Author Topic: iexplore.exe - Application Error (Read 11114 times)

tudmay · « **on:** January 12, 2011, 05:54:13 PM »

XP SP3 running IE8.

get error message: iexplore.exe-application error the instruction at "0x00fc35e7" referenced memory at "0x81505038". The memory could not be "read"

error message pop out even IE is not running. disabled all add ons.

also error reporting keep poping out said: internet explorer has encountered a problem and needs to close. (havnt call the program this error still come out.)

what to do?

SuperDave · « **Reply #1 on:** January 13, 2011, 12:06:55 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.exe
* Rkill.com
* Rkill.scr

Once you've gotten one of them to run then try to immediately run the following.
**************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

tudmay · « **Reply #2 on:** January 13, 2011, 11:42:32 PM »

hi dave,

pls find the logs below:

rkill log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/13/2011 at 14:44:16.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xdxjxvaxn\tqasnhwusbs.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rtx.exe

Rkill completed on 01/13/2011 at 14:45:30.

MBAM log"

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5513

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/13/2011 5:27:27 PM
mbam-log-2011-01-13 (17-27-27).txt

Scan type: Quick scan
Objects scanned: 163042
Time elapsed: 2 hour(s), 9 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\D9L83679SM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\yr87fk3d2dnszapq2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FraudPack.Gen) -> Value: JP595IR86O -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rkyirnid (Trojan.Downloader) -> Value: rkyirnid -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\administrator\local settings\Temp\Rtx.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\xdxjxvaxn\tqasnhwusbs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\Rtw.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\Rty.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\00135857.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\2715640.3941718265.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Rvyxya.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Rvyxyb.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\application data\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

tudmay · « **Reply #3 on:** January 13, 2011, 11:53:51 PM »

i found other post in the forum with similar issue and follow the steps some more scans with logs as shown as below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:27 PM, on 1/13/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8075
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: QvodExtend - {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} - C:\Program Files\QvodPlayer\QvodExtend.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O15 - Trusted Zone: *.fnismls.com
O15 - Trusted Zone: *.getmedianow.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: login.rapmls.com
O15 - Trusted Zone: media.rapmls.com
O15 - Trusted Zone: search.rapmls.com
O15 - Trusted Zone: *.rapmls.com
O15 - Trusted Zone: *.showingtime.com
O15 - Trusted Zone: *.sitexdata.com
O15 - Trusted Zone: *.spellchecker.net
O15 - Trusted Zone: *.transactionpoint.com
O15 - Trusted Zone: *.trpoint.com
O15 - Trusted Zone: *.virtualearth.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe

--
End of file - 7803 bytes

ComboFix 11-01-13.01 - Administrator 01/13/2011 19:47:57.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.511 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\windows\Temp.tmp"
.

((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.

