Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 28

Thread: Ken My Laptop

  1. #11
    Senior Member
    Join Date
    Apr 2006
    Posts
    153

    Default

    Something else that might be a problem. I was in my AOL software and went into internet options. In the manage add ons section there are a bunch of add ons under Microsoft Corporation:

    XML Dom Doc, HTML DLG Safe Helper Class, Windows Media Player, XML HTTP 6.0 and a few others. In a box where you want to add websites to run it was a *. I removed it. I've never seen these files in add ons before. I went into my IE 10 directly and they are not there. Still getting pop ups when I enter e-mail. Not sure what the heck is going on. I've disabled everything that was listed in add ons under Microsoft heading. Not sure where to go from here.

  2. #12
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Not a fan of anything AOL, if you can live without it go ahead in Programs and Features in the control panel and uninstall it all, in this day and age there is no need for anything AOL

    Running AdwCleaner and Junkware Removal and then Malwarebytes should remove those pop ups

    Here they are again in case you need them, run them all even if you have already, when your done with them all go ahead and run a new scan with FRST, checkmark Additions and post both logs



    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    ===============================================================================


    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.




    ===============================================================================

    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #13
    Senior Member
    Join Date
    Apr 2006
    Posts
    153

    Default

    Cannot do without AOL but I did do a quick restore on it. I will rerun all that stuff you suggested and will get back to you with logs in a little while.

  4. #14
    Senior Member
    Join Date
    Apr 2006
    Posts
    153

    Default

    Following are the logs: They found nothing but I'm still getting adnxs pop ups.

    # AdwCleaner v4.002 - Report created 29/10/2014 at 10:42:47
    # DB v2014-10-26.6
    # Updated 27/10/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Gateway - GATEWAY-PC
    # Running from : C:\Users\Gateway\Desktop\adwcleaner_4.002.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.17116


    *************************

    AdwCleaner[R0].txt - [712 octets] - [29/10/2014 10:39:08]
    AdwCleaner[S0].txt - [627 octets] - [29/10/2014 10:42:47]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [686 octets] ##########



    JRT log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.3 (10.21.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Gateway on Wed 10/29/2014 at 10:57:02.04
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 10/29/2014 at 10:59:31.81
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    MBAM log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/29/2014
    Scan Time: 11:01:11 AM
    Logfile: mbam log.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.10.29.05
    Rootkit Database: v2014.10.22.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Gateway

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 316784
    Time Elapsed: 16 min, 6 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    I will be back on later. Have some stuff to do.

  5. #15
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    What I would do is go into your AOL mail and delete anything with an attachment or even mail that you deem safe but no longer need, even in your send folder then empty the trash, just guessing you may have an infected email

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #16
    Senior Member
    Join Date
    Apr 2006
    Posts
    153

    Default

    <<What I would do is go into your AOL mail and delete anything with an attachment or even mail that you deem safe but no longer need, even in your send folder then empty the trash, just guessing you may have an infected email>>


    E-mail in AOL is not stored on the computer so that you can access it anywhere. But I did go ahead and permanetly delete the deleted e-mails and anything else I didn't think I would need.

    Here's the combofix log:

