Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
81 - 100 of 142 Posts
Discussion starter · #81 ·
at least what's left here doesn't look like it's going to interfere with you stopped a flu pandemic on fold it :)

one person was using an iPad, the other i'll have to ask. ok, time to get the runscanner going :up:
 
Discussion starter · #82 ·
ugh.. these look long :(
here's the runscanner log (pasted) & hopefully the RSR uploaded.
thanks again!!
------

Runscanner logfile http://www.runscanner.net
* = signed file
- = file not found
General info
------------
Computer name : PEK-PC
Creation time : 10/17/2011 1:46:34 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 9.0.8112.16421
OS : Windows 7 Home Premium
OS Build : 7601
OS SP : Service Pack 1
RunScanner Version : 2.0.0.50
User Language : English (United States)
User rights : Administrator
Windows folder : C:\Windows
Running processes
-----------------
* C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
* C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
* C:\Windows\System32\dllhost.exe (Microsoft Corporation)
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
* C:\Users\peck ent\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe (Google Inc.)
* C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
* C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Company)
* C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
* C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
* C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Company)
* C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
* C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
* C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
* C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
* C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
* C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
* C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
* C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
* C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
* C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
* C:\Users\peck ent\Desktop\runscanner.exe (Runscanner.net)
* C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
* C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
* C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
* C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
* C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
C:\Windows\SysWOW64\UTSCSI.EXE
* C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
* C:\Windows\explorer.exe (Microsoft Corporation)
* C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
* C:\Windows\System32\wininit.exe (Microsoft Corporation)
* C:\Windows\System32\wlanext.exe (Microsoft Corporation)
* C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
Unrated items
-------------
002 * C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
010 * C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes' Anti-Malware)
010 C:\Windows\system32\UTSCSI.EXE (UTSCSI Application)
042 GUID / CLSID not found {0000036B-C524-4050-81A0-243669A86B9F}
042 GUID / CLSID not found {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