2011-01-14 01:30 . 2011-01-14 01:30   --------   d-----w-   c:\program files\Trend Micro
2011-01-12 13:34 . 2011-01-12 13:34   122880   --sha-r-   c:\windows\system32\catsrvutq.dll
2011-01-10 09:34 . 2008-04-14 01:12   116224   ----a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
2011-01-10 09:34 . 2001-08-18 06:36   23040   ----a-w-   c:\windows\system32\dllcache\xrxwbtmp.dll
2011-01-10 09:34 . 2008-04-14 01:12   18944   ----a-w-   c:\windows\system32\dllcache\xrxscnui.dll
2011-01-10 09:34 . 2001-08-18 06:37   27648   ----a-w-   c:\windows\system32\dllcache\xrxftplt.exe
2011-01-10 09:33 . 2001-08-18 06:37   4608   ----a-w-   c:\windows\system32\dllcache\xrxflnch.exe
2011-01-10 09:32 . 2001-08-18 06:37   99865   ----a-w-   c:\windows\system32\dllcache\xlog.exe
2011-01-10 09:31 . 2001-08-17 20:11   16970   ----a-w-   c:\windows\system32\dllcache\xem336n5.sys
2011-01-10 09:31 . 2004-08-04 06:29   19455   ----a-w-   c:\windows\system32\dllcache\wvchntxx.sys
2011-01-10 09:31 . 2004-08-04 06:29   12063   ----a-w-   c:\windows\system32\dllcache\wsiintxx.sys
2011-01-10 09:31 . 2008-04-14 01:12   8192   ----a-w-   c:\windows\system32\dllcache\wshirda.dll
2011-01-10 09:28 . 2008-04-13 19:36   8832   ----a-w-   c:\windows\system32\dllcache\wmiacpi.sys
2011-01-10 09:28 . 2004-08-04 06:31   154624   ----a-w-   c:\windows\system32\dllcache\wlluc48.sys
2011-01-10 09:28 . 2001-08-17 20:12   34890   ----a-w-   c:\windows\system32\dllcache\wlandrv2.sys
2011-01-10 09:26 . 2001-08-17 20:13   19016   ----a-w-   c:\windows\system32\dllcache\w926nd.sys
2011-01-10 09:26 . 2001-08-17 20:13   19528   ----a-w-   c:\windows\system32\dllcache\w840nd.sys
2011-01-10 09:26 . 2001-08-17 21:28   64605   ----a-w-   c:\windows\system32\dllcache\vvoice.sys
2011-01-10 09:26 . 2001-08-17 21:28   397502   ----a-w-   c:\windows\system32\dllcache\vpctcom.sys
2011-01-10 09:26 . 2001-08-17 21:28   604253   ----a-w-   c:\windows\system32\dllcache\vmodem.sys
2011-01-10 09:26 . 2001-08-17 20:14   249402   ----a-w-   c:\windows\system32\dllcache\vinwm.sys
2011-01-10 09:26 . 2001-08-17 21:49   24576   ----a-w-   c:\windows\system32\dllcache\viairda.sys
2011-01-10 09:26 . 2001-08-17 21:28   687999   ----a-w-   c:\windows\system32\dllcache\usrwdxjs.sys
2011-01-10 09:26 . 2001-08-17 21:28   765884   ----a-w-   c:\windows\system32\dllcache\usrti.sys
2011-01-10 09:25 . 2001-08-17 21:28   113762   ----a-w-   c:\windows\system32\dllcache\usrpda.sys
2011-01-10 09:25 . 2001-08-17 21:28   7556   ----a-w-   c:\windows\system32\dllcache\usroslba.sys
2011-01-10 09:25 . 2001-08-17 21:28   224802   ----a-w-   c:\windows\system32\dllcache\usr1807a.sys
2011-01-10 09:25 . 2001-08-17 21:28   794399   ----a-w-   c:\windows\system32\dllcache\usr1806v.sys
2011-01-10 09:25 . 2001-08-17 21:28   793598   ----a-w-   c:\windows\system32\dllcache\usr1806.sys
2011-01-10 09:25 . 2001-08-17 21:28   794654   ----a-w-   c:\windows\system32\dllcache\usr1801.sys
2011-01-10 09:25 . 2008-04-13 19:45   26112   ----a-w-   c:\windows\system32\dllcache\usbser.sys
2011-01-10 09:25 . 2008-04-13 19:45   60032   ----a-w-   c:\windows\system32\dllcache\usbaudio.sys
2011-01-10 09:25 . 2004-08-04 06:31   32384   ----a-w-   c:\windows\system32\dllcache\usb101et.sys
2011-01-10 09:25 . 2001-08-18 06:36   94720   ----a-w-   c:\windows\system32\dllcache\umaxud32.dll
2011-01-10 09:25 . 2001-08-18 06:36   28160   ----a-w-   c:\windows\system32\dllcache\umaxu40.dll
2011-01-10 09:25 . 2001-08-18 06:36   26624   ----a-w-   c:\windows\system32\dllcache\umaxu22.dll
2011-01-10 09:24 . 2001-08-18 06:36   69632   ----a-w-   c:\windows\system32\dllcache\umaxu12.dll
2011-01-10 09:24 . 2001-08-18 06:36   50688   ----a-w-   c:\windows\system32\dllcache\umaxscan.dll
2011-01-10 09:24 . 2001-08-17 21:58   22912   ----a-w-   c:\windows\system32\dllcache\umaxpcls.sys
2011-01-10 09:24 . 2001-08-18 06:36   50176   ----a-w-   c:\windows\system32\dllcache\umaxp60.dll
2011-01-10 09:24 . 2001-08-18 06:36   47616   ----a-w-   c:\windows\system32\dllcache\umaxcam.dll
2011-01-10 09:24 . 2001-08-18 06:36   211968   ----a-w-   c:\windows\system32\dllcache\um54scan.dll
2011-01-10 09:24 . 2001-08-18 06:36   216064   ----a-w-   c:\windows\system32\dllcache\um34scan.dll
2011-01-10 09:24 . 2001-08-17 21:52   36736   ----a-w-   c:\windows\system32\dllcache\ultra.sys
2011-01-10 09:24 . 2001-08-17 21:48   11520   ----a-w-   c:\windows\system32\dllcache\twotrack.sys
2011-01-10 09:24 . 2001-08-17 20:51   166784   ----a-w-   c:\windows\system32\dllcache\tridxpm.sys
2011-01-10 09:24 . 2001-08-18 06:36   525568   ----a-w-   c:\windows\system32\dllcache\tridxp.dll
2011-01-10 09:23 . 2001-08-17 20:51   159232   ----a-w-   c:\windows\system32\dllcache\tridkbm.sys
2011-01-10 09:23 . 2001-08-17 22:56   440576   ----a-w-   c:\windows\system32\dllcache\tridkb.dll
2011-01-10 09:23 . 2001-08-17 20:51   222336   ----a-w-   c:\windows\system32\dllcache\trid3dm.sys
2011-01-10 09:23 . 2001-08-17 22:56   315520   ----a-w-   c:\windows\system32\dllcache\trid3d.dll
2011-01-10 09:23 . 2001-08-17 20:12   34375   ----a-w-   c:\windows\system32\dllcache\tpro4.sys
2011-01-10 09:23 . 2001-08-18 06:35   42496   ----a-w-   c:\windows\system32\dllcache\tp4res.dll
2011-01-10 09:23 . 2008-04-14 01:12   82944   ----a-w-   c:\windows\system32\dllcache\tp4mon.exe
2011-01-10 09:23 . 2001-08-18 06:36   31744   ----a-w-   c:\windows\system32\dllcache\tp4.dll
2011-01-10 09:23 . 2001-08-17 21:51   4992   ----a-w-   c:\windows\system32\dllcache\toside.sys
2011-01-10 09:22 . 2001-08-17 22:02   230912   ----a-w-   c:\windows\system32\dllcache\tosdvd03.sys
2011-01-10 09:22 . 2001-08-17 22:01   241664   ----a-w-   c:\windows\system32\dllcache\tosdvd02.sys
2011-01-10 09:22 . 2001-08-17 20:10   28232   ----a-w-   c:\windows\system32\dllcache\tos4mo.sys
2011-01-10 09:22 . 2001-08-17 20:14   123995   ----a-w-   c:\windows\system32\dllcache\tjisdn.sys
2011-01-10 09:22 . 2001-08-17 20:51   138528   ----a-w-   c:\windows\system32\dllcache\tgiulnt5.sys
2011-01-10 09:22 . 2001-08-17 22:56   81408   ----a-w-   c:\windows\system32\dllcache\tgiul50.dll
2011-01-10 09:22 . 2008-04-13 19:40   149376   ----a-w-   c:\windows\system32\dllcache\tffsport.sys
2011-01-10 09:22 . 2001-08-17 20:13   17129   ----a-w-   c:\windows\system32\dllcache\tdkcd31.sys
2011-01-10 09:22 . 2001-08-17 20:13   37961   ----a-w-   c:\windows\system32\dllcache\tdk100b.sys
2011-01-10 09:21 . 2001-08-17 21:49   30464   ----a-w-   c:\windows\system32\dllcache\tbatm155.sys
2011-01-10 09:21 . 2001-08-17 21:52   7040   ----a-w-   c:\windows\system32\dllcache\tandqic.sys
2011-01-10 09:21 . 2001-08-17 20:50   36640   ----a-w-   c:\windows\system32\dllcache\t2r4mini.sys
2011-01-10 09:21 . 2001-08-17 22:56   172768   ----a-w-   c:\windows\system32\dllcache\t2r4disp.dll
2011-01-10 09:21 . 2001-08-17 22:07   32640   ----a-w-   c:\windows\system32\dllcache\symc8xx.sys
2011-01-10 09:21 . 2001-08-17 22:07   16256   ----a-w-   c:\windows\system32\dllcache\symc810.sys
