Computer Hope
Software => Computer viruses and spyware => Topic started by: katlyn on January 20, 2013, 11:50:07 AM
-
I have been having trouble on varies forms for a while, but I got the FBI warning screen the other day, and after logging on to Windows, my desktop is black. The only way I can get online is thru task manager, but can't access desktop or do other things...any suggestions?
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
If you can't get these to run, boot in Safe Mode with NetWorking and run them there.
Here's (http://www.computerhope.com/issues/chsafe.htm) how to get into Safe Mode.
Please download AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner)by Xplode onto your Desktop.
- Double click on AdwCleaner.exe to run the tool.
- Click on Search.
- A logfile will automatically open after the scan has finished.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
*********************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
-
# AdwCleaner v2.106 - Logfile created 01/20/2013 at 20:39:38
# Updated 17/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Hailey - HAILEY-PC
# Boot Mode : Normal
# Running from : C:\Users\Hailey\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Hailey\AppData\Local\Temp\Searchqu.ini
File Found : C:\Users\Hailey\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Found : C:\Users\Hailey\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Found : C:\Users\Hailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Found : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\searchplugins\Conduit.xml
File Found : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\searchplugins\Search_Results.xml
File Found : C:\Users\Hailey\Desktop\iLivid.lnk
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\Program Files\Free Offers from Freeze.com
Folder Found : C:\Program Files\Ilivid
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\Users\Hailey\AppData\Local\Ilivid
Folder Found : C:\Users\Hailey\AppData\Local\Ilivid Player
Folder Found : C:\Users\Hailey\AppData\Local\Temp\CT3131886
Folder Found : C:\Users\Hailey\AppData\LocalLow\searchquband
Folder Found : C:\Users\Hailey\AppData\Roaming\Babylon
Folder Found : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\CT3131886
Folder Found : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}
Folder Found : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\Smartbar
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Blabbers
Key Found : HKCU\Software\BrowserCompanion
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011341191}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055345591}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-410393384-1161414932-3442993101-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-410393384-1161414932-3442993101-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Browser companion helper]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.19088
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112478&tt=031012_IKAN_4112_6&babsrc=HP_ss&mntrId=ccbb3ff00000000000000023543aae5f
-\\ Mozilla Firefox v10.0.2 (en-US)
File : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\prefs.js
Found : user_pref("CT3131886.1000082.isDisplayHidden", "true");
Found : user_pref("CT3131886.1000082.isPlayDisplay", "true");
Found : user_pref("CT3131886.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3131886.1000234.TWC_TMP_city", "BELLEVUE");
Found : user_pref("CT3131886.1000234.TWC_TMP_country", "US");
Found : user_pref("CT3131886.1000234.TWC_locId", "SZXX0119");
Found : user_pref("CT3131886.1000234.TWC_location", "Bellevue, Switzerland");
Found : user_pref("CT3131886.1000234.TWC_region", "US");
Found : user_pref("CT3131886.1000234.TWC_temp_dis", "f");
Found : user_pref("CT3131886.1000234.TWC_wind_dis", "mph");
Found : user_pref("CT3131886.1000234.weatherData", "{\"icon\":\"16.png\",\"temperature\":\"34°F\",\"temperat[...]
Found : user_pref("CT3131886.CBOpenMAMSettings.enc", "MA==");
Found : user_pref("CT3131886.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3131886.ENABLE_RETURN_WEB_SEARCH_ON_T HE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3131886.FirstTime", "true");
Found : user_pref("CT3131886.FirstTimeFF3", "true");
Found : user_pref("CT3131886.LoginRevertSettingsEnabled", true);
Found : user_pref("CT3131886.RevertSettingsEnabled", true);
Found : user_pref("CT3131886.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT313[...]
Found : user_pref("CT3131886.UserID", "UN00894222291528645");
Found : user_pref("CT3131886.addressBarTakeOverEnabledInHi dden", "true");
Found : user_pref("CT3131886.autoDisableScopes", 0);
Found : user_pref("CT3131886.browser.search.defaultthis.en gineName", true);
Found : user_pref("CT3131886.cb_experience_000.enc", "NA==");
Found : user_pref("CT3131886.cb_firstuse0100.enc", "MQ==");
Found : user_pref("CT3131886.cb_user_id_000.enc", "Q0I2NTA2OTkwMDQyMTdfMTM1NjgzNDY4MjE5MV9 GaXJlZm94");
Found : user_pref("CT3131886.cbcountry_001.enc", "VVM=");
Found : user_pref("CT3131886.cbfirsttime.enc", "VGh1IE9jdCAxMSAyMDEyIDAyOjE4OjE0IEdNVC0 wNTAwIChDZW50cmFsIERh[...]
Found : user_pref("CT3131886.defaultSearch", "true");
Found : user_pref("CT3131886.embeddedsData", "[{\"appId\":\"129641800031032056\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3131886.enableAlerts", "always");
Found : user_pref("CT3131886.enableSearchFromAddressBar", "true");
Found : user_pref("CT3131886.firstTimeDialogOpened", "true");
Found : user_pref("CT3131886.fixPageNotFoundError", "true");
Found : user_pref("CT3131886.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3131886.fixUrls", true);
Found : user_pref("CT3131886.hxxp___www_socialgrowthtechno logies_com_couponbuddy_v001.APP_WIN_FEA TURES", "op[...]
Found : user_pref("CT3131886.installId", "conduitinstaller.exe");
Found : user_pref("CT3131886.installType", "ConduitNSISIntegration");
Found : user_pref("CT3131886.isCheckedStartAsHidden", true);
Found : user_pref("CT3131886.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3131886.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3131886.isNewTabEnabled", true);
Found : user_pref("CT3131886.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3131886.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3131886.keyword", true);
Found : user_pref("CT3131886.migrateAppsAndComponents", true);
Found : user_pref("CT3131886.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fpinterest.com%2F[...]
Found : user_pref("CT3131886.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3131886.openThankYouPage", "false");
Found : user_pref("CT3131886.openUninstallPage", "true");
Found : user_pref("CT3131886.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Found : user_pref("CT3131886.price-gong.isManagedApp", "true");
Found : user_pref("CT3131886.search.searchAppId", "129641800031032056");
Found : user_pref("CT3131886.search.searchCount", "0");
Found : user_pref("CT3131886.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3131886.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3131886.serviceLayer_service_login_is FirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3131886.serviceLayer_service_login_lo ginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3131886.serviceLayer_service_toolbarG rouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3131886.serviceLayer_service_toolbarG rouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3131886.serviceLayer_service_toolbarG rouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3131886.serviceLayer_service_toolbarG rouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3131886.serviceLayer_service_usage_to olbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3131886.serviceLayer_services_appTrac kingFirstTime_lastUpdate", "1358694823182");
Found : user_pref("CT3131886.serviceLayer_services_appTrac king_lastUpdate", "1353971720173");
Found : user_pref("CT3131886.serviceLayer_services_appsMet adata_lastUpdate", "1358694702960");
Found : user_pref("CT3131886.serviceLayer_services_gottenA ppsContextMenu_lastUpdate", "1358039104180");
Found : user_pref("CT3131886.serviceLayer_services_login_1 0.10.27.6_lastUpdate", "1351253747534");
Found : user_pref("CT3131886.serviceLayer_services_login_1 0.13.40.15_lastUpdate", "1358694703696");
Found : user_pref("CT3131886.serviceLayer_services_optimiz er_lastUpdate", "1351063574819");
Found : user_pref("CT3131886.serviceLayer_services_otherAp psContextMenu_lastUpdate", "1358039103678");
Found : user_pref("CT3131886.serviceLayer_services_searchA PI_lastUpdate", "1358694703668");
Found : user_pref("CT3131886.serviceLayer_services_service Map_lastUpdate", "1358694702728");
Found : user_pref("CT3131886.serviceLayer_services_toolbar ContextMenu_lastUpdate", "1358039103452");
Found : user_pref("CT3131886.serviceLayer_services_toolbar Settings_lastUpdate", "1358694703049");
Found : user_pref("CT3131886.serviceLayer_services_transla tion_lastUpdate", "1358694703153");
Found : user_pref("CT3131886.serviceLayer_services_userApp s1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
Found : user_pref("CT3131886.serviceLayer_services_userApp s_lastUpdate", "1357962486101");
Found : user_pref("CT3131886.settingsINI", true);
Found : user_pref("CT3131886.shouldFirstTimeDialog", "false");
Found : user_pref("CT3131886.smartbar.CTID", "CT3131886");
Found : user_pref("CT3131886.smartbar.Uninstall", "0");
Found : user_pref("CT3131886.smartbar.homepage", true);
Found : user_pref("CT3131886.smartbar.toolbarName", "Vgrabber1 ");
Found : user_pref("CT3131886.startPage", "userChanged");
Found : user_pref("CT3131886.toolbarBornServerTime", "10-10-2012");
Found : user_pref("CT3131886.toolbarCurrentServerTime", "20-1-2013");
Found : user_pref("CT3131886.upgradeFromClearSBVersion", true);
Found : user_pref("CT3131886.url_history0001.enc", "aHR0cDovL3BpbnRlcmVzdC5jb20vcGluLzEyMzI 4NjEwODUxOTg3ODI2[...]
Found : user_pref("CT3131886_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "Vgrabber1 Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3131886[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=4[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3131886");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("extensions.5071fe4ee74a7.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Found : user_pref("extensions.50755124a2dd1.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.id", "ccbb3ff00000000000000023543aae5f");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15623");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.75:37:14");
Found : user_pref("extensions.crossriderapp3491.3491.Insta llationThankYouPage", true);
Found : user_pref("extensions.crossriderapp3491.3491.Insta llationTime", 1349648385);
Found : user_pref("extensions.crossriderapp3491.3491.Insta llationUserSettings.searchUserConifrmat ion", false[...]
Found : user_pref("extensions.crossriderapp3491.3491.Insta llationUserSettings.setHomepage", false);
Found : user_pref("extensions.crossriderapp3491.3491.Insta llationUserSettings.setNewTab", false);
Found : user_pref("extensions.crossriderapp3491.3491.Insta llationUserSettings.setSearch", false);
Found : user_pref("extensions.crossriderapp3491.3491.activ e", true);
Found : user_pref("extensions.crossriderapp3491.3491.addre ssbar", "");
Found : user_pref("extensions.crossriderapp3491.3491.certd omaininstaller", "");
Found : user_pref("extensions.crossriderapp3491.3491.chang eprevious", false);
Found : user_pref("extensions.crossriderapp3491.3491.cooki e.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp3491.3491.cooki e.InstallationTime.value", "1349648385");
Found : user_pref("extensions.crossriderapp3491.3491.cooki e.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp3491.3491.cooki e.InstallerParams.value", "%7B%22source_id%22%3A%2[...]
Found : user_pref("extensions.crossriderapp3491.3491.descr iption", "Vid-Saver allows you to download your fa[...]
Found : user_pref("extensions.crossriderapp3491.3491.domai n", "");
Found : user_pref("extensions.crossriderapp3491.3491.enabl esearch", false);
Found : user_pref("extensions.crossriderapp3491.3491.fbrem oteurl", "");
Found : user_pref("extensions.crossriderapp3491.3491.group", 0);
Found : user_pref("extensions.crossriderapp3491.3491.homep age", "");
Found : user_pref("extensions.crossriderapp3491.3491.ifram e", false);
Found : user_pref("extensions.crossriderapp3491.3491.inter naldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Found : user_pref("extensions.crossriderapp3491.3491.inter naldb.InstallerIdentifiers.value", "%7B%22installe[...]
Found : user_pref("extensions.crossriderapp3491.3491.inter naldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp3491.3491.inter naldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Found : user_pref("extensions.crossriderapp3491.3491.manif esturl", "");
Found : user_pref("extensions.crossriderapp3491.3491.name", "Vid-Saver");
Found : user_pref("extensions.crossriderapp3491.3491.newta b", "");
Found : user_pref("extensions.crossriderapp3491.3491.opens earch", "");
Found : user_pref("extensions.crossriderapp3491.3491.plugi nsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Found : user_pref("extensions.crossriderapp3491.3491.publi sher", "215 Apps");
Found : user_pref("extensions.crossriderapp3491.3491.searc hstatus", 0);
Found : user_pref("extensions.crossriderapp3491.3491.setne wtab", false);
Found : user_pref("extensions.crossriderapp3491.3491.setti ngsurl", "");
Found : user_pref("extensions.crossriderapp3491.3491.thank you", "hxxp://vid-saver.com/thankyou.html");
Found : user_pref("extensions.crossriderapp3491.3491.updat einterval", 360);
Found : user_pref("extensions.crossriderapp3491.3491.ver", 0);
Found : user_pref("extensions.crossriderapp3491.adsOldValu e", -1);
Found : user_pref("extensions.crossriderapp3491.bic", "13a4a451f6f06ba2b5ff26957d8ce110");
Found : user_pref("extensions.crossriderapp3491.firstrun", false);
Found : user_pref("extensions.crossriderapp3491.installati ondate", 1349865775);
Found : user_pref("extensions.crossriderapp3491.lastcheck", 22644910);
Found : user_pref("extensions.crossriderapp3491.lastchecki tem", 22644969);
Found : user_pref("extensions.crossriderapp3491.modetype", "production");
Found : user_pref("extensions.crossriderapp3491.reportInst all", true);
Found : user_pref("extensions.enabledAddons", "[email protected]:1.16.335,[email protected]:2.5.29231,{[...]
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3131886&SearchSource=2&q=[...]
Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=497&s[...]
File : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\lxmokr16.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v24.0.1312.52
File : C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found [l.15] : homepage = "hxxp://www.searchnu.com/406",
Found [l.19] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
Found [l.51] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=497&systemid=406&sr=0&q={searchTerms}"
Found [l.342] : homepage = "hxxp://www.searchnu.com/406",
Found [l.482] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
*************************
AdwCleaner[R1].txt - [25962 octets] - [20/01/2013 20:39:38]
########## EOF - C:\AdwCleaner[R1].txt - [26023 octets] ##########
-
I ran mbam.exe, but I can't find the log.... can't find notebook. Where do I look?
-
After I ran Remove Selected it forced a restart, but it still came up the same way, logged onto a black desktop and had to use task manager. When I tried to reboot with safe mode, I had a desktop(black) with a few folders in the process of loading for a few seconds, then a blank white screen. Should I run mbam again to get to the logs?
-
Remove the Adware:
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
***********************************************
- Please download Unhide by Grinler from here (http://download.bleepingcomputer.com/grinler/unhide.exe) and save it to your desktop.
- Double click unhide.exe to run the tool.
- It will take some time to go through all your files, so please be patient.
- If this tool doesn´t fix the problem, please let me know.
-
I apparently downloaded this twice yesterday, so I deleted from both downloads... I hope that is correct. So I will post the second one next.
# AdwCleaner v2.106 - Logfile created 01/21/2013 at 18:04:06
# Updated 17/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Hailey - HAILEY-PC
# Boot Mode : Normal
# Running from : C:\Users\Hailey\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Hailey\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\Hailey\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\Hailey\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Deleted : C:\Users\Hailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\Hailey\Desktop\iLivid.lnk
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Hailey\AppData\Local\Ilivid
Folder Deleted : C:\Users\Hailey\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Hailey\AppData\Local\Temp\CT3131886
Folder Deleted : C:\Users\Hailey\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Hailey\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\CT3131886
Folder Deleted : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}
Folder Deleted : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\Smartbar
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.19088
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112478&tt=031012_IKAN_4112_6&babsrc=HP_ss&mntrId=ccbb3ff00000000000000023543aae5f --> hxxp://www.google.com
-\\ Mozilla Firefox v10.0.2 (en-US)
File : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\prefs.js
C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\user.js ... Deleted !
