1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

malware or not?

Discussion in 'Virus & Other Malware Removal' started by nittiley, Aug 15, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. nittiley

    nittiley Banned Thread Starter

    Joined:
    Aug 15, 2011
    Messages:
    2,667
    hi dvk01, Thanks very much for the info!! I'm sure she'll be relieved to hear that it's probably wiped out.

    -----
    hey eddie, figured i'd put the short post first, as you know who gets stuck with the loooong ones. :s

    that other thread was a marathon! :eek: shouldn't there have been a prize @ the end?! (i know this thread needs one!!) sheesh, it's bad enough dealing with one hairy issue, let alone 2 at the same time.. that would have been time for me to buy play-doh & throw it against the wall. :p

    now for *fun* with windows media player --> it's version 12.0.7601.17514

    so far, it's only on barnesandnoble.com where it says i don't have windows MP. i tried cdbaby.com & it played music samples, but here's my drowning in ignorance part -- i don't know what is playing those samples. :eek: the windows MP isn't running, i uninstalled itunes (it wouldn't update because of a corrupted or missing file or something), & cyberlink media doesn't appear to be playing anything either.

    i tried setting the windows MP as the default, & it said it was already set as such. :s

    that's good news the font is ok here!! one down, one to go ;). yep, you assumed correctly, it's gmail. i have it automatically set for georgia & normal size. after tapping away the email, on my end it displayed as all 1 font, 1 size, plus it looks the same in sent mail. laurie said she opened it on an iPad if that would make any difference. ? but she said there was a range of font sizes, & in some places it was huge.

    can't imagine what someone is thinking opening an email like that! maybe, 'well, well what do we have here, a rabid font maniac?' ;)
     
  2. nittiley

    nittiley Banned Thread Starter

    Joined:
    Aug 15, 2011
    Messages:
    2,667
    after checking with mostly everyone, right now only 2 people are getting the wonky font. does that mean it's something on their end? i don't want them having computer problems, but it would be great if this is all cleared up. thanks!!
     
  3. nittiley

    nittiley Banned Thread Starter

    Joined:
    Aug 15, 2011
    Messages:
    2,667
    windows MP is working on all the sites now because there was an option i overlooked.:eek: i still wonder why it suddenly went from working to not working on that site (??), & exactly what else was going on, but if it remains a mystery, i'll live. ;)

    is there anything else you think should be done, or do you think my computer is good to go? i'm going to mark this resolved, but please let me know if there's anything else you'd recommend.

    otherwise.. i don't know how to thank you for getting this thing from being all but inoperable to running again. (y)

    you've been incredible helping so much!! :)
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    Good to hear WMP is working again (y)

    If the font is okay for everyone else, it may be the other person's setup. Are they using a laptop etc?


    Can you run this last tool, as a cleanup of bits and bats, and when we're done with it, we'll remove all the tools we've used :)

    Please download Runscanner to your desktop and run it.
    • When the first page comes up select Beginner Mode
    • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
    • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
    • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
    • Call the .run file "RSReport" and save it to your desktop. You will see the RSReport.run file on your desktop. Rightclick on it and select Send To then select Compressed (zipped) Folder and upload that zip here. Click on the Go Advanced button for the uploading options at the bottom of this page (in the picture below ;) )

    [​IMG]

    • In there, at the bottom, click on the button Manage Attachments (in the picture below ;) .
    • A window will appear, and then Browse to RSReport.zip on your Desktop.
    • Click Upload, and when uploaded click Close this Window
    • Then, in the previous window, click on Add Reply

    [​IMG]
     
  5. nittiley

    nittiley Banned Thread Starter

    Joined:
    Aug 15, 2011
    Messages:
    2,667
    if you're sure this is the best use of your time & talents (?), then we'll forge on.

    once again, you're braver than i am ;)

    uh oh, what you've put there looks like i'd better get at it shortly, but i'll have to do that tomorrow.

    thanks eddie -- you really go above & beyond, & i don't want to advantage of that, ok? :)
     
  6. nittiley

    nittiley Banned Thread Starter

    Joined:
    Aug 15, 2011
    Messages:
    2,667
    at least what's left here doesn't look like it's going to interfere with you stopped a flu pandemic on fold it :)

    one person was using an iPad, the other i'll have to ask. ok, time to get the runscanner going (y)
     