2011-01-10 09:21 . 2001-08-17 22:07   30688   ----a-w-   c:\windows\system32\dllcache\sym_u3.sys
2011-01-10 09:21 . 2001-08-17 22:07   28384   ----a-w-   c:\windows\system32\dllcache\sym_hi.sys
2011-01-10 09:21 . 2001-08-18 06:36   94293   ----a-w-   c:\windows\system32\dllcache\sxports.dll
2011-01-10 09:21 . 2001-08-17 21:50   103936   ----a-w-   c:\windows\system32\dllcache\sx.sys
2011-01-10 09:21 . 2001-08-17 22:02   3968   ----a-w-   c:\windows\system32\dllcache\swusbflt.sys
2011-01-10 09:21 . 2001-08-18 06:36   10240   ----a-w-   c:\windows\system32\dllcache\swpidflt.dll
2011-01-10 09:20 . 2001-08-18 06:36   10240   ----a-w-   c:\windows\system32\dllcache\swpdflt2.dll
2011-01-10 09:20 . 2001-08-18 06:36   53760   ----a-w-   c:\windows\system32\dllcache\sw_wheel.dll
2011-01-10 09:20 . 2001-08-18 06:36   41472   ----a-w-   c:\windows\system32\dllcache\sw_effct.dll
2011-01-10 09:20 . 2001-08-18 06:36   155648   ----a-w-   c:\windows\system32\dllcache\stlnprop.dll
2011-01-10 09:20 . 2001-08-18 06:36   53248   ----a-w-   c:\windows\system32\dllcache\stlncoin.dll
2011-01-10 09:20 . 2001-08-17 20:18   285760   ----a-w-   c:\windows\system32\dllcache\stlnata.sys
2011-01-10 09:20 . 2001-08-17 21:51   16896   ----a-w-   c:\windows\system32\dllcache\stcusb.sys
2011-01-10 09:20 . 2001-08-17 20:11   48736   ----a-w-   c:\windows\system32\dllcache\srwlnd5.sys
2011-01-10 09:20 . 2001-08-18 06:36   99328   ----a-w-   c:\windows\system32\dllcache\srusd.dll
2011-01-10 09:19 . 2001-08-18 06:36   24660   ----a-w-   c:\windows\system32\dllcache\spxupchk.dll
2011-01-10 09:19 . 2001-08-17 21:51   61824   ----a-w-   c:\windows\system32\dllcache\speed.sys
2011-01-10 09:19 . 2001-08-18 06:36   106584   ----a-w-   c:\windows\system32\dllcache\spdports.dll
2011-01-10 09:19 . 2001-08-17 22:07   19072   ----a-w-   c:\windows\system32\dllcache\sparrow.sys
2011-01-10 09:19 . 2001-08-17 20:51   37040   ----a-w-   c:\windows\system32\dllcache\sonypi.sys
2011-01-10 09:19 . 2001-08-18 06:36   114688   ----a-w-   c:\windows\system32\dllcache\sonypi.dll
2011-01-10 09:19 . 2001-08-17 20:51   20752   ----a-w-   c:\windows\system32\dllcache\sonync.sys
2011-01-10 09:19 . 2001-08-17 21:53   9600   ----a-w-   c:\windows\system32\dllcache\sonymc.sys
2011-01-10 09:19 . 2008-04-13 19:40   7552   ----a-w-   c:\windows\system32\dllcache\sonyait.sys
2011-01-10 09:19 . 2001-08-17 21:53   7040   ----a-w-   c:\windows\system32\dllcache\snyaitmc.sys
2011-01-10 09:18 . 2001-08-17 20:51   58368   ----a-w-   c:\windows\system32\dllcache\smiminib.sys
2011-01-10 09:18 . 2001-08-17 22:56   147200   ----a-w-   c:\windows\system32\dllcache\smidispb.dll
2011-01-10 09:18 . 2001-08-17 20:12   25034   ----a-w-   c:\windows\system32\dllcache\smcpwr2n.sys
2011-01-10 09:18 . 2001-08-17 20:10   35913   ----a-w-   c:\windows\system32\dllcache\smcirda.sys
2011-01-10 09:18 . 2001-08-17 20:12   24576   ----a-w-   c:\windows\system32\dllcache\smc8000n.sys
2011-01-10 09:18 . 2001-08-17 21:57   6784   ----a-w-   c:\windows\system32\dllcache\smbhc.sys
2011-01-10 09:18 . 2008-04-13 19:36   6912   ----a-w-   c:\windows\system32\dllcache\smbclass.sys
2011-01-10 09:18 . 2008-04-13 19:36   16000   ----a-w-   c:\windows\system32\dllcache\smbbatt.sys
2011-01-10 09:18 . 2001-08-18 06:36   45568   ----a-w-   c:\windows\system32\dllcache\smb3w.dll
2011-01-10 09:18 . 2001-08-18 06:36   33792   ----a-w-   c:\windows\system32\dllcache\smb0w.dll
2011-01-10 09:18 . 2001-08-18 06:36   28672   ----a-w-   c:\windows\system32\dllcache\sma0w.dll
2011-01-10 09:18 . 2001-08-18 06:36   28160   ----a-w-   c:\windows\system32\dllcache\sm91w.dll
2011-01-10 09:17 . 2004-08-04 06:31   63547   ----a-w-   c:\windows\system32\dllcache\sla30nd5.sys
2011-01-10 09:17 . 2001-08-17 20:12   91294   ----a-w-   c:\windows\system32\dllcache\skfpwin.sys
2011-01-10 09:17 . 2001-08-17 20:12   94698   ----a-w-   c:\windows\system32\dllcache\sk98xwin.sys
2011-01-10 09:17 . 2001-08-17 22:56   157696   ----a-w-   c:\windows\system32\dllcache\sisv256.dll
2011-01-10 09:17 . 2001-08-17 20:50   50432   ----a-w-   c:\windows\system32\dllcache\sisv.sys
2011-01-10 09:17 . 2004-08-04 06:31   32768   ----a-w-   c:\windows\system32\dllcache\sisnic.sys
2011-01-10 09:17 . 2001-08-18 06:36   238592   ----a-w-   c:\windows\system32\dllcache\sisgrv.dll
2011-01-10 09:17 . 2001-08-17 20:50   104064   ----a-w-   c:\windows\system32\dllcache\sisgrp.sys
2011-01-10 09:17 . 2001-08-17 22:56   150144   ----a-w-   c:\windows\system32\dllcache\sis6306v.dll
2011-01-10 09:17 . 2001-08-17 20:50   68608   ----a-w-   c:\windows\system32\dllcache\sis6306p.sys
2011-01-10 09:17 . 2001-08-17 22:56   252032   ----a-w-   c:\windows\system32\dllcache\sis300iv.dll
2011-01-10 09:17 . 2001-08-17 20:50   101760   ----a-w-   c:\windows\system32\dllcache\sis300ip.sys
2011-01-10 09:16 . 2001-07-21 22:29   161568   ----a-w-   c:\windows\system32\dllcache\sgsmusb.sys
2011-01-10 09:16 . 2001-07-21 22:29   18400   ----a-w-   c:\windows\system32\dllcache\sgsmld.sys
2011-01-10 09:16 . 2001-08-17 20:51   98080   ----a-w-   c:\windows\system32\dllcache\sgiulnt5.sys
2011-01-10 09:16 . 2001-08-18 06:36   386560   ----a-w-   c:\windows\system32\dllcache\sgiul50.dll
2011-01-10 09:16 . 2001-08-17 20:19   36480   ----a-w-   c:\windows\system32\dllcache\sfmanm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 21:12 . 2009-09-03 04:36   83360   ----a-w-   c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 21:12 . 2009-09-03 04:36   83360   ----a-w-   c:\windows\system32\LMIRfsClientNP(2).dll
2010-12-08 21:11 . 2009-09-03 04:36   53632   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 21:11 . 2009-09-03 04:36   29568   ----a-w-   c:\windows\system32\LMIport.dll
2010-12-08 21:11 . 2009-09-03 04:36   87424   ----a-w-   c:\windows\system32\LMIinit.dll
2010-11-18 18:12 . 2004-08-09 21:00   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-09 21:00   249856   ----a-w-   c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2004-08-09 21:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-09 21:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-09 21:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-09 21:00   385024   ----a-w-   c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-09 21:00   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-09 21:00   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-09 21:00   1853312   ----a-w-   c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\explorer.exe ---
Company: Microsoft Corporation
File Description: Windows Explorer
File Version: 6.00.2900.5512 (xpsp.080413-2105)
Product Name: Microsoft?Windows?Operating System
Copyright: ?Microsoft Corporation. All rights reserved.
Original Filename: EXPLORER.EXE
File size: 1033728
Created time: 2004-08-09 21:00
Modified time: 2008-04-14 00:12
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
SHA1: 9D2BF84874ABC5B6E9A2744B7865C193C08D362 F