    ComboFix 14-10-29.01 - Gateway 10/29/2014 13:30:50.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3764.2645 [GMT -5:00]
    Running from: c:\users\Gateway\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
    FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-09-28 to 2014-10-29 )))))))))))))))))))))))))))))))
    .
    .
    2014-10-29 18:38 . 2014-10-29 18:38 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-10-29 18:38 . 2014-10-29 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-10-29 18:33 . 2014-10-29 18:33 -------- d-----w- c:\users\Gateway\AppData\Local\CrashDumps
    2014-10-29 16:29 . 2014-10-29 16:29 111080 ----a-w- c:\windows\system32\drivers\eKdgjNlY.sys
    2014-10-29 16:28 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D769973-A26B-4408-B1CB-B88CB8F20A13}\mpengine.dll
    2014-10-29 16:00 . 2014-10-29 16:31 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-10-29 16:00 . 2014-10-01 16:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-10-29 16:00 . 2014-10-01 16:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-10-29 16:00 . 2014-10-01 16:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-10-29 16:00 . 2014-10-29 16:00 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-10-29 15:53 . 2014-10-29 15:53 111080 ----a-w- c:\windows\system32\drivers\AVoXsrYx.sys
    2014-10-29 15:43 . 2014-10-29 15:43 111080 ----a-w- c:\windows\system32\drivers\HxQQQsyo.sys
    2014-10-29 15:39 . 2014-10-29 15:42 -------- d-----w- C:\AdwCleaner
    2014-10-29 15:17 . 2014-10-29 15:17 111080 ----a-w- c:\windows\system32\drivers\MxlQYWlT.sys
    2014-10-29 12:48 . 2014-10-29 12:48 111080 ----a-w- c:\windows\system32\drivers\PwOKWLIh.sys
    2014-10-29 11:09 . 2014-10-29 11:09 111080 ----a-w- c:\windows\system32\drivers\UBrLFeHr.sys
    2014-10-29 10:48 . 2014-10-29 10:48 111080 ----a-w- c:\windows\system32\drivers\opRcMSkk.sys
    2014-10-28 18:39 . 2014-10-28 18:39 -------- d-----w- c:\programdata\Malwarebytes
    2014-10-28 18:35 . 2014-10-28 18:35 111080 ----a-w- c:\windows\system32\drivers\iAncQEAl.sys
    2014-10-28 15:20 . 2014-10-29 12:47 -------- d-----w- C:\FRST
    2014-10-28 08:20 . 2014-10-28 08:20 111080 ----a-w- c:\windows\system32\drivers\jnsAdKtw.sys
    2014-10-28 07:35 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-10-27 16:58 . 2014-10-27 16:58 -------- d-----w- c:\users\Gateway\AppData\Local\Apps
    2014-10-27 14:54 . 2014-10-27 14:54 111080 ----a-w- c:\windows\system32\drivers\pDKYbgdo.sys
    2014-10-27 14:39 . 2014-10-27 14:39 111080 ----a-w- c:\windows\system32\drivers\JmOVyYpY.sys
    2014-10-27 12:40 . 2014-10-27 12:40 -------- d-----w- c:\programdata\boost_interprocess
    2014-10-27 12:29 . 2014-10-27 12:29 111080 ----a-w- c:\windows\system32\drivers\atYthjoV.sys
    2014-10-27 12:25 . 2014-10-27 12:25 111080 ----a-w- c:\windows\system32\drivers\IXtkPayO.sys
    2014-10-27 12:19 . 2014-10-27 12:19 111080 ----a-w- c:\windows\system32\drivers\YVTTuumS.sys
    2014-10-27 12:10 . 2014-10-27 12:10 111080 ----a-w- c:\windows\system32\drivers\gSuQpyHA.sys
    2014-10-27 12:06 . 2014-10-27 12:06 111080 ----a-w- c:\windows\system32\drivers\PGBxTkEF.sys
    2014-10-27 00:43 . 2014-10-27 00:43 111080 ----a-w- c:\windows\system32\drivers\ufimfweO.sys
    2014-10-26 23:25 . 2014-10-26 23:25 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2014-10-26 12:46 . 2014-10-26 12:46 111080 ----a-w- c:\windows\system32\drivers\SaBACdhX.sys
    2014-10-25 18:42 . 2014-10-25 18:42 111080 ----a-w- c:\windows\system32\drivers\qkkcNgcg.sys
    2014-10-24 22:36 . 2014-10-24 22:36 111080 ----a-w- c:\windows\system32\drivers\sBDzxsjA.sys
    2014-10-22 15:01 . 2014-10-22 15:01 111080 ----a-w- c:\windows\system32\drivers\iOwjfFdq.sys
    2014-10-22 11:23 . 2014-10-22 11:23 111080 ----a-w- c:\windows\system32\drivers\sNmtkkiz.sys
    2014-10-22 11:05 . 2014-10-22 11:05 111080 ----a-w- c:\windows\system32\drivers\PHrqeLVS.sys
    2014-10-22 10:54 . 2014-10-22 10:54 111080 ----a-w- c:\windows\system32\drivers\KnLHwfQW.sys
    2014-10-21 19:34 . 2014-10-21 19:34 111080 ----a-w- c:\windows\system32\drivers\BlFSMOwS.sys
    2014-10-21 13:00 . 2014-10-21 13:00 111080 ----a-w- c:\windows\system32\drivers\ipEyTLGa.sys
    2014-10-21 12:49 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
    2014-10-21 12:49 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
    2014-10-21 12:49 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
    2014-10-21 12:49 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
    2014-10-21 12:49 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
    2014-10-21 12:49 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
    2014-10-21 12:40 . 2014-10-21 12:40 111080 ----a-w- c:\windows\system32\drivers\tICbFABY.sys
    2014-10-21 12:37 . 2014-10-21 12:37 111080 ----a-w- c:\windows\system32\drivers\uOqCtCGV.sys
    2014-10-21 12:32 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
    2014-10-21 12:32 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
    2014-10-21 12:32 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
    2014-10-21 12:32 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys
    2014-10-21 12:32 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
    2014-10-21 12:32 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
    2014-10-21 12:31 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
    2014-10-21 12:31 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2014-10-21 12:17 . 2014-10-21 12:17 111080 ----a-w- c:\windows\system32\drivers\TejdXozT.sys
    2014-10-20 07:29 . 2014-10-20 07:29 111080 ----a-w- c:\windows\system32\drivers\VaIZBLul.sys
    2014-10-09 16:42 . 2014-10-09 16:42 111080 ----a-w- c:\windows\system32\drivers\pkUPoewm.sys
    2014-10-08 09:40 . 2014-10-08 09:40 111080 ----a-w- c:\windows\system32\drivers\PvmDPGpu.sys
    2014-10-08 09:14 . 2014-10-08 09:14 111080 ----a-w- c:\windows\system32\drivers\qCEOYKVu.sys
    2014-10-06 11:42 . 2014-10-06 11:42 111080 ----a-w- c:\windows\system32\drivers\FKACWuEl.sys
    2014-10-03 23:34 . 2014-10-03 23:34 111080 ----a-w- c:\windows\system32\drivers\kCpsrgpo.sys
