Jump to content

HDD infection-need help!


PEGK1
 Share

Recommended Posts

I hope I am doing this right. I am pasting the contents of DDS.text here and attaching "attach.txt and ark.txt" I tried to remove this using the downloadable program but even though it showed it and removed it I am still having problems. THANK YOU in advance. What a pain .....

DDS (Ver_10-12-12.02) - NTFSx86

Run by Peggy at 10:13:21.86 on Tue 12/28/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3546.2432 [GMT -7:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\aestsrv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\conhost.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\program files\aol toolbar\AolTbServer.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Peggy\Desktop\Defogger.exe

C:\Windows\system32\conhost.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Peggy\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [OfficeSyncProcess] c:\program files\microsoft office\office14\MSOSYNC.EXE

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [LspMBKEoGvhkKTO.exe] c:\programdata\LspMBKEoGvhkKTO.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\peggy\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\users\peggy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/12/16 22:23:51];c:\program files\cyberlink\powerdvd dx\000.fcl [2009-12-16 87536]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_028821c569ae5894\AEstSrv.exe [2009-12-16 81920]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-12-16 143968]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2009-12-16 134144]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-18 1343400]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

=============== Created Last 30 ================

2010-12-28 14:47:51 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{447c6937-15da-439e-96d2-41af24167992}\mpengine.dll

2010-12-28 06:19:29 462848 ----a-w- c:\progra~2\LspMBKEoGvhkKTO.exe

2010-12-28 06:19:29 416256 ----a-w- c:\progra~2\qqqDFyMghYikIev.dll

2010-12-16 04:56:23 -------- d-----w- c:\program files\iPod

2010-12-09 17:02:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2010-12-09 17:02:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2010-12-09 17:02:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2010-12-09 17:02:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2010-12-09 17:02:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2010-12-09 17:02:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2010-12-09 17:02:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2010-11-30 00:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-30 00:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-29 21:22:12 -------- d-----w- c:\users\peggy\appdata\roaming\Malwarebytes

2010-11-29 21:22:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-29 21:22:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-29 21:22:04 -------- d-----w- c:\progra~2\Malwarebytes

2010-11-29 21:22:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe

2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll

2010-10-19 17:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe

2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

============= FINISH: 10:13:58.74 ===============

Attach.zip

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 5214

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

11/29/2010 2:31:15 PM

mbam-log-2010-11-29 (14-31-15).txt

Scan type: Quick scan

Objects scanned: 139521

Time elapsed: 8 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi PEGK1 and Welcome!!

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Download rkill.com:

http://download.bleepingcomputer.com/grinler/rkill.com

1. Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.

2. Please be patient while the program looks for various malware programs and ends them.

3. When it has finished, the black window will automatically close and you can continue with the next step. Please post back the rkill log that is generated.

Please Run ComboFix by following the steps provided in exactly this sequence:

Here is a tutorial that describes how to download, install and run Combofix. Please thoroughly review it beofre proceeding:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Very Important! BEFORE downloading Combofix, temporarily disable your antivirus and antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective:

http://www.bleepingcomputer.com/forums/topic114351.html

Note: The above tutorial does not tell you to rename Combofix as I am about to instruct you to do in the following instructions, so make sure you complete the renaming step before launching Combofix.

Using ComboFix ->

Please download Combofix from one of these locations:

HERE or HERE

I want you to rename Combofix.exe as you download it to iexplore.exe

Notes:

  • It is very important that save the newly renamed EXE file to your desktop.
  • You must rename Combofixe.exe as you download it and not after it is on your computer.
    You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
    • Open Firefox
    • Click Tools -> Options -> Main
    • Under the downloads section check the button that says "Always ask me where to save files".
    • Click OK

    [*]For Internet Explorer:

    • Choose to save, not open the file
    • When prompted - save the file to your desktop, and rename it iexplore.exe.

Running Combofix

In the event you already have Combofix, please delete it as this is a new version.

  • Close any open browsers and programs.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • If Combofix asks to update, please allow it to do so. If it renames itself back to Combofix.exe - this is normal!!
  • If You are running Windows XP, and Combofix asks to install the Recovery Console, please allow it to do so or it WILL NOT perform it's normal malware removal capabilities. This is for your safety !!