---- Directory of C:\QUARANTINE ----

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-05 344064]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-8 27136]

c:\documents and settings\LogMeInRemoteUser\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-8 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 21:11   87424   ----a-w-   c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\QvodPlayer\\QvodTerminal.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/9/2004 1:00 PM 14336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/29/2010 1:49 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 5:46 PM 12856]
R3 PxHelper;PxHelper;c:\windows\system32\drivers\PxHelper.sys [11/17/2007 11:07 AM 15680]
S3 DCamUSBUVT;ICM532A;c:\windows\system32\drivers\usbuvt.sys [11/19/2007 9:26 PM 103424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc   REG_MULTI_SZ     p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-14 c:\windows\Tasks\User_Feed_Synchronization-{6E58FA0E-CEFC-49FE-8A11-AC57272A3826}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyServer = http=127.0.0.1:8075
uInternet Settings,ProxyOverride = <local>
Trusted Zone: eappraiseit.com\sourcenet
Trusted Zone: fnismls.com
Trusted Zone: getmedianow.com
Trusted Zone: live.com
Trusted Zone: rapmls.com
Trusted Zone: rapmls.com\login
Trusted Zone: rapmls.com\media
Trusted Zone: rapmls.com\search
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: spellchecker.net
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: virtualearth.net
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\56n9e1wy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 20:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4282242964-2710839654-547322656-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,84,d5,62,0a,33,7e,4c,b7,47,22,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,84,d5,62,0a,33,7e,4c,b7,47,22,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222 A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,84,d5,62,0a,33,7e,4c,b7,47,22,\

[HKEY_USERS\S-1-5-21-4282242964-2710839654-547322656-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,84,d5,62,0a,33,7e,4c,b7,47,22,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222 A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,84,d5,62,0a,33,7e,4c,b7,47,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(2268)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PDFCreatorMessages.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-01-13 20:54:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-14 04:53
ComboFix2.txt 2011-01-14 03:19

Pre-Run: 74,413,121,536 bytes free
Post-Run: 74,383,183,872 bytes free

- - End Of File - - 00DF4C0C7325277143229F59CEE23121

SystemLook 04.09.10 by jpshortstuff
Log created at 21:15 on 13/01/2011 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe   --a---- 1033728 bytes   [21:00 09/08/2004]   [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe   --a---- 1033216 bytes   [11:26 13/06/2007]   [11:26 13/06/2007] 7712DF0CDDE3A5AC89843E61CD5B3658
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe   -----c- 1033216 bytes   [03:54 17/06/2009]   [10:23 13/06/2007] 97BD6515465659FF8F3B7BE375B2EA87
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe   -----c- 1032192 bytes   [10:02 16/08/2007]   [21:00 09/08/2004] A0732187050030AE399B241436565E64
C:\WINDOWS\ERDNT\cache\explorer.exe   --a---- 1033728 bytes   [03:07 14/01/2011]   [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\ServicePackFiles\i386\explorer.exe   ------- 1033728 bytes   [13:55 03/09/2008]   [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\system32\dllcache\explorer.exe   --a---- 1033728 bytes   [21:00 09/08/2004]   [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923

-= EOF =-

no more further action, but the error message still come out. .... plssss help dave. thanks!