Deleted : user_pref("CT3131886.1000082.isDisplayHidden", "true");
Deleted : user_pref("CT3131886.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3131886.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3131886.1000234.TWC_TMP_city", "BELLEVUE");
Deleted : user_pref("CT3131886.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT3131886.1000234.TWC_locId", "SZXX0119");
Deleted : user_pref("CT3131886.1000234.TWC_location", "Bellevue, Switzerland");
Deleted : user_pref("CT3131886.1000234.TWC_region", "US");
Deleted : user_pref("CT3131886.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT3131886.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT3131886.1000234.weatherData", "{\"icon\":\"05.png\",\"temperature\":\"38°F\",\"temperat[...]
Deleted : user_pref("CT3131886.CBOpenMAMSettings.enc", "MA==");
Deleted : user_pref("CT3131886.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3131886.ENABLE_RETURN_WEB_SEARCH_ON_T HE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3131886.FirstTime", "true");
Deleted : user_pref("CT3131886.FirstTimeFF3", "true");
Deleted : user_pref("CT3131886.LoginRevertSettingsEnabled", true);
Deleted : user_pref("CT3131886.RevertSettingsEnabled", true);
Deleted : user_pref("CT3131886.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT313[...]
Deleted : user_pref("CT3131886.UserID", "UN00894222291528645");
Deleted : user_pref("CT3131886.addressBarTakeOverEnabledInHi dden", "true");
Deleted : user_pref("CT3131886.autoDisableScopes", 0);
Deleted : user_pref("CT3131886.browser.search.defaultthis.en gineName", true);
Deleted : user_pref("CT3131886.cb_experience_000.enc", "NA==");
Deleted : user_pref("CT3131886.cb_firstuse0100.enc", "MQ==");
Deleted : user_pref("CT3131886.cb_user_id_000.enc", "Q0I2NTA2OTkwMDQyMTdfMTM1NjgzNDY4MjE5MV9 GaXJlZm94");
Deleted : user_pref("CT3131886.cbcountry_001.enc", "VVM=");
Deleted : user_pref("CT3131886.cbfirsttime.enc", "VGh1IE9jdCAxMSAyMDEyIDAyOjE4OjE0IEdNVC0 wNTAwIChDZW50cmFsIERh[...]
Deleted : user_pref("CT3131886.defaultSearch", "true");
Deleted : user_pref("CT3131886.embeddedsData", "[{\"appId\":\"129641800031032056\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3131886.enableAlerts", "always");
Deleted : user_pref("CT3131886.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3131886.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3131886.fixPageNotFoundError", "true");
Deleted : user_pref("CT3131886.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3131886.fixUrls", true);
Deleted : user_pref("CT3131886.hxxp___www_socialgrowthtechno logies_com_couponbuddy_v001.APP_WIN_FEA TURES", "op[...]
Deleted : user_pref("CT3131886.installId", "conduitinstaller.exe");
Deleted : user_pref("CT3131886.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT3131886.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3131886.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3131886.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3131886.isNewTabEnabled", true);
Deleted : user_pref("CT3131886.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3131886.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3131886.keyword", true);
Deleted : user_pref("CT3131886.migrateAppsAndComponents", true);
Deleted : user_pref("CT3131886.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.computerhope[...]
Deleted : user_pref("CT3131886.openThankYouPage", "false");
Deleted : user_pref("CT3131886.openUninstallPage", "true");
Deleted : user_pref("CT3131886.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Deleted : user_pref("CT3131886.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3131886.search.searchAppId", "129641800031032056");
Deleted : user_pref("CT3131886.search.searchCount", "0");
Deleted : user_pref("CT3131886.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3131886.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3131886.serviceLayer_service_login_is FirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3131886.serviceLayer_service_login_lo ginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3131886.serviceLayer_service_toolbarG rouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3131886.serviceLayer_service_toolbarG rouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3131886.serviceLayer_service_toolbarG rouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3131886.serviceLayer_service_toolbarG rouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3131886.serviceLayer_service_usage_to olbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3131886.serviceLayer_services_appTrac kingFirstTime_lastUpdate", "1358694823182");
Deleted : user_pref("CT3131886.serviceLayer_services_appTrac king_lastUpdate", "1353971720173");
Deleted : user_pref("CT3131886.serviceLayer_services_appsMet adata_lastUpdate", "1358694702960");
Deleted : user_pref("CT3131886.serviceLayer_services_gottenA ppsContextMenu_lastUpdate", "1358039104180");
Deleted : user_pref("CT3131886.serviceLayer_services_login_1 0.10.27.6_lastUpdate", "1351253747534");
Deleted : user_pref("CT3131886.serviceLayer_services_login_1 0.13.40.15_lastUpdate", "1358750197424");
Deleted : user_pref("CT3131886.serviceLayer_services_optimiz er_lastUpdate", "1351063574819");
Deleted : user_pref("CT3131886.serviceLayer_services_otherAp psContextMenu_lastUpdate", "1358039103678");
Deleted : user_pref("CT3131886.serviceLayer_services_searchA PI_lastUpdate", "1358694703668");
Deleted : user_pref("CT3131886.serviceLayer_services_service Map_lastUpdate", "1358781108248");
Deleted : user_pref("CT3131886.serviceLayer_services_toolbar ContextMenu_lastUpdate", "1358039103452");
Deleted : user_pref("CT3131886.serviceLayer_services_toolbar Settings_lastUpdate", "1358750198280");
Deleted : user_pref("CT3131886.serviceLayer_services_transla tion_lastUpdate", "1358781108649");
Deleted : user_pref("CT3131886.serviceLayer_services_userApp s1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
Deleted : user_pref("CT3131886.serviceLayer_services_userApp s_lastUpdate", "1357962486101");
Deleted : user_pref("CT3131886.settingsINI", true);
Deleted : user_pref("CT3131886.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3131886.smartbar.CTID", "CT3131886");
Deleted : user_pref("CT3131886.smartbar.Uninstall", "0");
Deleted : user_pref("CT3131886.smartbar.homepage", true);
Deleted : user_pref("CT3131886.smartbar.toolbarName", "Vgrabber1 ");
Deleted : user_pref("CT3131886.startPage", "userChanged");
Deleted : user_pref("CT3131886.toolbarBornServerTime", "10-10-2012");
Deleted : user_pref("CT3131886.toolbarCurrentServerTime", "21-1-2013");
Deleted : user_pref("CT3131886.upgradeFromClearSBVersion", true);
Deleted : user_pref("CT3131886.url_history0001.enc", "aHR0cDovL3d3dy5jb21wdXRlcmhvcGUuY29tL2Z vcnVtL2luZGV4LnBo[...]
Deleted : user_pref("CT3131886_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Vgrabber1 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3131886[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=4[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3131886");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.5071fe4ee74a7.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.50755124a2dd1.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "ccbb3ff00000000000000023543aae5f");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15623");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.75:37:14");
Deleted : user_pref("extensions.crossriderapp3491.3491.Insta llationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp3491.3491.Insta llationTime", 1349648385);
Deleted : user_pref("extensions.crossriderapp3491.3491.Insta llationUserSettings.searchUserConifrmat ion", false[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.Insta llationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.Insta llationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.Insta llationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.activ e", true);
Deleted : user_pref("extensions.crossriderapp3491.3491.addre ssbar", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.certd omaininstaller", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.chang eprevious", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.cooki e.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cooki e.InstallationTime.value", "1349648385");
Deleted : user_pref("extensions.crossriderapp3491.3491.cooki e.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cooki e.InstallerParams.value", "%7B%22source_id%22%3A%2[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.descr iption", "Vid-Saver allows you to download your fa[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.domai n", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.enabl esearch", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.fbrem oteurl", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.group", 0);
Deleted : user_pref("extensions.crossriderapp3491.3491.homep age", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.ifram e", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.inter naldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.inter naldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.inter naldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.inter naldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.manif esturl", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.name", "Vid-Saver");
Deleted : user_pref("extensions.crossriderapp3491.3491.newta b", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.opens earch", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.plugi nsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.publi sher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp3491.3491.searc hstatus", 0);
Deleted : user_pref("extensions.crossriderapp3491.3491.setne wtab", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.setti ngsurl", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.thank you", "hxxp://vid-saver.com/thankyou.html");
Deleted : user_pref("extensions.crossriderapp3491.3491.updat einterval", 360);
Deleted : user_pref("extensions.crossriderapp3491.3491.ver", 0);
Deleted : user_pref("extensions.crossriderapp3491.adsOldValu e", -1);
Deleted : user_pref("extensions.crossriderapp3491.bic", "13a4a451f6f06ba2b5ff26957d8ce110");
Deleted : user_pref("extensions.crossriderapp3491.firstrun", false);
Deleted : user_pref("extensions.crossriderapp3491.installati ondate", 1349865775);
Deleted : user_pref("extensions.crossriderapp3491.lastcheck", 22646619);
Deleted : user_pref("extensions.crossriderapp3491.lastchecki tem", 22646874);
Deleted : user_pref("extensions.crossriderapp3491.modetype", "production");
Deleted : user_pref("extensions.crossriderapp3491.reportInst all", true);
Deleted : user_pref("extensions.enabledAddons", "[email protected]:1.16.335,[email protected]:2.5.29231,{[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3131886&SearchSource=2&q=[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=497&s[...]
File : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\lxmokr16.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v24.0.1312.52
File : C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.15] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.19] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
Deleted [l.51] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=497&systemid=406&sr=0&q={searchT[...]
Deleted [l.342] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.482] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
*************************
AdwCleaner[R1].txt - [26093 octets] - [20/01/2013 20:39:38]
AdwCleaner[S1].txt - [23817 octets] - [21/01/2013 18:04:06]
########## EOF - C:\AdwCleaner[S1].txt - [23878 octets] ##########
-
2nd deletion from AdwCleaner.
# AdwCleaner v2.106 - Logfile created 01/21/2013 at 18:16:51
# Updated 17/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Hailey - HAILEY-PC
# Boot Mode : Normal
# Running from : C:\Users\Hailey\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.19088
[OK] Registry is clean.
-\\ Mozilla Firefox v10.0.2 (en-US)
File : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\prefs.js
[OK] File is clean.
File : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\lxmokr16.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v24.0.1312.52
File : C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [26093 octets] - [20/01/2013 20:39:38]
AdwCleaner[S1].txt - [23948 octets] - [21/01/2013 18:04:06]
AdwCleaner[S2].txt - [1063 octets] - [21/01/2013 18:16:51]
########## EOF - C:\AdwCleaner[S2].txt - [1123 octets] ##########
-
I rebooted and still have a black desktop and have to access thru task manager.
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html
Program started at: 01/21/2013 06:47:04 PM
Windows Version: Windows Vista
Please be patient while your files are made visible again.
Processing the C:\ drive
Finished processing the C:\ drive. 342425 files processed.
Processing the D:\ drive
Finished processing the D:\ drive. 15028 files processed.
The C:\Users\Hailey\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html
Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.
Program finished at: 01/21/2013 06:57:46 PM
Execution time: 0 hours(s), 10 minute(s), and 42 seconds(s)
-
I found the mbam files.................
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.21.01
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Hailey :: HAILEY-PC [administrator]
2013/01/21 01:33:43 -0600 HAILEY-PC (null) MESSAGE Starting protection
2013/01/21 01:33:43 -0600 HAILEY-PC (null) MESSAGE Protection started successfully
2013/01/21 01:33:43 -0600 HAILEY-PC (null) MESSAGE Starting IP protection
2013/01/21 01:33:49 -0600 HAILEY-PC Hailey MESSAGE IP Protection started successfully
2013/01/21 14:09:49 -0600 HAILEY-PC Hailey MESSAGE Executing scheduled update: Daily
2013/01/21 14:10:06 -0600 HAILEY-PC Hailey MESSAGE Scheduled update executed successfully: database updated from version v2013.01.21.01 to version v2013.01.21.07
2013/01/21 14:10:07 -0600 HAILEY-PC Hailey MESSAGE Starting database refresh
2013/01/21 14:10:07 -0600 HAILEY-PC Hailey MESSAGE Stopping IP protection
2013/01/21 14:10:10 -0600 HAILEY-PC Hailey MESSAGE IP Protection stopped successfully
2013/01/21 14:10:27 -0600 HAILEY-PC Hailey MESSAGE Database refreshed successfully
2013/01/21 14:10:28 -0600 HAILEY-PC Hailey MESSAGE Starting IP protection
2013/01/21 14:10:43 -0600 HAILEY-PC Hailey MESSAGE IP Protection started successfully
2013/01/21 18:07:23 -0600 HAILEY-PC (null) MESSAGE Starting protection
2013/01/21 18:07:23 -0600 HAILEY-PC (null) MESSAGE Protection started successfully
2013/01/21 18:07:23 -0600 HAILEY-PC (null) MESSAGE Starting IP protection
2013/01/21 18:07:28 -0600 HAILEY-PC (null) MESSAGE IP Protection started successfully
2013/01/21 18:18:32 -0600 HAILEY-PC (null) MESSAGE Starting protection
2013/01/21 18:18:32 -0600 HAILEY-PC (null) MESSAGE Protection started successfully
2013/01/21 18:18:32 -0600 HAILEY-PC (null) MESSAGE Starting IP protection
2013/01/21 18:18:37 -0600 HAILEY-PC (null) MESSAGE IP Protection started successfully
2013/01/21 21:30:49 -0600 HAILEY-PC (null) MESSAGE Starting protection
2013/01/21 21:30:49 -0600 HAILEY-PC (null) MESSAGE Protection started successfully
2013/01/21 21:30:49 -0600 HAILEY-PC (null) MESSAGE Starting IP protection
2013/01/21 21:30:54 -0600 HAILEY-PC (null) MESSAGE IP Protection started successfully
Protection: Enabled
1/20/2013 8:53:37 PM
mbam-log-2013-01-20 (20-53-37).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 543220
Time elapsed: 2 hour(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 39
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Downloader (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
Registry Values Detected: 6
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Quarantined and deleted successfully.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Quarantined and deleted successfully.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Hijack.Shell.Gen) -> Data: C:\Users\Hailey\AppData\Roaming\ldr.mcb,explorer.exe -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Data: C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 30
C:\Program Files\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files\ReImageCompanion\tdataprotocol.dll (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files\ReImageCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files\ReImageCompanion\BCHelperReImage.exe (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files\vGrabber-software\Uninstall.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
C:\Program Files\Vid-Saver\Uninstall.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\rei\Temp\20120401_1622\Installer\C_drive\Program Files\i want this\i want this.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\D43F.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\0.8349302755542694 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\1EA6.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\1F52.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\F0D.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\F97A.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\E542.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\E7AF.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\EA6D.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\2CBA.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\43E3.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\7B08.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\878.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\9359.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\9B83.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\9C0.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\{97B49818-AF16-29C6-1F3F-AB2B93986965}\Addons\wxdownload_extension.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\LocalLow\bbrs_006.tb\content\BCHelper.exe (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\0EFCA1E8.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Roaming\ldr.mcb (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\Downloads\setup(1).exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
C:\Users\Hailey\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7I6EX99\SmileyCentral[1].exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
(end)
2013/01/20 20:51:35 -0600 HAILEY-PC Hailey MESSAGE Executing scheduled update: Daily
2013/01/20 20:51:44 -0600 HAILEY-PC Hailey MESSAGE Starting protection
2013/01/20 20:51:44 -0600 HAILEY-PC Hailey MESSAGE Protection started successfully
2013/01/20 20:51:44 -0600 HAILEY-PC Hailey MESSAGE Starting IP protection
2013/01/20 20:51:51 -0600 HAILEY-PC Hailey MESSAGE IP Protection started successfully
2013/01/20 20:52:36 -0600 HAILEY-PC Hailey MESSAGE Starting database refresh
2013/01/20 20:52:36 -0600 HAILEY-PC Hailey MESSAGE Stopping IP protection
2013/01/20 20:52:37 -0600 HAILEY-PC Hailey MESSAGE IP Protection stopped successfully
2013/01/20 20:52:36 -0600 HAILEY-PC Hailey MESSAGE Scheduled update executed successfully: database updated from version v2012.12.14.11 to version v2013.01.21.01
2013/01/20 20:52:53 -0600 HAILEY-PC Hailey MESSAGE Database refreshed successfully
2013/01/20 20:52:53 -0600 HAILEY-PC Hailey MESSAGE Starting IP protection
2013/01/20 20:53:01 -0600 HAILEY-PC Hailey MESSAGE IP Protection started successfully
-
I had to shutdown and started in safe mode, and this time I had access to my desktop (on a black screen) but could not access the internet. Had to reboot out of safe mode to use task manager for internet access.
