:21:25.0443 1340 nv_agp - ok 20:21:25.0490 1340 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows \system32\drivers\ohci1394.sys 20:21:25.0490 1340 ohci1394 - ok 20:21:25.0599 1340 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows \system32\DRIVERS\parport.sys 20:21:25.0599 1340 Parport - ok 20:21:25.0646 1340 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows \system32\drivers\partmgr.sys 20:21:25.0646 1340 partmgr - ok 20:21:25.0693 1340 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows \system32\drivers\pci.sys 20:21:25.0708 1340 pci - ok 20:21:25.0724 1340 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows \system32\drivers\pciide.sys 20:21:25.0724 1340 pciide - ok 20:21:25.0786 1340 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows \system32\DRIVERS\pcmcia.sys 20:21:25.0786 1340 pcmcia - ok 20:21:25.0802 1340 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows \system32\drivers\pcw.sys 20:21:25.0802 1340 pcw - ok 20:21:25.0833 1340 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows \system32\drivers\peauth.sys 20:21:25.0849 1340 PEAUTH - ok 20:21:26.0020 1340 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows \system32\DRIVERS\raspptp.sys 20:21:26.0020 1340 PptpMiniport - ok 20:21:26.0052 1340 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows \system32\DRIVERS\processr.sys 20:21:26.0052 1340 Processor - ok 20:21:26.0098 1340 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows \system32\DRIVERS\pacer.sys 20:21:26.0114 1340 Psched - ok 20:21:26.0145 1340 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows \system32\Drivers\PxHlpa64.sys 20:21:26.0145 1340 PxHlpa64 - ok 20:21:26.0208 1340 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows \system32\DRIVERS\ql2300.sys 20:21:26.0239 1340 ql2300 - ok 20:21:26.0270 1340 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows \system32\DRIVERS\ql40xx.sys 20:21:26.0270 1340 ql40xx - ok 20:21:26.0301 1340 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows \system32\drivers\qwavedrv.sys 20:21:26.0301 1340 QWAVEdrv - ok 20:21:26.0332 1340 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows \system32\DRIVERS\rasacd.sys 20:21:26.0332 1340 RasAcd - ok 20:21:26.0364 1340 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows \system32\DRIVERS\AgileVpn.sys 20:21:26.0364 1340 RasAgileVpn - ok 20:21:26.0457 1340 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows \system32\DRIVERS\rasl2tp.sys 20:21:26.0457 1340 Rasl2tp - ok 20:21:26.0535 1340 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows \system32\DRIVERS\raspppoe.sys 20:21:26.0535 1340 RasPppoe - ok 20:21:26.0551 1340 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows \system32\DRIVERS\rassstp.sys 20:21:26.0566 1340 RasSstp - ok 20:21:26.0613 1340 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows \system32\DRIVERS\rdbss.sys 20:21:26.0613 1340 rdbss - ok 20:21:26.0660 1340 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows \system32\DRIVERS\rdpbus.sys 20:21:26.0660 1340 rdpbus - ok 20:21:26.0691 1340 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows \system32\DRIVERS\RDPCDD.sys 20:21:26.0691 1340 RDPCDD - ok 20:21:26.0722 1340 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows \system32\drivers\rdpencdd.sys 20:21:26.0722 1340 RDPENCDD - ok 20:21:26.0754 1340 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows \system32\drivers\rdprefmp.sys 20:21:26.0769 1340 RDPREFMP - ok 20:21:26.0800 1340 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows \system32\drivers\RDPWD.sys 20:21:26.0816 1340 RDPWD - ok 20:21:26.0894 1340 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows \system32\drivers\rdyboost.sys 20:21:26.0894 1340 rdyboost - ok 20:21:26.0972 1340 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows \system32\Drivers\RimUsb_AMD64.sys 20:21:26.0972 1340 RimUsb - ok 20:21:27.0003 1340 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows \system32\DRIVERS\rspndr.sys 20:21:27.0019 1340 rspndr - ok 20:21:27.0050 1340 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows \system32\Drivers\RtsUStor.sys 20:21:27.0050 1340 RSUSBSTOR - ok 20:21:27.0112 1340 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows \system32\drivers\sbp2port.sys 20:21:27.0112 1340 sbp2port - ok 20:21:27.0237 1340 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows \system32\DRIVERS\scfilter.sys 20:21:27.0237 1340 scfilter - ok 20:21:27.0315 1340 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows \system32\drivers\secdrv.sys 20:21:27.0331 1340 secdrv - ok 20:21:27.0362 1340 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows \system32\DRIVERS\serenum.sys 20:21:27.0362 1340 Serenum - ok 20:21:27.0424 1340 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows \system32\DRIVERS\serial.sys 20:21:27.0424 1340 Serial - ok 20:21:27.0471 1340 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows \system32\DRIVERS\sermouse.sys 20:21:27.0471 1340 sermouse - ok 20:21:27.0518 1340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows \system32\drivers\sffdisk.sys 20:21:27.0518 1340 sffdisk - ok 20:21:27.0549 1340 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows \system32\drivers\sffp_mmc.sys 20:21:27.0565 1340 sffp_mmc - ok 20:21:27.0565 1340 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows \system32\drivers\sffp_sd.sys 20:21:27.0580 1340 sffp_sd - ok 20:21:27.0627 1340 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows \system32\DRIVERS\sfloppy.sys 20:21:27.0627 1340 sfloppy - ok 20:21:27.0690 1340 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows \system32\DRIVERS\Sftfslh.sys 20:21:27.0705 1340 Sftfs - ok 20:21:27.0768 1340 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows \system32\DRIVERS\Sftplaylh.sys 20:21:27.0768 1340 Sftplay - ok 20:21:27.0799 1340 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows \system32\DRIVERS\Sftredirlh.sys 20:21:27.0799 1340 Sftredir - ok 20:21:27.0830 1340 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows \system32\DRIVERS\Sftvollh.sys 20:21:27.0846 1340 Sftvol - ok 20:21:27.0924 1340 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows \system32\DRIVERS\SiSRaid2.sys 20:21:27.0939 1340 SiSRaid2 - ok 20:21:27.0955 1340 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows \system32\DRIVERS\sisraid4.sys 20:21:27.0955 1340 SiSRaid4 - ok 20:21:28.0002 1340 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows \system32\DRIVERS\smb.sys 20:21:28.0002 1340 Smb - ok 20:21:28.0080 1340 