SuperDave · « **Reply #4 on:** January 14, 2011, 12:56:08 PM »

Please do not follow the instructions for someone else's computer.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.
************************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8075
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.Please place a check mark next to this/these line/lines.
O15 - Trusted Zone: *.fnismls.com
O15 - Trusted Zone: *.getmedianow.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: login.rapmls.com
O15 - Trusted Zone: media.rapmls.com
O15 - Trusted Zone: search.rapmls.com
O15 - Trusted Zone: *.rapmls.com
O15 - Trusted Zone: *.showingtime.com
O15 - Trusted Zone: *.sitexdata.com
O15 - Trusted Zone: *.spellchecker.net
O15 - Trusted Zone: *.transactionpoint.com
O15 - Trusted Zone: *.trpoint.com
O15 - Trusted Zone: *.virtualearth.net

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
*****************************************
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\windows\system32\catsrvutq.dll

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
************************************************
Please delete ComboFix from your desktop

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

tudmay · « **Reply #5 on:** January 14, 2011, 07:53:03 PM »

it said file is empty for the jotti's malware scan

comboxfix scan finished and the log as shown as below:

ComboFix 11-01-14.01 - Administrator 01/14/2011 17:42:12.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.412 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2010-12-15 to 2011-01-15 )))))))))))))))))))))))))))))))
.