    2014-10-02 13:31 . 2014-10-22 15:15 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-10-02 13:31 . 2014-10-02 13:31 -------- d-----w- c:\programdata\RogueKiller
    2014-10-01 10:17 . 2014-09-17 11:05 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78B986AF-7794-4504-8620-03B8D602F3A3}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-09-29 17:31 . 2014-09-29 17:31 111080 ----a-w- c:\windows\system32\drivers\exTZeEAA.sys
    2014-09-29 12:58 . 2014-09-29 12:58 111080 ----a-w- c:\windows\system32\drivers\Cllvxtmc.sys
    2014-09-29 12:40 . 2014-09-29 12:40 111080 ----a-w- c:\windows\system32\drivers\dubezlMy.sys
    2014-09-28 23:59 . 2014-09-28 23:59 111080 ----a-w- c:\windows\system32\drivers\OyPexOOc.sys
    2014-09-28 19:58 . 2014-09-28 19:58 111080 ----a-w- c:\windows\system32\drivers\yMxFRDLr.sys
    2014-09-28 19:36 . 2014-09-28 19:36 111080 ----a-w- c:\windows\system32\drivers\UzVfwxBv.sys
    2014-09-28 14:17 . 2014-09-28 14:17 111080 ----a-w- c:\windows\system32\drivers\VbdJPgnZ.sys
    2014-09-28 13:59 . 2014-09-28 13:59 111080 ----a-w- c:\windows\system32\drivers\bUvERcaW.sys
    2014-09-28 11:53 . 2014-09-28 11:53 111080 ----a-w- c:\windows\system32\drivers\ICPieGzC.sys
    2014-09-27 21:41 . 2014-09-27 21:41 111080 ----a-w- c:\windows\system32\drivers\UgqyfSyY.sys
    2014-09-27 21:22 . 2014-09-27 21:22 111080 ----a-w- c:\windows\system32\drivers\dFcHOCdB.sys
    2014-09-27 21:13 . 2014-09-27 21:13 111080 ----a-w- c:\windows\system32\drivers\KxCEIaxm.sys
    2014-09-27 21:07 . 2014-09-27 21:07 111080 ----a-w- c:\windows\system32\drivers\yspnfyZk.sys
    2014-09-25 13:11 . 2014-09-25 13:11 111080 ----a-w- c:\windows\system32\drivers\OVeQxxot.sys
    2014-09-25 13:01 . 2014-09-25 13:01 111080 ----a-w- c:\windows\system32\drivers\NsnVqhYY.sys
    2014-09-24 16:07 . 2014-09-24 16:07 111080 ----a-w- c:\windows\system32\drivers\gRQyHaVv.sys
    2014-09-24 12:14 . 2014-09-24 12:14 111080 ----a-w- c:\windows\system32\drivers\cqVRFPRT.sys
    2014-09-22 06:42 . 2011-10-27 20:21 278152 ------w- c:\windows\system32\MpSigStub.exe
    2014-09-20 22:52 . 2014-09-20 22:52 111080 ----a-w- c:\windows\system32\drivers\orzShdkG.sys
    2014-09-20 22:40 . 2014-09-20 22:40 111080 ----a-w- c:\windows\system32\drivers\lNmKKXXK.sys
    2014-09-20 22:13 . 2014-09-20 22:13 111080 ----a-w- c:\windows\system32\drivers\ILtPGRZV.sys
    2014-09-20 22:11 . 2014-09-20 22:11 111080 ----a-w- c:\windows\system32\drivers\NBCkzyDb.sys
    2014-09-20 21:46 . 2014-09-20 21:46 111080 ----a-w- c:\windows\system32\drivers\SsgbkfyY.sys
    2014-09-20 13:10 . 2013-06-26 14:27 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-09-20 13:10 . 2013-06-26 14:27 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-09-17 11:05 . 2012-02-10 12:24 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-09-16 10:51 . 2014-09-16 10:51 111080 ----a-w- c:\windows\system32\drivers\aWWCvThI.sys
    2014-09-09 22:11 . 2014-09-29 17:23 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-09-09 21:47 . 2014-09-29 17:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-09-03 19:47 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2014-09-03 19:46 . 2014-09-03 19:46 111080 ----a-w- c:\windows\system32\drivers\iVIgRJke.sys
    2014-09-03 19:44 . 2014-09-03 19:44 111080 ----a-w- c:\windows\system32\drivers\LixWLhJB.sys
    2014-08-31 17:20 . 2014-08-31 17:20 111080 ----a-w- c:\windows\system32\drivers\HwhACASq.sys
    2014-08-28 21:09 . 2014-08-28 21:09 111080 ----a-w- c:\windows\system32\drivers\ajOQjQhU.sys
    2014-08-27 14:47 . 2014-08-27 14:47 111080 ----a-w- c:\windows\system32\drivers\txAthFaK.sys
    2014-08-27 14:46 . 2014-08-27 14:46 111080 ----a-w- c:\windows\system32\drivers\JKzFHMwg.sys
    2014-08-23 02:07 . 2014-09-20 21:59 404480 ----a-w- c:\windows\system32\gdi32.dll
    2014-08-23 01:45 . 2014-09-20 21:59 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
    2014-08-23 00:34 . 2014-08-23 00:34 111080 ----a-w- c:\windows\system32\drivers\vCKYeTXc.sys
    2014-08-21 13:56 . 2014-08-21 13:56 111080 ----a-w- c:\windows\system32\drivers\SXkkfHGk.sys
    2014-08-19 15:44 . 2014-08-19 15:44 111080 ----a-w- c:\windows\system32\drivers\lFDmxCus.sys
    2014-08-10 22:23 . 2014-08-10 22:22 111080 ----a-w- c:\windows\system32\drivers\ObnXGiKQ.sys
    2014-08-02 18:38 . 2014-08-02 18:38 111080 ----a-w- c:\windows\system32\drivers\OBYIpiCc.sys
    2014-08-01 11:53 . 2014-09-20 22:01 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
    2014-08-01 11:35 . 2014-09-20 22:01 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6\AOL.EXE" [2011-04-25 42320]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
    "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-06-20 73832]
    "WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-01-16 647120]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
    R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 PCDSRVC{FCB8192B-6C0E95E9-06020101}_0;PCDSRVC{FCB8192B-6C0E95E9-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\gateway\appdata\local\temp\i1amxcawrfo3\pcdrdiag\bin\pcdsrvc_x64.pkms;c:\users\gateway\appdata\local\temp\i1amxcawrfo3\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
    S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
    .
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
    "Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.aol.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{FCB8192B-6C0E95E9-06020101}_0]
    "ImagePath"="\??\c:\users\gateway\appdata\local\temp\i1amxcawrfo3\pcdrdiag\bin\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
    @DACL=(02 0000)
    @="Bing"
    "URL"="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
    "DisplayName"="@ieframe.dll,-12512"
    "FaviconURL"="http://www.bing.com/favicon.ico"
    "SuggestionsURL"="http://api.bing.com/qsml.aspx?query={searchTerms}&src={referrer:source?}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-10-29 13:46:48
    ComboFix-quarantined-files.txt 2014-10-29 18:46
    .
    Pre-Run: 567,220,666,368 bytes free
    Post-Run: 566,681,833,472 bytes free
    .
    - - End Of File - - E7318077D953FCAB3C349E51402095F3