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows \system32\drivers\spldr.sys 20:21:28.0080 1340 spldr - ok 20:21:28.0158 1340 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows \system32\DRIVERS\srv.sys 20:21:28.0158 1340 srv - ok 20:21:28.0220 1340 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows \system32\DRIVERS\srv2.sys 20:21:28.0220 1340 srv2 - ok 20:21:28.0282 1340 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows \system32\DRIVERS\srvnet.sys 20:21:28.0298 1340 srvnet - ok 20:21:28.0329 1340 ssfmonm (a4c4a1fedfbed04b39efae9f1311ed5e) C:\Windows \system32\DRIVERS\ssfmonm.sys 20:21:28.0345 1340 ssfmonm - ok 20:21:28.0360 1340 ssidrv (1cc88f50bd4e6fd6eac5c5365ceb6583) C:\Windows \system32\DRIVERS\ssidrv.sys 20:21:28.0360 1340 ssidrv - ok 20:21:28.0376 1340 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows \system32\DRIVERS\stexstor.sys 20:21:28.0376 1340 stexstor - ok 20:21:28.0454 1340 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows \system32\drivers\swenum.sys 20:21:28.0454 1340 swenum - ok 20:21:28.0501 1340 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows \system32\DRIVERS\SynTP.sys 20:21:28.0501 1340 SynTP - ok 20:21:28.0579 1340 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows \system32\drivers\tcpip.sys 20:21:28.0626 1340 Tcpip - ok 20:21:28.0719 1340 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows \system32\DRIVERS\tcpip.sys 20:21:28.0719 1340 TCPIP6 - ok 20:21:28.0782 1340 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows \system32\drivers\tcpipreg.sys 20:21:28.0782 1340 tcpipreg - ok 20:21:28.0844 1340 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows \system32\drivers\tdpipe.sys 20:21:28.0860 1340 TDPIPE - ok 20:21:28.0891 1340 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows \system32\drivers\tdtcp.sys 20:21:28.0906 1340 TDTCP - ok 20:21:28.0953 1340 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows \system32\DRIVERS\tdx.sys 20:21:28.0953 1340 tdx - ok 20:21:29.0000 1340 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows \system32\drivers\termdd.sys 20:21:29.0000 1340 TermDD - ok 20:21:29.0094 1340 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows \system32\DRIVERS\tssecsrv.sys 20:21:29.0094 1340 tssecsrv - ok 20:21:29.0156 1340 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows \system32\drivers\tsusbflt.sys 20:21:29.0156 1340 TsUsbFlt - ok 20:21:29.0265 1340 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows \system32\DRIVERS\tunnel.sys 20:21:29.0265 1340 tunnel - ok 20:21:29.0296 1340 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows \system32\DRIVERS\TurboB.sys 20:21:29.0312 1340 TurboB - ok 20:21:29.0343 1340 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows \system32\DRIVERS\uagp35.sys 20:21:29.0343 1340 uagp35 - ok 20:21:29.0390 1340 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows \system32\DRIVERS\udfs.sys 20:21:29.0390 1340 udfs - ok 20:21:29.0452 1340 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows \system32\drivers\uliagpkx.sys 20:21:29.0452 1340 uliagpkx - ok 20:21:29.0546 1340 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows \system32\drivers\umbus.sys 20:21:29.0546 1340 umbus - ok 20:21:29.0608 1340 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows \system32\DRIVERS\umpass.sys 20:21:29.0608 1340 UmPass - ok 20:21:29.0686 1340 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows \system32\Drivers\usbaapl64.sys 20:21:29.0686 1340 USBAAPL64 - ok 20:21:29.0733 1340 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows \system32\DRIVERS\usbccgp.sys 20:21:29.0733 1340 usbccgp - ok 20:21:29.0780 1340 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows \system32\drivers\usbcir.sys 20:21:29.0780 1340 usbcir - ok 20:21:29.0827 1340 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows \system32\drivers\usbehci.sys 20:21:29.0827 1340 usbehci - ok 20:21:29.0858 1340 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows \system32\DRIVERS\usbhub.sys 20:21:29.0858 1340 usbhub - ok 20:21:29.0905 1340 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows \system32\drivers\usbohci.sys 20:21:29.0905 1340 usbohci - ok 20:21:29.0952 1340 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows \system32\DRIVERS\usbprint.sys 20:21:29.0952 1340 usbprint - ok 20:21:29.0983 1340 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows \system32\DRIVERS\usbscan.sys 20:21:29.0983 1340 usbscan - ok 20:21:30.0030 1340 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows \system32\drivers\USBSTOR.SYS 20:21:30.0030 1340 USBSTOR - ok 20:21:30.0076 1340 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows \system32\drivers\usbuhci.sys 20:21:30.0076 1340 usbuhci - ok 20:21:30.0123 1340 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows \System32\Drivers\usbvideo.sys 20:21:30.0139 1340 usbvideo - ok 20:21:30.0186 1340 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows \system32\drivers\vdrvroot.sys 20:21:30.0186 1340 vdrvroot - ok 20:21:30.0217 1340 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows \system32\DRIVERS\vgapnp.sys 20:21:30.0232 1340 vga - ok 20:21:30.0264 1340 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows \System32\drivers\vga.sys 20:21:30.0264 1340 VgaSave - ok 20:21:30.0310 1340 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows \system32\drivers\vhdmp.sys 20:21:30.0310 1340 vhdmp - ok 20:21:30.0357 1340 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows \system32\drivers\viaide.sys 20:21:30.0357 1340 viaide - ok 20:21:30.0373 1340 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows \system32\drivers\volmgr.sys 20:21:30.0373 1340 volmgr - ok 20:21:30.0420 1340 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows \system32\drivers\volmgrx.sys 20:21:30.0420 1340 volmgrx - ok 20:21:30.0466 1340 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows \system32\drivers\volsnap.sys 20:21:30.0466 1340 volsnap - ok 20:21:30.0513 1340 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows \system32\DRIVERS\vsmraid.sys 20:21:30.0529 1340 vsmraid - ok 20:21:30.0544 1340 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows \system32\DRIVERS\vwifibus.sys 20:21:30.0544 1340 vwifibus - ok 20:21:30.0576 1340 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows \system32\DRIVERS\vwififlt.sys 20:21:30.0576 1340 vwififlt - ok 20:21:30.0607 1340 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows \system32\DRIVERS\vwifimp.sys 20:21:30.0607 1340 vwifimp - ok 20:21:30.0638 1340 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows \system32\DRIVERS\wacompen.sys 20:21:30.0638 1340 WacomPen - ok 20:21:30.0685 1340 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows \system32\DRIVERS\wanarp.sys 20:21:30.0685 1340 WANARP - ok 20:21:30.0716 1340 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows \system32\DRIVERS\wanarp.sys 20:21:30.0716 1340 Wanarpv6 - ok 20:21:30.0778 1340 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows \system32\DRIVERS\wd.sys 20:21:30.0778 1340 Wd - ok 20:21:30.0810 1340 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows \system32\drivers\Wdf01000.sys 20:21:30.0825 1340 Wdf01000 - ok 20:21:30.0950 1340 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows \system32\DRIVERS\wfplwf.sys 20:21:30.0950 1340 WfpLwf - ok 20:21:30.0997 1340 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows \system32\DRIVERS\wimfltr.sys 20:21:30.0997 1340 WimFltr - ok 20:21:31.0012 1340 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows \system32\drivers\wimmount.sys 20:21:31.0012 1340 WIMMount - ok 20:21:31.0090 1340 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows \system32\DRIVERS\WinUsb.sys 20:21:31.0090 1340 WinUsb - ok 20:21:31.0200 1340 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows \system32\drivers\wmiacpi.sys 20:21:31.0200 1340 WmiAcpi - ok 20:21:31.0324 1340 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows \system32\drivers\ws2ifsl.sys 20:21:31.0324 1340 ws2ifsl - ok 20:21:31.0371 1340 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows \system32\drivers\WudfPf.sys 20:21:31.0371 1340 WudfPf - ok 20:21:31.0418 1340 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows \system32\DRIVERS\WUDFRd.sys 20:21:31.0418 1340 WUDFRd - ok 20:21:31.0480 1340 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device \Harddisk0\DR0 20:21:31.0480 1340 \Device\Harddisk0\DR0 - ok 20:21:31.0496 1340 Boot (0x1200) (79ed531b8aef9bad535b4adefc409b13) \Device \Harddisk0\DR0\Partition0 20:21:31.0496 1340 \Device\Harddisk0\DR0\Partition0 - ok 20:21:31.0512 1340 Boot (0x1200) (ec7a06e888a1b22ccdee0d0b2ee5ec30) \Device \Harddisk0\DR0\Partition1 20:21:31.0512 1340 \Device\Harddisk0\DR0\Partition1 - ok 20:21:31.0512 1340 ============================================================ 20:21:31.0512 1340 Scan finished 20:21:31.0512 1340 ============================================================ 20:21:31.0668 2032 Detected object count: 0 20:21:31.0668 2032 Actual detected object count: 0 20:21:57.0376 1980 Deinitialize success ============ TDSSKiller log-files {04b) (mode, user) TDSSKiller ... _log.txt} ============ ..... Removed ============ DDS.txt file {05-1} ============= . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 8.0.7601.17514 Run by Bill at 22:02:44 on 2011-12-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5941.5170 [GMT -7:00] . AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5- 7661FB22889E} AV: F-Secure Anti-Virus 2011 10.51 *Disabled/Updated* {15414183-282E-D62C-CA37- EF24860A2F17} SP: F-Secure Anti-Virus 2011 10.51 *Disabled/Updated* {AE20A067-0E14-D9A2-F087- D456FD8D65AA} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915- 4D1380A5C223} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = g.msn.com/USCON/1 uDefault_Page_URL = g.msn.com/USCON/1 uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C: \Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C: \PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [RESTART_STICKY_NOTES] "C:\Windows\System32\StikyNot.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader \Reader_sl.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central \WebcamDell2.exe" /mode2 mRun: [AppleSyncNotifier] "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support \AppleSyncNotifier.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework \WRTray.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update \jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware \mbamgui.exe" /starttray mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support \APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti- Malware\mbam.exe" /runcleanupscript StartupFolder: C:\Users\Bill\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs \Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EXIFLA~1.LNK - C:\Program Files\FinePixViewer\QuickDCF2.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote \Evernote\EvernoteIE.dll/204 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D- 65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB- E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38- 5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL Trusted Zone: intuit.com\ttlc DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall- 1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall- 1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C1930B58-E91F-4FBB-A473-48D12EC70B0C} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C1930B58-E91F-4FBB-A473-48D12EC70B0C}\C696E6B6379737 : DhcpNameServer = 69.145.232.4 69.144.49.30 69.146.17.3 TCP: Interfaces\{C1930B58-E91F-4FBB-A473-48D12EC70B0C}\E4F626C6560284F6573756 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{CE87ECB4-6AA4-4FE1-8CCA-41952F7D3D79} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C: \PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C: \Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F- 1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C: \Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C: \PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C: \Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader \Reader_sl.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central \WebcamDell2.exe" /mode2 mRun-x64: [AppleSyncNotifier] "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework \WRTray.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update \jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware \mbamgui.exe" /starttray mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote \Evernote\EvernoteIE.dll/204 . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows \system32\Drivers\PxHlpa64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows \system32\DRIVERS\vwififlt.sys [?] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot \Security\Current\plugins\antimalware\AEI.exe [2011-2-24 3997912] R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security \Current\Framework\WRConsumerService.exe [2011-9-20 3381184] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C: \Windows\system32\DRIVERS\bcmvwl64.