1. To Launch Combofix

Click Start --> Run, and enter (copy/paste)this command exactly as shown:

"%userprofile%\desktop\iexplore.exe" /killall

2. When finished, it will produce a logfile located at C:\ComboFix.txt

3. Post the contents of that log in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Please post C:\ComboFix.txt in your next reply.

ONLY if You have problems running Combofix then try running it in "Safe Mode with Networking" as follows:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading normally, the Advanced Options Menu should appear;
  • Select the option, to run Windows in "Safe Mode with Networking", then press Enter.
  • Choose your usual account and continue to follow the above directions.

Link to post
Share on other sites

I followed the directions exactly, but the first time I tried combofix it hung at the very end when it was generating the log. The "critical error damaged hard drive/hard drive missing" messages showed up at the same time. I restarted in safe mode and this time it hung at the beginning when it was trying to create a new restore point. I have included the two files I was able to generate earlier in the process and of course, I am still getting the "error" messages.

Thanks for your help,

Peggy

exehelperlog.zip

Link to post
Share on other sites

Now we have to run Combofix again to get rid of your infection :

1. Open Notepad, and on the Notepad menu, choose "Format" and make sure that Word Wrap is UNchecked (disabled).

2. Copy/Paste the text in the code box below and save it to your desktop as CFScript.txt

3. Disable all anti-malware and antivirus active protection by referring to these directions HERE

4. Close All Open Windows and Browsers,

http://forums.malwarebytes.org/index.php?act=post&do=reply_post&f=7&t=71416

killall::

Collect::
c:\programdata\qqqDFyMghYikIev.dll
c:\programdata\LspMBKEoGvhkKTO.exe

Folder::
c:\programdata

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LspMBKEoGvhkKTO.exe"=-

CFScriptB-4.gif

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will cause ComboFix to run again.

If ComboFix prompts you to:

  • Update to a newer version, make sure you allow it to update.
  • Upload infected files for analysis, please allow it to do so.

Please copy/paste the log (C:\Combofix.txt) that opens when it finishes (Do NOT attach it).

Note: If the run does not finish or You have problems, please launch Combofix in safe mode following the same directions as above.

Link to post
Share on other sites

OK, this my latest attempt using ComboFix in safe mode.

Thanks again for for you continued assistance.

Peggy

ComboFix 10-12-28.03 - Peggy 12/29/2010 10:14:16.4.2 - x86 NETWORK

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3546.2758 [GMT -7:00]

Running from: c:\users\Peggy\Desktop\ComboFix.exe

Command switches used :: c:\users\Peggy\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

file zipped: c:\programdata\LspMBKEoGvhkKTO.exe

file zipped: c:\programdata\qqqDFyMghYikIev.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\LspMBKEoGvhkKTO.exe

c:\programdata\qqqDFyMghYikIev.dll

.

((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 )))))))))))))))))))))))))))))))

.

2010-12-29 17:18 . 2010-12-29 17:19 -------- d-----w- c:\users\Peggy\AppData\Local\temp

2010-12-29 17:18 . 2010-12-29 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-28 14:47 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{447C6937-15DA-439E-96D2-41AF24167992}\mpengine.dll

2010-12-16 04:56 . 2010-12-16 04:56 -------- d-----w- c:\program files\iPod

2010-12-09 17:02 . 2010-12-09 17:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2010-12-09 17:02 . 2010-12-09 17:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2010-12-09 17:02 . 2010-12-09 17:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2010-12-09 17:02 . 2010-12-09 17:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2010-12-09 17:02 . 2010-12-09 17:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2010-12-09 17:02 . 2010-12-09 17:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2010-12-09 17:02 . 2010-12-09 17:02 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2010-12-09 17:02 . 2010-12-09 17:02 -------- d-----w- c:\program files\QuickTime

2010-11-30 00:38 . 2010-11-30 00:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-30 00:38 . 2010-11-30 00:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-29 21:22 . 2010-11-29 21:22 -------- d-----w- c:\users\Peggy\AppData\Roaming\Malwarebytes

2010-11-29 21:22 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-29 21:22 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-29 21:22 . 2010-11-29 21:22 -------- d-----w- c:\programdata\Malwarebytes