042 GUID / CLSID not found {92780B25-18CC-41C8-B9BE-3C9C571A8263}
042 GUID / CLSID not found {2670000A-7350-4f3c-8081-5663EE0C6C49}
042 GUID / CLSID not found {DDE87865-83C5-48c4-8357-2F5B1AA84522}
100 Start Page HKCU : http://www.npr.org/
100 Start Page HKLM : http://g.msn.com/CQNOT/1
105 E&xport to Microsoft Excel : res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
105 Google Sidewiki... : res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
173 GUID / CLSID not found {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
173 GUID / CLSID not found
221 GUID / CLSID not found {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
221 GUID / CLSID not found
223 GUID / CLSID not found {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 GUID / CLSID not found {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 GUID / CLSID not found {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 GUID / CLSID not found {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
225 GUID / CLSID not found {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
227 GUID / CLSID not found
229 GUID / CLSID not found {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
001 audiodg.exe
001 C:\Windows\System32\csrss.exe
001 C:\Windows\System32\csrss.exe
001 C:\Windows\System32\conhost.exe
001 C:\Windows\System32\dwm.exe
001 C:\Windows\System32\hkcmd.exe
001 C:\Windows\System32\taskhost.exe
001 C:\Windows\System32\igfxtray.exe
001 C:\Windows\System32\lsass.exe
001 C:\Windows\System32\lsm.exe
001 C:\Windows\System32\igfxpers.exe
001 C:\Windows\System32\services.exe
001 C:\Windows\System32\spoolsv.exe
001 C:\Windows\System32\winlogon.exe
001 C:\Windows\System32\smss.exe
Missing files
-------------
010 C:\Windows\system32\AxInstSV.dll
010 C:\Windows\system32\aelupsvc.dll
010 C:\Windows\system32\appidsvc.dll
010 C:\Windows\system32\appinfo.dll
010 C:\Windows\system32\Alg.exe
010 C:\Windows\system32\qmgr.dll
010 C:\Windows\system32\bfe.dll
010 C:\Windows\system32\bdesvc.dll
010 C:\Windows\System32\bthserv.dll
010 C:\Windows\system32\browser.dll
010 C:\Windows\system32\vaultsvc.dll
010 C:\Windows\system32\dwm.exe
010 C:\Windows\system32\trkwks.dll
010 C:\Windows\system32\efssvc.dll
010 C:\Windows\system32\wecsvc.dll
010 C:\Windows\system32\wevtsvc.dll
010 C:\Windows\system32\fdPHost.dll
010 C:\Windows\system32\fdrespub.dll
010 C:\Windows\system32\ikeext.dll
010 C:\Windows\system32\ui0detect.exe
010 C:\Windows\system32\kmsvc.dll
010 C:\Windows\system32\lltdres.dll
010 C:\Windows\system32\eapsvc.dll
010 C:\Windows\system32\ipnathlp.dll
010 C:\Windows\System32\certprop.dll
010 C:\Windows\System32\certprop.dll
010 C:\Windows\system32\sppsvc.exe
010 C:\Windows\system32\TabSvc.dll
010 C:\Windows\System32\sensrsvc.dll
010 C:\Windows\system32\defragsvc.dll
010 C:\Windows\system32\wbengine.exe
010 C:\Windows\system32\vssvc.exe
010 C:\Windows\System32\swprv.dll
010 C:\Windows\system32\sdrsvc.dll
010 C:\Program Files (x86)\Windows Defender\MsMpRes.dll
010 C:\Windows\system32\mmcss.dll
010 C:\Windows\system32\mmcss.dll
010 C:\Windows\system32\netman.dll
010 C:\Windows\System32\nlasvc.dll
010 C:\Windows\system32\nsisvc.dll
010 C:\Windows\system32\p2psvc.dll
010 C:\Windows\system32\IPBusEnum.dll
010 C:\Windows\system32\pnrpauto.dll