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows \system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [2011-2-23 61960] S1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys --> C:\Windows \system32\drivers\fses.sys [?] S1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys --> C:\Windows \system32\drivers\fsdfw.sys [?] S1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter \fsvista.sys [2011-2-23 15016] S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-3 98208] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C: \Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C: \Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared \Virtualization Handler\CVHSVC.EXE [2010-10-20 821664] S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware \mbamservice.exe [2011-10-15 366152] S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264] S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup \SftService.exe [2010-12-3 689472] S2 ssfmonm;ssfmonm;C:\Windows\system32\DRIVERS\ssfmonm.sys --> C:\Windows \system32\DRIVERS\ssfmonm.sys [?] S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C: \Windows\system32\DRIVERS\TurboB.sys [?] S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-3 2533400] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS \CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\Anti-Virus \minifilter\fsgk.sys [2011-2-23 194728] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS \fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety \fsssvc.exe [2010-9-22 1493352] S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows \system32\DRIVERS\Impcd.sys [?] S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C: \Windows\system32\DRIVERS\IntcDAud.sys [?] S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C: \Windows\system32\drivers\mbam.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers \RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS \Sftfslh.sys [?] S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows \system32\DRIVERS\Sftplaylh.sys [?] S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows \system32\DRIVERS\Sftredirlh.sys [?] S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows \system32\DRIVERS\Sftvollh.sys [?] S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows \system32\drivers\tsusbflt.sys [?] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C: \Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat \WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k \fsfilter.sys [2011-2-23 41896] S4 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\F-Secure\Anti-Virus \fsgk32st.exe [2011-2-23 221864] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\F-Secure\Anti- Virus\win2k\fsrec.sys [2011-2-23 27304] S4 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [2011-2-23 63992] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live \Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-12-04 15:56:08 -------- d-----w- C:\Users\Bill\AppData\Roaming \Malwarebytes 2011-12-03 00:14:46 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66F6E6BD-DD67-40C0-9082-41BC5041C06B}\mpengine.dll 2011-12-02 00:58:30 -------- d-----w- C:\Program Files\iTunes 2011-12-02 00:58:30 -------- d-----w- C:\Program Files\iPod 2011-12-02 00:58:30 -------- d-----w- C:\Program Files (x86)\iTunes . ==================== Find3M ==================== . 2011-12-03 21:08:36 414368 ----a-w- C:\Windows \SysWow64\FlashPlayerCPLApp.cpl 2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2011-10-06 04:49:03 5197 ----a-w- C:\DetectionData.tmp 2011-10-06 04:49:03 49012 ----a-w- C:\InformationalData.tmp 2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 22:03:42.88 =============== ============ TDSSKiller log-files {05-2a) (mode, user) TDSSKiller ... _log.txt} ============ ..... Removed ============ TDSSKiller log-files {05-2b) (mode, user) TDSSKiller ... _log.txt} ========== ..... Removed. ++++++++++++++++++++++++++++++++ END of FILE, END of DATA ++++++++++++++++++++++++++
  7. Freddy02
    Was surfing, took a break to get a snak. When I came back, I noticed the new window explaining that my Dell laptop had been taken over by a virus and to click 'here' to download the software necessary to fix everything. Yea, right. I've seen this kind of 'come on' before, so I knew what was up. I tried to execute the Malwarebytes software, which was supposed to be running at bootup. It gave me a 'Your trial period is over, so you are not allowed to use these functions' - type of message (that figures - Murphy at work). When I tried to run a scan or update the database, nothing would happen. I also had Webroot running, and it also didn't notice anything unusual (Murphy again). Attempting to manually execute Webroot resulted in absolutely no visible result, so I assumed that my 'kidnapper' had prevented all this. I turned off our wireless router in an effort to prevent the 'kidnapper' from spreading to any other computers on our LAN. Then, I shut my laptop down and rebooted, selecting the Administrator identity. I don't use it very often, so the first attempt at presenting the password failed. Using the hint, I received the /Welcome' screen. After more than an hour, the Welcome screen still hasn't finished coming up and the little rotating circle is still rotating. The second computer on our LAN is my wife's Dell laptop (XP), which she uses on-the-job and I don't want to expose it to this problem unnecessarily. The third (and last)computer on the LAN is an old Sony Vaio running Win 2000. I disconnected the router from the modem and connected the modem to the Vaio directly with an Ethernet cable. That is how I am communicating with you, now. This is probably more information than you want but ... Murphy's Law and all that. I've read some of the other entries in this forum and you always tell the people to download one or more programs to be run. So, how do I do that? I could download it onto the Sony, transfer it to a Thumb drive, move the Thumb drive to my laptop (hope that it isn't also blocked), and execute it. Is that what you recommend? If not, what? So, "I'm infected and don't know what to do" .... Now what? Freddy02
  8. Freddy02