  7. nittiley

    nittiley Banned Thread Starter

    Joined:
    Aug 15, 2011
    Messages:
    2,667
    ugh.. these look long :(
    here's the runscanner log (pasted) & hopefully the RSR uploaded.
    thanks again!!
    ------

    Runscanner logfile http://www.runscanner.net
    * = signed file
    - = file not found
    General info
    ------------
    Computer name : PEK-PC
    Creation time : 10/17/2011 1:46:34 PM
    Hosts <> 127.0.0.1 : 0
    Hosts file location : %SystemRoot%\System32\drivers\etc
    IE version : 9.0.8112.16421
    OS : Windows 7 Home Premium
    OS Build : 7601
    OS SP : Service Pack 1
    RunScanner Version : 2.0.0.50
    User Language : English (United States)
    User rights : Administrator
    Windows folder : C:\Windows
    Running processes
    -----------------
    * C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
    * C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
    * C:\Windows\System32\dllhost.exe (Microsoft Corporation)
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
    * C:\Users\peck ent\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe (Google Inc.)
    * C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    * C:\Windows\System32\svchost.exe (Microsoft Corporation)
    * C:\Windows\System32\svchost.exe (Microsoft Corporation)
    * C:\Windows\System32\svchost.exe (Microsoft Corporation)
    * C:\Windows\System32\svchost.exe (Microsoft Corporation)
    * C:\Windows\System32\svchost.exe (Microsoft Corporation)
    * C:\Windows\System32\svchost.exe (Microsoft Corporation)
    * C:\Windows\System32\svchost.exe (Microsoft Corporation)
    * C:\Windows\System32\svchost.exe (Microsoft Corporation)
    * C:\Windows\System32\svchost.exe (Microsoft Corporation)
    * C:\Windows\System32\svchost.exe (Microsoft Corporation)
    * C:\Windows\System32\svchost.exe (Microsoft Corporation)
    * C:\Windows\System32\svchost.exe (Microsoft Corporation)
    * C:\Windows\System32\svchost.exe (Microsoft Corporation)
    * C:\Windows\System32\svchost.exe (Microsoft Corporation)
    * C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
    * C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Company)
    * C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
    * C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    * C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Company)
    * C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    * C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    * C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    * C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    * C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
    * C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
    * C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
    * C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    * C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
    * C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    * C:\Users\peck ent\Desktop\runscanner.exe (Runscanner.net)
    * C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
    * C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    * C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
    * C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
    * C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
    C:\Windows\SysWOW64\UTSCSI.EXE
    * C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    * C:\Windows\explorer.exe (Microsoft Corporation)
    * C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
    * C:\Windows\System32\wininit.exe (Microsoft Corporation)