2011-01-15 01:19 . 2011-01-15 01:19   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Avira
2011-01-14 05:29 . 2010-12-13 16:40   61960   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2011-01-14 05:29 . 2010-12-13 16:40   135096   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2011-01-14 05:29 . 2010-06-17 22:27   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2011-01-14 05:29 . 2010-06-17 22:27   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2011-01-14 05:29 . 2011-01-14 05:29   --------   d-----w-   c:\program files\Avira
2011-01-14 05:29 . 2011-01-14 05:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
2011-01-14 01:30 . 2011-01-14 01:30   --------   d-----w-   c:\program files\Trend Micro
2011-01-12 13:34 . 2011-01-12 13:34   122880   --sha-r-   c:\windows\system32\catsrvutq.dll
2011-01-10 09:34 . 2008-04-14 01:12   116224   ----a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
2011-01-10 09:34 . 2001-08-18 06:36   23040   ----a-w-   c:\windows\system32\dllcache\xrxwbtmp.dll
2011-01-10 09:34 . 2008-04-14 01:12   18944   ----a-w-   c:\windows\system32\dllcache\xrxscnui.dll
2011-01-10 09:34 . 2001-08-18 06:37   27648   ----a-w-   c:\windows\system32\dllcache\xrxftplt.exe
2011-01-10 09:33 . 2001-08-18 06:37   4608   ----a-w-   c:\windows\system32\dllcache\xrxflnch.exe
2011-01-10 09:32 . 2001-08-18 06:37   99865   ----a-w-   c:\windows\system32\dllcache\xlog.exe
2011-01-10 09:31 . 2001-08-17 20:11   16970   ----a-w-   c:\windows\system32\dllcache\xem336n5.sys
2011-01-10 09:31 . 2004-08-04 06:29   19455   ----a-w-   c:\windows\system32\dllcache\wvchntxx.sys
2011-01-10 09:31 . 2004-08-04 06:29   12063   ----a-w-   c:\windows\system32\dllcache\wsiintxx.sys
2011-01-10 09:31 . 2008-04-14 01:12   8192   ----a-w-   c:\windows\system32\dllcache\wshirda.dll
2011-01-10 09:28 . 2008-04-13 19:36   8832   ----a-w-   c:\windows\system32\dllcache\wmiacpi.sys
2011-01-10 09:28 . 2004-08-04 06:31   154624   ----a-w-   c:\windows\system32\dllcache\wlluc48.sys
2011-01-10 09:28 . 2001-08-17 20:12   34890   ----a-w-   c:\windows\system32\dllcache\wlandrv2.sys
2011-01-10 09:26 . 2001-08-17 20:13   19016   ----a-w-   c:\windows\system32\dllcache\w926nd.sys
2011-01-10 09:26 . 2001-08-17 20:13   19528   ----a-w-   c:\windows\system32\dllcache\w840nd.sys
2011-01-10 09:26 . 2001-08-17 21:28   64605   ----a-w-   c:\windows\system32\dllcache\vvoice.sys
2011-01-10 09:26 . 2001-08-17 21:28   397502   ----a-w-   c:\windows\system32\dllcache\vpctcom.sys
2011-01-10 09:26 . 2001-08-17 21:28   604253   ----a-w-   c:\windows\system32\dllcache\vmodem.sys
2011-01-10 09:26 . 2001-08-17 20:14   249402   ----a-w-   c:\windows\system32\dllcache\vinwm.sys
2011-01-10 09:26 . 2001-08-17 21:49   24576   ----a-w-   c:\windows\system32\dllcache\viairda.sys
2011-01-10 09:26 . 2001-08-17 21:28   687999   ----a-w-   c:\windows\system32\dllcache\usrwdxjs.sys
2011-01-10 09:26 . 2001-08-17 21:28   765884   ----a-w-   c:\windows\system32\dllcache\usrti.sys
2011-01-10 09:25 . 2001-08-17 21:28   113762   ----a-w-   c:\windows\system32\dllcache\usrpda.sys
2011-01-10 09:25 . 2001-08-17 21:28   7556   ----a-w-   c:\windows\system32\dllcache\usroslba.sys
2011-01-10 09:25 . 2001-08-17 21:28   224802   ----a-w-   c:\windows\system32\dllcache\usr1807a.sys
2011-01-10 09:25 . 2001-08-17 21:28   794399   ----a-w-   c:\windows\system32\dllcache\usr1806v.sys
2011-01-10 09:25 . 2001-08-17 21:28   793598   ----a-w-   c:\windows\system32\dllcache\usr1806.sys
2011-01-10 09:25 . 2001-08-17 21:28   794654   ----a-w-   c:\windows\system32\dllcache\usr1801.sys
2011-01-10 09:25 . 2008-04-13 19:45   26112   ----a-w-   c:\windows\system32\dllcache\usbser.sys
2011-01-10 09:25 . 2008-04-13 19:45   60032   ----a-w-   c:\windows\system32\dllcache\usbaudio.sys
2011-01-10 09:25 . 2004-08-04 06:31   32384   ----a-w-   c:\windows\system32\dllcache\usb101et.sys
2011-01-10 09:25 . 2001-08-18 06:36   94720   ----a-w-   c:\windows\system32\dllcache\umaxud32.dll
2011-01-10 09:25 . 2001-08-18 06:36   28160   ----a-w-   c:\windows\system32\dllcache\umaxu40.dll
2011-01-10 09:25 . 2001-08-18 06:36   26624   ----a-w-   c:\windows\system32\dllcache\umaxu22.dll
2011-01-10 09:24 . 2001-08-18 06:36   69632   ----a-w-   c:\windows\system32\dllcache\umaxu12.dll
2011-01-10 09:24 . 2001-08-18 06:36   50688   ----a-w-   c:\windows\system32\dllcache\umaxscan.dll
2011-01-10 09:24 . 2001-08-17 21:58   22912   ----a-w-   c:\windows\system32\dllcache\umaxpcls.sys
2011-01-10 09:24 . 2001-08-18 06:36   50176   ----a-w-   c:\windows\system32\dllcache\umaxp60.dll
2011-01-10 09:24 . 2001-08-18 06:36   47616   ----a-w-   c:\windows\system32\dllcache\umaxcam.dll
2011-01-10 09:24 . 2001-08-18 06:36   211968   ----a-w-   c:\windows\system32\dllcache\um54scan.dll
2011-01-10 09:24 . 2001-08-18 06:36   216064   ----a-w-   c:\windows\system32\dllcache\um34scan.dll
2011-01-10 09:24 . 2001-08-17 21:52   36736   ----a-w-   c:\windows\system32\dllcache\ultra.sys
2011-01-10 09:24 . 2001-08-17 21:48   11520   ----a-w-   c:\windows\system32\dllcache\twotrack.sys
2011-01-10 09:24 . 2001-08-17 20:51   166784   ----a-w-   c:\windows\system32\dllcache\tridxpm.sys
2011-01-10 09:24 . 2001-08-18 06:36   525568   ----a-w-   c:\windows\system32\dllcache\tridxp.dll
2011-01-10 09:23 . 2001-08-17 20:51   159232   ----a-w-   c:\windows\system32\dllcache\tridkbm.sys
2011-01-10 09:23 . 2001-08-17 22:56   440576   ----a-w-   c:\windows\system32\dllcache\tridkb.dll
2011-01-10 09:23 . 2001-08-17 20:51   222336   ----a-w-   c:\windows\system32\dllcache\trid3dm.sys
2011-01-10 09:23 . 2001-08-17 22:56   315520   ----a-w-   c:\windows\system32\dllcache\trid3d.dll
2011-01-10 09:23 . 2001-08-17 20:12   34375   ----a-w-   c:\windows\system32\dllcache\tpro4.sys
2011-01-10 09:23 . 2001-08-18 06:35   42496   ----a-w-   c:\windows\system32\dllcache\tp4res.dll
2011-01-10 09:23 . 2008-04-14 01:12   82944   ----a-w-   c:\windows\system32\dllcache\tp4mon.exe
2011-01-10 09:23 . 2001-08-18 06:36   31744   ----a-w-   c:\windows\system32\dllcache\tp4.dll
2011-01-10 09:23 . 2001-08-17 21:51   4992   ----a-w-   c:\windows\system32\dllcache\toside.sys
2011-01-10 09:22 . 2001-08-17 22:02   230912   ----a-w-   c:\windows\system32\dllcache\tosdvd03.sys
2011-01-10 09:22 . 2001-08-17 22:01   241664   ----a-w-   c:\windows\system32\dllcache\tosdvd02.sys
2011-01-10 09:22 . 2001-08-17 20:10   28232   ----a-w-   c:\windows\system32\dllcache\tos4mo.sys
2011-01-10 09:22 . 2001-08-17 20:14   123995   ----a-w-   c:\windows\system32\dllcache\tjisdn.sys
2011-01-10 09:22 . 2001-08-17 20:51   138528   ----a-w-   c:\windows\system32\dllcache\tgiulnt5.sys
2011-01-10 09:22 . 2001-08-17 22:56   81408   ----a-w-   c:\windows\system32\dllcache\tgiul50.dll
2011-01-10 09:22 . 2008-04-13 19:40   149376   ----a-w-   c:\windows\system32\dllcache\tffsport.sys
2011-01-10 09:22 . 2001-08-17 20:13   17129   ----a-w-   c:\windows\system32\dllcache\tdkcd31.sys
2011-01-10 09:22 . 2001-08-17 20:13   37961   ----a-w-   c:\windows\system32\dllcache\tdk100b.sys
2011-01-10 09:21 . 2001-08-17 21:49   30464   ----a-w-   c:\windows\system32\dllcache\tbatm155.sys
2011-01-10 09:21 . 2001-08-17 21:52   7040   ----a-w-   c:\windows\system32\dllcache\tandqic.sys
2011-01-10 09:21 . 2001-08-17 20:50   36640   ----a-w-   c:\windows\system32\dllcache\t2r4mini.sys
2011-01-10 09:21 . 2001-08-17 22:56   172768   ----a-w-   c:\windows\system32\dllcache\t2r4disp.dll
2011-01-10 09:21 . 2001-08-17 22:07   32640   ----a-w-   c:\windows\system32\dllcache\symc8xx.sys
2011-01-10 09:21 . 2001-08-17 22:07   16256   ----a-w-   c:\windows\system32\dllcache\symc810.sys
2011-01-10 09:21 . 2001-08-17 22:07   30688   ----a-w-   c:\windows\system32\dllcache\sym_u3.sys
2011-01-10 09:21 . 2001-08-17 22:07   28384   ----a-w-   c:\windows\system32\dllcache\sym_hi.sys