010 C:\Windows\system32\pnrpsvc.dll
010 C:\Windows\system32\pnrpsvc.dll
010 C:\Windows\system32\wpdbusenum.dll
010 C:\Windows\System32\wercplsupport.dll
010 C:\Windows\system32\profsvc.dll
010 C:\Windows\system32\pcasvc.dll
010 C:\Windows\system32\sstpsvc.dll
010 C:\Windows\system32\qagentrt.dll
010 regsvc.dll
010 C:\Windows\system32\rasauto.dll
010 C:\Windows\system32\rasmans.dll
010 C:\Windows\System32\termsrv.dll
010 C:\Windows\system32\RpcEpMap.dll
010 C:\Windows\system32\Locator.exe
010 C:\Windows\system32\samsrv.dll
010 C:\Windows\system32\seclogon.dll
010 C:\Windows\system32\srvsvc.dll
010 C:\Windows\system32\iphlpsvc.dll
010 C:\Windows\system32\snmptrap.exe
010 C:\Windows\system32\spoolsv.exe
010 C:\Windows\system32\sppuinotify.dll
010 C:\Windows\system32\ssdpsrv.dll
010 C:\Windows\system32\wiaservc.dll
010 C:\Windows\system32\sysmain.dll
010 C:\Windows\system32\schedsvc.dll
010 C:\Windows\system32\tbssvc.dll
010 C:\Windows\system32\lmhsvc.dll
010 C:\Windows\system32\umpnpmgr.dll
010 C:\Windows\system32\umpo.dll
010 C:\Windows\system32\vds.exe
010 C:\Windows\system32\dps.dll
010 C:\Windows\system32\Wat\WatUX.exe
010 C:\Windows\System32\audiosrv.dll
010 C:\Windows\System32\audiosrv.dll
010 C:\Windows\system32\wbiosrvc.dll
010 C:\Windows\system32\wudfsvc.dll
010 C:\Windows\System32\wersvc.dll
010 C:\Windows\system32\FntCache.dll
010 C:\Windows\System32\ListSvc.dll
010 C:\Windows\System32\wscsvc.dll
010 C:\Windows\System32\themeservice.dll
010 C:\Windows\system32\w32time.dll
010 C:\Windows\system32\wuaueng.dll
010 C:\Windows\System32\wlansvc.dll
010 C:\Windows\system32\dot3svc.dll
010 C:\Windows\system32\wbem\wmisvc.dll
010 C:\Windows\system32\wbem\wmiapsrv.exe
010 C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
010 C:\Windows\system32\wkssvc.dll
010 C:\Windows\System32\wwansvc.dll
011 c:\windows\system32\drivers\1394ohci.sys
011 c:\windows\system32\drivers\ohci1394.sys
011 c:\windows\system32\drivers\agp440.sys
011 c:\windows\system32\drivers\CHDRT64.sys
011 c:\windows\system32\drivers\ACPI.sys
011 c:\windows\system32\drivers\acpipmi.sys
011 c:\windows\system32\DRIVERS\arcsas.sys
011 c:\windows\system32\DRIVERS\adp94xx.sys
011 c:\windows\system32\DRIVERS\adpahci.sys
011 c:\windows\system32\DRIVERS\adpu320.sys
011 c:\windows\system32\drivers\aliide.sys
011 c:\windows\system32\drivers\amdide.sys
011 c:\windows\system32\drivers\amdsata.sys
011 c:\windows\system32\DRIVERS\amdsbs.sys
011 c:\windows\system32\drivers\amdxata.sys
011 C:\Windows\system32\drivers\afd.sys
011 C:\Windows\system32\appidsvc.dll
011 c:\windows\system32\DRIVERS\arc.sys
011 c:\windows\system32\drivers\atapi.sys
011 c:\windows\system32\DRIVERS\athrx.sys
011 C:\Windows\system32\drivers\Beep.sys
011 C:\Windows\system32\drivers\fvevol.sys
011 c:\windows\system32\DRIVERS\blbdrive.sys
011 c:\windows\system32\DRIVERS\bthmodem.sys
011 c:\windows\system32\DRIVERS\hidbth.sys
011 c:\windows\system32\DRIVERS\Lbd.sys
011 c:\windows\system32\DRIVERS\b57nd60a.sys
011 c:\windows\system32\DRIVERS\evbda.sys
011 c:\windows\system32\DRIVERS\bxvbda.sys
011 c:\windows\System32\Drivers\Brserid.sys
011 c:\windows\System32\Drivers\BrSerWdm.sys
011 c:\windows\System32\Drivers\BrUsbMdm.sys