    * C:\Windows\System32\wlanext.exe (Microsoft Corporation)
    * C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
    Unrated items
    -------------
    002 * C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    010 * C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes' Anti-Malware)
    010 C:\Windows\system32\UTSCSI.EXE (UTSCSI Application)
    042 GUID / CLSID not found {0000036B-C524-4050-81A0-243669A86B9F}
    042 GUID / CLSID not found {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
    042 GUID / CLSID not found {92780B25-18CC-41C8-B9BE-3C9C571A8263}
    042 GUID / CLSID not found {2670000A-7350-4f3c-8081-5663EE0C6C49}
    042 GUID / CLSID not found {DDE87865-83C5-48c4-8357-2F5B1AA84522}
    100 Start Page HKCU : http://www.npr.org/
    100 Start Page HKLM : http://g.msn.com/CQNOT/1
    105 E&xport to Microsoft Excel : res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    105 Google Sidewiki... : res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    173 GUID / CLSID not found {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
    173 GUID / CLSID not found
    221 GUID / CLSID not found {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
    221 GUID / CLSID not found
    223 GUID / CLSID not found {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    225 GUID / CLSID not found {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    225 GUID / CLSID not found {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    225 GUID / CLSID not found {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
    225 GUID / CLSID not found {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
    227 GUID / CLSID not found
    229 GUID / CLSID not found {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
    001 audiodg.exe
    001 C:\Windows\System32\csrss.exe
    001 C:\Windows\System32\csrss.exe
    001 C:\Windows\System32\conhost.exe
    001 C:\Windows\System32\dwm.exe
    001 C:\Windows\System32\hkcmd.exe
    001 C:\Windows\System32\taskhost.exe
    001 C:\Windows\System32\igfxtray.exe
    001 C:\Windows\System32\lsass.exe
    001 C:\Windows\System32\lsm.exe
    001 C:\Windows\System32\igfxpers.exe
    001 C:\Windows\System32\services.exe
    001 C:\Windows\System32\spoolsv.exe
    001 C:\Windows\System32\winlogon.exe
    001 C:\Windows\System32\smss.exe
    Missing files
    -------------
    010 C:\Windows\system32\AxInstSV.dll
    010 C:\Windows\system32\aelupsvc.dll
    010 C:\Windows\system32\appidsvc.dll
    010 C:\Windows\system32\appinfo.dll
    010 C:\Windows\system32\Alg.exe
    010 C:\Windows\system32\qmgr.dll
    010 C:\Windows\system32\bfe.dll
    010 C:\Windows\system32\bdesvc.dll
    010 C:\Windows\System32\bthserv.dll
    010 C:\Windows\system32\browser.dll
    010 C:\Windows\system32\vaultsvc.dll
    010 C:\Windows\system32\dwm.exe
    010 C:\Windows\system32\trkwks.dll
    010 C:\Windows\system32\efssvc.dll
    010 C:\Windows\system32\wecsvc.dll
    010 C:\Windows\system32\wevtsvc.dll
    010 C:\Windows\system32\fdPHost.dll
    010 C:\Windows\system32\fdrespub.dll
    010 C:\Windows\system32\ikeext.dll
    010 C:\Windows\system32\ui0detect.exe
    010 C:\Windows\system32\kmsvc.dll
    010 C:\Windows\system32\lltdres.dll
    010 C:\Windows\system32\eapsvc.dll
    010 C:\Windows\system32\ipnathlp.dll
    010 C:\Windows\System32\certprop.dll
    010 C:\Windows\System32\certprop.dll
    010 C:\Windows\system32\sppsvc.exe
    010 C:\Windows\system32\TabSvc.dll
    010 C:\Windows\System32\sensrsvc.dll
    010 C:\Windows\system32\defragsvc.dll
    010 C:\Windows\system32\wbengine.exe
    010 C:\Windows\system32\vssvc.exe