2011-01-10 09:21 . 2001-08-18 06:36   94293   ----a-w-   c:\windows\system32\dllcache\sxports.dll
2011-01-10 09:21 . 2001-08-17 21:50   103936   ----a-w-   c:\windows\system32\dllcache\sx.sys
2011-01-10 09:21 . 2001-08-17 22:02   3968   ----a-w-   c:\windows\system32\dllcache\swusbflt.sys
2011-01-10 09:21 . 2001-08-18 06:36   10240   ----a-w-   c:\windows\system32\dllcache\swpidflt.dll
2011-01-10 09:20 . 2001-08-18 06:36   10240   ----a-w-   c:\windows\system32\dllcache\swpdflt2.dll
2011-01-10 09:20 . 2001-08-18 06:36   53760   ----a-w-   c:\windows\system32\dllcache\sw_wheel.dll
2011-01-10 09:20 . 2001-08-18 06:36   41472   ----a-w-   c:\windows\system32\dllcache\sw_effct.dll
2011-01-10 09:20 . 2001-08-18 06:36   155648   ----a-w-   c:\windows\system32\dllcache\stlnprop.dll
2011-01-10 09:20 . 2001-08-18 06:36   53248   ----a-w-   c:\windows\system32\dllcache\stlncoin.dll
2011-01-10 09:20 . 2001-08-17 20:18   285760   ----a-w-   c:\windows\system32\dllcache\stlnata.sys
2011-01-10 09:20 . 2001-08-17 21:51   16896   ----a-w-   c:\windows\system32\dllcache\stcusb.sys
2011-01-10 09:20 . 2001-08-17 20:11   48736   ----a-w-   c:\windows\system32\dllcache\srwlnd5.sys
2011-01-10 09:20 . 2001-08-18 06:36   99328   ----a-w-   c:\windows\system32\dllcache\srusd.dll
2011-01-10 09:19 . 2001-08-18 06:36   24660   ----a-w-   c:\windows\system32\dllcache\spxupchk.dll
2011-01-10 09:19 . 2001-08-17 21:51   61824   ----a-w-   c:\windows\system32\dllcache\speed.sys
2011-01-10 09:19 . 2001-08-18 06:36   106584   ----a-w-   c:\windows\system32\dllcache\spdports.dll
2011-01-10 09:19 . 2001-08-17 22:07   19072   ----a-w-   c:\windows\system32\dllcache\sparrow.sys
2011-01-10 09:19 . 2001-08-17 20:51   37040   ----a-w-   c:\windows\system32\dllcache\sonypi.sys
2011-01-10 09:19 . 2001-08-18 06:36   114688   ----a-w-   c:\windows\system32\dllcache\sonypi.dll
2011-01-10 09:19 . 2001-08-17 20:51   20752   ----a-w-   c:\windows\system32\dllcache\sonync.sys
2011-01-10 09:19 . 2001-08-17 21:53   9600   ----a-w-   c:\windows\system32\dllcache\sonymc.sys
2011-01-10 09:19 . 2008-04-13 19:40   7552   ----a-w-   c:\windows\system32\dllcache\sonyait.sys
2011-01-10 09:19 . 2001-08-17 21:53   7040   ----a-w-   c:\windows\system32\dllcache\snyaitmc.sys
2011-01-10 09:18 . 2001-08-17 20:51   58368   ----a-w-   c:\windows\system32\dllcache\smiminib.sys
2011-01-10 09:18 . 2001-08-17 22:56   147200   ----a-w-   c:\windows\system32\dllcache\smidispb.dll
2011-01-10 09:18 . 2001-08-17 20:12   25034   ----a-w-   c:\windows\system32\dllcache\smcpwr2n.sys
2011-01-10 09:18 . 2001-08-17 20:10   35913   ----a-w-   c:\windows\system32\dllcache\smcirda.sys
2011-01-10 09:18 . 2001-08-17 20:12   24576   ----a-w-   c:\windows\system32\dllcache\smc8000n.sys
2011-01-10 09:18 . 2001-08-17 21:57   6784   ----a-w-   c:\windows\system32\dllcache\smbhc.sys
2011-01-10 09:18 . 2008-04-13 19:36   6912   ----a-w-   c:\windows\system32\dllcache\smbclass.sys
2011-01-10 09:18 . 2008-04-13 19:36   16000   ----a-w-   c:\windows\system32\dllcache\smbbatt.sys
2011-01-10 09:18 . 2001-08-18 06:36   45568   ----a-w-   c:\windows\system32\dllcache\smb3w.dll
2011-01-10 09:18 . 2001-08-18 06:36   33792   ----a-w-   c:\windows\system32\dllcache\smb0w.dll
2011-01-10 09:18 . 2001-08-18 06:36   28672   ----a-w-   c:\windows\system32\dllcache\sma0w.dll
2011-01-10 09:18 . 2001-08-18 06:36   28160   ----a-w-   c:\windows\system32\dllcache\sm91w.dll
2011-01-10 09:17 . 2004-08-04 06:31   63547   ----a-w-   c:\windows\system32\dllcache\sla30nd5.sys
2011-01-10 09:17 . 2001-08-17 20:12   91294   ----a-w-   c:\windows\system32\dllcache\skfpwin.sys
2011-01-10 09:17 . 2001-08-17 20:12   94698   ----a-w-   c:\windows\system32\dllcache\sk98xwin.sys
2011-01-10 09:17 . 2001-08-17 22:56   157696   ----a-w-   c:\windows\system32\dllcache\sisv256.dll
2011-01-10 09:17 . 2001-08-17 20:50   50432   ----a-w-   c:\windows\system32\dllcache\sisv.sys
2011-01-10 09:17 . 2004-08-04 06:31   32768   ----a-w-   c:\windows\system32\dllcache\sisnic.sys
2011-01-10 09:17 . 2001-08-18 06:36   238592   ----a-w-   c:\windows\system32\dllcache\sisgrv.dll
2011-01-10 09:17 . 2001-08-17 20:50   104064   ----a-w-   c:\windows\system32\dllcache\sisgrp.sys
2011-01-10 09:17 . 2001-08-17 22:56   150144   ----a-w-   c:\windows\system32\dllcache\sis6306v.dll
2011-01-10 09:17 . 2001-08-17 20:50   68608   ----a-w-   c:\windows\system32\dllcache\sis6306p.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 21:12 . 2009-09-03 04:36   83360   ----a-w-   c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 21:12 . 2009-09-03 04:36   83360   ----a-w-   c:\windows\system32\LMIRfsClientNP(2).dll
2010-12-08 21:11 . 2009-09-03 04:36   53632   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 21:11 . 2009-09-03 04:36   29568   ----a-w-   c:\windows\system32\LMIport.dll
2010-12-08 21:11 . 2009-09-03 04:36   87424   ----a-w-   c:\windows\system32\LMIinit.dll
2010-11-18 18:12 . 2004-08-09 21:00   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-09 21:00   249856   ----a-w-   c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2004-08-09 21:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-09 21:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-09 21:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-09 21:00   385024   ----a-w-   c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-09 21:00   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-09 21:00   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-09 21:00   1853312   ----a-w-   c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2011-01-14_03.02.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 08:02 . 2009-07-12 08:02   51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02   59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02   42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02   43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02   61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02   62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02   61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02   61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02   53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02   63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02   36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02   35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 08:05 . 2009-07-12 08:05   59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 08:05 . 2009-07-12 08:05   59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-01-14 04:25 . 2011-01-14 04:25   16384 c:\windows\temp\Perflib_Perfdata_154.dat
+ 2011-01-14 05:29 . 2010-06-17 22:27   28520 c:\windows\system32\drivers\ssmdrv.sys
- 2005-08-30 21:02 . 2011-01-14 01:58   32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-30 21:02 . 2011-01-14 04:25   32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-30 13:51 . 2011-01-14 04:25   32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 13:51 . 2011-01-14 01:58   32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 13:51 . 2011-01-14 01:58   16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-08-30 13:51 . 2011-01-14 04:25   16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-12 08:02 . 2009-07-12 08:02   653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02   569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 08:05 . 2009-07-12 08:05   225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2011-01-14 05:27 . 2011-01-14 05:27   219648 c:\windows\Installer\3b45f9.msi
+ 2009-07-12 08:02 . 2009-07-12 08:02   3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02   3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-05 344064]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-8 27136]