-
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.
There are 7 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
* Rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
* Rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
* Rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
* WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
* uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
* iExplore.exe (http://download.bleepingcomputer.com/grinler/iExplore.exe)
* eXplorer.exe (http://download.bleepingcomputer.com/grinler/eXplorer.exe)
Once you've gotten one of them to run then try to immediately run the following.
******************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
I am not given the option to run RKill as Administrator.... when I right click I get
Open Link in new tab
Open link in new window
Bookmark this link
Save link as....
Send link...
Copy link location
Inspect Element (Q)
I'm sorry I am so uneducated about this.... Also I noticed when I go thru task manager to get on Firefox that it is a .Ink link... don't know if that means anything.
-
I am not given the option to run RKill as Administrator.... when I right click I get
Open Link in new tab
Open link in new window
Bookmark this link
Save link as....
Send link...
Copy link location
Inspect Element (Q)
Does it do that on every one of the links?
I'm sorry I am so uneducated about this.... Also I noticed when I go thru task manager to get on Firefox that it is a .Ink link... don't know if that means anything.
Ink means it a shortcut.
Malwarebytes' Anti-Rootkit
Please download Malwarebytes' Anti-Rootkit (http://www.malwarebytes.org/products/mbar/) and save it to your desktop.
- Be sure to print out and follow the instructions provided on that same page for performing a scan.
- Caution: This is a beta version so also read the disclaimer and back up (http://support.microsoft.com/kb/971759) all your data before using.
- When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
- Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
- Copy and paste the contents of these two log files in your next reply.
-
I clicked on the link for anti-rook kit, it shows up in downloads, I open that and had to figure out how to unzip a file, chose extract all into documents, mbar.exe was not a choice.... so I selected mbar, selected run, cleanup was not a choice, but a log suddenly appeared at the bottom of the list of files. Here is that log.
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6001 Windows Vista Service Pack 1 x86
Account is Administrative
Internet Explorer version: 8.0.6001.19088
Java version: 1.6.0_26
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 937172992, free: 102539264
------------ Kernel report ------------
01/23/2013 21:25:56
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor32.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\drivers\amdk8.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\usbohci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\HSXHWBS3.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DP.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\system32\drivers\usbprint.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84ef48e0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000050\
Lower Device Object: 0xffffffff83a6d030
Lower Device Driver Name: \Driver\nvstor32\
Driver name found: nvstor32
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\Storport.sys (0x0)
IRP handler 0 hooked
IRP handler 2 hooked
IRP handler 14 hooked
IRP handler 15 hooked
IRP handler 22 hooked
IRP handler 23 hooked
IRP handler 27 hooked
Load Function returned 0x0
The fixdamage shows a folder, but I wasn't sure that I had actually ran a cleanup......
-
It finally showed up on screen. Here are the logs.
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.24.03
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Hailey :: HAILEY-PC [administrator]
1/23/2013 11:59:06 PM
mbar-log-2013-01-23 (23-59-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27716
Time elapsed: 1 hour(s), 26 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6001 Windows Vista Service Pack 1 x86
Account is Administrative
Internet Explorer version: 8.0.6001.19088
Java version: 1.6.0_26
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 937172992, free: 102539264
------------ Kernel report ------------
01/23/2013 21:25:56
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor32.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\drivers\amdk8.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\usbohci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\HSXHWBS3.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DP.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\system32\drivers\usbprint.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84ef48e0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000050\
Lower Device Object: 0xffffffff83a6d030
Lower Device Driver Name: \Driver\nvstor32\
Driver name found: nvstor32
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\Storport.sys (0x0)
IRP handler 0 hooked
IRP handler 2 hooked
IRP handler 14 hooked
IRP handler 15 hooked
IRP handler 22 hooked
IRP handler 23 hooked
IRP handler 27 hooked
Load Function returned 0x0
Downloaded database version: v2013.01.24.03
Downloaded database version: v2013.01.23.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff84ef48e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84ef45d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff84ef48e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff847fdb68, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff83a6d030, DeviceName: \Device\00000050\, DriverName: \Driver\nvstor32\
------------ End ----------
Upper DeviceData: 0xffffffffa5ced120, 0xffffffff84ef48e0, 0xffffffff83ba2ac8
Lower DeviceData: 0xffffffffa5d063d8, 0xffffffff83a6d030, 0xffffffff8c46dd80
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 464230242
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 464230305 Numsec = 24161760
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 250059350016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011341191} --> [PUP.GamePlayLab]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
-
2nd Scan....
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.24.04
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Hailey :: HAILEY-PC [administrator]
1/24/2013 2:15:00 AM
mbar-log-2013-01-24 (02-15-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27715
Time elapsed: 1 hour(s), 49 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Rebooted but still have a black desktop. Haven't run the fixdamage yet. Thanks for being so patient with me!
-
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
I did not download the AVAST Anti-virus program, just scanned and saved log.
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-24 15:06:39
-----------------------------
15:06:39.847 OS Version: Windows 6.0.6001 Service Pack 1
15:06:39.847 Number of processors: 1 586 0x7F02
15:06:39.850 ComputerName: HAILEY-PC UserName: Hailey
15:07:37.902 Initialize success
15:08:23.450 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004f
15:08:23.460 Disk 0 Vendor: ST325031 3.AH Size: 238475MB BusType: 3
15:08:23.500 Disk 0 MBR read successfully
15:08:23.500 Disk 0 MBR scan
15:08:23.510 Disk 0 unknown MBR code
15:08:23.520 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226674 MB offset 63
15:08:23.560 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11797 MB offset 464230305
15:08:23.610 Disk 0 scanning sectors +488392065
15:08:23.720 Disk 0 scanning C:\Windows\system32\drivers
15:08:30.060 Service scanning
15:08:45.370 Modules scanning
15:09:26.860 Disk 0 trace - called modules:
15:09:26.900 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
15:09:26.920 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84efcac8]
15:09:27.270 3 CLASSPNP.SYS[8612f745] -> nt!IofCallDriver -> [0x847fd700]
15:09:27.290 5 acpi.sys[8600c6a0] -> nt!IofCallDriver -> \Device\0000004f[0x83a7b030]
15:09:27.310 Scan finished successfully
15:09:58.320 Disk 0 MBR has been saved successfully to "C:\Users\Hailey\Documents\MBR.dat"
15:09:58.340 The log file has been saved successfully to "C:\Users\Hailey\Documents\aswMBR.txt"
-
We need to fix the Master Boot Record (http://en.wikipedia.org/wiki/Master_boot_record) using aswMBR now.
- Double click aswMBR.exe to run it like before
- Once the scan finishes click FixMBR to remove the infection as illustrated below
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_FixMBR.jpg)
- Once the scan finishes click Save log to save the log to your Desktop
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
- Copy and paste the contents of aswMBR.txt back here for review
.
-
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-24 18:02:01
-----------------------------
18:02:01.753 OS Version: Windows 6.0.6001 Service Pack 1
18:02:01.753 Number of processors: 1 586 0x7F02
18:02:01.763 ComputerName: HAILEY-PC UserName: Hailey
18:03:02.143 Initialize success
18:03:11.439 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004f
18:03:11.449 Disk 0 Vendor: ST325031 3.AH Size: 238475MB BusType: 3
18:03:11.509 Disk 0 MBR read successfully
18:03:11.509 Disk 0 MBR scan
18:03:11.519 Disk 0 unknown MBR code
18:03:11.539 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226674 MB offset 63
18:03:11.579 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11797 MB offset 464230305
18:03:11.619 Disk 0 scanning sectors +488392065
18:03:11.819 Disk 0 scanning C:\Windows\system32\drivers
18:03:22.561 Service scanning
18:03:49.341 Modules scanning
18:04:25.611 Disk 0 trace - called modules:
18:04:25.711 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys dxgkrnl.sys nvlddmkm.sys tcpip.sys NETIO.SYS
18:04:25.721 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84efcac8]
18:04:26.131 3 CLASSPNP.SYS[8612e745] -> nt!IofCallDriver -> [0x8366a390]
18:04:26.151 5 acpi.sys[8600b6a0] -> nt!IofCallDriver -> \Device\0000004f[0x83a8f798]
18:04:26.181 Scan finished successfully
18:04:59.626 Verifying
18:05:09.676 Disk 0 Windows 600 MBR fixed successfully
18:05:59.396 Disk 0 MBR has been saved successfully to "C:\Users\Hailey\Documents\MBR.dat"
18:05:59.406 The log file has been saved successfully to "C:\Users\Hailey\Documents\aswMBR2.txt"
Rebooted... still black desktop.
-
Did you click on"FixMBR" ?
-
yes, but I'll do it again.
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-24 15:06:39
-----------------------------
15:06:39.847 OS Version: Windows 6.0.6001 Service Pack 1
15:06:39.847 Number of processors: 1 586 0x7F02
15:06:39.850 ComputerName: HAILEY-PC UserName: Hailey
15:07:37.902 Initialize success
15:08:23.450 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004f
15:08:23.460 Disk 0 Vendor: ST325031 3.AH Size: 238475MB BusType: 3
15:08:23.500 Disk 0 MBR read successfully
15:08:23.500 Disk 0 MBR scan
15:08:23.510 Disk 0 unknown MBR code
15:08:23.520 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226674 MB offset 63
15:08:23.560 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11797 MB offset 464230305
15:08:23.610 Disk 0 scanning sectors +488392065
15:08:23.720 Disk 0 scanning C:\Windows\system32\drivers
15:08:30.060 Service scanning
15:08:45.370 Modules scanning
15:09:26.860 Disk 0 trace - called modules:
15:09:26.900 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
15:09:26.920 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84efcac8]
15:09:27.270 3 CLASSPNP.SYS[8612f745] -> nt!IofCallDriver -> [0x847fd700]
15:09:27.290 5 acpi.sys[8600c6a0] -> nt!IofCallDriver -> \Device\0000004f[0x83a7b030]
15:09:27.310 Scan finished successfully
15:09:58.320 Disk 0 MBR has been saved successfully to "C:\Users\Hailey\Documents\MBR.dat"
15:09:58.340 The log file has been saved successfully to "C:\Users\Hailey\Documents\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-24 21:11:10
-----------------------------
21:11:10.128 OS Version: Windows 6.0.6001 Service Pack 1
21:11:10.128 Number of processors: 1 586 0x7F02
21:11:10.138 ComputerName: HAILEY-PC UserName: Hailey
21:12:07.557 Initialize success
21:12:23.480 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004f
21:12:23.480 Disk 0 Vendor: ST325031 3.AH Size: 238475MB BusType: 3
21:12:23.510 Disk 0 MBR read successfully
21:12:23.520 Disk 0 MBR scan
21:12:23.520 Disk 0 Windows VISTA default MBR code
21:12:23.530 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226674 MB offset 63
21:12:23.570 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11797 MB offset 464230305
21:12:23.580 Disk 0 scanning sectors +488392065
21:12:23.800 Disk 0 scanning C:\Windows\system32\drivers
21:12:31.523 Service scanning
21:12:59.746 Modules scanning
21:13:55.354 Disk 0 trace - called modules:
21:13:55.385 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
21:13:55.385 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84efcac8]
21:13:55.884 3 CLASSPNP.SYS[86130745] -> nt!IofCallDriver -> [0x847fe700]
21:13:55.900 5 acpi.sys[8600d6a0] -> nt!IofCallDriver -> \Device\0000004f[0x83a8c878]
21:13:55.900 Scan finished successfully
21:14:17.604 Verifying
21:14:27.666 Disk 0 Windows 600 MBR fixed successfully
21:14:30.746 Verifying
21:14:40.761 Disk 0 Windows 600 MBR fixed successfully
21:15:09.663 Disk 0 MBR has been saved successfully to "C:\Users\Hailey\Documents\MBR.dat"
21:15:09.710 The log file has been saved successfully to "C:\Users\Hailey\Documents\aswMBR.txt"
-
Rebooted, still same...... black desktop, access thru task manager, screen hiccups and mouse freezes
-
I'd like to scan your machine with ESET OnlineScan
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here. (http://www.bleepingcomputer.com/forums/topic114351.html)
Please go (http://www.eset.com/onlinescan/) then click on the: (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
Select the option YES, I accept the Terms of Use then click on: (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
Add-On/Active X to install.
[/list]
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
[/list]
Push the Start button.
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
-
I'm sorry to be so inept at this, but I am having trouble disabling the anti-malware... I believe I have successfully disabled IObit and malwarebytes, and I have now turned off windows defender. But when I click on the above link for ESET ONLINE Scanner, I get nothing, and if I right click, I only have the options to
View Image
Copy Image
Copy Image Location
Save Image As
Send Image
Set as Desktop Background
View Image Info
Inspect Element (Q)
-
I'm sorry. Please try this one.
I'd like to scan your machine with ESET OnlineScan
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
Accept any security warnings from your browser.
Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
I found a way to get to it thru search here on ch before i saw your post. The first time I ran it, it found 39 threats, but I had a problem and couldn't copy it, so I ran it again and it only found 19. I don't know what happened. Should I only re-enable malwarebytes & windows defender?
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=5b65017ef216894fb4d9a2802c35a60c
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-27 02:06:04
# local_time=2013-01-26 08:06:04 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776573 100 100 0 195859892 0 0
# scanned=309387
# found=39
# cleaned=0
# scan_time=6560
C:\Program Files\FriendsChecker\friendschecker_cloudcanvas_wl_5342862.exe a variant of Win32/InstallIQ application E35BE760C56EB9E25689375780B32CEC8BF3EF4 C I
C:\Program Files\Optimizer Pro\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC application DA713D3101989FDBD5FF92D91CD539363AD1508 2 I
C:\Program Files\ReImageCompanion\jsloader.dll Win32/BrowserCompanion.B application EB7B5593D49E756C1C8D066996AC55F3ADB105D F I
C:\Program Files\ReImageCompanion\toolbar.dll Win32/BrowserCompanion.D application E2B75B281F99F9768173D98A03CD3F8E0FD6013 D I
C:\Program Files\ReImageCompanion\widgetserv.exe Win32/BrowserCompanion.F application CEAE79E91B7A7FBFC8EBD1BF9460B31FEFB5BF2 D I
C:\ProgramData\wxDownload\5071feb9426ce.ocx Win32/Adware.MultiPlug.C application 65B47ED5EC889E0E558C79A13A81193FC59B8CE 9 I
C:\ProgramData\wxDownload\5071feb942707.html Win32/Adware.MultiPlug.H application 3692BFA387491557EC5BC615F018156F2FA5CB8 E I
C:\ProgramData\wxDownload\507551326769d.ocx Win32/Adware.MultiPlug.C application 65B47ED5EC889E0E558C79A13A81193FC59B8CE 9 I
C:\ProgramData\wxDownload\50755132676d6.html Win32/Adware.MultiPlug.H application 462EEDCA615BD1F47F7EEC1E146B9A82169BDDB A I
C:\Users\All Users\wxDownload\5071feb9426ce.ocx Win32/Adware.MultiPlug.C application 65B47ED5EC889E0E558C79A13A81193FC59B8CE 9 I
C:\Users\All Users\wxDownload\5071feb942707.html Win32/Adware.MultiPlug.H application 3692BFA387491557EC5BC615F018156F2FA5CB8 E I
C:\Users\All Users\wxDownload\507551326769d.ocx Win32/Adware.MultiPlug.C application 65B47ED5EC889E0E558C79A13A81193FC59B8CE 9 I
C:\Users\All Users\wxDownload\50755132676d6.html Win32/Adware.MultiPlug.H application 462EEDCA615BD1F47F7EEC1E146B9A82169BDDB A I
C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgonadmnfmkoadiofbmpechmaopjfgck\4_0\5071fe4ee73731349647950.js Win32/Adware.MultiPlug.H application 83CAEAED0253386E4F8F65C25156997AA358C50 7 I
C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfinlhcgcnnahoepljkhheknbhlgoli\4_0\50755124a2c7e1349865764.js Win32/Adware.MultiPlug.H application 43E7F647647BF8FF67C75B223301E6931D987EB 0 I
C:\Users\Hailey\AppData\Local\Temp\7A8F54FE-BAB0-7891-B0AC-18C9C467FEF3\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application 0AA6AC612462168968370C0DC98B5BE4251B8C8 F I
C:\Users\Hailey\AppData\Local\Temp\{97B49818-AF16-29C6-1F3F-AB2B93986965}\Addons\babylon_setup.exe a variant of Win32/Toolbar.Babylon.A application 5EECAE4A2A56FBB439B24211F06C15339E09DED 6 I
C:\Users\Hailey\AppData\Local\Temp\{97B49818-AF16-29C6-1F3F-AB2B93986965}\Addons\OptimizerProInstaller.exe a variant of Win32/Adware.SpeedingUpMyPC.A application 89BE2B41D0F17493D721CD0B5F1A9B1E91604CF A I
C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\extensions\[email protected]\content\bg.js Win32/Adware.MultiPlug.H application 88311A0875F246C31E12671702170BDBA52D2C9 9 I
C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\extensions\[email protected]\content\bg.js Win32/Adware.MultiPlug.H application AB4DBEFCADBB9C212B334F415A9A77CB4821CD4 1 I
C:\Users\Hailey\Documents\My Stuff\Senior Stuff\frzfonts_1335.exe a variant of Win32/InstallIQ application DAFA9249BB8666135F29FAAA69A5207F8B76E91 B I
C:\Users\Hailey\Downloads\ArcadeCandyGames(1).exe a variant of Win32/Adware.Gamevance.DD application 1528FF7366082A52DEDCA8C181CC5DD79C04D8A 9 I
C:\Users\Hailey\Downloads\ArcadeCandyGames(2).exe a variant of Win32/Adware.Gamevance.DD application 1528FF7366082A52DEDCA8C181CC5DD79C04D8A 9 I
C:\Users\Hailey\Downloads\ArcadeCandyGames(3).exe a variant of Win32/Adware.Gamevance.DD application 1528FF7366082A52DEDCA8C181CC5DD79C04D8A 9 I
C:\Users\Hailey\Downloads\ArcadeCandyGames(4).exe a variant of Win32/Adware.Gamevance.DD application 1528FF7366082A52DEDCA8C181CC5DD79C04D8A 9 I
C:\Users\Hailey\Downloads\asc-setup-2011pro.exe a variant of Win32/Toolbar.Widgi application 122C278D46C92D7C9F4A551D1275624C6729684 4 I
C:\Users\Hailey\Downloads\asc-setup.exe a variant of Win32/ELEX application 38D920413DA6977CEC22A54F59C537D61FB5E3A 7 I
C:\Users\Hailey\Downloads\FastDownload(1).exe Win32/InstallMate application A55E2FB7B05A2D22B590F273E38F25F99B2CE95 9 I
C:\Users\Hailey\Downloads\FastDownload.exe Win32/InstallMate application 12022AC559C16E4E266E4A15F2F7E336E7F403B B I
C:\Users\Hailey\Downloads\iLividSetup(1).exe Win32/Toolbar.SearchSuite application 3E8A01AF421E74FEDA7024FD6233355A5EFCAA0 2 I
C:\Users\Hailey\Downloads\iLividSetup(2).exe Win32/Toolbar.SearchSuite application 3E8A01AF421E74FEDA7024FD6233355A5EFCAA0 2 I
C:\Users\Hailey\Downloads\iLividSetup(3).exe Win32/Toolbar.SearchSuite application 3E8A01AF421E74FEDA7024FD6233355A5EFCAA0 2 I
C:\Users\Hailey\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application 52F814443453A0453C2FE9D88A881514EEF299A 0 I
C:\Users\Hailey\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application BCD02770DB9E9BBB00F4B1C6A2C45A54AFB8AFC 8 I
C:\Users\Hailey\Downloads\mplayer_tuguu_1271.exe a variant of Win32/InstallIQ application 80297A532CB2D3C03654ABD396421C2C1ABA893 A I
C:\Users\Hailey\Downloads\PCPerformerSetup.exe a variant of Win32/InstallBrain.Q application EE0E2427278CFBFE8EDE6581E87B0AA3479AE7E 6 I
C:\Users\Hailey\Downloads\setup(1).exe Win32/InstalleRex.E.Gen application EB97D78F23D366485CE9FE17CB4E566BF48C8E8 6 I
C:\Users\Hailey\Downloads\Setup.exe a variant of Win32/InstallIQ application EA70E4FA1F81654E0CADCF6A64F0F93E176EC88 0 I
C:\Users\Hailey\Downloads\tvshows.exe a variant of Win32/InstallIQ application DF491C26AE3E02B84F5595C8AAC2C0BD34D4EA7 C I
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=5b65017ef216894fb4d9a2802c35a60c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-27 05:22:11
# local_time=2013-01-26 11:22:11 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776573 100 100 0 195871659 0 0
# scanned=309412
# found=19
# cleaned=0
# scan_time=9330
C:\Program Files\Optimizer Pro\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC application DA713D3101989FDBD5FF92D91CD539363AD1508 2 I
C:\ProgramData\wxDownload\5071feb9426ce.ocx Win32/Adware.MultiPlug.C application 65B47ED5EC889E0E558C79A13A81193FC59B8CE 9 I
C:\ProgramData\wxDownload\5071feb942707.html Win32/Adware.MultiPlug.H application 3692BFA387491557EC5BC615F018156F2FA5CB8 E I
C:\ProgramData\wxDownload\507551326769d.ocx Win32/Adware.MultiPlug.C application 65B47ED5EC889E0E558C79A13A81193FC59B8CE 9 I
C:\ProgramData\wxDownload\50755132676d6.html Win32/Adware.MultiPlug.H application 462EEDCA615BD1F47F7EEC1E146B9A82169BDDB A I
C:\ProgramData\wxDownload\fgonadmnfmkoadiofbmpechmaopjfgck.crx Win32/Adware.MultiPlug.H application A8904ACC7E93AF390F674253322551E9D3AD224 E I
C:\ProgramData\wxDownload\ibfinlhcgcnnahoepljkhheknbhlgoli.crx Win32/Adware.MultiPlug.H application E79507D687049591F93B879C05E5D7246FED054 7 I
C:\Users\All Users\wxDownload\5071feb9426ce.ocx Win32/Adware.MultiPlug.C application 65B47ED5EC889E0E558C79A13A81193FC59B8CE 9 I
C:\Users\All Users\wxDownload\5071feb942707.html Win32/Adware.MultiPlug.H application 3692BFA387491557EC5BC615F018156F2FA5CB8 E I
C:\Users\All Users\wxDownload\507551326769d.ocx Win32/Adware.MultiPlug.C application 65B47ED5EC889E0E558C79A13A81193FC59B8CE 9 I
C:\Users\All Users\wxDownload\50755132676d6.html Win32/Adware.MultiPlug.H application 462EEDCA615BD1F47F7EEC1E146B9A82169BDDB A I
C:\Users\All Users\wxDownload\fgonadmnfmkoadiofbmpechmaopjfgck.crx Win32/Adware.MultiPlug.H application A8904ACC7E93AF390F674253322551E9D3AD224 E I
C:\Users\All Users\wxDownload\ibfinlhcgcnnahoepljkhheknbhlgoli.crx Win32/Adware.MultiPlug.H application E79507D687049591F93B879C05E5D7246FED054 7 I
C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgonadmnfmkoadiofbmpechmaopjfgck\4_0\5071fe4ee73731349647950.js Win32/Adware.MultiPlug.H application 83CAEAED0253386E4F8F65C25156997AA358C50 7 I
C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfinlhcgcnnahoepljkhheknbhlgoli\4_0\50755124a2c7e1349865764.js Win32/Adware.MultiPlug.H application 43E7F647647BF8FF67C75B223301E6931D987EB 0 I
C:\Users\Hailey\AppData\Local\Temp\{97B49818-AF16-29C6-1F3F-AB2B93986965}\Addons\OptimizerProInstaller.exe a variant of Win32/Adware.SpeedingUpMyPC.A application 89BE2B41D0F17493D721CD0B5F1A9B1E91604CF A I
C:\Users\Hailey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-5b90c2f6 a variant of Java/TrojanDownloader.OpenStream.NCE trojan 06B0E97D9554E6330272B6EAF2630A95F1B9D62 3 I
C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\extensions\[email protected]\content\bg.js Win32/Adware.MultiPlug.H application 88311A0875F246C31E12671702170BDBA52D2C9 9 I
C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\extensions\[email protected]\content\bg.js Win32/Adware.MultiPlug.H application AB4DBEFCADBB9C212B334F415A9A77CB4821CD4 1 I
-
Please run ESET again and clean the infections. Leave the check mark next to Remove found threats and place a check next to Scan archives.
-
C:\Users\All Users\wxDownload\5071feb9426ce.ocx Win32/Adware.MultiPlug.C application
C:\Users\All Users\wxDownload\5071feb942707.html Win32/Adware.MultiPlug.H application
C:\Users\All Users\wxDownload\507551326769d.ocx Win32/Adware.MultiPlug.C application
C:\Users\All Users\wxDownload\50755132676d6.html Win32/Adware.MultiPlug.H application
C:\Users\All Users\wxDownload\fgonadmnfmkoadiofbmpechmaopjfgck.crx Win32/Adware.MultiPlug.H application
C:\Users\All Users\wxDownload\ibfinlhcgcnnahoepljkhheknbhlgoli.crx Win32/Adware.MultiPlug.H application
C:\Program Files\FriendsChecker\friendschecker_cloudcanvas_wl_5342862.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Program Files\Optimizer Pro\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
C:\Program Files\ReImageCompanion\jsloader.dll Win32/BrowserCompanion.B application cleaned by deleting - quarantined
C:\Program Files\ReImageCompanion\toolbar.dll Win32/BrowserCompanion.D application cleaned by deleting - quarantined
C:\Program Files\ReImageCompanion\widgetserv.exe Win32/BrowserCompanion.F application cleaned by deleting - quarantined
C:\ProgramData\wxDownload\5071feb9426ce.ocx Win32/Adware.MultiPlug.C application cleaned by deleting - quarantined
C:\ProgramData\wxDownload\5071feb942707.html Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\ProgramData\wxDownload\507551326769d.ocx Win32/Adware.MultiPlug.C application cleaned by deleting - quarantined
C:\ProgramData\wxDownload\50755132676d6.html Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\ProgramData\wxDownload\fgonadmnfmkoadiofbmpechmaopjfgck.crx Win32/Adware.MultiPlug.H application deleted - quarantined
C:\ProgramData\wxDownload\ibfinlhcgcnnahoepljkhheknbhlgoli.crx Win32/Adware.MultiPlug.H application deleted - quarantined
C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgonadmnfmkoadiofbmpechmaopjfgck\4_0\5071fe4ee73731349647950.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfinlhcgcnnahoepljkhheknbhlgoli\4_0\50755124a2c7e1349865764.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Hailey\AppData\Local\Temp\7A8F54FE-BAB0-7891-B0AC-18C9C467FEF3\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Hailey\AppData\Local\Temp\{97B49818-AF16-29C6-1F3F-AB2B93986965}\Addons\babylon_setup.exe a variant of Win32/Toolbar.Babylon.A application cleaned by deleting - quarantined
C:\Users\Hailey\AppData\Local\Temp\{97B49818-AF16-29C6-1F3F-AB2B93986965}\Addons\OptimizerProInstaller.exe a variant of Win32/Adware.SpeedingUpMyPC.A application cleaned by deleting - quarantined
C:\Users\Hailey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-5b90c2f6 a variant of Java/TrojanDownloader.OpenStream.NCE trojan deleted - quarantined
C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\extensions\[email protected]\content\bg.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\extensions\[email protected]\content\bg.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Hailey\Documents\My Stuff\Senior Stuff\frzfonts_1335.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\ArcadeCandyGames(1).exe a variant of Win32/Adware.Gamevance.DD application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\ArcadeCandyGames(2).exe a variant of Win32/Adware.Gamevance.DD application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\ArcadeCandyGames(3).exe a variant of Win32/Adware.Gamevance.DD application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\ArcadeCandyGames(4).exe a variant of Win32/Adware.Gamevance.DD application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\asc-setup-2011pro.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\asc-setup.exe a variant of Win32/ELEX application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\FastDownload(1).exe Win32/InstallMate application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\FastDownload.exe Win32/InstallMate application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\iLividSetup(1).exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\iLividSetup(2).exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\iLividSetup(3).exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\mplayer_tuguu_1271.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\PCPerformerSetup.exe a variant of Win32/InstallBrain.Q application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\setup(1).exe Win32/InstalleRex.E.Gen application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\Setup.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\tvshows.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
-
Good. How's your computer running now? Any other issues?
-
Well, I just rebooted and still have a black desktop. I Also have a mouse that likes to jump around and disappear randomly, but haven't really checked that out since the reboot. I have tons of stuff on my downloads that I have duplicates of, and I don't really know what most of them are. I only re-enabled malwarebytes and windows defender... but my windows did not have current virus fighter.
Also, I don't know what all you can tell from those logs, but I had microsoft office 7 and it disappeared... any chance of recovering that, because I had that from a previous job, and don't have a disk to reload it.
-
Could you try running Unhide again? Reply # 5.
Could you also please run MBAM Antirootkit again and post the log. Reply # 13?
but my windows did not have current virus fighter.
Here's a list. I prefer MSE
Remember to only install one antivirus!
1) Avast! Home Edition (http://www.majorgeeks.com/Avast_Home_Edition_d1968.html)
2) AVG Free Edition (http://www.majorgeeks.com/download.php?det=886)
3) Avira AntiVir Personal (http://www.majorgeeks.com/AntiVir_Personal_Edition_7_d955.html)
4) Microsoft Security Essentials for Windows Vista\Windows 7 (http://majorgeeks.com/Microsoft_Security_Essentials_for_Windows_VistaWindows_7_d6242.html) - 64 bit Download (http://majorgeeks.com/downloadget.php?id=6242&file=5&evp=9112d44b71f157fc5d7fcd7724b088ca)
4-a) Microsoft Security Essentials for Windows XP (http://www.microsoft.com/security_essentials/)
5) Comodo Antivirus (http://www.majorgeeks.com/Comodo_AntiVirus_d5109.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition (http://www.majorgeeks.com/PC_Tools_AntiVirus_Free_Edition_d5469.html)
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
****************************************************
but I had microsoft office 7 and it disappeared... any chance of recovering that, because I had that from a previous job, and don't have a disk to reload it.
I'm sure none of the scanners we used would have removed it. Did you look in "All Programs"?. If it's gone you could try OpenOffice (http://www.openoffice.org/). It's very good and compatible with MS Office 7
-
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html
Program started at: 01/28/2013 01:22:31 PM
Windows Version: Windows Vista
Please be patient while your files are made visible again.
Processing the C:\ drive
Finished processing the C:\ drive. 323413 files processed.
Processing the D:\ drive
Finished processing the D:\ drive. 15028 files processed.
No, I lost microsoft office a while back, just disappeared, but long before we sarted working on this. Here is unhide...............
The C:\Users\Hailey\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html
Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.