    010 C:\Windows\System32\swprv.dll
    010 C:\Windows\system32\sdrsvc.dll
    010 C:\Program Files (x86)\Windows Defender\MsMpRes.dll
    010 C:\Windows\system32\mmcss.dll
    010 C:\Windows\system32\mmcss.dll
    010 C:\Windows\system32\netman.dll
    010 C:\Windows\System32\nlasvc.dll
    010 C:\Windows\system32\nsisvc.dll
    010 C:\Windows\system32\p2psvc.dll
    010 C:\Windows\system32\IPBusEnum.dll
    010 C:\Windows\system32\pnrpauto.dll
    010 C:\Windows\system32\pnrpsvc.dll
    010 C:\Windows\system32\pnrpsvc.dll
    010 C:\Windows\system32\wpdbusenum.dll
    010 C:\Windows\System32\wercplsupport.dll
    010 C:\Windows\system32\profsvc.dll
    010 C:\Windows\system32\pcasvc.dll
    010 C:\Windows\system32\sstpsvc.dll
    010 C:\Windows\system32\qagentrt.dll
    010 regsvc.dll
    010 C:\Windows\system32\rasauto.dll
    010 C:\Windows\system32\rasmans.dll
    010 C:\Windows\System32\termsrv.dll
    010 C:\Windows\system32\RpcEpMap.dll
    010 C:\Windows\system32\Locator.exe
    010 C:\Windows\system32\samsrv.dll
    010 C:\Windows\system32\seclogon.dll
    010 C:\Windows\system32\srvsvc.dll
    010 C:\Windows\system32\iphlpsvc.dll
    010 C:\Windows\system32\snmptrap.exe
    010 C:\Windows\system32\spoolsv.exe
    010 C:\Windows\system32\sppuinotify.dll
    010 C:\Windows\system32\ssdpsrv.dll
    010 C:\Windows\system32\wiaservc.dll
    010 C:\Windows\system32\sysmain.dll
    010 C:\Windows\system32\schedsvc.dll
    010 C:\Windows\system32\tbssvc.dll
    010 C:\Windows\system32\lmhsvc.dll
    010 C:\Windows\system32\umpnpmgr.dll
    010 C:\Windows\system32\umpo.dll
    010 C:\Windows\system32\vds.exe
    010 C:\Windows\system32\dps.dll
    010 C:\Windows\system32\Wat\WatUX.exe
    010 C:\Windows\System32\audiosrv.dll
    010 C:\Windows\System32\audiosrv.dll
    010 C:\Windows\system32\wbiosrvc.dll
    010 C:\Windows\system32\wudfsvc.dll
    010 C:\Windows\System32\wersvc.dll
    010 C:\Windows\system32\FntCache.dll
    010 C:\Windows\System32\ListSvc.dll
    010 C:\Windows\System32\wscsvc.dll
    010 C:\Windows\System32\themeservice.dll
    010 C:\Windows\system32\w32time.dll
    010 C:\Windows\system32\wuaueng.dll
    010 C:\Windows\System32\wlansvc.dll
    010 C:\Windows\system32\dot3svc.dll
    010 C:\Windows\system32\wbem\wmisvc.dll
    010 C:\Windows\system32\wbem\wmiapsrv.exe
    010 C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
    010 C:\Windows\system32\wkssvc.dll
    010 C:\Windows\System32\wwansvc.dll
    011 c:\windows\system32\drivers\1394ohci.sys
    011 c:\windows\system32\drivers\ohci1394.sys
    011 c:\windows\system32\drivers\agp440.sys
    011 c:\windows\system32\drivers\CHDRT64.sys
    011 c:\windows\system32\drivers\ACPI.sys
    011 c:\windows\system32\drivers\acpipmi.sys
    011 c:\windows\system32\DRIVERS\arcsas.sys
    011 c:\windows\system32\DRIVERS\adp94xx.sys
    011 c:\windows\system32\DRIVERS\adpahci.sys
    011 c:\windows\system32\DRIVERS\adpu320.sys
    011 c:\windows\system32\drivers\aliide.sys
    011 c:\windows\system32\drivers\amdide.sys
    011 c:\windows\system32\drivers\amdsata.sys
    011 c:\windows\system32\DRIVERS\amdsbs.sys
    011 c:\windows\system32\drivers\amdxata.sys
    011 C:\Windows\system32\drivers\afd.sys
    011 C:\Windows\system32\appidsvc.dll
    011 c:\windows\system32\DRIVERS\arc.sys
    011 c:\windows\system32\drivers\atapi.sys
    011 c:\windows\system32\DRIVERS\athrx.sys
    011 C:\Windows\system32\drivers\Beep.sys
    011 C:\Windows\system32\drivers\fvevol.sys
    011 c:\windows\system32\DRIVERS\blbdrive.sys
    011 c:\windows\system32\DRIVERS\bthmodem.sys
    011 c:\windows\system32\DRIVERS\hidbth.sys
    011 c:\windows\system32\DRIVERS\Lbd.sys
    011 c:\windows\system32\DRIVERS\b57nd60a.sys
    011 c:\windows\system32\DRIVERS\evbda.sys
    011 c:\windows\system32\DRIVERS\bxvbda.sys
    011 c:\windows\System32\Drivers\Brserid.sys
    011 c:\windows\System32\Drivers\BrSerWdm.sys
    011 c:\windows\System32\Drivers\BrUsbMdm.sys
    011 c:\windows\System32\Drivers\BrUsbSer.sys
    011 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
    011 C:\ComboFix\catchme.sys
    011 c:\windows\system32\DRIVERS\CAXHWAZL.sys
    011 c:\windows\system32\DRIVERS\GEARAspiWDM.sys
    011 c:\windows\system32\DRIVERS\cdfs.sys
    011 c:\windows\system32\drivers\cmdide.sys
    011 System32\Drivers\cng.sys
    011 C:\Windows\system32\clfs.sys
    011 c:\windows\system32\DRIVERS\compbatt.sys
    011 C:\Windows\system32\browser.dll
    011 c:\windows\system32\DRIVERS\circlass.sys
    011 c:\windows\system32\DRIVERS\CmBatt.sys
    011 c:\windows\system32\DRIVERS\usbhub.sys
    011 C:\Windows\system32\drivers\dfsc.sys
    011 c:\windows\System32\drivers\dxgkrnl.sys
    011 c:\windows\system32\DRIVERS\crcdisk.sys
    011 c:\windows\system32\DRIVERS\usbehci.sys
    011 c:\windows\system32\DRIVERS\elxstor.sys
    011 c:\windows\system32\drivers\errdev.sys
    011 c:\windows\system32\DRIVERS\fssfltr.sys
    011 C:\Windows\system32\drivers\fastfat.sys
    011 C:\Windows\system32\drivers\fsdepends.sys
    011 C:\Windows\system32\drivers\filetrace.sys
    011 C:\Windows\system32\drivers\fileinfo.sys
    011 c:\windows\system32\DRIVERS\fdc.sys
    011 c:\windows\system32\DRIVERS\flpydisk.sys
    011 c:\windows\system32\DRIVERS\umpass.sys
    011 C:\Windows\system32\drivers\hwpolicy.sys
    011 c:\windows\system32\drivers\hcw85cir.sys
    011 c:\windows\system32\DRIVERS\HidBatt.sys
    011 c:\windows\system32\drivers\kbdhid.sys
    011 c:\windows\system32\DRIVERS\mouhid.sys
    011 c:\windows\system32\drivers\HDAudBus.sys
    011 c:\windows\system32\drivers\HdAudio.sys
    011 c:\windows\system32\DRIVERS\HpqKbFiltr.sys
    011 c:\windows\system32\drivers\HpSAMD.sys
    011 c:\windows\system32\DRIVERS\CAX_DPV.sys
    011 C:\Windows\system32\drivers\http.sys
    011 c:\windows\system32\drivers\i8042prt.sys
    011 c:\windows\system32\DRIVERS\igdkmd64.sys
    011 c:\windows\system32\DRIVERS\iirsp.sys
    011 C:\Windows\system32\drivers\irenum.sys
    011 c:\windows\system32\DRIVERS\hidir.sys
    011 c:\windows\system32\drivers\iaStorV.sys
    011 c:\windows\system32\DRIVERS\netw5v64.sys
    011 c:\windows\system32\drivers\intelide.sys
    011 c:\windows\system32\drivers\IPMIDrv.sys
    011 System32\drivers\ipnat.sys
    011 c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
    011 c:\windows\system32\drivers\isapnp.sys
    011 c:\windows\system32\drivers\Wdf01000.sys
    011 c:\windows\system32\drivers\ksthunk.sys
    011 c:\windows\system32\drivers\kbdclass.sys
    011 System32\Drivers\ksecdd.sys
    011 System32\Drivers\ksecpkg.sys
    011 c:\windows\system32\DRIVERS\lltdio.sys
    011 c:\windows\system32\DRIVERS\rspndr.sys
    011 C:\Windows\system32\drivers\spldr.sys
    011 c:\windows\system32\DRIVERS\lsi_fc.sys
    011 c:\windows\system32\DRIVERS\lsi_sas.sys
    011 c:\windows\system32\DRIVERS\lsi_sas2.sys
    011 c:\windows\system32\DRIVERS\lsi_scsi.sys
    011 C:\Windows\system32\drivers\luafv.sys
    011 C:\Windows\system32\drivers\secdrv.sys
    011 C:\Windows\system32\drivers\mbam.sys
    011 C:\Windows\system32\drivers\netbt.sys
    011 c:\windows\system32\DRIVERS\mdmxsdk.sys
    011 c:\windows\system32\DRIVERS\megasas.sys
    011 c:\windows\system32\DRIVERS\MegaSR.sys