    RPMcMurphy - OK, thanks for the green light. I would like to understand why the crash. Whenever a program crashes, I get nervous when I can't discern a reason why .... I can always guess, but knowing is comforting. OK, continuing with the Adobe update.... Adobe completed, continuing. Secunia Online Software Inspector found 4 INSECURE installations: Apple iTunes 7.x (have) 7.6.2.9 Apple QuickTime 7.x (have) 7.4.5.67 Update to 7.66.71.0 (Upgrading required installing latest iTunes. We don't use iTunes, so we'll remove both of them instead.) Adobe Flash Player 10.x (have) 10.0.45.2 (ActiveX) Update to 10.1.53.64 (ActiveX) Adobe Flash Player 10.x (have) 10.0.42.34 (NPAPI) Update to 10.1.53.64 (NPAPI) Ran Secunia Online Software Inspector again - found 0 INSECURE installations: ComboFix un-installed Executing OTM: In addition to whatever else, it cleaned up itself. Manually deleting other tools, logs, etc. . DDS.com . ark.txt & zip . GMER (random).exe . Flash_disinfector.exe . attach.txt & zip . Defogger.exe . JavaRa.exe & def & zip + gpl-2.0.txt (uploading JavaRa.log.txt, then deleting it) . Kasperskey (on-line) . mbam (1.46).exe . OTM.exe . RootRepeal.exe & rar What about the recovery console? Save it or get rid of it? If get rid of it - how? C:\i386\DDS_100x100 (<--- What do I do with this? Is it connected with DDS.com? gpl-2.0.txt & JavaRa.def created 11:01:43 Running JavaRa .... . Running JavaRa 1.15 . Old version's removed. . I'll be posting the log file . Searching for updates using Sun Java's Website . Scroll down to 'JRE' next to latest V# [DONE] . Download [CLICKED] . Entire JRE [CLICKED] . JDK 6 Update 21 (JDK or JRE) . Wanted me to log in or register (Skipped) . Available files .... jre-6u21-windows-i586.exe << NOTE: So far, no mention of an option to use Sun's Download Manager or Sun's website >> . "Welcome to Java" . "downloading from cds-esd.sun.com" . "... installed successfully" . "Updates will automatically ... to change this, see http://java.com/autoupdate" The installation went well, but there was no cleanup afterwards, so I did it. I am attaching the log file, JavaRa.log.txt. Some questions: In post #1, I followed some directions to "Disable the CD Emulation Software". Using Defogger. Do I need to re-able the CD Emulation Software? How? (This is a long one, please bear with me) When I leave the computer (laptop) alone for a great while, it puts itself to sleep in such a way that (there are NO activity LEDs) I must push the On/Off button to get it's attention. Then, it presents a dialogue requiring me to type my password before I can gain access to the computer. As soon as I press [ENTER], after typing the password, my desktop is presented on the screen and I can hear whirring and buzzing indicating the hard drive is very busy for a short while. Sometimes, there is an application sitting there requiring my attention before it will go away (this also often happens at boot time) . Usually, it is some sort of notice from some software that I have installed, asking me if I want to buy an upgrade. Other times, it is the result of some program installing "bloatware" (such as a Google toolbar, or a program that is always indexing my files in the background, or some such thing) and now, it starts up every time I use the computer, stealing CPU time and slowing the computer (needlessly) all the time. I have tried to determine which process it is, so I can do something about it, but the Task Manager will only tell me the Application name or the Process Image Name, but it doesn't link them together. How can I figure out which process(es) are connected to which application and how they get started? Simarly, whenever I plug a flash drive in, a program called 'Musicmatch jukebox" pops up trying to update itself. Shortly afterwards, a little error dialogue pops up titled, "Musicmatch Update", telling me that "Error: Could not install for UPSELL channel" and presents an [OK] button. Pressing OK does nothing, the program's window is still there. I have to kill (X) the window to get rid of it. Why does the flash drive insertion cause the program to run? How can I get rid of it (it seems to be the result of some sort of automatic update situation)? Windows Internet Explorer keeps popping a dialogue up asking me if I want to upgrade to version 8. The version I have is 8.0.6001.18702. How can I get the popup to go away? In addition to MS Internet Explorer, we have Mozilla Firefox installed. In the months before this problem showed up, most of the shortcuts to the internet . a) had the Mozilla Icon (not the MS IE 'e') and .... . Firefox would execute whenever one of the shortcuts was double-clicked. Now, double-clicking on a shortcut causes MS IE to run, although the icon of the shortcuts is still that of Firefox. I suspect the behavior is due to Firefox being in 'safe mode'. How do I get it back to 'normal'? Also, are there any other programs that have been disabled, either partially or completely, that I have no knowledge of? One program I am wondering about is DeFogger. On the following page: 'http://forums.malwarebytes.org/index.php?showtopic=9573' are these instructions: --------------------------------------------------------------------------------------------------------------------- JavaRa.log.txt
  9. Freddy02
    RPMcMurphy - Well, I got partway through the instructions, anyway. I did the Java 6 Update 15 install. Called up the Java Control Panel On the General tab [Temporary Internet Files]. Settings {Check} Keep temporary files on my computer [Location] (not changed) [Disk Space] ... compression level ... NONE ... amount of disk space ... 1000 Mb <Delete Files> {Click} {Check} Apps...Applets {Check} Trac...Files <OK> {Click} (deletes temp files) <OK> {Click} (exit Temp Files Settings) <OK> {Click} (exit Java Control Panel) Downloaded JavaRa.zip to desktop. Unzipped JavaRa.zip to desktop Closed all browsers (& all other apps) Executed desktop/JavaRa.exe Chose English, clicked Select JavaRa up; clicked on Remove Older Versions Clicked YES While executing, a Microsoft Execution Error Window came up, wanted to know if I wanted to report it to Microsoft. Before deciding, displayed all available info, took a pic (attaching) Finally decided not to report the error, clicked 'NO'. The JavaRa window went away. I decided to report this state of affairs to you (also attaching the gpl-2.0 txt file in case it might be helpful). There was no other log file. Freddy02 gpl_2.0.txt
  10. Freddy02
    RPMcMurphy - Ha! Yes, I knew about the file as soon as I posted my response (I attempted to attach it, but something went wrong), but I remembered reading not to post twice in a row because that makes it look like you are waiting on a response from me (or something like that), so I waited. The computer (really a laptop) is \much more snappy, now. Here is the OTM log ... Freddy02 OK, I know what happened. Your attachments uploader will not accept a *.log file. F. 07172010_104742.txt
  11. Freddy02
    RPMcMurphy - Happy to find out that most Detections were 'under control'. Not happy to find out that the emails must be deleted. Many are there for 'historical' documentation purposes, including some with attachments. Would it be 'safe' to copy them to a CD and open them only if necessary and then only in a 'safe' environment (what is that - really) - such as a newly installed Windows 98se, then when finished, reformatting the HD (or some other, more simple solution)? I ran OTM without working on the e-mail. Enclosed is the log file. Freddy02
  12. Freddy02
    RPMcMurphy - Well, at long last, the light at the end of the tunnel doesn't look like the headlight of the train! After the run of Mbam (which I had to rename in order to get it to run), two things were true: The computer wasn't so sluggish as before I could run Mbam using it's own name. The Kaspersky run was interesting .... Here are their respective reports and ... thanks again. Freddy02 mbam_log_2010_07_16__16_20_36_.txt KasReport.txt
  13. Freddy02
    Thanks for the answers. I had anticipated them, but I wanted to be sure. OK, now to ComboFix. I thought that there was internet access, too. Just to facillitate things a bit, I had made a link to this page and placed it on my FD (flash drive), so I copied it onto the IC's (infected computer's) desktop and double-clicked. It took an interminable time to access your site/page, but finally did. I copied the script into Notepad as directed, saving it on the desktop as CFScript.txt. 11:06 As directed, I dropped the script, CFScript.txt, onto the ComboFix.exe's (cat) icon. Briefly, an hourglass appeared and went away. Then, nothing - no apparent activity. I waited. 11:14 Still no (apparent) activity. 11:15 Dropped the script, CFScript.txt, onto the (renamed) ComboFix.exe's (cat) icon. An hourglass briefly appeared, then a notice of the date executed, A green progress bar, then ... nothing. An empty blue DOS window came up, then ... nothing. A dialogue saying there was a newer version available, did I want it? I clicked 'YES'. The dialogue is gone and "Connecting to ... servers" appeared in the DOS window. A dialogue saying 'ComboFix restarting' and was gone. Another green progress bar showed up briefly. 11:19 Nothing - no apparent activity. I waited. The entire screen 'blinked' 11:21 2 beeps, then the Disclaimer window. I clicked YES. 11:23 DOS: "Please Wait. ComboFix preparing to run" 11:24 DOS added: "Attempting to create a new system restore ..." 11:25 A colored "Backing up Registry ..." window came up ... 11:26 and went away again. 11:27 DOS 'Auto Scan': "Scanning ... 10 minutes ... double." 11:28 DOS: Stages completing, 1-2, 3 working ... 11:34 DOS: Stages 3-50 completed. Waiting. 11:40 DOS: "Deleting Files:" (1) "Deleting Folders:" (1) Waiting. 11:42 DOS, Title='ComboFix-Find 3M': "Preparing Report. Do not run ..." 11:47 Now, in Notepad. Saved the report and exited. Back on the desktop. Program ended? I guess. Ha! Guess what? This latest experience generated some more questions ...: During this last execution, my display kept going into 'screen saver' mode. How can I prevent this? That ComboFix would update itself was not mentioned by you, so when it asked if I wanted the update, I almost clicked "NO", but trusting you'all, I didn't. My question is: Is there any possibility that the update was a deviation to the 'rogue' site(s) from which the rest of the execution was controlled, producing a 'doctored' output? When I double-clicked on "My Computer", a window came up with a 'flashlight' waving around, 'looking for files'. It took a while - over a minute. Usually, the contents of that window come up right away - no delays. Also, when I double-clicked on the icon to your website, there was a very long delay - over a minute, before the window filled up with your site's contents. This amount of delay is also unusual. Why the delays? Because of the above delays, and because dropping the script onto the ComboFix icon didn't run and dropping it on the renamed icon DID run, I suspicion that 'all is not well in Smallville', and decided to keep track of the times that the various events took place. Uploading the C:\ComboFix.txt file... ... Even choosing a folder from which the attachment file was chosen took a 'really long' time to display... Ta ta, Freddy02 ComboFix.txt
  14. Freddy02
    I wrote a posting to you previously today, but while I was trying to upload the log file (the upload failed twice), all of a sudden everything was gone. In the upload box was a message saying that the webpage had expired. In addition, I couldn't find the posting I'd just typed, so now, I'm re-typing it in Notepad. Previously, I had asked some questions (and you had answered them), but I forgot some - they are as follows: My wife has an account on Facebook. Does she need to notify her 'friends' of this infection and if so, what should she say? Similarly, what about my corporation's intranet? Any chance it has been compromised? Do I need to inform them? E-mail. We use Outlook. have we unwittingly compromised the computers of others? What is the possible extent? How do we notify them? Misc 'plain, ordinary' files. Has our sharing or using them on other computers compromised those computers - and have they, in turn, compromised still others, etc., etc.? How do we notify THEM? Thanks, in advance... OK, now to ComboFix I downloaded ComboFix to the desktop of the IC (infected computer) from BleepingComputer on the CC (clean computer) via a FD (flash drive) and tried to execute it. It didn't seem to execute. MBAM exibited the same behavior, so I changed the name of ComboFix and tried executing it again. Two beeps, then a Disclaimer window, which also provided a path to a tutorial for ComboFix. "No" on the Disclaimer halted execution. I saved the tutorial on BleepingComputer to the FD on the CC. Then, with the FD connected to the IC, I double-clicked on the .mht tutorial file, the browser executed it, the tutorial came up and I printed it. During the printing, I realized that in order to get the .mht file up, the browser had to be running. Up to now, everytime I had tried running a .mht file or the browser, it refused to run, but now it was, now! That meant that ComboFix would probably have success when it tried to download the recovery console - which I had thought would be impossible. I re-executed the renamed ComboFix and clicked YES at the Disclaimer. Rightaway, an ERROR dialogue came up, saying "Some files could not be created. Close all applications, reboot & restart". While I was writing down the details of the ERROR message thinking execution would wait until I clicked OK, a DOS window came up: "Please Wait. ComboFix preparing to run". Now, I thought I should halt execution, but, then I remembered something about "if any errors received, let the program run...". While I was trying to decide whether to interrupt ComboFix's execution (and if so, just exactly, how?), the DOS window added "Attempting to create a new system restore ...". I decided to let the program run. A colored "System files copied ..." window came up ... and went away again. The DOS window added, "...no recovery console ... YES to download it ..." A 'Windows XP Home Edition SP2 CD ...' window came up. Clicked "Yes" Extracting. "Console Install Successful." DOS: "Scanning for infected files..." Stages completing, 1-50. DOS: "... deleting files" (whole bunch of .dll files - and others?). DOS: "Preparing Log Report" Now, in Notepad. Saved the report and exited. Back on the desktop. Program ended? I guess. When I tried to upload the log file to this post on the CC via the FD from the IC (twice), it wouldn't. Now, I'm trying again. Looks like it worked. Thanks again. Freddy02 ComboFix.txt
  15. Freddy02
    RPMcMurphy, WOW!! Your last post was certainly informative ... and rather unexpected. The implications (to my wife and I, anyway) at first glance, seem to be quite extensive. All that imformation has generated a 'few' questions: When you say "All passwords", do you mean ANY & ALL, no matter how infrequently used, or how it's been since the last use? What about Facebook? Have all my 'friends' been exposed? Do I need to inform them? What about the professional networks to which I connect, through my job - do I need to inform them, too? I guess, basically, I'm trying to get my head wrapped around the limits of the possible infection vs exposeure, so my responses will be complete and sufficient. In your last post (#4), you indicated that ComboFix, upon discovering that the infected computer (IC) did not have MS Windows Recovery Console installed, would download it and install it. Add/Remove Programs, on the infected computer (IC), did not list the recovery console as having been installed. I was prevented from accessing the internet on the IC (infected computer) every time I tried, which makes me wonder how ComboFix is going to do it. However, if the install file for the recovery console is on the IC's (infected computer's) desktop (or some other known folder), will ComboFix be able to access it? The only way (that I know of) the install file can be placed on the IC's desktop, is to download it using a seperate computer, to a Flash Drive (FD), move the Flash Drive (FD) to the IC, and copy the recovery console's installation file to the IC's desktop. Am I incorrect? The above bring up some other questions: About my use of FDs (flash drives) ..., are they in danger of being infected? Can they carry the infection to another computer? Which begs the question, How is this trojan spread? Which also makes me wonder if other computers on our network are infected, even though they are not exhibiting any symptoms? In your last post (#4), you wanted to know if we use a router. Yes, we do. Our cable modem is connected to it, a Netgear Wireless Router, model WPN824. The IC is connected to the LAN wirelessly, and this computer, through which I can connect the internet (and communicate with you, and download, etc) is connected to the same router via Cat 5 Ethernet cable. In spite of the above questions, I still don't understand how ComboFix is going to install the recovery console. Thanks for putting up with my ignorance, Freddy02
  16. Freddy02
    RPMcMurphy - Sorry it's taken me so long to get back here, Life, you know ... Anyway, yow wanted the logs for DDS and GMER ... OK, here is DDS.txt, but somewhere on this site, I remember being cautioned not to post both Attach.txt and ark.txt, instead to ZIP them up and post them. So, now I'll attach the DDS.txt file. Not seeing the file displayed in the preview of this communication, I'll add the attach.zip file and the ark.zip file. According to 'Manage Current Attachments' they are there - whereever 'there' is - DDS1.txt Attach1.zip ark.zip
  17. Freddy02
    Good Evening - - At least, I hope yours is, mine sucks .... I'm new at this, so let me know if there are 'better ways'. Thanks in advance. My laptop 'acquired' this very aggressive 'sales pitch', which took control of it and (apparently) would not release it unless I purchased it's product. This also happened to me 9 or 12 or ? months ago and in the process of cleaning it up, had (through another XP computer on our LAN), downloaded and copied the setup program through the LAN to the hi-jacked laptop. In SAFE MODE, I installed it and ran it, still in SAFE MODE, then again after rebooting (after renaming it). All was well with the world! Yea! This time, Mbam was still installed, but no accress. In SAFE MODE it ran and cleaned (apparently), but after rebooting (normally), I couldn't get Mbam to run, so I renamed it. That worked. Rebooting, still no access to Mbam or the NET. "OK, let's get on line and fix this" - Opps, no access, "that is a possibly dangerous site" . . . . In the previous occurance, NOTHING (hardly) would run, THIS time almost anything would still run (and install?). so, using another computer, I accessed your site, downloaded the latest & greatest didn't change much, apparently, except the original 'kidnapper' was gone. I re-ran Mbam, perhaps, 6 times or more. Some full scans, some quick scans. After each time, in thinking about how I went about it, I kept coming up with somethime else I either forgot to do or did twice or skipped steps, or SOMETHING. Finally, I decided to 'get more informed'. Here, I've learned that these kidnappers have become much more complex and cunning. In looking through your site, I found several pages that looked promising. The first was "Mbam won't run(Fix), SystemSecurity". Some days after the original hijack, I discovered that I was no longer sure about the description of the original 'bad guy', but SystemSecurity's description fit what I could remember the best, so I checked it out first. Most everything it told me I already knew and/or had tried - down to what had to be done in order to INSTALL Mbam. It told me I needed to kill the SS process and to do that, I needed to use something called 'Process Explorer'. I downloaded it to my trusty thumb drive, moved it over to the laptop, installed the program and ran it. Guess what? It looked like the screen on your site, but there was no sign of SystemSecurity. I ran the program 3 times and using [PRINT SCRN] made some pictures of my screen. The directions I was following, told me to run Mbam again, reboot and all would be well. I did and it wasn't. Reading further was quite interesting, .... **Subnote** If after removing System Security you are experiencing MBAM finding Trojan.Agent and Rootkit.Trace but it is failing to remove them then you have been infected with a blended(multiple) infection and also have the CLB WinNT/Alureon rootkit active on your computer. Here is the canned fix/solution for removing that rootkit>>> http://www.malwarebytes.org/forums/index.php?showtopic=12709 Of course, I had to go check it out.... It's all about 'RootRepeal', a new rootkit detector currently in public beta. Reading further, "RootRepeal is currently in public beta. Whereas every effort has been made to ensure compatibility with every system configuration on Windows 2000, XP, 2003 and Vista, it cannot be guaranteed. There is always some risk when scanning for rootkits. Before running RootRepeal, please make sure you have backups of all important data and have saved all open documents." O boy!!! OK, I'm desperate. Downloading, moving, installing and executing as before, using my thumb drive, There were no results. Nothing. Zilch. Another [PRNT SCRN] picture. OK, I'm at the end of your 'fixit' description and it doesn't seem I'm any further along than before. 'Obviously, I picked the wrong solution - right? Who knows. Anyway, I choose another - "Malware Removal - HijackThis Logs". I'm not sure what the 'HijackThis' is, but, reading, everything seems like it's down my alley. Starting with the download (and using my ThumbDrive), I followed the directions. first uninstalling and removing all signs of any previous Mbam installations (except for the logs, which I copied to my Thumb Drive). Same results as described, above. "Now that my system is clean" the directions tell me to update the software and scan again, then install an Anti-Virus. This step I skipped, thinking that I didn't have control yet, what good would an Anti-Virus do until I did? "If you're still experiencing issues" - Yes I am, "Disable the CD Emulation Software". Using Defogger (and my Thumb Drive), I did, keeping the caution uppermost in my mind. "Do not re-enable these drivers until otherwise instructed." "Download DDS and save it to your desktop from ... here .... Disable any script blocker, and then double click dds.scr to run the tool." With my Thumb Drive, I did (only it was named dds.com). It created the two text files, DDS & Attach (Attach.txt, I zipped up). "Download the following GMER Rootkit Scanner from here</SPAN>". "It will be randomly named". It was. Using my Thumb Drive, I executed it on my infected laptop (it gave me no warnings) after ensuring the appropriate check boxes were set as the instructions specified. The results, I saved to 'ark.txt' subsequently, zipping it up. " <LI>Please start a Newtopic here and post the most recent Malwarebytes' Anti-Malware log file and DDS/GMER log files.", say the directions. Hey!! Thats where I am, posting a new topic - but I am not sure just how I should proceed. I have executed Mbam several times, each with it's own results text file. I have run a bunch of supporting software, most of which has it's own report - so which of these do you want to see (if any)? Maybe I need to run some other diagnostic? Rather than giving you (who is you?) a bunch of unneeded stuff, I'll await your instructions so I can get this situation cleaned up. And, by the way, thanks SO MUCH for helping - not only me, but all of us.... - Flailing about in the dark
  18. Freddy02
    I'm new at this, so please bear with me..... I was surfing on my wife's Dell laptop, when all of a sudden a window came up telling me that they had done a scan of my computer, found a bunch of viruses, etc. and wanted me to buy their product to remove the problems. I immediately powered down, but when I booted up, a ka-zillion error msgs came up and went away, before I could read them. Then a window came up like the previous one, wanting me to buy their product. I couldn't kill the window. When I tried to execute any other program, I got one of the 'blank' windows that existed for a moment and then went away. After getting advice from some friends, one suggested I use Malwarebytes. OK. Of all the programs on the laptop, the only one that would work was Internet Explorer - I needed it to agree to buy their software, right? When I tried to download Malwarebytes loader, I found that I could surf to the page, but the actual download was blocked. So I downloaded it on another computer and copied it to the laptop over our home network. However, when I tried to execute it on the laptop, it was blocked like all the other programs. I was stymied. Later, I found I could execute most of the software by double-clicking on an existing data file. IDEA!! I converted a text file to a '.fff' file, then created a new file type of '.fff' which was opened with the mawarebyte loader and double-clicked on the file. It worked! Malwarebytes was installed on the laptop and proceeded to clean it up, quaranteeing (sp?) everything. Then it wanted to reboot. When it did, a Registry Editor window appreared, plus Malwarebytes wanted to re-install. I thought it was part of the execution, so I let it. When it finally executed, it found some more problems, which were quaranteed - then it wanted to reboot. When it did, same story, third verse! Cleaned, quaranteed, rebooted, fourth verse. scanned - no problems found! Exited the program. Rebooted. Surprise! Fifth verse!! I can execute Malwarebytes through it's shortcut on the desktop, but when I boot, The Registry Editor window comes up and Malwarebytes wants to reinstall itself. I have to click cancel and kill the editor window. How can I get the Registry Editor window to stop comin g up and Malwarebytes to stop trying to install itself? Any ideas? Sorry this is so long, but I thought the solution might lie in the sequence of events that took place...
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.