Program finished at: 01/28/2013 01:33:23 PM
Execution time: 0 hours(s), 10 minute(s), and 52 seconds(s)
-
Again, it did show mbam.exe, just mbam, and did not give the cleanup choice...what am I doing wrong? here is the log it created. If I knew how to do screen shots I would show you what I get for my unzipped file. I do not get a wizard walk thru to run the scan, like I did to run malwarebytres.
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6001 Windows Vista Service Pack 1 x86
Account is Administrative
Internet Explorer version: 8.0.6001.19088
Java version: 1.6.0_26
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 937172992, free: 281141248
------------ Kernel report ------------
01/28/2013 14:07:50
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor32.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\drivers\amdk8.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\usbohci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\HSXHWBS3.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DP.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\system32\drivers\usbprint.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbam.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84efcac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000004f\
Lower Device Object: 0xffffffff83a8c878
Lower Device Driver Name: \Driver\nvstor32\
Driver name found: nvstor32
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\Storport.sys (0x0)
IRP handler 0 hooked
IRP handler 2 hooked
IRP handler 14 hooked
IRP handler 15 hooked
IRP handler 22 hooked
IRP handler 23 hooked
IRP handler 27 hooked
Load Function returned 0x0
=======================================
-
Never mind, I'm an idiot... I chose run as administrator and it went thru it...... I have done so many new things I can't remember half of it! :P
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.01.28.10
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Hailey :: HAILEY-PC [administrator]
1/28/2013 2:33:30 PM
mbar-log-2013-01-28 (14-33-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27714
Time elapsed: 17 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
How to post screenshots or images (http://www.computerhope.com/forum/index.php/topic,61232.0.html)
Are you still getting the black screen?
-
Yes, still black screen, mouse jumping around, disappearing and freezing, open tabs suddenly go away, if I watch a video I can't maximize the screen because it will just go blank and I have to ecs to get back to the screen.
-
Can you send me a screenshot. I'm going to consult with a colleague about this problem.
-
I'm trying to do a screen shot from your instructions, but I am having trouble locating Paint... Since I can't get to my desktop, start, ect. Under Firefox, I go to new tab, open file, and have searched thru desktop, computer ect. and cannot locate all programs or accessories to even see if I have paint.
-
You can access Paint by clicking All Program, Accessories and selecting Paint. What happens when you boot your computer in Safe Mode?
-
If I boot up in safe mode with networking, I have access to the start menu, programs etc., so I found paint and took screen shots of task manager, task manager services, programs and a few others.... this might get lengthy, but I did not know what you wanted a screen shot of, so I tried a lot of different things. I have uploaded a few here this first time, because I did not know what or to do Hotlinks, so I'm trying it this way. Again, if I am not in safe mode w/networking, my desktop is black so I do not have access to the start menu, therefore programs or paint, because I have to get online using task manager. Here's try #1.......
(http://img837.imageshack.us/img837/6664/desktopsafewnetworking.jpg) (http://imageshack.us/photo/my-images/837/desktopsafewnetworking.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img849.imageshack.us/img849/857/progrms1.jpg) (http://imageshack.us/photo/my-images/849/progrms1.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img6.imageshack.us/img6/4406/programs2.jpg) (http://imageshack.us/photo/my-images/6/programs2.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img96.imageshack.us/img96/7913/programs3.jpg) (http://imageshack.us/photo/my-images/96/programs3.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img850.imageshack.us/img850/8660/programs4.jpg) (http://imageshack.us/photo/my-images/850/programs4.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
-
(http://img692.imageshack.us/img692/4517/taskmanager1.jpg) (http://imageshack.us/photo/my-images/692/taskmanager1.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img547.imageshack.us/img547/5739/taskmanager2.jpg) (http://imageshack.us/photo/my-images/547/taskmanager2.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img805.imageshack.us/img805/6498/taskmangservice1.jpg) (http://imageshack.us/photo/my-images/805/taskmangservice1.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img22.imageshack.us/img22/6073/taskmangservice2.jpg) (http://imageshack.us/photo/my-images/22/taskmangservice2.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img62.imageshack.us/img62/7074/taskmangservice3.jpg) (http://imageshack.us/photo/my-images/62/taskmangservice3.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img836.imageshack.us/img836/2788/taskamangservice4.jpg) (http://imageshack.us/photo/my-images/836/taskamangservice4.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img339.imageshack.us/img339/3812/taskmangservice5.jpg) (http://imageshack.us/photo/my-images/339/taskmangservice5.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img688.imageshack.us/img688/1082/taskmangservice6.jpg) (http://imageshack.us/photo/my-images/688/taskmangservice6.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img442.imageshack.us/img442/7914/taskmangservice7.jpg) (http://imageshack.us/photo/my-images/442/taskmangservice7.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img248.imageshack.us/img248/6048/startmenuallprog1.jpg) (http://imageshack.us/photo/my-images/248/startmenuallprog1.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img33.imageshack.us/img33/3636/startmenuallprog2.jpg) (http://imageshack.us/photo/my-images/33/startmenuallprog2.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img191.imageshack.us/img191/9945/startmenuallprog3.jpg) (http://imageshack.us/photo/my-images/191/startmenuallprog3.jpg/)
(http://img13.imageshack.us/img13/6606/desktopwindowsphotowarn.jpg) (http://imageshack.us/photo/my-images/13/desktopwindowsphotowarn.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img692.imageshack.us/img692/4728/systemd.jpg) (http://imageshack.us/photo/my-images/692/systemd.jpg/)
-
Have you tried changing your background colour? Could you give me a screenshot in Normal Mode?
-
In normal mode ( I assume you mean thru task manager) I cannot get to the start button to select paint. In normal mode, before I select task manager, I have nothing but a black screen, except for two pop ups that tell me programs aren't working... so I don't know how I can get to anywhere to change the background from the black screen, because I have a curser and that is it.... only thing I know to do from there is cntrl, shift, esc. I will reboot to tell what the pop ups say, but they are pop ups I had before this whole thing happened.
I rebooted... I have to select open windows normally or safe mode, which I select normal.
The Blue windows Vista Home Premium page comes for me to select user. If I select Kathy, which does not have a password assigned, it just pops back to the blue windows vista page. If I select Hailey (which is the one we always use) which does require a password, I type in the password, get the blue welcome while the spinner is going, then a black screen with nothing but the curser and these two pop ups...
"Advanced System Care Performance Monitor has stopped working"
"Advanced System Care Auto Sweep has stopped working"
If I choose to search for a solution online, It is just a black screen.
Cnrt, Alt, Del takes me back to the blue screen to select .....
-Lock this computer
-Switch users
-Log off
-Change password
-Start task manager
If I choose switch user, it says that Hailey is logged on, but it still cuts back to the blue screen above if I try to log on under Kathy. If I select Hailey, black screen, two pop ups, and curser. If I x out of both pop ups, all I have is a black screen and a curser. If I right or left click on the mouse, nothing pops up for me to select.
I tried changing the background, but I was going thru task manager (because I have no other route) I was able to change a picture for the desktop, but no icons or start task bar... but when I rebooted, the black screen was back.
-
Can you uninstall Advanced System Care Performance Monitor or anything related to Advanced System Care in Safe Mode? I suspect that may something to do with the problem.
Can you give me a screenshot in Normal Mode?
Save these instructions so you can have access to them while in Safe Mode.
Please click here (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) to download AVP Tool by Kaspersky.
- Save it to your desktop.
- Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
- Double click the setup file to run it.
- Click Next to continue.
- Accept the License agreement and click on next.
- It will, by default, install it to your desktop folder. Click Next.
- It will then open a box There will be a tab that says Automatic scan.
- Under Automatic scan make sure these are checked.
- Hidden Startup Objects
- System Memory
- Disk Boot Sectors.
- My Computer.
- Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be neutralized then choose the delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it Kas.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.
-
disregard
-
I'm sorry, having trouble maneuvering in ImageShack.... I tried to get screen shots to show that I did not have the options you posted. I do believe I successfully uninstalled Advanced System Care.
No I cannot give a screen shot from normal mode because I cannot access paint... no start button, programs, paint.
(http://img856.imageshack.us/img856/9099/kas2t.jpg) (http://imageshack.us/photo/my-images/856/kas2t.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img42.imageshack.us/img42/279/kaslicaggre.jpg) (http://imageshack.us/photo/my-images/42/kaslicaggre.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img200.imageshack.us/img200/4900/kas1.jpg) (http://imageshack.us/photo/my-images/200/kas1.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img441.imageshack.us/img441/716/kas5.jpg) (http://imageshack.us/photo/my-images/441/kas5.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img197.imageshack.us/img197/8467/kas6h.jpg) (http://imageshack.us/photo/my-images/197/kas6h.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
-
Were you successful in run AVP?
-
Yes, I believe so... the screen shots above show what I got and ran, showed no threats detected.
-
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber1.png)
- If an infected file is detected, the default action will be Cure, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber2.png)
- If a suspicious file is detected, the default action will be Skip, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber3.png)
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillerlastone3.png)
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
*******************************************************
- Download RogueKiller (http://tigzy.geekstogo.com/Tools/RogueKiller.exe) on the desktop
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
-
17:57:09.0022 2440 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:57:09.0816 2440 ============================================================
17:57:09.0816 2440 Current date / time: 2013/01/30 17:57:09.0816
17:57:09.0816 2440 SystemInfo:
17:57:09.0816 2440
17:57:09.0817 2440 OS Version: 6.0.6001 ServicePack: 1.0
17:57:09.0817 2440 Product type: Workstation
17:57:09.0817 2440 ComputerName: HAILEY-PC
17:57:09.0817 2440 UserName: Hailey
17:57:09.0817 2440 Windows directory: C:\Windows
17:57:09.0817 2440 System windows directory: C:\Windows
17:57:09.0817 2440 Processor architecture: Intel x86
17:57:09.0817 2440 Number of processors: 1
17:57:09.0817 2440 Page size: 0x1000
17:57:09.0817 2440 Boot type: Normal boot
17:57:09.0817 2440 ============================================================
17:57:11.0135 2440 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:57:11.0181 2440 ============================================================
17:57:11.0181 2440 \Device\Harddisk0\DR0:
17:57:11.0184 2440 MBR partitions:
17:57:11.0184 2440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BAB9762
17:57:11.0184 2440 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BAB97A1, BlocksNum 0x170ADE0
17:57:11.0184 2440 ============================================================
17:57:11.0230 2440 C: <-> \Device\Harddisk0\DR0\Partition1
17:57:11.0456 2440 D: <-> \Device\Harddisk0\DR0\Partition2
17:57:11.0532 2440 ============================================================
17:57:11.0532 2440 Initialize success
17:57:11.0532 2440 ============================================================
18:00:09.0353 3900 ============================================================
18:00:09.0353 3900 Scan started
18:00:09.0353 3900 Mode: Manual;
18:00:09.0353 3900 ============================================================
18:00:10.0333 3900 ================ Scan services =============================
18:00:10.0553 3900 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
18:00:10.0563 3900 ACPI - ok
18:00:10.0643 3900 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:00:10.0643 3900 AdobeARMservice - ok
18:00:10.0753 3900 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:00:10.0753 3900 AdobeFlashPlayerUpdateSvc - ok
18:00:10.0863 3900 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:00:10.0893 3900 adp94xx - ok
18:00:10.0943 3900 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:00:10.0973 3900 adpahci - ok
18:00:11.0013 3900 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:00:11.0013 3900 adpu160m - ok
18:00:11.0053 3900 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:00:11.0063 3900 adpu320 - ok
18:00:11.0103 3900 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:00:11.0103 3900 AeLookupSvc - ok
18:00:11.0133 3900 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
18:00:11.0143 3900 AFD - ok
18:00:11.0163 3900 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:00:11.0173 3900 agp440 - ok
18:00:11.0223 3900 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:00:11.0223 3900 aic78xx - ok
18:00:11.0243 3900 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:00:11.0243 3900 ALG - ok
18:00:11.0273 3900 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:00:11.0273 3900 aliide - ok
18:00:11.0293 3900 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:00:11.0303 3900 amdagp - ok
18:00:11.0323 3900 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:00:11.0323 3900 amdide - ok
18:00:11.0343 3900 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:00:11.0343 3900 AmdK7 - ok
18:00:11.0363 3900 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:00:11.0363 3900 AmdK8 - ok
18:00:11.0393 3900 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:00:11.0393 3900 Appinfo - ok
18:00:11.0423 3900 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:00:11.0433 3900 arc - ok
18:00:11.0453 3900 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:00:11.0463 3900 arcsas - ok
18:00:11.0483 3900 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:00:11.0483 3900 AsyncMac - ok
18:00:11.0503 3900 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
18:00:11.0513 3900 atapi - ok
18:00:11.0553 3900 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:00:11.0563 3900 AudioEndpointBuilder - ok
18:00:11.0603 3900 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:00:11.0613 3900 Audiosrv - ok
18:00:11.0683 3900 [ 1F62E569B455FE5405193597FA3E1402 ] BCMH43XX C:\Windows\system32\DRIVERS\DX432386.sys
18:00:11.0713 3900 BCMH43XX - ok
18:00:11.0743 3900 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:00:11.0743 3900 Beep - ok
18:00:11.0793 3900 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
18:00:11.0803 3900 BFE - ok
18:00:11.0863 3900 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
18:00:11.0903 3900 BITS - ok
18:00:11.0943 3900 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:00:11.0943 3900 blbdrive - ok
18:00:12.0003 3900 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:00:12.0013 3900 bowser - ok
18:00:12.0053 3900 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:00:12.0063 3900 BrFiltLo - ok
18:00:12.0093 3900 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:00:12.0093 3900 BrFiltUp - ok
18:00:12.0133 3900 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:00:12.0133 3900 Browser - ok
18:00:12.0163 3900 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:00:12.0163 3900 Brserid - ok
18:00:12.0183 3900 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:00:12.0193 3900 BrSerWdm - ok
18:00:12.0213 3900 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:00:12.0213 3900 BrUsbMdm - ok
18:00:12.0233 3900 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:00:12.0233 3900 BrUsbSer - ok
18:00:12.0253 3900 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:00:12.0263 3900 BTHMODEM - ok
18:00:12.0283 3900 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:00:12.0313 3900 cdfs - ok
18:00:12.0363 3900 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:00:12.0363 3900 cdrom - ok
18:00:12.0393 3900 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
18:00:12.0393 3900 CertPropSvc - ok
18:00:12.0413 3900 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:00:12.0433 3900 circlass - ok
18:00:12.0463 3900 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
18:00:12.0473 3900 CLFS - ok
18:00:12.0523 3900 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:00:12.0523 3900 clr_optimization_v2.0.50727_32 - ok
18:00:12.0583 3900 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:00:12.0583 3900 clr_optimization_v4.0.30319_32 - ok
18:00:12.0633 3900 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:00:12.0643 3900 cmdide - ok
18:00:12.0673 3900 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:00:12.0673 3900 Compbatt - ok
18:00:12.0703 3900 COMSysApp - ok
18:00:12.0833 3900 cpuz134 - ok
18:00:12.0863 3900 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:00:12.0873 3900 crcdisk - ok
18:00:12.0893 3900 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:00:12.0893 3900 Crusoe - ok
18:00:12.0943 3900 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:00:12.0953 3900 CryptSvc - ok
18:00:13.0013 3900 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:00:13.0033 3900 DcomLaunch - ok
18:00:13.0053 3900 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:00:13.0063 3900 DfsC - ok
18:00:13.0153 3900 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
18:00:13.0263 3900 DFSR - ok
18:00:13.0323 3900 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:00:13.0333 3900 Dhcp - ok
18:00:13.0373 3900 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
18:00:13.0393 3900 disk - ok
18:00:13.0423 3900 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:00:13.0433 3900 Dnscache - ok
18:00:13.0473 3900 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
18:00:13.0483 3900 dot3svc - ok
18:00:13.0533 3900 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:00:13.0543 3900 DPS - ok
18:00:13.0573 3900 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:00:13.0583 3900 drmkaud - ok
18:00:13.0643 3900 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:00:13.0673 3900 DXGKrnl - ok
18:00:13.0713 3900 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:00:13.0723 3900 E1G60 - ok
18:00:13.0803 3900 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:00:13.0803 3900 EapHost - ok
18:00:13.0843 3900 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:00:13.0853 3900 Ecache - ok
18:00:13.0923 3900 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:00:13.0933 3900 ehRecvr - ok
18:00:13.0973 3900 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:00:13.0983 3900 ehSched - ok
18:00:14.0013 3900 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:00:14.0013 3900 ehstart - ok
18:00:14.0083 3900 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:00:14.0093 3900 elxstor - ok
18:00:14.0193 3900 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:00:14.0213 3900 EMDMgmt - ok
18:00:14.0293 3900 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:00:14.0293 3900 ErrDev - ok
18:00:14.0383 3900 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
18:00:14.0403 3900 EventSystem - ok
18:00:14.0453 3900 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
18:00:14.0453 3900 exfat - ok
18:00:14.0493 3900 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:00:14.0493 3900 fastfat - ok
18:00:14.0543 3900 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:00:14.0543 3900 fdc - ok
18:00:14.0573 3900 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:00:14.0583 3900 fdPHost - ok
18:00:14.0593 3900 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:00:14.0593 3900 FDResPub - ok
18:00:14.0613 3900 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:00:14.0613 3900 FileInfo - ok
18:00:14.0713 3900 [ 47B91551FE7489A323BAF4904CAD757A ] FileMonitor C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys
18:00:14.0713 3900 FileMonitor - ok
18:00:14.0753 3900 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:00:14.0753 3900 Filetrace - ok
18:00:14.0783 3900 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:00:14.0783 3900 flpydisk - ok
18:00:14.0813 3900 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:00:14.0813 3900 FltMgr - ok
18:00:14.0873 3900 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:00:14.0873 3900 FontCache3.0.0.0 - ok
18:00:14.0893 3900 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:00:14.0893 3900 Fs_Rec - ok
18:00:14.0923 3900 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:00:14.0933 3900 gagp30kx - ok
18:00:14.0973 3900 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
18:00:15.0003 3900 gpsvc - ok
18:00:15.0023 3900 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:00:15.0023 3900 HDAudBus - ok
18:00:15.0053 3900 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:00:15.0053 3900 HidBth - ok
18:00:15.0073 3900 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:00:15.0073 3900 HidIr - ok
18:00:15.0113 3900 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
18:00:15.0113 3900 hidserv - ok
18:00:15.0133 3900 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\drivers\hidusb.sys
18:00:15.0133 3900 HidUsb - ok
18:00:15.0163 3900 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:00:15.0163 3900 hkmsvc - ok
18:00:15.0223 3900 [ A3A30438C48D2D71556E120C9C7BA7A0 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
18:00:15.0233 3900 HP Health Check Service - ok
18:00:15.0253 3900 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:00:15.0253 3900 HpCISSs - ok
18:00:15.0313 3900 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:00:15.0313 3900 hpqcxs08 - ok
18:00:15.0333 3900 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:00:15.0343 3900 hpqddsvc - ok
18:00:15.0403 3900 [ 617732F6C0F86DF3757B1D39211C15E5 ] HSF_DP C:\Windows\system32\DRIVERS\HSX_DP.sys
18:00:15.0443 3900 HSF_DP - ok
18:00:15.0463 3900 [ B1322E002BC4A556F83E4EDDE8E2F30F ] HSXHWBS3 C:\Windows\system32\DRIVERS\HSXHWBS3.sys
18:00:15.0473 3900 HSXHWBS3 - ok
18:00:15.0513 3900 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:00:15.0533 3900 HTTP - ok
18:00:15.0563 3900 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:00:15.0563 3900 i2omp - ok
18:00:15.0583 3900 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:00:15.0583 3900 i8042prt - ok
18:00:15.0623 3900 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:00:15.0633 3900 iaStorV - ok
18:00:15.0693 3900 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:00:15.0753 3900 idsvc - ok
18:00:15.0793 3900 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:00:15.0803 3900 iirsp - ok
18:00:15.0853 3900 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
18:00:15.0873 3900 IKEEXT - ok
18:00:15.0923 3900 [ 8AE99EBE30E8338907361018D9030835 ] IMFservice C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
18:00:15.0943 3900 IMFservice - ok
18:00:16.0043 3900 [ 5D26CCB06E1F3B5C26E863DF3F4F2611 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:00:16.0113 3900 IntcAzAudAddService - ok
18:00:16.0143 3900 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:00:16.0143 3900 intelide - ok
18:00:16.0173 3900 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:00:16.0173 3900 intelppm - ok
18:00:16.0203 3900 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:00:16.0203 3900 IPBusEnum - ok
18:00:16.0223 3900 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:00:16.0233 3900 IpFilterDriver - ok
18:00:16.0263 3900 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:00:16.0263 3900 iphlpsvc - ok
18:00:16.0283 3900 IpInIp - ok
18:00:16.0313 3900 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:00:16.0313 3900 IPMIDRV - ok
18:00:16.0343 3900 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:00:16.0343 3900 IPNAT - ok
18:00:16.0373 3900 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:00:16.0373 3900 IRENUM - ok
18:00:16.0403 3900 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:00:16.0403 3900 isapnp - ok
18:00:16.0433 3900 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:00:16.0433 3900 iScsiPrt - ok
18:00:16.0463 3900 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:00:16.0463 3900 iteatapi - ok
18:00:16.0483 3900 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:00:16.0493 3900 iteraid - ok
18:00:16.0513 3900 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:00:16.0513 3900 kbdclass - ok
18:00:16.0543 3900 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:00:16.0543 3900 kbdhid - ok
18:00:16.0573 3900 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
18:00:16.0573 3900 KeyIso - ok
18:00:16.0603 3900 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:00:16.0623 3900 KSecDD - ok
18:00:16.0663 3900 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:00:16.0683 3900 KtmRm - ok
18:00:16.0733 3900 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:00:16.0743 3900 LanmanServer - ok
18:00:16.0783 3900 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:00:16.0783 3900 LanmanWorkstation - ok
18:00:16.0843 3900 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:00:16.0853 3900 LightScribeService - ok
18:00:16.0883 3900 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:00:16.0883 3900 lltdio - ok
18:00:16.0933 3900 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:00:16.0933 3900 lltdsvc - ok
18:00:16.0963 3900 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:00:16.0963 3900 lmhosts - ok
18:00:16.0993 3900 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:00:17.0023 3900 LSI_FC - ok
18:00:17.0063 3900 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:00:17.0063 3900 LSI_SAS - ok
18:00:17.0093 3900 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:00:17.0093 3900 LSI_SCSI - ok
18:00:17.0123 3900 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:00:17.0123 3900 luafv - ok
18:00:17.0163 3900 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:00:17.0163 3900 MBAMProtector - ok
18:00:17.0223 3900 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:00:17.0233 3900 MBAMScheduler - ok
18:00:17.0273 3900 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:00:17.0293 3900 MBAMService - ok
18:00:17.0303 3900 MCSTRM - ok
18:00:17.0383 3900 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:00:17.0383 3900 Mcx2Svc - ok
18:00:17.0433 3900 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:00:17.0433 3900 mdmxsdk - ok
18:00:17.0473 3900 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:00:17.0473 3900 megasas - ok
18:00:17.0533 3900 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:00:17.0563 3900 MegaSR - ok
18:00:17.0613 3900 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:00:17.0623 3900 MMCSS - ok
18:00:17.0673 3900 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:00:17.0673 3900 Modem - ok
18:00:17.0713 3900 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:00:17.0713 3900 monitor - ok
18:00:17.0763 3900 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:00:17.0763 3900 mouclass - ok
18:00:17.0803 3900 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\drivers\mouhid.sys
18:00:17.0813 3900 mouhid - ok
18:00:17.0843 3900 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:00:17.0843 3900 MountMgr - ok
18:00:17.0863 3900 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:00:17.0863 3900 mpio - ok
18:00:17.0893 3900 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:00:17.0893 3900 mpsdrv - ok
18:00:17.0933 3900 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
18:00:17.0933 3900 MpsSvc - ok
18:00:17.0953 3900 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:00:17.0953 3900 Mraid35x - ok
18:00:18.0003 3900 [ 88CB1D492608B44FAEFD1F349353C7AD ] MRV6X32U C:\Windows\system32\DRIVERS\MRVW24B.sys
18:00:18.0003 3900 MRV6X32U - ok
18:00:18.0023 3900 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:00:18.0033 3900 MRxDAV - ok
18:00:18.0053 3900 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:00:18.0053 3900 mrxsmb - ok
18:00:18.0094 3900 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:00:18.0094 3900 mrxsmb10 - ok
18:00:18.0114 3900 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:00:18.0114 3900 mrxsmb20 - ok
18:00:18.0134 3900 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
18:00:18.0144 3900 msahci - ok
18:00:18.0164 3900 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:00:18.0164 3900 msdsm - ok
18:00:18.0184 3900 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:00:18.0194 3900 MSDTC - ok
18:00:18.0224 3900 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:00:18.0224 3900 Msfs - ok
18:00:18.0234 3900 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:00:18.0234 3900 msisadrv - ok
18:00:18.0274 3900 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:00:18.0274 3900 MSiSCSI - ok
18:00:18.0284 3900 msiserver - ok
18:00:18.0314 3900 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:00:18.0314 3900 MSKSSRV - ok
18:00:18.0334 3900 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:00:18.0334 3900 MSPCLOCK - ok
18:00:18.0354 3900 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:00:18.0354 3900 MSPQM - ok
18:00:18.0374 3900 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:00:18.0374 3900 MsRPC - ok
18:00:18.0404 3900 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:00:18.0404 3900 mssmbios - ok
18:00:18.0434 3900 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:00:18.0444 3900 MSTEE - ok
18:00:18.0464 3900 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
18:00:18.0464 3900 Mup - ok
18:00:18.0494 3900 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
18:00:18.0504 3900 napagent - ok
18:00:18.0534 3900 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:00:18.0544 3900 NativeWifiP - ok
18:00:18.0574 3900 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:00:18.0584 3900 NDIS - ok
18:00:18.0594 3900 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:00:18.0594 3900 NdisTapi - ok
18:00:18.0614 3900 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:00:18.0614 3900 Ndisuio - ok
18:00:18.0634 3900 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:00:18.0634 3900 NdisWan - ok
18:00:18.0644 3900 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:00:18.0654 3900 NDProxy - ok
18:00:18.0674 3900 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:00:18.0674 3900 NetBIOS - ok
18:00:18.0734 3900 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:00:18.0744 3900 netbt - ok
18:00:18.0774 3900 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
18:00:18.0774 3900 Netlogon - ok
18:00:18.0814 3900 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:00:18.0814 3900 Netman - ok
18:00:18.0884 3900 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:00:18.0884 3900 netprofm - ok
18:00:18.0914 3900 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:00:18.0914 3900 NetTcpPortSharing - ok
18:00:18.0954 3900 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:00:18.0954 3900 nfrd960 - ok
18:00:18.0984 3900 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:00:19.0004 3900 NlaSvc - ok
18:00:19.0034 3900 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:00:19.0034 3900 Npfs - ok
18:00:19.0064 3900 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:00:19.0074 3900 nsi - ok
18:00:19.0084 3900 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:00:19.0084 3900 nsiproxy - ok
18:00:19.0124 3900 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:00:19.0134 3900 Ntfs - ok
18:00:19.0154 3900 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:00:19.0154 3900 ntrigdigi - ok
18:00:19.0184 3900 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:00:19.0184 3900 Null - ok
18:00:19.0234 3900 [ DE3FCF6A5AACA198B22998330C3C64D9 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
18:00:19.0264 3900 NVENETFD - ok
18:00:19.0464 3900 [ FBBA09782F2FAC5A57619DF378BA9372 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:00:19.0624 3900 nvlddmkm - ok
18:00:19.0664 3900 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:00:19.0674 3900 nvraid - ok
18:00:19.0704 3900 [ 6934105ECC6A19570160D794E301E595 ] nvrd32 C:\Windows\system32\drivers\nvrd32.sys
18:00:19.0714 3900 nvrd32 - ok
18:00:19.0754 3900 [ 62754E376185EACBB73D06FEA0FFC54A ] nvsmu C:\Windows\system32\drivers\nvsmu.sys
18:00:19.0754 3900 nvsmu - ok
18:00:19.0774 3900 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:00:19.0774 3900 nvstor - ok
18:00:19.0814 3900 [ D05F6E26AC960474494356FE703D61BE ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
18:00:19.0814 3900 nvstor32 - ok
18:00:19.0854 3900 [ CF7769F13B3ECC5E2BF1B3D1C5831AE8 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:00:19.0864 3900 nvsvc - ok
18:00:19.0894 3900 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:00:19.0914 3900 nv_agp - ok
18:00:19.0924 3900 NwlnkFlt - ok
18:00:19.0934 3900 NwlnkFwd - ok
18:00:20.0044 3900 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:00:20.0064 3900 odserv - ok
18:00:20.0094 3900 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:00:20.0094 3900 ohci1394 - ok
