btowngurl1974
New Member
- Messages
- 69
- Location
- Indiana, USA
Hi all. Everyone has been a blessing in disguise with helping me solve issues one by one on my laptop. I have a hacker, a known one possibly, and I was just tweaking my 'services running' via Services.msc, and decided to take a peak at the registry. I found some entries I believe to be a little odd. Maybe someone can tell me if these 'drivers' or 'services' were forcefully installed on my laptop? I have screenshots of entire registry for that area, but will only post a couple until I can get each sorted out. I did go to the Black Viper website and that is where I got the idea to check services running and correct the ones not 'Auto, Manual...etc' ....
SO, ONE of my main questions is this one:
Registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\3ware
>Parameters
[and clicking on Parameters these are the entries:]
(Default) Type Data
BusType REG_DWORD 0x00000008 (8)
IoTimeoutValue REG_DWORD 0x0000003c (60)
...and below parameters is
>PnpInterface
(Default) Type Data
5 REG_DWORD 0x00000001 (1)
There are others as well...I'll just give the names that appear on the left side, and not all the detailed information unless someone else thinks it's fishy and then I'll provide the screenshots.
ACPI > Enum > Parameters >WakeUp
acpiex > Parameters >Wdf
acpipagr
AcpiPmi
acpitime
ADP80XX >Parameters >WDF
adsi >Cache >Options >dashost.exe, excel.exe, powerpnt.exe, winword.exe
AeLookupSvc > Parameters >TriggerInfo, 0
AERTFilters
AFD >Parameters
agp440 >StartOverride
ahcache
ALG
AmdK8
AmdPPM
AthBTPort
ATHDFU > Parameters
AtherosSvc
athr > enum
AudioEndpointBuilder
b06bdrv > Parameters >WDF then StartOverride
BattC
bcmfn2
BDESVC >Parameters, Security, SQM State, State >TriggerInfo, 0
And I'll start with those because the list is forever unending. I will take a screenshot of just the names alone if that will help someone, and if another sees something that doesn't belong there, then maybe we can continue with the steps to fix this.
The reason I'm having issues, it's been an ongoing battle with this possible 'hacker', (whom I don't believe has ill intentions), but first I had a little white 'Windows' key down in the task bar that had the options to reserve Win 10....etc. So, digging further (after I thought it was nothing), I opened the file to find that someone had attached other .exe files with that and last night my computer began doing all of these 'Updates' in which came from nowhere. When they finally finished, I checked out Norton, and all my settings had been changed, and someone had logged on and changed them, and I think they did this while I was gone, and then while it was updating, then that's when other changes were made because I had no control over my laptop while it was installing the updates. [Just a little history for all of you who are tech savvy and can help me PLEASE get this figured out. I'm tired of playing this game of cat and mouse and if I have a Keylogger installed, I want it GONE!
Thanks much everyone!!
SO, ONE of my main questions is this one:
Registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\3ware
>Parameters
[and clicking on Parameters these are the entries:]
(Default) Type Data
BusType REG_DWORD 0x00000008 (8)
IoTimeoutValue REG_DWORD 0x0000003c (60)
...and below parameters is
>PnpInterface
(Default) Type Data
5 REG_DWORD 0x00000001 (1)
There are others as well...I'll just give the names that appear on the left side, and not all the detailed information unless someone else thinks it's fishy and then I'll provide the screenshots.
ACPI > Enum > Parameters >WakeUp
acpiex > Parameters >Wdf
acpipagr
AcpiPmi
acpitime
ADP80XX >Parameters >WDF
adsi >Cache >Options >dashost.exe, excel.exe, powerpnt.exe, winword.exe
AeLookupSvc > Parameters >TriggerInfo, 0
AERTFilters
AFD >Parameters
agp440 >StartOverride
ahcache
ALG
AmdK8
AmdPPM
AthBTPort
ATHDFU > Parameters
AtherosSvc
athr > enum
AudioEndpointBuilder
b06bdrv > Parameters >WDF then StartOverride
BattC
bcmfn2
BDESVC >Parameters, Security, SQM State, State >TriggerInfo, 0
And I'll start with those because the list is forever unending. I will take a screenshot of just the names alone if that will help someone, and if another sees something that doesn't belong there, then maybe we can continue with the steps to fix this.
The reason I'm having issues, it's been an ongoing battle with this possible 'hacker', (whom I don't believe has ill intentions), but first I had a little white 'Windows' key down in the task bar that had the options to reserve Win 10....etc. So, digging further (after I thought it was nothing), I opened the file to find that someone had attached other .exe files with that and last night my computer began doing all of these 'Updates' in which came from nowhere. When they finally finished, I checked out Norton, and all my settings had been changed, and someone had logged on and changed them, and I think they did this while I was gone, and then while it was updating, then that's when other changes were made because I had no control over my laptop while it was installing the updates. [Just a little history for all of you who are tech savvy and can help me PLEASE get this figured out. I'm tired of playing this game of cat and mouse and if I have a Keylogger installed, I want it GONE!
Thanks much everyone!!
My Computer
System One
-
- OS
- Windows 8
- Computer type
- Laptop
- System Manufacturer/Model
- Dell Inspiron 15 3521
- CPU
- Intel Core i3-3227U CPU 1.90GHz
- Motherboard
- EUFI
- Memory
- 4.00 GB
- Graphics Card(s)
- Intel HD Graphics 4000
- Sound Card
- Name High Definition Audio Device
- Monitor(s) Displays
- Name Intel(R) HD Graphics 4000
- Screen Resolution
- Resolution 1366 x 768 x 60 hertz
- Hard Drives
- Manufacturer (Standard disk drives)
Model ST500LT012-9WS142
Media Type Fixed hard disk
Description Disk drive
Manufacturer (Standard disk drives)
Model SanDisk Cruzer Glide USB Device
- Keyboard
- Description Standard PS/2 Keyboard
- Mouse
- Hardware Type Dell Touchpad
- Browser
- IE11
- Antivirus
- Windows Defender and Norton 360
- Other Info
- 1394ohci 1394 OHCI Compliant Host Controller c:\windows\system32\drivers\1394ohci.sys Kernel Driver No Manual Stopped OK Normal No No
3ware 3ware c:\windows\system32\drivers\3ware.sys Kernel Driver No Manual Stopped OK Normal No No
acpi Microsoft ACPI Driver c:\windows\system32\drivers\acpi.sys Kernel Driver Yes Boot Running OK Critical No Yes
acpiex Microsoft ACPIEx Driver c:\windows\system32\dri