c:\documents and settings\LogMeInRemoteUser\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-8 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 21:11   87424   ----a-w-   c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\QvodPlayer\\QvodTerminal.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/13/2011 9:29 PM 135336]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/9/2004 1:00 PM 14336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/29/2010 1:49 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 5:46 PM 12856]
R3 PxHelper;PxHelper;c:\windows\system32\drivers\PxHelper.sys [11/17/2007 11:07 AM 15680]
S3 DCamUSBUVT;ICM532A;c:\windows\system32\drivers\usbuvt.sys [11/19/2007 9:26 PM 103424]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc   REG_MULTI_SZ     p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-14 c:\windows\Tasks\User_Feed_Synchronization-{6E58FA0E-CEFC-49FE-8A11-AC57272A3826}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
Trusted Zone: eappraiseit.com\sourcenet
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-14 18:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4282242964-2710839654-547322656-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,84,d5,62,0a,33,7e,4c,b7,47,22,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,84,d5,62,0a,33,7e,4c,b7,47,22,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222 A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,84,d5,62,0a,33,7e,4c,b7,47,22,\

[HKEY_USERS\S-1-5-21-4282242964-2710839654-547322656-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,84,d5,62,0a,33,7e,4c,b7,47,22,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222 A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,84,d5,62,0a,33,7e,4c,b7,47,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(5412)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-01-14 18:42:46
ComboFix-quarantined-files.txt 2011-01-15 02:42
ComboFix2.txt 2011-01-14 04:54
ComboFix3.txt 2011-01-14 03:19

Pre-Run: 73,764,220,928 bytes free
Post-Run: 73,814,650,880 bytes free

- - End Of File - - 0E7C1C65EC8B1B677384A859AC925A32

what's next then?

thanks so much!

SuperDave · « **Reply #6 on:** January 15, 2011, 12:18:29 PM »

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**************************************************
Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::
c:\windows\system32\catsrvutq.dll

DDS::
Trusted Zone: eappraiseit.com\sourcenet
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
I don't need to see the log from this script.

*************************************************

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

tudmay · « **Reply #7 on:** January 18, 2011, 10:56:15 PM »

below is the security check log, then ran the combofix sucessfully,then run the gmer.exe but it hang and cant get the log. what to do ?

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.0.42.34
Adobe Reader 7.1.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

SuperDave · « **Reply #8 on:** January 19, 2011, 12:19:31 PM »

The Security Check shows that your AVira AV is out-of-date. Please update it asap.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
****************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

tudmay · « **Reply #9 on:** January 19, 2011, 11:32:39 PM »

updated the avira, java; removed the old version of abode but cant download the new version, ie will close automatically once i tried to download. also, cant open the java control box, machine hanged.

here is the log:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F1941000
Module End: F1959000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7BBD000
Module End: F7BBF000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F7C2C446
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: F7C2C43C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: F7C2C44B
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: F7C2C455
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadKey
Address: F7C2C45A
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess

SuperDave · « **Reply #10 on:** January 20, 2011, 12:53:51 PM »

Quote

removed the old version of abode but cant download the new version, ie will close automatically once i tried to download.

Which browser are you using?

Quote

also, cant open the java control box, machine hanged.

Do you mean that after you downloaded JavaRa to your desktop and try to open JavaRa.exe that it won't open?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

tudmay · « **Reply #11 on:** January 26, 2011, 07:57:01 PM »

Quote
removed the old version of abode but cant download the new version, ie will close automatically once i tried to download.
Which browser are you using?

Internet Explorer

Quote
also, cant open the java control box, machine hanged.
Do you mean that after you downloaded JavaRa to your desktop and try to open JavaRa.exe that it won't open?

YES

Cant run the ESET online scan as the browser IE window keep closing.

SuperDave · « **Reply #12 on:** January 27, 2011, 01:14:28 PM »

Quote

Cant run the ESET online scan as the browser IE window keep closing.

Does it do this all the time, for example when you're responding on this forum?

tudmay · « **Reply #13 on:** January 27, 2011, 05:49:26 PM »

Cant run the ESET online scan as the browser IE window keep closing.
Does it do this all the time, for example when you're responding on this forum?

Im using another computer to reply your post.

SuperDave · « **Reply #14 on:** January 28, 2011, 01:11:14 PM »

Ok. Let's try this.

Please run Notepad (start > All Programs > Accessories >
Notepad) and copy and paste the text in the code box into a new file:

Code: [Select]

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

•Go to the File menu at the top of the Notepad and select Save as.

•Select save in: desktop

•Fill in File name: test.bat

•Save as type: All file types (*.*)

•Click save.

•Close the Notepad.

•Locate and double-click test.bat on the desktop.

•A notepad opens, copy and paste the content it (log1.txt) to your reply.

Computer Hope Forum

News:

Author Topic: iexplore.exe - Application Error (Read 11114 times)

tudmay

iexplore.exe - Application Error

SuperDave

Re: iexplore.exe - Application Error

tudmay

Re: iexplore.exe - Application Error

tudmay

Re: iexplore.exe - Application Error

SuperDave

Re: iexplore.exe - Application Error

tudmay

Re: iexplore.exe - Application Error

SuperDave

Re: iexplore.exe - Application Error

tudmay

Re: iexplore.exe - Application Error

SuperDave

Re: iexplore.exe - Application Error

tudmay

Re: iexplore.exe - Application Error

SuperDave

Re: iexplore.exe - Application Error

tudmay

Re: iexplore.exe - Application Error

SuperDave

Re: iexplore.exe - Application Error

tudmay

Re: iexplore.exe - Application Error

SuperDave

Re: iexplore.exe - Application Error