18:00:20.0124 3900 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:00:20.0134 3900 ose - ok
18:00:20.0174 3900 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:00:20.0194 3900 p2pimsvc - ok
18:00:20.0224 3900 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
18:00:20.0224 3900 p2psvc - ok
18:00:20.0254 3900 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:00:20.0264 3900 Parport - ok
18:00:20.0274 3900 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:00:20.0284 3900 partmgr - ok
18:00:20.0304 3900 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:00:20.0304 3900 Parvdm - ok
18:00:20.0334 3900 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:00:20.0334 3900 PcaSvc - ok
18:00:20.0354 3900 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
18:00:20.0364 3900 pci - ok
18:00:20.0384 3900 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
18:00:20.0384 3900 pciide - ok
18:00:20.0404 3900 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:00:20.0414 3900 pcmcia - ok
18:00:20.0454 3900 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:00:20.0504 3900 PEAUTH - ok
18:00:20.0664 3900 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:00:20.0694 3900 pla - ok
18:00:20.0734 3900 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:00:20.0744 3900 PlugPlay - ok
18:00:20.0774 3900 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:00:20.0774 3900 PNRPAutoReg - ok
18:00:20.0814 3900 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:00:20.0824 3900 PNRPsvc - ok
18:00:20.0874 3900 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:00:20.0884 3900 PolicyAgent - ok
18:00:20.0924 3900 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:00:20.0924 3900 PptpMiniport - ok
18:00:20.0954 3900 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:00:20.0964 3900 Processor - ok
18:00:20.0994 3900 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
18:00:21.0014 3900 ProfSvc - ok
18:00:21.0034 3900 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:00:21.0034 3900 ProtectedStorage - ok
18:00:21.0074 3900 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
18:00:21.0074 3900 ProtexisLicensing - ok
18:00:21.0114 3900 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:00:21.0114 3900 PSched - ok
18:00:21.0154 3900 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
18:00:21.0154 3900 PSI_SVC_2 - ok
18:00:21.0214 3900 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:00:21.0264 3900 ql2300 - ok
18:00:21.0314 3900 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:00:21.0324 3900 ql40xx - ok
18:00:21.0374 3900 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:00:21.0394 3900 QWAVE - ok
18:00:21.0424 3900 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:00:21.0434 3900 QWAVEdrv - ok
18:00:21.0464 3900 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:00:21.0464 3900 RasAcd - ok
18:00:21.0534 3900 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:00:21.0534 3900 RasAuto - ok
18:00:21.0584 3900 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:00:21.0594 3900 Rasl2tp - ok
18:00:21.0644 3900 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
18:00:21.0664 3900 RasMan - ok
18:00:21.0704 3900 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:00:21.0704 3900 RasPppoe - ok
18:00:21.0744 3900 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:00:21.0744 3900 RasSstp - ok
18:00:21.0784 3900 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:00:21.0794 3900 rdbss - ok
18:00:21.0804 3900 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:00:21.0804 3900 RDPCDD - ok
18:00:21.0834 3900 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:00:21.0834 3900 rdpdr - ok
18:00:21.0844 3900 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:00:21.0844 3900 RDPENCDD - ok
18:00:21.0874 3900 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:00:21.0884 3900 RDPWD - ok
18:00:21.0904 3900 [ BBE6EA838BFFCFE7E27909545B237164 ] RegFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys
18:00:21.0904 3900 RegFilter - ok
18:00:21.0974 3900 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:00:21.0974 3900 RemoteAccess - ok
18:00:22.0004 3900 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:00:22.0014 3900 RemoteRegistry - ok
18:00:22.0024 3900 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:00:22.0034 3900 RpcLocator - ok
18:00:22.0064 3900 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
18:00:22.0064 3900 RpcSs - ok
18:00:22.0094 3900 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:00:22.0104 3900 rspndr - ok
18:00:22.0134 3900 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
18:00:22.0134 3900 SamSs - ok
18:00:22.0174 3900 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:00:22.0174 3900 sbp2port - ok
18:00:22.0204 3900 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:00:22.0214 3900 SCardSvr - ok
18:00:22.0264 3900 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
18:00:22.0274 3900 Schedule - ok
18:00:22.0304 3900 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
18:00:22.0304 3900 SCPolicySvc - ok
18:00:22.0344 3900 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:00:22.0344 3900 SDRSVC - ok
18:00:22.0364 3900 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:00:22.0364 3900 secdrv - ok
18:00:22.0384 3900 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:00:22.0384 3900 seclogon - ok
18:00:22.0394 3900 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:00:22.0404 3900 SENS - ok
18:00:22.0434 3900 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:00:22.0434 3900 Serenum - ok
18:00:22.0464 3900 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\drivers\serial.sys
18:00:22.0464 3900 Serial - ok
18:00:22.0484 3900 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:00:22.0484 3900 sermouse - ok
18:00:22.0534 3900 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:00:22.0534 3900 SessionEnv - ok
18:00:22.0554 3900 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:00:22.0554 3900 sffdisk - ok
18:00:22.0574 3900 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:00:22.0584 3900 sffp_mmc - ok
18:00:22.0604 3900 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:00:22.0604 3900 sffp_sd - ok
18:00:22.0614 3900 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:00:22.0614 3900 sfloppy - ok
18:00:22.0664 3900 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:00:22.0674 3900 SharedAccess - ok
18:00:22.0714 3900 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:00:22.0754 3900 ShellHWDetection - ok
18:00:22.0784 3900 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:00:22.0784 3900 sisagp - ok
18:00:22.0814 3900 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:00:22.0814 3900 SiSRaid2 - ok
18:00:22.0844 3900 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:00:22.0844 3900 SiSRaid4 - ok
18:00:22.0974 3900 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
18:00:23.0044 3900 slsvc - ok
18:00:23.0084 3900 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:00:23.0084 3900 SLUINotify - ok
18:00:23.0124 3900 [ 46B40982AF166BF89C3F51FB13E60D6D ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
18:00:23.0124 3900 SmartDefragDriver - ok
18:00:23.0154 3900 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:00:23.0164 3900 Smb - ok
18:00:23.0194 3900 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:00:23.0214 3900 SNMPTRAP - ok
18:00:23.0254 3900 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:00:23.0284 3900 spldr - ok
18:00:23.0324 3900 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
18:00:23.0334 3900 Spooler - ok
18:00:23.0364 3900 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:00:23.0394 3900 srv - ok
18:00:23.0444 3900 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:00:23.0454 3900 srv2 - ok
18:00:23.0474 3900 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:00:23.0474 3900 srvnet - ok
18:00:23.0524 3900 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:00:23.0534 3900 SSDPSRV - ok
18:00:23.0564 3900 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:00:23.0564 3900 SstpSvc - ok
18:00:23.0614 3900 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
18:00:23.0624 3900 stisvc - ok
18:00:23.0654 3900 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:00:23.0654 3900 swenum - ok
18:00:23.0684 3900 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
18:00:23.0704 3900 swprv - ok
18:00:23.0734 3900 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:00:23.0734 3900 Symc8xx - ok
18:00:23.0784 3900 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:00:23.0784 3900 Sym_hi - ok
18:00:23.0824 3900 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:00:23.0824 3900 Sym_u3 - ok
18:00:23.0894 3900 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
18:00:23.0904 3900 SysMain - ok
18:00:23.0934 3900 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:00:23.0934 3900 TabletInputService - ok
18:00:23.0974 3900 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
18:00:23.0974 3900 TapiSrv - ok
18:00:24.0014 3900 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:00:24.0014 3900 TBS - ok
18:00:24.0074 3900 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:00:24.0094 3900 Tcpip - ok
18:00:24.0144 3900 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:00:24.0144 3900 Tcpip6 - ok
18:00:24.0184 3900 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:00:24.0184 3900 tcpipreg - ok
18:00:24.0214 3900 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:00:24.0214 3900 TDPIPE - ok
18:00:24.0234 3900 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:00:24.0234 3900 TDTCP - ok
18:00:24.0274 3900 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:00:24.0274 3900 tdx - ok
18:00:24.0294 3900 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:00:24.0294 3900 TermDD - ok
18:00:24.0344 3900 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
18:00:24.0364 3900 TermService - ok
18:00:24.0394 3900 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
18:00:24.0394 3900 Themes - ok
18:00:24.0414 3900 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:00:24.0414 3900 THREADORDER - ok
18:00:24.0444 3900 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:00:24.0454 3900 TrkWks - ok
18:00:24.0504 3900 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:00:24.0504 3900 TrustedInstaller - ok
18:00:24.0544 3900 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:00:24.0544 3900 tssecsrv - ok
18:00:24.0584 3900 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:00:24.0584 3900 tunmp - ok
18:00:24.0614 3900 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:00:24.0614 3900 tunnel - ok
18:00:24.0644 3900 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:00:24.0644 3900 uagp35 - ok
18:00:24.0674 3900 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:00:24.0684 3900 udfs - ok
18:00:24.0724 3900 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:00:24.0734 3900 UI0Detect - ok
18:00:24.0764 3900 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:00:24.0764 3900 uliagpkx - ok
18:00:24.0794 3900 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:00:24.0814 3900 uliahci - ok
18:00:24.0854 3900 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:00:24.0854 3900 UlSata - ok
18:00:24.0884 3900 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:00:24.0884 3900 ulsata2 - ok
18:00:24.0904 3900 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:00:24.0914 3900 umbus - ok
18:00:24.0954 3900 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:00:24.0984 3900 upnphost - ok
18:00:25.0014 3900 [ 8D5437D41B868BB28403FE10D9A3FD51 ] UrlFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys
18:00:25.0024 3900 UrlFilter - ok
18:00:25.0074 3900 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
18:00:25.0074 3900 usbccgp - ok
18:00:25.0114 3900 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:00:25.0124 3900 usbcir - ok
18:00:25.0154 3900 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:00:25.0154 3900 usbehci - ok
18:00:25.0174 3900 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:00:25.0184 3900 usbhub - ok
18:00:25.0214 3900 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:00:25.0214 3900 usbohci - ok
18:00:25.0234 3900 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:00:25.0234 3900 usbprint - ok
18:00:25.0264 3900 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:00:25.0264 3900 USBSTOR - ok
18:00:25.0304 3900 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:00:25.0314 3900 usbuhci - ok
18:00:25.0354 3900 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
18:00:25.0354 3900 UxSms - ok
18:00:25.0384 3900 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
18:00:25.0404 3900 vds - ok
18:00:25.0434 3900 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:00:25.0434 3900 vga - ok
18:00:25.0464 3900 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:00:25.0464 3900 VgaSave - ok
18:00:25.0494 3900 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:00:25.0494 3900 viaagp - ok
18:00:25.0514 3900 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:00:25.0514 3900 ViaC7 - ok
18:00:25.0544 3900 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:00:25.0554 3900 viaide - ok
18:00:25.0584 3900 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:00:25.0584 3900 volmgr - ok
18:00:25.0614 3900 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:00:25.0624 3900 volmgrx - ok
18:00:25.0664 3900 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:00:25.0664 3900 volsnap - ok
18:00:25.0694 3900 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:00:25.0694 3900 vsmraid - ok
18:00:25.0764 3900 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
18:00:25.0824 3900 VSS - ok
18:00:25.0884 3900 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
18:00:25.0894 3900 W32Time - ok
18:00:25.0934 3900 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:00:25.0934 3900 WacomPen - ok
18:00:25.0964 3900 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:00:25.0964 3900 Wanarp - ok
18:00:25.0974 3900 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:00:25.0974 3900 Wanarpv6 - ok
18:00:26.0034 3900 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:00:26.0054 3900 wcncsvc - ok
18:00:26.0074 3900 [ 11BCB7AFCDD
-
RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Hailey [Admin rights]
Mode : Scan -- Date : 01/30/2013 18:10:56
| ARK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] WxDFastUpdaterTask{A6523428-B94D-48CB-9B94-4CDF8E8B8E4F}.job : C:\ProgramData\Premium\WxDFast\WxDFast.exe /schedule /profilepath "C:\ProgramData\Premium\WxDFast\profile.ini" -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST325031 0AS SCSI Disk Device +++++
--- User ---
[MBR] 3b8d9edcc3cb964393f6f64bdede650f
[BSP] 22544e0905d75e2b7891979d21896c94 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 226674 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 464230305 | Size: 11797 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_01302013_02d1810.txt >>
RKreport[1]_S_01302013_02d1810.txt
-
Please run RogueKiller again and delete the files found. If that doesn't fix the problem, try this one below in Normal Mode.
Also, do you hear any beeps when the computer boots?
Alt+Ctrl+Del
New task
type:Explorer
if you saw a message saying cannot find explorer click browse go to %system root%\windows\system32 and find it it may have another extension so change the open as (bottom of window) to all files then change the extension to .EXE
-
RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Hailey [Admin rights]
Mode : Remove -- Date : 01/30/2013 18:46:35
| ARK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] WxDFastUpdaterTask{A6523428-B94D-48CB-9B94-4CDF8E8B8E4F}.job : C:\ProgramData\Premium\WxDFast\WxDFast.exe /schedule /profilepath "C:\ProgramData\Premium\WxDFast\profile.ini" -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST325031 0AS SCSI Disk Device +++++
--- User ---
[MBR] 3b8d9edcc3cb964393f6f64bdede650f
[BSP] 22544e0905d75e2b7891979d21896c94 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 226674 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 464230305 | Size: 11797 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_D_01302013_02d1846.txt >>
RKreport[1]_S_01302013_02d1810.txt ; RKreport[2]_D_01302013_02d1846.txt
-
This hardware scheduled task started on its own....
Hardware Diagnostic Tools Log File
Thursday, January 31, 2013 10:54:04 AM
ST325031 0AS SCSI Disk Device
Model Number: ST3250310AS
Firmware Revision: 3.AH
Total Capacity: 232.89 GB
Driver: c:\windows\system32\drivers\disk.sys
Driver Version: 6.0.6001.18000, 6-21-2006
COMPAQ - C:
File System: NTFS
Volume Capacity: 221.36 GB
Volume Used Space: 127.33 GB
FACTORY_IMAGE - D:
File System: NTFS
Volume Capacity: 11.52 GB
Volume Used Space: 9.93 GB
Random Seek Test
Test Started 1/31/2013 10:02:28 AM
Test Finished: Passed 1/31/2013 10:03:41 AM
Funnel Seek Test
Test Started 1/31/2013 10:03:41 AM
Test Finished: Passed 1/31/2013 10:05:27 AM
Surface Scan Test
Test Started 1/31/2013 10:05:28 AM
Test Finished: Passed 1/31/2013 10:09:13 AM
Surface Scan Test 2
Test Started 1/31/2013 10:09:13 AM
Test Finished: Passed 1/31/2013 10:13:08 AM
NVIDIA nForce 10/100 Mbps Ethernet
MAC Address: 00:23:54:3a:ae:5f
IP Address: 192.168.1.109
Gateway IP Address: 192.168.1.1
Current Speed: 100.00 Mbps
Driver: c:\windows\system32\drivers\nvmfdx32.sys