  7. #17
    Senior Member
    Join Date
    Apr 2006
    Posts
    153

    Default

    Oh forgot to mention as I was running combo fix. It's said Webroot Secure anywhere was still active even though I had it disabled. It comes up when I reboot and I disable it because I don't like it except for clearing temp files. So for the most part it's disabled. Also about like 8 or 9 in the combofix process a notification came up that PEV.exe stopped working and required me to close the program to continue. Not sure if that's part of combo fix or something else.

  8. #18
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Combofix is showing a ton of drivers that wont Google, when I cant find any info on them there most times bad, I want you to check two of them before we remove them all


    You need to enable windows to show all files and folders, instructions Here

    Go to VirusTotal and submit these files for analysis, just use CHOOSE FILE and then Scan It, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.

    c:\windows\system32\drivers\eKdgjNlY.sys
    c:\windows\system32\drivers\AVoXsrYx.sys


    If the site is busy you can try this one
    http://virusscan.jotti.org/en
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #19
    Senior Member
    Join Date
    Apr 2006
    Posts
    153

    Default

    When I go to Virus Total I cannot find either of these drivers. When I search for then in the C: drive the properties says it's part of Webroot Secure Anywhere. I've had this come up before. I don't know why those won't show except for maybe they are part of security software?

  10. #20
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Did some asking around and they may be part of webroot, never been a big fan of webroot, its up to you but try uninstalling it and see if things get better
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •