Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Eventbrite Removes Clause That Allowed It to Attend and Film Events

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Keystrokes get changed and wired words are typed

Started by turnhardtoeasy , Dec 23 2009 02:40 AM

Please log in to reply

5 replies to this topic

#1 turnhardtoeasy

Members
4 posts
OFFLINE

Local time:05:38 AM

Posted 23 December 2009 - 02:40 AM

hello,
I have some problem and i dont know what exactly it is
when i start my laptop i am able to use my keyboard normally but after a couple of minutes sometime an hour
the key strokes get changed
for example keystrokes like qwertyuiopasdfghjklzxcvbnm get changed to ',.pyfgcrlaoeuidhtn;qjkxbm
like when i type q the word that appears is '
similarly when i type w the word i get is , (comma)
e becomes full stop and r becomes p

(hope this gives u an idea)

but this happens for quite some time and when i restart i am again able to use my keyboard there was no problem ever.

I use a toshiba laptop
please let me know what the problem is.... m so confused about this and i have no clue what to do...
the only thing i could do is restart my computer and then use my keyboard as is.

please help
thanks a lot in advance
-turnhardtoeasy

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 garmanma

Computer Masochist

Staff Emeritus
27,809 posts
OFFLINE

Location:Cleveland, Ohio
Local time:08:08 PM

Posted 23 December 2009 - 11:09 AM

Welcome to BC

While malware is easily suspect it could very well be a corrupt driver
What is the make and model number of the laptop?

Try running mbam:

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware Free version and save it to your desktop.

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

alternate download link 1
alternate download link 2

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
---------------------------
Be sure to re-enable your AV and malware scan tools if they were disabled

Mark

why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 turnhardtoeasy

Topic Starter

Members
4 posts
OFFLINE

Local time:05:38 AM

Posted 24 December 2009 - 06:42 AM

here are the report that i got from malware bite

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/24/2009 2:29:26 AM
mbam-log-2009-12-24 (02-29-19).txt

Scan type: Quick Scan
Objects scanned: 113030
Time elapsed: 19 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 40
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGAS.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knownsvr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naprdmgr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHSTAT.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TBMon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpdaterUI.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vstskmgr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MediaCenter (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\13R98J8Y\A12[2].exe (Malware.Packer) -> No action taken.
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\13R98J8Y\scanner[1].zip (Malware.Packer) -> No action taken.
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\13R98J8Y\scanner[2].zip (Malware.Packer) -> No action taken.
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\13R98J8Y\scanner[3].zip (Malware.Packer) -> No action taken.
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\1V3LT6OG\scanner[1].zip (Malware.Packer) -> No action taken.
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\1V3LT6OG\scanner[2].zip (Malware.Packer) -> No action taken.
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\31ODA0IL\A12[1].exe (Malware.Packer) -> No action taken.
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\31ODA0IL\scanner[1].zip (Malware.Packer) -> No action taken.
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\31ODA0IL\scanner[2].zip (Malware.Packer) -> No action taken.
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\A24MEWES\A12[1].exe (Malware.Packer) -> No action taken.
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\A24MEWES\scanner[1].zip (Malware.Packer) -> No action taken.
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\A24MEWES\scanner[2].zip (Malware.Packer) -> No action taken.
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\A24MEWES\scanner[3].zip (Malware.Packer) -> No action taken.
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\A24MEWES\scanner[4].zip (Malware.Packer) -> No action taken.

and then i did one more

Malwarebytes' Anti-Malware 1.42
Database version: 3398
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/24/2009 7:44:01 AM
mbam-log-2009-12-24 (07-44-01).txt

Scan type: Quick Scan
Objects scanned: 115059
Time elapsed: 5 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\comcoont10 (Trojan.Redosdru) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I am still facing the same problem

one more thing
i have 3 folders in my e drive that i am unable to access nor m i able to delete
i had formatted my harddisk before so i m sure its not system related...
has to be some worm or something
once one of the movie got pasted in it somehow.. and i was never able to get it back...
when i try to acccess it it says access denied

#4 garmanma

Computer Masochist

Staff Emeritus
27,809 posts
OFFLINE

Location:Cleveland, Ohio
Local time:08:08 PM

Posted 24 December 2009 - 06:21 PM

have 3 folders in my e drive that i am unable to access

Do they give any info when you right-click on them and select Properties?