2010-11-29 21:22 . 2010-12-28 15:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-19 17:41 . 2009-10-02 19:20 222080 ------w- c:\windows\system32\MpSigStub.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-10 233472]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-13 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-13 174104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-13 150552]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-02-26 495708]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4562944]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

c:\users\Peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-4-29 1787224]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk

backup=c:\windows\pss\Quicken Scheduled Updates.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Peggy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\users\Peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-12-14 00:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2009-06-25 03:19 140520 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-05-14 00:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2008-10-08 3328]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/12/16 22:23];c:\program files\CyberLink\PowerDVD DX\000.fcl [2009-06-25 03:19 87536]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\aestsrv.exe [2009-03-03 81920]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\STacSV.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\taskhost.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\conhost.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\HidFind.exe

c:\program files\DellTPad\Apntex.exe

c:\windows\system32\conhost.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2010-12-29 10:23:05 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-29 17:23

ComboFix2.txt 2010-12-29 04:19

Pre-Run: 135,662,526,464 bytes free

Post-Run: 135,596,843,008 bytes free

- - End Of File - - 15F5114818CE6BB89E8E1BAFCEF786E7

Link to post
Share on other sites

You're very Welcome, PEGK1!

The rogue (fake) HDD Program should be gone now. Are you still having problems? - if, so explain please.

Download TFC to your desktop

http://oldtimer.geekstogo.com/TFC.exe

  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

It's normal after running TFC cleaner that the PC will be slower to boot the first time.

----------

Some background information on what we're planning to do can be found HERE

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please run a fully updated Quick scan with MBAM, remove all threats found and post back the log.

If You're still experiencing problems, download OTL and save it on your desktop:

http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the OTL icon (for Vista or Win 7, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. The scan may take 5-10 minutes.
  • Do NOT touch your keyboard until the scan is done!!
  • It will produce two (2) logs on your desktop, one will pop up called OTL.txt; the other will be named Extras.txt.
  • Copy/Paste OTL.txt and attach Extras.txt into your next reply,
  • Exit OTL by clicking the X at top right.

Please post back (do NOT attach) the following logs:

1. TDSSKiller

2. MBAM

3. OTL.txt , Extras.txt (if You needed to run OTL)

Link to post
Share on other sites

OK, so no little buggers showing up on my screen. Nothing was found on either scan and it did not ask for a reboot. Again, I am so appreciative and impressed with your willingness to be of help. --Peggy

2010/12/29 13:52:48.0659 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/29 13:52:48.0659 ================================================================================

2010/12/29 13:52:48.0659 SystemInfo:

2010/12/29 13:52:48.0659

2010/12/29 13:52:48.0659 OS Version: 6.1.7600 ServicePack: 0.0

2010/12/29 13:52:48.0659 Product type: Workstation

2010/12/29 13:52:48.0659 ComputerName: PEGGY-PC

2010/12/29 13:52:48.0659 UserName: Peggy

2010/12/29 13:52:48.0659 Windows directory: C:\Windows

2010/12/29 13:52:48.0659 System windows directory: C:\Windows

2010/12/29 13:52:48.0659 Processor architecture: Intel x86

2010/12/29 13:52:48.0659 Number of processors: 2

2010/12/29 13:52:48.0659 Page size: 0x1000

2010/12/29 13:52:48.0659 Boot type: Normal boot

2010/12/29 13:52:48.0659 ================================================================================

2010/12/29 13:52:48.0924 Initialize success

2010/12/29 13:53:00.0453 ================================================================================

2010/12/29 13:53:00.0453 Scan started

2010/12/29 13:53:00.0453 Mode: Manual;

2010/12/29 13:53:00.0453 ================================================================================

2010/12/29 13:53:00.0889 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/12/29 13:53:00.0936 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2010/12/29 13:53:00.0983 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/12/29 13:53:01.0030 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/12/29 13:53:01.0061 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2010/12/29 13:53:01.0092 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2010/12/29 13:53:01.0248 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2010/12/29 13:53:01.0279 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2010/12/29 13:53:01.0420 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2010/12/29 13:53:01.0513 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2010/12/29 13:53:01.0560 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2010/12/29 13:53:01.0576 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2010/12/29 13:53:01.0607 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2010/12/29 13:53:01.0638 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2010/12/29 13:53:01.0669 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

2010/12/29 13:53:01.0701 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/12/29 13:53:01.0716 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

2010/12/29 13:53:01.0779 ApfiltrService (ccf9cc50dda86023626de4cda96a5934) C:\Windows\system32\DRIVERS\Apfiltr.sys

2010/12/29 13:53:01.0825 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2010/12/29 13:53:01.0997 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2010/12/29 13:53:02.0028 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2010/12/29 13:53:02.0075 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/12/29 13:53:02.0122 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2010/12/29 13:53:02.0278 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2010/12/29 13:53:02.0356 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2010/12/29 13:53:02.0418 BCM42RLY (eb4434444e2721d721a8ac8d5d2ad26b) C:\Windows\system32\drivers\BCM42RLY.sys

2010/12/29 13:53:02.0543 BCM43XX (5245ebbe39ed9010240c20d21f5a26a9) C:\Windows\system32\DRIVERS\bcmwl6.sys

2010/12/29 13:53:02.0683 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2010/12/29 13:53:02.0730 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/12/29 13:53:02.0886 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2010/12/29 13:53:02.0917 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/12/29 13:53:02.0949 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/12/29 13:53:03.0011 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2010/12/29 13:53:03.0073 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/12/29 13:53:03.0089 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/12/29 13:53:03.0120 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/12/29 13:53:03.0136 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/12/29 13:53:03.0401 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2010/12/29 13:53:03.0463 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2010/12/29 13:53:03.0588 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2010/12/29 13:53:03.0666 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2010/12/29 13:53:03.0775 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/12/29 13:53:03.0822 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2010/12/29 13:53:03.0900 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2010/12/29 13:53:03.0994 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2010/12/29 13:53:04.0041 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/12/29 13:53:04.0087 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/12/29 13:53:04.0197 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys

2010/12/29 13:53:04.0259 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\Windows\system32\DRIVERS\CtClsFlt.sys

2010/12/29 13:53:04.0384 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2010/12/29 13:53:04.0446 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2010/12/29 13:53:04.0493 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2010/12/29 13:53:04.0618 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

2010/12/29 13:53:04.0649 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2010/12/29 13:53:04.0680 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

2010/12/29 13:53:04.0805 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2010/12/29 13:53:04.0883 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys

2010/12/29 13:53:05.0055 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2010/12/29 13:53:05.0179 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2010/12/29 13:53:05.0226 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2010/12/29 13:53:05.0335 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2010/12/29 13:53:05.0398 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2010/12/29 13:53:05.0445 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2010/12/29 13:53:05.0507 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2010/12/29 13:53:05.0538 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2010/12/29 13:53:05.0569 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/12/29 13:53:05.0632 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2010/12/29 13:53:05.0694 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2010/12/29 13:53:05.0725 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2010/12/29 13:53:05.0772 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2010/12/29 13:53:05.0897 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/12/29 13:53:05.0959 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/12/29 13:53:06.0006 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2010/12/29 13:53:06.0053 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/12/29 13:53:06.0069 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/12/29 13:53:06.0084 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2010/12/29 13:53:06.0131 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2010/12/29 13:53:06.0162 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2010/12/29 13:53:06.0365 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/12/29 13:53:06.0552 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2010/12/29 13:53:06.0583 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2010/12/29 13:53:06.0630 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/12/29 13:53:06.0786 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\DRIVERS\iaStor.sys

2010/12/29 13:53:06.0849 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/12/29 13:53:07.0005 igfx (45d1a22c0e932768729dd422e175a448) C:\Windows\system32\DRIVERS\igdkmd32.sys

2010/12/29 13:53:07.0083 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2010/12/29 13:53:07.0129 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2010/12/29 13:53:07.0145 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2010/12/29 13:53:07.0176 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/12/29 13:53:07.0223 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/12/29 13:53:07.0239 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2010/12/29 13:53:07.0379 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2010/12/29 13:53:07.0395 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2010/12/29 13:53:07.0441 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/12/29 13:53:07.0566 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/12/29 13:53:07.0613 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/12/29 13:53:07.0738 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2010/12/29 13:53:07.0800 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2010/12/29 13:53:07.0925 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/12/29 13:53:07.0987 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/12/29 13:53:08.0019 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/12/29 13:53:08.0081 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/12/29 13:53:08.0128 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/12/29 13:53:08.0253 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2010/12/29 13:53:08.0299 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2010/12/29 13:53:08.0331 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/12/29 13:53:08.0362 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2010/12/29 13:53:08.0424 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2010/12/29 13:53:08.0455 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2010/12/29 13:53:08.0533 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2010/12/29 13:53:08.0627 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2010/12/29 13:53:08.0658 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2010/12/29 13:53:08.0689 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2010/12/29 13:53:08.0721 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2010/12/29 13:53:08.0752 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/12/29 13:53:08.0783 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/12/29 13:53:08.0830 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/12/29 13:53:08.0877 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2010/12/29 13:53:08.0892 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2010/12/29 13:53:08.0955 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2010/12/29 13:53:08.0970 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2010/12/29 13:53:09.0001 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/12/29 13:53:09.0142 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2010/12/29 13:53:09.0204 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/12/29 13:53:09.0235 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2010/12/29 13:53:09.0251 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2010/12/29 13:53:09.0282 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/12/29 13:53:09.0313 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2010/12/29 13:53:09.0360 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/12/29 13:53:09.0376 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2010/12/29 13:53:09.0454 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2010/12/29 13:53:09.0610 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2010/12/29 13:53:09.0657 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/12/29 13:53:09.0750 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/12/29 13:53:09.0813 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/12/29 13:53:09.0844 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/12/29 13:53:09.0875 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2010/12/29 13:53:10.0000 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2010/12/29 13:53:10.0047 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2010/12/29 13:53:10.0187 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/12/29 13:53:10.0234 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2010/12/29 13:53:10.0265 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2010/12/29 13:53:10.0405 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2010/12/29 13:53:10.0468 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys

2010/12/29 13:53:10.0515 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2010/12/29 13:53:10.0561 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/12/29 13:53:10.0593 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

2010/12/29 13:53:10.0624 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/12/29 13:53:10.0655 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/12/29 13:53:10.0827 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2010/12/29 13:53:10.0889 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2010/12/29 13:53:10.0905 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2010/12/29 13:53:10.0936 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2010/12/29 13:53:10.0967 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2010/12/29 13:53:10.0998 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/12/29 13:53:11.0014 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2010/12/29 13:53:11.0045 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2010/12/29 13:53:11.0248 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2010/12/29 13:53:11.0279 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2010/12/29 13:53:11.0435 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2010/12/29 13:53:11.0482 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys

2010/12/29 13:53:11.0544 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2010/12/29 13:53:11.0575 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/12/29 13:53:11.0607 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2010/12/29 13:53:11.0763 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2010/12/29 13:53:11.0825 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/12/29 13:53:11.0919 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/12/29 13:53:11.0965 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/12/29 13:53:11.0997 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2010/12/29 13:53:12.0075 rcmirror (aa3eaac5827c73ce50eff2883f986144) C:\Windows\system32\DRIVERS\rcmirror.sys

2010/12/29 13:53:12.0153 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2010/12/29 13:53:12.0199 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/12/29 13:53:12.0262 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/12/29 13:53:12.0402 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2010/12/29 13:53:12.0433 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2010/12/29 13:53:12.0465 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2010/12/29 13:53:12.0496 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2010/12/29 13:53:12.0652 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2010/12/29 13:53:12.0699 RTSTOR (d97d8259293b7a82cb891f37f997df3f) C:\Windows\system32\drivers\RTSTOR.SYS

2010/12/29 13:53:12.0761 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/12/29 13:53:12.0823 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2010/12/29 13:53:12.0886 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/12/29 13:53:13.0011 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2010/12/29 13:53:13.0057 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2010/12/29 13:53:13.0073 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2010/12/29 13:53:13.0135 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/12/29 13:53:13.0151 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/12/29 13:53:13.0167 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/12/29 13:53:13.0198 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/12/29 13:53:13.0229 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2010/12/29 13:53:13.0354 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/12/29 13:53:13.0385 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/12/29 13:53:13.0479 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2010/12/29 13:53:13.0541 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2010/12/29 13:53:13.0666 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys

2010/12/29 13:53:13.0713 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys

2010/12/29 13:53:13.0759 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/12/29 13:53:13.0915 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2010/12/29 13:53:13.0978 STHDA (02b3ef45094f090e397eea46cbed7b9e) C:\Windows\system32\DRIVERS\stwrt.sys

2010/12/29 13:53:14.0087 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys

2010/12/29 13:53:14.0149 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2010/12/29 13:53:14.0243 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2010/12/29 13:53:14.0305 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2010/12/29 13:53:14.0446 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2010/12/29 13:53:14.0493 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2010/12/29 13:53:14.0524 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2010/12/29 13:53:14.0539 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2010/12/29 13:53:14.0571 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2010/12/29 13:53:14.0695 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/12/29 13:53:14.0742 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2010/12/29 13:53:14.0789 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2010/12/29 13:53:14.0820 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2010/12/29 13:53:14.0867 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/12/29 13:53:14.0898 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2010/12/29 13:53:14.0929 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2010/12/29 13:53:14.0992 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

2010/12/29 13:53:15.0039 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/12/29 13:53:15.0132 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2010/12/29 13:53:15.0163 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2010/12/29 13:53:15.0195 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2010/12/29 13:53:15.0226 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2010/12/29 13:53:15.0319 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2010/12/29 13:53:15.0382 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2010/12/29 13:53:15.0413 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/12/29 13:53:15.0460 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/12/29 13:53:15.0507 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys

2010/12/29 13:53:15.0553 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys

2010/12/29 13:53:15.0600 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/12/29 13:53:15.0631 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/12/29 13:53:15.0647 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2010/12/29 13:53:15.0678 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/12/29 13:53:15.0709 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2010/12/29 13:53:15.0741 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2010/12/29 13:53:15.0756 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2010/12/29 13:53:15.0787 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/12/29 13:53:15.0803 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2010/12/29 13:53:15.0850 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2010/12/29 13:53:15.0975 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/12/29 13:53:16.0006 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2010/12/29 13:53:16.0053 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2010/12/29 13:53:16.0084 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

2010/12/29 13:53:16.0115 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2010/12/29 13:53:16.0146 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/29 13:53:16.0162 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/29 13:53:16.0209 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys

2010/12/29 13:53:16.0302 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2010/12/29 13:53:16.0333 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2010/12/29 13:53:16.0411 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/12/29 13:53:16.0443 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2010/12/29 13:53:16.0614 WINUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.SYS

2010/12/29 13:53:16.0692 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/12/29 13:53:16.0833 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/12/29 13:53:16.0957 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys

2010/12/29 13:53:17.0113 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2010/12/29 13:53:17.0191 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/12/29 13:53:17.0441 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys

2010/12/29 13:53:17.0597 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\CyberLink\PowerDVD DX\000.fcl

2010/12/29 13:53:17.0753 ================================================================================

2010/12/29 13:53:17.0753 Scan finished

2010/12/29 13:53:17.0753 ================================================================================

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5406

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/29/2010 1:58:04 PM

mbam-log-2010-12-29 (13-58-04).txt

Scan type: Quick scan

Objects scanned: 148170

Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Your appreciation makes it all worth it!

Those two scans are negative for threats so this will be our final scan, and then we'll wrap it up if all is clear:

Please perform a scan with the ESET online virus scanner. You can expect some detections in Combofix's quarantine (Qoobox) and system volume information. They will not represent active malware so don't worry:

http://www.eset.com/onlinescan/index.php

  • ESET recommends disabling your resident antivirus's auto-protection feature before beginning the scan to avoid conflicts and system hangs
  • Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan.
  • Check the "Yes, I accept the terms of use" box.
  • Click "Start"
  • Approve the installation of the ActiveX control that's required to enable scanning
  • Make sure the box to
    • Remove found threats. is CHECKED!!
    • Click "Start"

    [*]Allow the definition data base to install

    [*]Click "Scan"

When the scan is done, please post the scan report in your next reply. It can be found in this location:

C:\Program Files\EsetOnlineScanner\log.txt

Link to post
Share on other sites

Hi,

Ran the ESET online scanner and it found NO infected or even quarantined files. I did not find a "log.text" in the ESET folder or my hard drive, except for the following info. I guess I have been VERY lucky as this is only the second time I have ever had an issue. I guess being an old lady and surfing mostly quilting and fabric sites probably don't put me at much risk, but do you have any suggestions as to where I might have picked this up?