011 c:\windows\System32\Drivers\BrUsbSer.sys
011 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
011 C:\ComboFix\catchme.sys
011 c:\windows\system32\DRIVERS\CAXHWAZL.sys
011 c:\windows\system32\DRIVERS\GEARAspiWDM.sys
011 c:\windows\system32\DRIVERS\cdfs.sys
011 c:\windows\system32\drivers\cmdide.sys
011 System32\Drivers\cng.sys
011 C:\Windows\system32\clfs.sys
011 c:\windows\system32\DRIVERS\compbatt.sys
011 C:\Windows\system32\browser.dll
011 c:\windows\system32\DRIVERS\circlass.sys
011 c:\windows\system32\DRIVERS\CmBatt.sys
011 c:\windows\system32\DRIVERS\usbhub.sys
011 C:\Windows\system32\drivers\dfsc.sys
011 c:\windows\System32\drivers\dxgkrnl.sys
011 c:\windows\system32\DRIVERS\crcdisk.sys
011 c:\windows\system32\DRIVERS\usbehci.sys
011 c:\windows\system32\DRIVERS\elxstor.sys
011 c:\windows\system32\drivers\errdev.sys
011 c:\windows\system32\DRIVERS\fssfltr.sys
011 C:\Windows\system32\drivers\fastfat.sys
011 C:\Windows\system32\drivers\fsdepends.sys
011 C:\Windows\system32\drivers\filetrace.sys
011 C:\Windows\system32\drivers\fileinfo.sys
011 c:\windows\system32\DRIVERS\fdc.sys
011 c:\windows\system32\DRIVERS\flpydisk.sys
011 c:\windows\system32\DRIVERS\umpass.sys
011 C:\Windows\system32\drivers\hwpolicy.sys
011 c:\windows\system32\drivers\hcw85cir.sys
011 c:\windows\system32\DRIVERS\HidBatt.sys
011 c:\windows\system32\drivers\kbdhid.sys
011 c:\windows\system32\DRIVERS\mouhid.sys
011 c:\windows\system32\drivers\HDAudBus.sys
011 c:\windows\system32\drivers\HdAudio.sys
011 c:\windows\system32\DRIVERS\HpqKbFiltr.sys
011 c:\windows\system32\drivers\HpSAMD.sys
011 c:\windows\system32\DRIVERS\CAX_DPV.sys
011 C:\Windows\system32\drivers\http.sys
011 c:\windows\system32\drivers\i8042prt.sys
011 c:\windows\system32\DRIVERS\igdkmd64.sys
011 c:\windows\system32\DRIVERS\iirsp.sys
011 C:\Windows\system32\drivers\irenum.sys
011 c:\windows\system32\DRIVERS\hidir.sys
011 c:\windows\system32\drivers\iaStorV.sys
011 c:\windows\system32\DRIVERS\netw5v64.sys
011 c:\windows\system32\drivers\intelide.sys
011 c:\windows\system32\drivers\IPMIDrv.sys
011 System32\drivers\ipnat.sys
011 c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
011 c:\windows\system32\drivers\isapnp.sys
011 c:\windows\system32\drivers\Wdf01000.sys
011 c:\windows\system32\drivers\ksthunk.sys
011 c:\windows\system32\drivers\kbdclass.sys
011 System32\Drivers\ksecdd.sys
011 System32\Drivers\ksecpkg.sys
011 c:\windows\system32\DRIVERS\lltdio.sys
011 c:\windows\system32\DRIVERS\rspndr.sys
011 C:\Windows\system32\drivers\spldr.sys
011 c:\windows\system32\DRIVERS\lsi_fc.sys
011 c:\windows\system32\DRIVERS\lsi_sas.sys
011 c:\windows\system32\DRIVERS\lsi_sas2.sys
011 c:\windows\system32\DRIVERS\lsi_scsi.sys
011 C:\Windows\system32\drivers\luafv.sys
011 C:\Windows\system32\drivers\secdrv.sys
011 C:\Windows\system32\drivers\mbam.sys
011 C:\Windows\system32\drivers\netbt.sys
011 c:\windows\system32\DRIVERS\mdmxsdk.sys
011 c:\windows\system32\DRIVERS\megasas.sys
011 c:\windows\system32\DRIVERS\MegaSR.sys
011 c:\windows\system32\drivers\msdsm.sys
011 C:\Windows\system32\drivers\exfat.sys
011 C:\Windows\system32\drivers\fltmgr.sys
011 c:\windows\system32\drivers\msiscsi.sys
011 c:\windows\system32\DRIVERS\MTConfig.sys
011 C:\Windows\system32\drivers\qwavedrv.sys
011 c:\windows\system32\DRIVERS\rdpbus.sys
011 C:\Windows\System32\drivers\scfilter.sys
011 c:\windows\system32\drivers\drmkaud.sys
011 c:\windows\system32\DRIVERS\tunnel.sys
011 c:\windows\system32\DRIVERS\wd.sys
011 c:\windows\system32\DRIVERS\yk62x64.sys
011 c:\windows\system32\drivers\modem.sys
011 c:\windows\system32\DRIVERS\monitor.sys
011 C:\Windows\system32\drivers\mountmgr.sys
011 c:\windows\system32\drivers\mouclass.sys
011 c:\windows\system32\DRIVERS\uagp35.sys
011 c:\windows\system32\DRIVERS\gagp30kx.sys
011 c:\windows\system32\drivers\MSKSSRV.sys
011 c:\windows\system32\drivers\MSPCLOCK.sys
011 c:\windows\system32\drivers\MSPQM.sys
011 c:\windows\system32\drivers\msahci.sys
011 C:\Windows\system32\drivers\Msfs.sys
011 c:\windows\system32\drivers\msisadrv.sys
011 C:\Windows\system32\drivers\MsRPC.sys
011 c:\windows\system32\drivers\mpio.sys
011 C:\Windows\system32\drivers\mup.sys
011 c:\windows\system32\drivers\CompositeBus.sys
011 c:\windows\system32\drivers\tdpipe.sys
011 c:\windows\system32\DRIVERS\nwifi.sys
011 C:\Windows\system32\drivers\ndis.sys
011 c:\windows\system32\DRIVERS\ndiscap.sys
011 C:\Windows\system32\drivers\NDProxy.sys
011 c:\windows\system32\DRIVERS\ndisuio.sys
011 c:\windows\system32\DRIVERS\netbios.sys
011 c:\windows\system32\drivers\NISx64\1206000.01D\SYMNETS.SYS
011 c:\windows\system32\drivers\nv_agp.sys
011 c:\windows\system32\DRIVERS\nfrd960.sys
011 C:\Windows\system32\drivers\Npfs.sys
011 C:\Windows\system32\drivers\nsiproxy.sys
011 C:\Windows\system32\drivers\Ntfs.sys
011 c:\windows\system32\drivers\pci.sys
011 C:\Windows\system32\drivers\Null.sys
011 c:\windows\system32\drivers\nvraid.sys
011 c:\windows\system32\drivers\nvstor.sys
011 c:\windows\system32\DRIVERS\usbohci.sys
011 c:\windows\system32\DRIVERS\parport.sys
011 C:\Windows\system32\drivers\partmgr.sys
011 C:\Windows\system32\drivers\mshidkmdf.sys
011 c:\windows\system32\drivers\pciide.sys
011 c:\windows\system32\DRIVERS\pcmcia.sys
011 System32\drivers\pcw.sys
011 c:\windows\system32\drivers\swenum.sys
011 c:\windows\system32\DRIVERS\disk.sys
011 c:\windows\system32\DRIVERS\amdppm.sys
011 c:\windows\system32\DRIVERS\amdk8.sys
011 c:\windows\system32\DRIVERS\intelppm.sys
011 c:\windows\system32\DRIVERS\processr.sys
011 c:\windows\system32\drivers\peauth.sys
011 C:\Windows\system32\sstpsvc.dll
011 c:\windows\system32\DRIVERS\ql2300.sys
011 c:\windows\system32\DRIVERS\ql40xx.sys
011 C:\Windows\System32\drivers\pacer.sys
011 c:\windows\system32\DRIVERS\AgileVpn.sys
011 System32\DRIVERS\rasacd.sys
011 C:\Windows\system32\drivers\RDPENCDD.sys
011 C:\Windows\system32\DRIVERS\RDPCDD.sys
011 C:\Windows\system32\drivers\RdpRefMp.sys
011 C:\Windows\system32\drivers\RDPWD.sys
011 System32\drivers\rdyboost.sys
011 c:\windows\system32\DRIVERS\Rt64win7.sys
011 c:\windows\System32\Drivers\RtsUStor.sys
011 c:\windows\system32\drivers\termdd.sys
011 C:\Windows\system32\drivers\tsusbflt.sys
011 c:\windows\system32\DRIVERS\Rts516xIR.sys
011 c:\windows\system32\DRIVERS\RtsUCcid.sys
011 c:\windows\system32\drivers\sbp2port.sys
011 C:\Windows\system32\drivers\SBREdrv.sys
011 c:\windows\system32\drivers\cdrom.sys
011 c:\windows\system32\DRIVERS\sfloppy.sys