:trumpet:

Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.[/list]
=======================

:flowers:

Reboot the computer, Update mbam and run a FULL scan
Please post the results
====================

:thumbsup:

We Need to check for Rootkits with RootRepeal

Download RootRepeal from the following location and save it to your desktop.
- Direct Download (Recommended)
- Zip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
- Rar Mirrors - Only if you know what a RAR is and can extract it.
Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
Open on your desktop.
Click the tab.
Click the button.
Check all seven boxes:
Push Ok
Check the box for your main system drive (Usually C:), and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Mark

#5 turnhardtoeasy

Topic Starter

Members
4 posts
OFFLINE

Local time:05:38 AM

Posted 25 December 2009 - 04:13 AM

i have done as instructed

i had renamed the folders to delete me1 delete me 2, 3 and 4

the folders show no information though there must be not less than a gb space taken by it
Posted Image

other folder

Posted Image

the new mbam log

Malwarebytes' Anti-Malware 1.42
Database version: 3398
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/25/2009 1:53:06 PM
mbam-log-2009-12-25 (13-52-56).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 322927
Time elapsed: 2 hour(s), 22 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\comcoont10 (Trojan.Redosdru) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Documents and Settings\User\My Documents\Downloads\IDM.v5.18.5.Full_Updated\IDM.v5.18.5.Full_by.tano1221\Internet Download Manager v5.18 Build 5\idman518f.exe (PWS.Brothef) -> No action taken.
D:\WINDOWS\system32\3SY0TVGFZI\A12.exe (Malware.Packer) -> No action taken.
D:\WINDOWS\system32\881H3ANKJ5\A12.exe (Malware.Packer) -> No action taken.
E:\System Volume Information\_restore{E588E629-6A38-427A-BB86-A4101D21E183}\RP13\A0006194.exe (Adware.EShoper) -> No action taken.

the report from the other oldtimer software

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/25 11:16
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF74B6000 Size: 53248 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF732E000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF78B2000 Size: 11648 File Visible: - Signed: -
Status: -

Name: AegisP.sys
Image Path: D:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xF781E000 Size: 19360 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: D:\WINDOWS\System32\drivers\afd.sys
Address: 0xF17EA000 Size: 138496 File Visible: - Signed: -
Status: -

Name: AGRSM.sys
Image Path: D:\WINDOWS\system32\DRIVERS\AGRSM.sys
Address: 0xF1FF7000 Size: 1122592 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: D:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xF7636000 Size: 60800 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF72A2000 Size: 98304 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: ati2cqag.dll
Image Path: D:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA16000 Size: 258048 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: D:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D3000 Size: 274432 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF6D9D000 Size: 1585152 File Visible: - Signed: -
Status: -

Name: ati3duag.dll
Image Path: D:\WINDOWS\System32\ati3duag.dll
Address: 0xBFA8B000 Size: 2666496 File Visible: - Signed: -
Status: -

Name: atikvmag.dll
Image Path: D:\WINDOWS\System32\atikvmag.dll
Address: 0xBFA55000 Size: 221184 File Visible: - Signed: -
Status: -

Name: ativvaxx.dll
Image Path: D:\WINDOWS\System32\ativvaxx.dll
Address: 0xBFD16000 Size: 1134592 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: D:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: D:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7B43000 Size: 3072 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF78AE000 Size: 16384 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: D:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79B4000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: D:\WINDOWS\system32\BOOTVID.dll
Address: 0xF78A6000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: D:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF6AB7000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: D:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF76D6000 Size: 49536 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7506000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: D:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF7962000 Size: 14080 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF78AA000 Size: 9344 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF74F6000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF72BA000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF799A000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: D:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF75A6000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: D:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF170F000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: D:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79C0000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: D:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF1FE3000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: D:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C1000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: D:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7B6D000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e100b325.sys
Image Path: D:\WINDOWS\system32\DRIVERS\e100b325.sys
Address: 0xF6B11000 Size: 158720 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: D:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF7616000 Size: 34944 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF7283000 Size: 124800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: D:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79B2000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF72E0000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: D:\WINDOWS\system32\hal.dll
Address: 0x806EC000 Size: 131968 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF6D64000 Size: 151552 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF75F6000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF77EE000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: D:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF6F20000 Size: 9600 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: D:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xEE91B000 Size: 263040 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: D:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF76A6000 Size: 52736 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: D:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF76C6000 Size: 41856 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: D:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF7686000 Size: 36096 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xF188C000 Size: 74752 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF74C6000 Size: 35840 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: D:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF778E000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: D:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7996000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kl1.sys
Image Path: D:\WINDOWS\system32\drivers\kl1.sys
Address: 0xF18C7000 Size: 5373952 File Visible: - Signed: -
Status: -

Name: klbg.sys
Image Path: klbg.sys
Address: 0xF7496000 Size: 53248 File Visible: - Signed: -
Status: -

Name: klif.sys
Image Path: D:\WINDOWS\system32\DRIVERS\klif.sys
Address: 0xF1E07000 Size: 331776 File Visible: - Signed: -
Status: -

Name: klim5.sys
Image Path: D:\WINDOWS\system32\DRIVERS\klim5.sys
Address: 0xF76F6000 Size: 40960 File Visible: - Signed: -
Status: -