Driver Version: 67.8.3.1, 5-21-2008
Network Cable Test
Test Started 1/31/2013 10:13:08 AM
Test Finished: Passed 1/31/2013 10:13:10 AM
TCP/IP Network Communication Test
Test Started 1/31/2013 10:13:10 AM
Test Finished: Passed 1/31/2013 10:14:01 AM
CMOS
Divider Time Base: 32.77 kHz
Periodic Interrupt Rate: 976 MICROSECONDS
Checksum Test
Test Started 1/31/2013 10:14:01 AM
Test Finished: Passed 1/31/2013 10:14:04 AM
Pattern Test
Test Started 1/31/2013 10:14:04 AM
Test Finished: Passed 1/31/2013 10:14:08 AM
AMD Athlon(tm) Processor LE-1640
Name: AMD Athlon(tm) Processor LE-1640
Cores: 1
Features: MMX(+), 3DNow!(+), PSE36, x86-64, SSE, SSE2, SSE3, NX, SVM
Current Speed: 2.71 GHz
Multiplier: x 13.5
L1 Instruction Cache: 64.00 kB
L1 Data Cache: 64.00 kB
L2 Cache: 512.00 kB
Core : 0
Threads: 1
AMD FPU Test
Test Started 1/31/2013 10:14:08 AM
Test Finished: Passed 1/31/2013 10:14:17 AM
AMD MMX Test
Test Started 1/31/2013 10:14:17 AM
Test Finished: Passed 1/31/2013 10:14:21 AM
AMD SSE Test
Test Started 1/31/2013 10:14:21 AM
Test Finished: Passed 1/31/2013 10:14:28 AM
Register Test
Test Started 1/31/2013 10:14:28 AM
Test Finished: Passed 1/31/2013 10:14:29 AM
Level 2 Cache Test
Test Started 1/31/2013 10:14:29 AM
Test Finished: Passed 1/31/2013 10:14:38 AM
Math Register Test
Test Started 1/31/2013 10:14:38 AM
Test Finished: Passed 1/31/2013 10:14:39 AM
MMX Test
Test Started 1/31/2013 10:14:39 AM
Test Finished: Passed 1/31/2013 10:14:39 AM
SSE Test
Test Started 1/31/2013 10:14:39 AM
Test Finished: Passed 1/31/2013 10:14:40 AM
SSE2 Test
Test Started 1/31/2013 10:14:40 AM
Test Finished: Passed 1/31/2013 10:14:40 AM
SSE3 Test
Test Started 1/31/2013 10:14:40 AM
Test Finished: Passed 1/31/2013 10:14:41 AM
System Memory
Total Physical Memory: 1.00 GB
1024 MB DDR2-SDRAM (PC2-6400 / 800 MHz)
Memory Size: 1.00 GB
Memory Type: DDR2-SDRAM (PC2-6400 / 800 MHz)
Advanced Pattern Test
Test Started 1/31/2013 10:14:41 AM
Test Finished: Passed 1/31/2013 10:15:03 AM
Bit Low Test
Test Started 1/31/2013 10:15:03 AM
Test Finished: Passed 1/31/2013 10:15:13 AM
Bit High Test
Test Started 1/31/2013 10:15:13 AM
Test Finished: Passed 1/31/2013 10:15:20 AM
Nibble Move Test
Test Started 1/31/2013 10:15:21 AM
Test Finished: Passed 1/31/2013 10:15:33 AM
Checkerboard Test
Test Started 1/31/2013 10:15:33 AM
Test Finished: Passed 1/31/2013 10:15:42 AM
Walking One Left Test
Test Started 1/31/2013 10:15:42 AM
Test Finished: Passed 1/31/2013 10:15:59 AM
Walking One Right Test
Test Started 1/31/2013 10:15:59 AM
Test Finished: Passed 1/31/2013 10:17:11 AM
Auxiliary Pattern Test
Test Started 1/31/2013 10:17:12 AM
Test Finished: Passed 1/31/2013 10:19:05 AM
Address Test
Test Started 1/31/2013 10:19:06 AM
Test Finished: Passed 1/31/2013 10:20:13 AM
Modulo20 Test
Test Started 1/31/2013 10:20:13 AM
Test Finished: Passed 1/31/2013 10:25:43 AM
Moving Inversion Test
Test Started 1/31/2013 10:25:59 AM
Test Finished: Passed 1/31/2013 10:48:32 AM
Windows Memory Test
Test Started 1/31/2013 10:48:38 AM
Informative Message: No memory diagnostic results were found in the event log. 1/31/2013 10:48:48 AM
Test Finished: Passed 1/31/2013 10:48:51 AM
PCI standard PCI-to-PCI bridge
PCI Location: PCI bus 0, device 9, function 0
PCI Express Status Test
Test Started 1/31/2013 10:48:51 AM
Test Finished: Passed 1/31/2013 10:48:59 AM
PCI standard PCI-to-PCI bridge
PCI Location: PCI bus 0, device 11, function 0
PCI Express Status Test
Test Started 1/31/2013 10:48:59 AM
Test Finished: Passed 1/31/2013 10:49:00 AM
PCIe Soft Data Fax Modem with SmartCP
Model: PCIe Soft Data Fax Modem with SmartCP
Driver: c:\windows\system32\drivers\modem.sys
Driver Version: 7.71.0.50, 3-11-2008
PCI Express Status Test
Test Started 1/31/2013 10:49:00 AM
Test Finished: Passed 1/31/2013 10:49:00 AM
PCI Bus
Configuration Test
Test Started 1/31/2013 10:49:00 AM
Test Finished: Passed 1/31/2013 10:49:01 AM
System Board
Chipset: nVidia MCP61
Manufacturer: OEM_MB
Product: IVY8
RTC Rollover Test
Test Started 1/31/2013 10:49:01 AM
Test Finished: Passed 1/31/2013 10:49:08 AM
RTC Accuracy Test
Test Started 1/31/2013 10:49:08 AM
Test Finished: Passed 1/31/2013 10:49:11 AM
Model Information
Model Name SR5605F
Product Number FK587AA-ABA
Software Build 84NAv3PrA2
Serial Number 3CR8401116
Operating System
Name Microsoft Windows Vista Home Premium Edition (x86 32-bit)
Service Pack Service Pack 1
Build Number 6001
DirectX Version 10.0
Windows Update
Automatic Updates Automatic download and install
Last checked 2013-01-30 18:50:38
Windows Experience Index
Base Score 3.0
Assessment State Valid Scores
Assessment Date 10/6/2008 10:36:06 PM
Processor Subscore 4.4
Memory (RAM) Subscore 3.9
Graphics (Aero) Subscore 3.5
Gaming Graphics Subscore 3.0
Primary Disk Subscore 5.9
System Information
Manufacturer Compaq-Presario
Total Number of Logical CPUs 1
Total Physical Memory 1.00 GB
Total Number of Optical Drives 1
Total Number of Hard Drives 1
Total Number of Video Cards 1
Total Number of Memory Modules 1
Total Number of DIMM slots 2
System Name HAILEY-PC
Login
Name Hailey
Motherboard
System Board
Chipset nVidia MCP61
Base Board
Manufacturer OEM_MB
Product IVY8
BIOS
Vendor Phoenix Technologies, LTD
Release Date 05/02/2008
BIOS Version String 5.14
ROM Size 512.00 kB
AMD Athlon(tm) Processor LE-1640
Name AMD Athlon(tm) Processor LE-1640
Cores 1
Threads 1
Current Speed 2.71 GHz
Features MMX(+), 3DNow!(+), PSE36, x86-64, SSE, SSE2, SSE3, NX, SVM
L1 Instruction Cache 64.00 kB
L1 Data Cache 64.00 kB
L2 Cache 512.00 kB
Memory
System Memory
Total Physical Memory 1.00 GB
1024 MB DDR2-SDRAM (PC2-6400 / 800 MHz)
Memory Size 1.00 GB
Memory Type DDR2-SDRAM (PC2-6400 / 800 MHz)
Memory Manufacturer Kingston
Memory Manufacture Date Week 31, Year 2008
Memory Part Number FQ453-80003
Memory Serial Number AE3CC979
Memory Revision Code 4145
Directories
Windows Directory c:\windows
System Directory c:\windows\system32
Local Disk
ST325031 0AS SCSI Disk Device
Model Number ST3250310AS
Firmware Revision 3.AH
Total Capacity 232.89 GB
Driver c:\windows\system32\drivers\disk.sys
Driver Version 6.0.6001.18000, 6-21-2006
COMPAQ - C:
Drive Letter C
Volume Name COMPAQ
Volume Serial Number CCBB-3FF0
File System NTFS
Volume Capacity 221.36 GB
Volume Free Space 94.04 GB
Volume Used Space 127.33 GB
FACTORY_IMAGE - D:
Drive Letter D
Volume Name FACTORY_IMAGE
Volume Serial Number 9CA4-6A86
File System NTFS
Volume Capacity 11.52 GB
Volume Free Space 1.59 GB
Volume Used Space 9.93 GB
CD-ROM Drive
TSSTcorp CDDVDW TS-H653Q SCSI CdRom Device
Model Number TSSTcorpCDDVDW TS-H653Q
Serial Number Q3246GNQ744857
Firmware Revision 0303
Drive Letter E
Readable Media CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-R, DVD-RW, DVD-R DL, DVD+R, DVD+RW, DVD+R DL
Writable Media CD-R, CD-RW, DVD-RAM, DVD-R, DVD-RW, DVD-R DL, DVD+R, DVD+RW, DVD+R DL
Write Strategy TAO, SAO, RAW, RAW-MS
Driver c:\windows\system32\drivers\cdrom.sys
Driver Version 6.0.6001.18000, 6-21-2006
Display
Compaq WF1907 (Compaq WF1907 Wide LCD Monitor)
Mode 1024 x 768 (32-bit) (70 Hz)
Manufacturer Hewlett Packard
Serial Number CNC845PDKV
Manufacture Date Week 45, Year 2008
Signal Type Analog
Video Card
NVIDIA GeForce 6150SE nForce 430
Manufacturer NVIDIA
Driver c:\windows\system32\drivers\nvlddmkm.sys
Driver Version 7.15.11.7521, 5-22-2008
Modem
PCIe Soft Data Fax Modem with SmartCP
Model PCIe Soft Data Fax Modem with SmartCP
Driver c:\windows\system32\drivers\modem.sys
Driver Version 7.71.0.50, 3-11-2008
Sound Card
Realtek High Definition Audio
Manufacturer Realtek
Driver c:\windows\system32\drivers\rtkvhda.sys
Driver Version 6.0.1.5657, 7-3-2008
Network Card
NVIDIA nForce 10/100 Mbps Ethernet
MAC Address 00:23:54:3a:ae:5f
IP Address 192.168.1.109
Gateway IP Address 192.168.1.1
Current Speed 100.00 Mbps
Driver c:\windows\system32\drivers\nvmfdx32.sys
Driver Version 67.8.3.1, 5-21-2008
Printers
Microsoft XPS Document Writer
Model Microsoft XPS Document Writer
Path Microsoft XPS Document Writer
Driver Path C:\Windows\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Driver Version 0.3.6001.18000
HP Deskjet D1500 series
Model HP Deskjet D1500 series
Path HP Deskjet D1500 series
Driver Path C:\Windows\system32\spool\DRIVERS\W32X86\3\UNIDRV.DLL
Driver Version 0.3.6001.18000
Default Printer true
Deskjet D1500 series
Driver c:\windows\\systemroot\system32\drivers\usbprint.sys
Driver Version 6.0.6001.18000, 6-21-2006
Keyboard
Standard PS/2 Keyboard
Manufacturer (Standard keyboards)
I/O Resources I/O Port : 0x0060h - 0x0060h, I/O Port : 0x0064h - 0x0064h
IRQ Resources Interrupt : 1 (Unshareable) (Edge Triggered)
Driver c:\windows\system32\drivers\i8042prt.sys
Driver Version 6.0.6001.18000, 6-21-2006
Pointing Device
PS/2 Compatible Mouse
Manufacturer Microsoft
Driver Provider Microsoft
Driver c:\windows\system32\drivers\i8042prt.sys
Driver Version 6.0.6001.18000, 6-21-2006
USB Controller
Standard OpenHCD USB Host Controller
Manufacturer (Standard USB Host Controller)
Driver c:\windows\\systemroot\system32\drivers\usbohci.sys
Driver Version 6.0.6001.18000, 6-21-2006
Standard Enhanced PCI to USB Host Controller
Manufacturer (Standard USB Host Controller)
Driver c:\windows\system32\drivers\usbehci.sys
Driver Version 6.0.6001.18000, 6-21-2006
-
Did you try this in Normal Mode?
Alt+Ctrl+Del
New task
type:Explorer
if you saw a message saying cannot find explorer click browse go to %system root%\windows\system32 and find it it may have another extension so change the open as (bottom of window) to all files then change the extension to .EXE
Please run this even if you don't have your OS disk.
1/ Click the Start button.
2/ From the Start Menu, Click All programs followed by Accessories.
3/ In the Accessories menu, Right Click on the Command Prompt option.
4/ From the drop down menu that appears, Click on the Run as administrator option.
5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.
6/ In the Command Prompt window, type: sfc /scannow and then press Enter.
7/ A message will appear stating that the system scan will begin.
8/ Be patient because the scan may take some time.
9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.
10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.
11/ After the scan has completed, Close the command prompt window.
-
My desktop is back!!!!
I did: Alt+Cntrl+Del
New Task
Explorer
After a few minutes my desk top and icons came up!!
Yes, I hear some beeps, and when it is locking up and freezing, a lot of rumbling, like it is processing.
Should I still run the process from above? (Reply # 58) I have not located an OS disk, unless the "Learn Windows Vista" pc tutor technical support disk is the same thing?
I'm going to reboot and see if I still have my desktop.
Okay, restarted and it still came up with the black desktop, had to do as above to get the desktop back. Note: while at the windows menu screen, I tried to log on under Kathy, the other user acct that does not require a password, and it just said logging off, and rerouted to the log on screen.
-
At this point, your best bet would be save your important data and run The System Recover.
-
I downloaded the AVG anit-virus and ran the scan...found this....
(http://img191.imageshack.us/img191/3495/avgtrojan.jpg) (http://imageshack.us/photo/my-images/191/avgtrojan.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
-
But, you still have the black screen?
-
This is from the sfc scan.... it will not let me open the log.
Yes, I still have the black screen, but I have ,my desktop if I run explorer from t/m.
(http://img32.imageshack.us/img32/1592/sfcscan.jpg) (http://imageshack.us/photo/my-images/32/sfcscan.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
(http://img191.imageshack.us/img191/366/cbsfiledenial.jpg) (http://imageshack.us/photo/my-images/191/cbsfiledenial.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
-
I don't know if this is helpful, but some of my updates cannot load successfully.
(http://img713.imageshack.us/img713/4871/updatehistory.jpg) (http://imageshack.us/photo/my-images/713/updatehistory.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
Also, I updated my version of Java followed the instructions from ch on how to disable pop-ups thru about:config (except the privacy popups.firstTime option was not htere yo change to false) But I am still getting pop-ups.
-
This is from the sfc scan.... it will not let me open the log.
That's ok. I didn't need to see the log. Did it ever ask for the OS disk while running SFC?
Yes, I still have the black screen, but I have ,my desktop if I run explorer from t/m.
There are two ways that I know off to fix that problem. One is to run the Recovery Console which will take your computer back to the day it was purchased. The other way is to edit the registry so that it will boot normally. This is dangerous procedure and most experts don't even want to mess around in the Registry. I still think the Recovery would be your best bet. It's a bit more work but you end up with a new computer.
-
There are two ways that I know off to fix that problem. One is to run the Recovery Console which will take your computer back to the day it was purchased. The other way is to edit the registry so that it will boot normally. This is dangerous procedure and most experts don't even want to mess around in the Registry. I still think the Recovery would be your best bet. It's a bit more work but you end up with a new computer.
[/quote]
Will this delete my photos and other programs I have downloaded? And I have found Microsoft office, it just won't let me run it. And no, it did not ask for my OS disk.
-
Could you please run aswMBR.exe again as described in Reply # 19 and post the log.
Will this delete my photos and other programs I have downloaded?
You should save your important photos, videos, music and other important data to DVD's. You should also make a note of which programs you have downloaded and install so that you can re-install them.
-
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-01 18:56:28
-----------------------------
18:56:28.326 OS Version: Windows 6.0.6001 Service Pack 1
18:56:28.326 Number of processors: 1 586 0x7F02
18:56:28.326 ComputerName: HAILEY-PC UserName: Hailey
18:56:41.066 Initialize success
18:56:57.551 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
18:56:57.561 Disk 0 Vendor: ST325031 3.AH Size: 238475MB BusType: 3
18:56:57.601 Disk 0 MBR read successfully
18:56:57.621 Disk 0 MBR scan
18:56:57.631 Disk 0 Windows VISTA default MBR code
18:56:57.651 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226674 MB offset 63
18:56:57.691 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11797 MB offset 464230305
18:56:57.741 Disk 0 scanning sectors +488392065
18:56:57.841 Disk 0 scanning C:\Windows\system32\drivers
18:57:09.111 Service scanning
18:57:30.871 Modules scanning
18:57:41.741 Disk 0 trace - called modules:
18:57:41.771 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
18:57:41.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853000c8]
18:57:41.791 3 CLASSPNP.SYS[86335745] -> nt!IofCallDriver -> [0x845ea688]
18:57:42.041 5 acpi.sys[862126a0] -> nt!IofCallDriver -> \Device\00000055[0x845ea9c0]
18:57:42.061 Scan finished successfully
18:58:48.851 Disk 0 MBR has been saved successfully to "C:\Users\Hailey\Documents\MBR.dat"
18:58:48.881 The log file has been saved successfully to "C:\Users\Hailey\Documents\aswMBR3.txt"
-
I've had my mentor take a look at your problem and he suggests that you should try another monitor on the computer. Your monitor is almost 5 years old and they can go bad. Another thing to try is located here. (http://www.intowindows.com/how-to-reset-windows-vista-xp-security-settings-to-default-easily/)
-
I fixed the issue with my videos not being able to go full screen (if I clicked on the full screen option, my screen would go black, had to hit escape to return to the screen with a minimized video) In settings, I disabled the hardware acceleration selection in adobe flash and now my videos can go full screen.
-
Ok, I didn't know you were having problems with videos. Do you require any more assistance?
-
If I do the Windows security reset, will I loose and pictures, downloads, etc.? This is different from a system restore isn't it?
Reply #39 about the videos. :)
-
If I do the Windows security reset, will I loose and pictures, downloads, etc.? This is different from a system restore isn't it?
Reply #39 about the videos. :)
If you run the Recovery Console it will return your computer back to the date you bought it. As I stated before, you can save your photos, videos, music and your downloads to an external hard drive or DVD's . You should make a note of what programs you have installed so you may go back and re-install them afterwards.
System Restore will only return your computer to the state it was in to a specific date and will not harm your data. You could try that if you have a Restore point previous to the date you started having problems.
Run the Vista Recovery Console.
1. Eject and remove any discs or memory cards from your computer.
2. Click the "Start" button on the desktop to open the Start menu, click the small arrow icon to the right of the lock icon and select "Restart".
3. Hold the "F8" key on your computer's keyboard as Windows Vista reboots.
4. Highlight and select "Repair your computer" choose your keyboard type and click "Next".
5. Choose your user name, type your password if prompted and click "OK" to access the System Recovery Options menu.