011 c:\windows\system32\drivers\sdbus.sys
011 c:\windows\system32\DRIVERS\psi_mf.sys
011 c:\windows\system32\DRIVERS\serial.sys
011 c:\windows\system32\DRIVERS\sermouse.sys
011 c:\windows\system32\DRIVERS\serenum.sys
011 C:\Windows\system32\srvsvc.dll
011 C:\Windows\system32\srvsvc.dll
011 c:\windows\system32\DRIVERS\SiSRaid2.sys
011 c:\windows\system32\DRIVERS\sisraid4.sys
011 c:\windows\system32\drivers\sffdisk.sys
011 c:\windows\system32\drivers\sffp_mmc.sys
011 c:\windows\system32\drivers\sffp_sd.sys
011 c:\windows\system32\DRIVERS\VSTAZL6.SYS
011 c:\windows\system32\DRIVERS\VSTDPV6.SYS
011 c:\windows\system32\DRIVERS\VSTCNXT6.SYS
011 System32\DRIVERS\srvnet.sys
011 c:\windows\system32\DRIVERS\stexstor.sys
011 c:\windows\system32\drivers\NISx64\1206000.01D\SRTSP64.SYS
011 c:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
011 c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
011 c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
011 C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
011 c:\windows\system32\DRIVERS\SynTP.sys
011 C:\Windows\system32\drivers\discache.sys
011 c:\windows\system32\drivers\mssmbios.sys
011 c:\windows\system32\drivers\tdtcp.sys
011 c:\windows\system32\DRIVERS\tcpip.sys
011 System32\drivers\tcpipreg.sys
011 C:\Windows\System32\DRIVERS\tssecsrv.sys
011 c:\windows\system32\DRIVERS\udfs.sys
011 c:\windows\system32\DRIVERS\usbuhci.sys
011 c:\windows\system32\drivers\uliagpkx.sys
011 c:\windows\system32\drivers\usbaudio.sys
011 c:\windows\system32\DRIVERS\usbccgp.sys
011 c:\windows\system32\drivers\usbcir.sys
011 c:\windows\system32\DRIVERS\USBSTOR.SYS
011 c:\windows\system32\drivers\hidusb.sys
011 c:\windows\system32\DRIVERS\usbprint.sys
011 c:\windows\system32\DRIVERS\usbscan.sys
011 System32\Drivers\usbaapl64.sys
011 c:\windows\system32\drivers\umbus.sys
011 c:\windows\system32\DRIVERS\vgapnp.sys
011 c:\windows\System32\drivers\vga.sys
011 c:\windows\system32\drivers\vhdmp.sys
011 c:\windows\system32\drivers\viaide.sys
011 c:\windows\system32\drivers\vdrvroot.sys
011 c:\windows\system32\DRIVERS\vwifibus.sys
011 c:\windows\system32\DRIVERS\vwififlt.sys
011 c:\windows\system32\DRIVERS\vwifimp.sys
011 c:\windows\system32\drivers\volmgr.sys
011 C:\Windows\system32\drivers\volmgrx.sys
011 c:\windows\system32\drivers\volsnap.sys
011 c:\windows\system32\DRIVERS\vsmraid.sys
011 c:\windows\system32\DRIVERS\wacompen.sys
011 c:\windows\system32\drivers\MSTEE.sys
011 c:\windows\system32\DRIVERS\wfplwf.sys
011 c:\windows\system32\DRIVERS\CAX_CNXT.sys
011 c:\windows\system32\drivers\WudfPf.sys
011 c:\windows\system32\drivers\wmiacpi.sys
011 c:\windows\system32\DRIVERS\BrFiltLo.sys
011 c:\windows\system32\DRIVERS\BrFiltUp.sys
011 C:\Windows\System32\drivers\ws2ifsl.sys
011 C:\Windows\system32\wkssvc.dll
011 C:\Windows\system32\wkssvc.dll
011 C:\Windows\system32\wkssvc.dll
011 C:\Windows\system32\wkssvc.dll
011 c:\windows\system32\DRIVERS\WUDFRd.sys
011 c:\windows\system32\DRIVERS\XAudio64.sys
032 rdpclip
069 CNMLMA5.DLL
069 CNMN6PPM.DLL
069 CNCF2Lk.DLL
069 localspl.dll
069 FXSMON.DLL
069 tcpmon.dll
069 usbmon.dll
069 WSDMon.dll
145 kbdclass.sys
148 C:\Windows\system32\ntvdm.exe
210 C:\Windows\system32\sdclt.exe
 