Name: klmouflt.sys
Image Path: D:\WINDOWS\system32\DRIVERS\klmouflt.sys
Address: 0xF7646000 Size: 36864 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: D:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xEE263000 Size: 171776 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF6AEE000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF725A000 Size: 92032 File Visible: - Signed: -
Status: -

Name: mbamswissarmy.sys
Image Path: D:\WINDOWS\system32\drivers\mbamswissarmy.sys
Address: 0xF783E000 Size: 32768 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: D:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79B6000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: D:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF77B6000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: D:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7796000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: D:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xF6565000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF74D6000 Size: 42240 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: D:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xEF232000 Size: 181248 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xF1727000 Size: 453632 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: D:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF77DE000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: D:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7556000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: D:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7986000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF7185000 Size: 107904 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF71A0000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF796A000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xEF4CB000 Size: 12928 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6AD7000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: D:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7576000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: D:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF7606000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: D:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xF180C000 Size: 162816 File Visible: - Signed: -
Status: -

Name: NETw3x32.sys
Image Path: D:\WINDOWS\system32\DRIVERS\NETw3x32.sys
Address: 0xF6B94000 Size: 1707776 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: D:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xF7696000 Size: 61824 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: D:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF77E6000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF71CD000 Size: 574592 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: D:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: D:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7B61000 Size: 2944 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF74A6000 Size: 61056 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7A5F000 Size: 4096 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF771E000 Size: 18688 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF731D000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCI_PNP3556
Image Path: \Driver\PCI_PNP3556
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7A5E000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7716000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xF72FF000 Size: 119936 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: D:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF210A000 Size: 139264 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: D:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6A26000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: D:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF77A6000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7516000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: D:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF6F28000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF7706000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: D:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF7536000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: D:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF7546000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: D:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF77AE000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: D:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xF17BE000 Size: 176512 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: D:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79B8000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: D:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF65B5000 Size: 196864 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: D:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF76E6000 Size: 57472 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: D:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE2CD000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: D:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xF212C000 Size: 4247552 File Visible: - Signed: -
Status: -

Name: s24trans.sys
Image Path: D:\WINDOWS\system32\DRIVERS\s24trans.sys
Address: 0xEF5BF000 Size: 12544 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: D:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xF735C000 Size: 98304 File Visible: - Signed: -
Status: -

Name: sdbus.sys
Image Path: D:\WINDOWS\system32\DRIVERS\sdbus.sys
Address: 0xF6B38000 Size: 67584 File Visible: - Signed: -
Status: -

Name: spsi.sys
Image Path: spsi.sys
Address: 0xF7374000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF7271000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: D:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xEF0C8000 Size: 333184 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: D:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF79AC000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: D:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xEF172000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: D:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xF1834000 Size: 359040 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF779E000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: D:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7566000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tifm21.sys
Image Path: D:\WINDOWS\system32\drivers\tifm21.sys
Address: 0xF6B49000 Size: 162560 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: D:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF6581000 Size: 209408 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF79B0000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: D:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7786000 Size: 26624 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: D:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF75C6000 Size: 57600 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6B71000 Size: 143360 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: D:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF777E000 Size: 20480 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: D:\WINDOWS\System32\drivers\vga.sys
Address: 0xF77D6000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: D:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6D89000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF74E6000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: D:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF7626000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: D:\WINDOWS\System32\watchdog.sys
Address: 0xF77FE000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: D:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xEEC53000 Size: 82944 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1839104 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: D:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1839104 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: D:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xF7998000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: D:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xF795E000 Size: 12032 File Visible: - Signed: -
Status: -

Edited by turnhardtoeasy, 25 December 2009 - 04:18 AM.

#6 garmanma

Computer Masochist

Staff Emeritus
27,809 posts
OFFLINE

Location:Cleveland, Ohio
Local time:08:08 PM

Posted 26 December 2009 - 02:30 PM

At the end of the mbam scan, you are checking the box that says Remove selected and clicking OK, correct?

:trumpet:

Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:

Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).
If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)

Now put a check next to Complete scan to scan all local disks and removable media.
In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
In the top menu, click file and choose save report list.
Save the DrWeb.csv report to your desktop.
Exit Dr.Web Cureit when done.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

==========================

:flowers:

USE THIS ONE

Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2

This tool will create a diagnostic report
Double-click on Win32kDiag.exe to run and let it finish.
When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
A file called Win32kDiag.txt should be created on your Desktop.
Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.

--------------------------------------

:thumbsup:

Go to

> Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:

DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt

A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.

Mark

Back to Am I infected? What do I do?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Keystrokes get changed and wired words are typed

#1 turnhardtoeasy

BC AdBot (Login to Remove)

#2 garmanma

#3 turnhardtoeasy

#4 garmanma

#5 turnhardtoeasy

#6 garmanma

0 user(s) are reading this topic

Sign In