    011 c:\windows\system32\drivers\msdsm.sys
    011 C:\Windows\system32\drivers\exfat.sys
    011 C:\Windows\system32\drivers\fltmgr.sys
    011 c:\windows\system32\drivers\msiscsi.sys
    011 c:\windows\system32\DRIVERS\MTConfig.sys
    011 C:\Windows\system32\drivers\qwavedrv.sys
    011 c:\windows\system32\DRIVERS\rdpbus.sys
    011 C:\Windows\System32\drivers\scfilter.sys
    011 c:\windows\system32\drivers\drmkaud.sys
    011 c:\windows\system32\DRIVERS\tunnel.sys
    011 c:\windows\system32\DRIVERS\wd.sys
    011 c:\windows\system32\DRIVERS\yk62x64.sys
    011 c:\windows\system32\drivers\modem.sys
    011 c:\windows\system32\DRIVERS\monitor.sys
    011 C:\Windows\system32\drivers\mountmgr.sys
    011 c:\windows\system32\drivers\mouclass.sys
    011 c:\windows\system32\DRIVERS\uagp35.sys
    011 c:\windows\system32\DRIVERS\gagp30kx.sys
    011 c:\windows\system32\drivers\MSKSSRV.sys
    011 c:\windows\system32\drivers\MSPCLOCK.sys
    011 c:\windows\system32\drivers\MSPQM.sys
    011 c:\windows\system32\drivers\msahci.sys
    011 C:\Windows\system32\drivers\Msfs.sys
    011 c:\windows\system32\drivers\msisadrv.sys
    011 C:\Windows\system32\drivers\MsRPC.sys
    011 c:\windows\system32\drivers\mpio.sys
    011 C:\Windows\system32\drivers\mup.sys
    011 c:\windows\system32\drivers\CompositeBus.sys
    011 c:\windows\system32\drivers\tdpipe.sys
    011 c:\windows\system32\DRIVERS\nwifi.sys
    011 C:\Windows\system32\drivers\ndis.sys
    011 c:\windows\system32\DRIVERS\ndiscap.sys
    011 C:\Windows\system32\drivers\NDProxy.sys
    011 c:\windows\system32\DRIVERS\ndisuio.sys
    011 c:\windows\system32\DRIVERS\netbios.sys
    011 c:\windows\system32\drivers\NISx64\1206000.01D\SYMNETS.SYS
    011 c:\windows\system32\drivers\nv_agp.sys
    011 c:\windows\system32\DRIVERS\nfrd960.sys
    011 C:\Windows\system32\drivers\Npfs.sys
    011 C:\Windows\system32\drivers\nsiproxy.sys
    011 C:\Windows\system32\drivers\Ntfs.sys
    011 c:\windows\system32\drivers\pci.sys
    011 C:\Windows\system32\drivers\Null.sys
    011 c:\windows\system32\drivers\nvraid.sys
    011 c:\windows\system32\drivers\nvstor.sys
    011 c:\windows\system32\DRIVERS\usbohci.sys
    011 c:\windows\system32\DRIVERS\parport.sys
    011 C:\Windows\system32\drivers\partmgr.sys
    011 C:\Windows\system32\drivers\mshidkmdf.sys
    011 c:\windows\system32\drivers\pciide.sys
    011 c:\windows\system32\DRIVERS\pcmcia.sys
    011 System32\drivers\pcw.sys
    011 c:\windows\system32\drivers\swenum.sys
    011 c:\windows\system32\DRIVERS\disk.sys
    011 c:\windows\system32\DRIVERS\amdppm.sys
    011 c:\windows\system32\DRIVERS\amdk8.sys
    011 c:\windows\system32\DRIVERS\intelppm.sys
    011 c:\windows\system32\DRIVERS\processr.sys
    011 c:\windows\system32\drivers\peauth.sys
    011 C:\Windows\system32\sstpsvc.dll
    011 c:\windows\system32\DRIVERS\ql2300.sys
    011 c:\windows\system32\DRIVERS\ql40xx.sys
    011 C:\Windows\System32\drivers\pacer.sys
    011 c:\windows\system32\DRIVERS\AgileVpn.sys
    011 System32\DRIVERS\rasacd.sys
    011 C:\Windows\system32\drivers\RDPENCDD.sys
    011 C:\Windows\system32\DRIVERS\RDPCDD.sys
    011 C:\Windows\system32\drivers\RdpRefMp.sys
    011 C:\Windows\system32\drivers\RDPWD.sys
    011 System32\drivers\rdyboost.sys
    011 c:\windows\system32\DRIVERS\Rt64win7.sys
    011 c:\windows\System32\Drivers\RtsUStor.sys
    011 c:\windows\system32\drivers\termdd.sys
    011 C:\Windows\system32\drivers\tsusbflt.sys
    011 c:\windows\system32\DRIVERS\Rts516xIR.sys
    011 c:\windows\system32\DRIVERS\RtsUCcid.sys
    011 c:\windows\system32\drivers\sbp2port.sys
    011 C:\Windows\system32\drivers\SBREdrv.sys
    011 c:\windows\system32\drivers\cdrom.sys
    011 c:\windows\system32\DRIVERS\sfloppy.sys
    011 c:\windows\system32\drivers\sdbus.sys
    011 c:\windows\system32\DRIVERS\psi_mf.sys
    011 c:\windows\system32\DRIVERS\serial.sys
    011 c:\windows\system32\DRIVERS\sermouse.sys
    011 c:\windows\system32\DRIVERS\serenum.sys
    011 C:\Windows\system32\srvsvc.dll
    011 C:\Windows\system32\srvsvc.dll
    011 c:\windows\system32\DRIVERS\SiSRaid2.sys
    011 c:\windows\system32\DRIVERS\sisraid4.sys
    011 c:\windows\system32\drivers\sffdisk.sys
    011 c:\windows\system32\drivers\sffp_mmc.sys
    011 c:\windows\system32\drivers\sffp_sd.sys
    011 c:\windows\system32\DRIVERS\VSTAZL6.SYS
    011 c:\windows\system32\DRIVERS\VSTDPV6.SYS
    011 c:\windows\system32\DRIVERS\VSTCNXT6.SYS
    011 System32\DRIVERS\srvnet.sys
    011 c:\windows\system32\DRIVERS\stexstor.sys
    011 c:\windows\system32\drivers\NISx64\1206000.01D\SRTSP64.SYS
    011 c:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
    011 c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
    011 c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
    011 C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    011 c:\windows\system32\DRIVERS\SynTP.sys
    011 C:\Windows\system32\drivers\discache.sys
    011 c:\windows\system32\drivers\mssmbios.sys
    011 c:\windows\system32\drivers\tdtcp.sys
    011 c:\windows\system32\DRIVERS\tcpip.sys
    011 System32\drivers\tcpipreg.sys
    011 C:\Windows\System32\DRIVERS\tssecsrv.sys
    011 c:\windows\system32\DRIVERS\udfs.sys
    011 c:\windows\system32\DRIVERS\usbuhci.sys
    011 c:\windows\system32\drivers\uliagpkx.sys
    011 c:\windows\system32\drivers\usbaudio.sys
    011 c:\windows\system32\DRIVERS\usbccgp.sys
    011 c:\windows\system32\drivers\usbcir.sys
    011 c:\windows\system32\DRIVERS\USBSTOR.SYS
    011 c:\windows\system32\drivers\hidusb.sys
    011 c:\windows\system32\DRIVERS\usbprint.sys
    011 c:\windows\system32\DRIVERS\usbscan.sys
    011 System32\Drivers\usbaapl64.sys
    011 c:\windows\system32\drivers\umbus.sys
    011 c:\windows\system32\DRIVERS\vgapnp.sys
    011 c:\windows\System32\drivers\vga.sys
    011 c:\windows\system32\drivers\vhdmp.sys
    011 c:\windows\system32\drivers\viaide.sys
    011 c:\windows\system32\drivers\vdrvroot.sys
    011 c:\windows\system32\DRIVERS\vwifibus.sys
    011 c:\windows\system32\DRIVERS\vwififlt.sys
    011 c:\windows\system32\DRIVERS\vwifimp.sys
    011 c:\windows\system32\drivers\volmgr.sys
    011 C:\Windows\system32\drivers\volmgrx.sys
    011 c:\windows\system32\drivers\volsnap.sys
    011 c:\windows\system32\DRIVERS\vsmraid.sys
    011 c:\windows\system32\DRIVERS\wacompen.sys
    011 c:\windows\system32\drivers\MSTEE.sys
    011 c:\windows\system32\DRIVERS\wfplwf.sys
    011 c:\windows\system32\DRIVERS\CAX_CNXT.sys
    011 c:\windows\system32\drivers\WudfPf.sys
    011 c:\windows\system32\drivers\wmiacpi.sys
    011 c:\windows\system32\DRIVERS\BrFiltLo.sys
    011 c:\windows\system32\DRIVERS\BrFiltUp.sys
    011 C:\Windows\System32\drivers\ws2ifsl.sys
    011 C:\Windows\system32\wkssvc.dll
    011 C:\Windows\system32\wkssvc.dll
    011 C:\Windows\system32\wkssvc.dll
    011 C:\Windows\system32\wkssvc.dll
    011 c:\windows\system32\DRIVERS\WUDFRd.sys
    011 c:\windows\system32\DRIVERS\XAudio64.sys
    032 rdpclip
    069 CNMLMA5.DLL
    069 CNMN6PPM.DLL
    069 CNCF2Lk.DLL
    069 localspl.dll
    069 FXSMON.DLL
    069 tcpmon.dll
    069 usbmon.dll
    069 WSDMon.dll
    145 kbdclass.sys
    148 C:\Windows\system32\ntvdm.exe
    210 C:\Windows\system32\sdclt.exe
     

    Attached Files:

  8. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    Hmmm, not what I was expecting, so lets go this route, as I prefer this way. And its not as lengthy as it looks :)

    Download OTS to your Desktop and double-click on it to run it
    • Make sure you close all other programs and don't use the PC while the scan runs.
    • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


    Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
     
  9. nittiley

    nittiley Banned Thread Starter

    Joined:
    Aug 15, 2011
    Messages:
    2,667
    was that an oh-it's-just-something-else unexpectedness, or an oh-this-could-be-something-nasty? wait, nevermind.. i don't want to know!
     
  10. nittiley

    nittiley Banned Thread Starter

    Joined:
    Aug 15, 2011
    Messages:
    2,667
    i just made it a zip file from the outset. ok, heaving another stack of work @ you.. eddie? can you breathe underneath this huge pile??! :eek:
     

    Attached Files:

  11. nittiley

    nittiley Banned Thread Starter

    Joined:
    Aug 15, 2011
    Messages:
    2,667
    getting several pop-ups about an unknown plug-in crashing. it is ok to ignore those? thanks!!
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    Will look at the log soon, but where are you getting the pop-ups? Is it at a certain or site, or just online?
     
  13. nittiley

    nittiley Banned Thread Starter

    Joined:
    Aug 15, 2011
    Messages:
    2,667
    it didn't happen today so far, but those pop ups were during the last 2-ish days & only when i'm using explorer. it started when i opened the browser while the home page was loading, & then when i was trying to get on techguy. plus (as if you need more of this!) explorer kept freezing & i had to use task manager to close it.

    so @ that point i was here on techguy, everything froze, i'd end task, log back in, repeat. forget how many times that happened, but many. :s

    btw, i have one complaint about that long sleeved white coat that came with this computer.. it didn't have perforations for my fingers to get @ the keyboard! ;)
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    No, its just that RunScanner found loads of files as unknown, and I prefer to double-check, and looks like its fine. Fix to follow at the end :)

    You must have my white coat, as I lost my mind last week, but someone did borrow my crystal ball at work, and I want it back :p

    If the popup appears again, let me know :)


    --

    Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

    Code:
    [Unregister Dlls]
    [Registry - Safe List]
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
    YN -> WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    YN -> WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    [Files/Folders - Modified Within 30 Days]
    NY ->  8 C:\Users\peck ent\AppData\Local\Temp\*.tmp files -> C:\Users\peck ent\AppData\Local\Temp\*.tmp
    [Alternate Data Streams]
    NY -> @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
    NY -> @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1
    
    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
     
  15. nittiley

    nittiley Banned Thread Starter

    Joined:
    Aug 15, 2011
    Messages:
    2,667
    so far, no more pop-ups of that nature :)

    since you closed the holes for the fingers on that white coat, did it mean, "don't touch the computer!" ? :p

    uh oh, whoever borrowed your crystal ball is going to know that you want it back..! :eek:

    this thread needs a status bar.. 98% resolved :D

    have to run into town again, back later to run the fix.. & many thanks again eddie!!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1012673