Attachments

Hmmm, not what I was expecting, so lets go this route, as I prefer this way. And its not as lengthy as it looks :)

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
 
Discussion starter · #84 ·
was that an oh-it's-just-something-else unexpectedness, or an oh-this-could-be-something-nasty? wait, nevermind.. i don't want to know!
 
Discussion starter · #85 ·
i just made it a zip file from the outset. ok, heaving another stack of work @ you.. eddie? can you breathe underneath this huge pile??! :eek:
 

Attachments

Discussion starter · #86 ·
getting several pop-ups about an unknown plug-in crashing. it is ok to ignore those? thanks!!
 
Discussion starter · #88 ·
it didn't happen today so far, but those pop ups were during the last 2-ish days & only when i'm using explorer. it started when i opened the browser while the home page was loading, & then when i was trying to get on techguy. plus (as if you need more of this!) explorer kept freezing & i had to use task manager to close it.

so @ that point i was here on techguy, everything froze, i'd end task, log back in, repeat. forget how many times that happened, but many. :s

btw, i have one complaint about that long sleeved white coat that came with this computer.. it didn't have perforations for my fingers to get @ the keyboard! ;)
 
No, its just that RunScanner found loads of files as unknown, and I prefer to double-check, and looks like its fine. Fix to follow at the end :)

You must have my white coat, as I lost my mind last week, but someone did borrow my crystal ball at work, and I want it back :p

If the popup appears again, let me know :)

--

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code:
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Modified Within 30 Days]
NY ->  8 C:\Users\peck ent\AppData\Local\Temp\*.tmp files -> C:\Users\peck ent\AppData\Local\Temp\*.tmp
[Alternate Data Streams]
NY -> @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
NY -> @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
 
Discussion starter · #90 ·
so far, no more pop-ups of that nature :)

since you closed the holes for the fingers on that white coat, did it mean, "don't touch the computer!" ? :p

uh oh, whoever borrowed your crystal ball is going to know that you want it back..! :eek:

this thread needs a status bar.. 98% resolved :D

have to run into town again, back later to run the fix.. & many thanks again eddie!!
 
Discussion starter · #91 ·
ah, nice to have something short for you for once! :)

even though i slather emoticons around, i didn't put those big grin emotions on @ the end. wonder why it auto-converted the colon & capital D to the grin when i pasted the log here?

-------
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
[Files/Folders - Modified Within 30 Days]
C:\Users\peck ent\AppData\Local\Temp\5B96.tmp deleted successfully.
C:\Users\peck ent\AppData\Local\Temp\BITBE7E.tmp deleted successfully.
C:\Users\peck ent\AppData\Local\Temp\BITBEDB.tmp deleted successfully.
C:\Users\peck ent\AppData\Local\Temp\CR_C2A6F.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\Users\peck ent\AppData\Local\Temp\CR_C2A6F.tmp folder deleted successfully.
C:\Users\peck ent\AppData\Local\Temp\~DF1BC1A773E1FF7EF0.TMP deleted successfully.
C:\Users\peck ent\AppData\Local\Temp\~DF6F935C48BAE46B49.TMP deleted successfully.
C:\Users\peck ent\AppData\Local\Temp\~DF8B7D67F51D16C932.TMP deleted successfully.
C:\Users\peck ent\AppData\Local\Temp\~DF8C5C9DA34A6B6F9B.TMP deleted successfully.
C:\Users\peck ent\AppData\Local\Temp\~DFC3CE6E2FF2C38625.TMP deleted successfully.
[Alternate Data Streams]
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
< End of fix log >
OTS by OldTimer - Version 3.1.46.0 fix logfile created on 10252011_215740
 
Okay, lets uninstall the programs we've used :)

We have a couple of last steps to perform and then you're all set. Any Problems/Questions, let me know ;)

Firstly, lets uninstall the tools we've used:

Follow these steps to uninstall Combofix and tools used in the removal of malware

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there



Then, run this:

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

======================
-------------------------

Uninstall SUPERAntiSpyware from AddRemove Programs.