Thanks again!!!!

Peggy

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Link to post
Share on other sites

Excellent job, PEGK1!

Your scans are all coming up clean now!!

This gave me my Laugh of the Day:

I guess I have been VERY lucky as this is only the second time I have ever had an issue. I guess being an old lady and surfing mostly quilting and fabric sites probably don't put me at much risk

As far as your very good question goes:

do you have any suggestions as to where I might have picked this up?

Though going into shady territory increases your risk, the fake (rogue) scanners and maintenance utilities are absolutely EVERYWHERE. A completely legit webpage may become infected or serve up this exploit via an iframe (a separate infected ad window which is really a different webpage)!! The trick is to never click in the phoney "You're infected" Window - simply open Windows Task Manager (Ctl+ Alt + Del in XP or Ctl+Shift+Esc in Vista /W7) and kill the underlying browser process (ie. firefox.exe for Firefox or iexplore.exe for Internet Explorer). Never try to click on the "X" to close the Fake Warning Window, because if you do - it will take you directly to the infected Rogue product website and a trojan will automatically be installed. After that, there is no going back so the trick is to nip it in the bud and never go to the infected website in the first place. Windows Updates are your first line of defense to avoid this crap. I've seen Windows 7 systems with fully updated Anti-malware programs become infected immediately when all updates were not installed, so never leave yourself vulnerable!! Patches are a must!!

We have a few steps to finish up now!!

If I asked you to download and run an ARK (Antirootkit program) such as Gmer, Rootkit Unhooker, or Root Repeal, then please uninstall it by doing the following:

  • Delete the contents of the C:\ARK folder (or whatever folder you chose to install the antirootkit in)
  • Delete the C:\ARK folder(or whatever folder you chose to install the antirootkit in)

If I asked You to download OTL, TDSSKiller, MBRCheck or mbr.exe, please delete these programs from your Desktop (or their download location). If I asked you to make a back-up copy of your MBR, retain that on your hard drive and also burn it to CD for safekeeping, in the event You need to restore it.

To remove Combofix and it's quarantine folder:

Click Start -> Run, and copy/paste the following bolded text in the Open: box and select OK:

"%userprofile%\desktop\iexplore.exe" /uninstall

This will do the following:

  • Uninstall Combofix and all its associated files and folders.
  • Flush your system restore points and create a new restore point.
  • Rehide your system files and folders
  • Reset your system clock

---

Here are some additional measures you should take to keep your system in good working order and ensure your continued security.

1. Scan your system for outdated versions of commonly used software applications that may also cause your PC be vulnerable, using the Secunia Online Software Inspector (OSI) by clicking the Start Scanner button. This is very important because recent statistics confirm that an overwhelming majority of infections are aquired through application not Operating System flaws. Commonly used programs like Quicktime, Java, and Adobe Acrobat Reader, itunes, FlashPlayer and many others are frequently targeted today. You can make your computer much more secure if you update to the most current versions of these programs and any others that Secunia alerts you to.

Just click the "Start Scanner" button to get a listing of all outdated and possibly insecure resident programs.

Note: If your firewall prompts you about access, allow it.

2. Keep MBAM as an on demand scanner because I highly recommend it, and the quick scan will find most all active malware in minutes.

3. You can reduce your startups by downloading Malwarebyte's StartUp Lite and saving it to a convenient location. Just double-click StartUpLite.exe. Then, check the options you would like based on the descriptions provided, then select continue. This will free up system resources because nonessential background programs will no longer be running when you start up your computer.

You should visit the Windows Updates website, and obtain the most current Operating System updates/patches, and Internet Explorer released versions.

The easiest and fastest way to obtain Windows Updates is by clicking Control Panel -> Windows Update.

However, setting your computer to download and install updates automatically will relieve you of the responsibility of doing this on a continual basis. It is important to periodically check that Windows Updates is functioning properly because many threats disable it as part of their strategy to compromise your system. Windows Updates are released on the second Tuesday of every month.

Finally, please review the additional suggestions offered by Tony Klein in How did I get infected in the first place. so you can maintain a safe and secure computing environment.

Happy Surfing! :)

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.