Also, remove the following from the Desktop, if still there after doing the above:

AppRemover
SystemLook
RSIT
Security Check
Runscanner and RSReport.run

==============================

----------------------------
  • Select Start > Control Panel then double-click on the System icon in the Control Panel.
  • In the left-hand pane click on the System Protection option.
  • When the Dialog comes up, click on the System Protection tab.
  • Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  • Click on the Create button to create a new restore point. In the Name dialog, type a descriptive name and then click on the Create button.
  • You will get a message that the Restore Point was created successfully. Click on the Close button.
  • Click on the OK button and close the System window in the Control Panel.

Making Internet Explorer More Secure

Go to Control Panel and open the Internet Options. Click on the Advanced tab and do the following:
  • Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply

Then, click on the Security tab and do the following:
  • Make sure the Internet icon is selected.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt.
  • Change the Download unsigned ActiveX controls to Disable.
  • Change the Initialise and script ActiveX controls not marked as safe to Disable.
  • Change the Installation of desktop items to Prompt.
  • Change the Launching programs and files in an IFRAME to Prompt.
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Makeing FireFox More Secure

Please visit this page to explain how to make Firefox more secure - How to Secure Firefox

Other Software Updates
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for Java and Adobe as these are subject to many security vulnerabilities.

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.
  • Go to Start | Programs | Accessories | System Tools | Disk Cleanup
  • It should start straight away, but if you have to select a drive, click on the C-drive.
  • Let it run, and at the end it will give you some boxes to tick.
  • All are okay to enable, then press OK and then Yes to the question after.
  • It will close after its completed.

------------------------

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
You should also have a good firewall. Here are is a free one available for personal use:and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit monthly. And to keep your system clean run this free malware scanner
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: General Security Information, How to tighten Security Settings and Warnings

Have a safe and happy computing day!

eddie
 
Discussion starter · #96 ·
quote button appears to have backfired.. :eek: it doesn't look right from my end. it is ok after this thread is finished if i tinker with it here, or is there a better spot elsewhere to do that?

anyway, clean up, really?! :D this part of the thread on out should have background music (where is a tool for that, i ask? ;)

i probably won't get back to clean-up until the beginning of next week, you know the schedule :)

but what a lovely thought.. the laptop finally malware & dregs of malware free -- & it has been extremely well done on your part, eddie!! :up: :up: very impressive!! :up:

how many hours of your time is this going to free up? (i'm afraid to ask..!)



--------
 
Yep, you can have another go with the quoting, this thread won't be closed until after 45 days of inactivity. Even though its Solved, its still open :)

No worries on how long to do this, again, any problems, just let me know here ;)

As for the time, my Battlefield 3 disk has finally arrived, so tomorrow night is my gaming night, so that was always free. But, I tend to have about 10 or so threads on the go, and I keep adding more :p
 
Discussion starter · #98 ·
my Battlefield 3 disk has finally arrived,
that's huge!!:eek: :D

well, quoting you was easy after i stopped following the old directions (copy, paste, highlight, press quote button)that are on here somewhere! also a great opportunity to look stupid ;)

lots to catch up on, so good to know there is time for me to tidy up.

guess you'll be around in a few months after you've worn BF3 out! :p
 
Yep, just press the quote button ;)

I'll still be around, I do computer support till I do the threads I'm woking on, then gaming. Normally manage Wed and definatly Fridays, as we're on from 7pm thru to 1-2am :eek:
 
Discussion starter · #100 ·
noticed if i copy/paste first (in error) before hitting quote button, explorer utterly freezes. have to shut it down with task manager & start over. if you know, i'm wondering why that happens?

thanks so much for the security wrap up!! did part of it last night :)

even though i made sure i had the space between combofix & the /u, somehow i got a message saying there was a newer version of CF & did i want to update? i did, then after updating, CF started running. i let it go up to stage 50 before i closed it. hope that wasn't problematic :eek: but @ least i didn't tank the computer :D

do computer support till I do the threads I'm woking on, then gaming. Normally manage Wed and definatly Fridays, as we're on from 7pm thru to 1-2am
so when do you breathe again? ;) :p
 
81 - 100 of 142 Posts
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top