Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: hazel312001a on January 12, 2011, 06:08:18 PM
-
First of all let me say Thank you to all of you who donate your time and talents to this site to help the less computer literate in the world! (Like myself)
My issue: The day after Christmas my daughter reported a strange occurrence on her brand new Compaq Netbook Computer CQ10-405DX Intel Atom Windows XP SP3 machine. I knew right away it was a fake program an deeply rooted to be able to block applications and change the background.
I reviewed this site and proceeded as instructed on http://www.computerhope.com/forum/index.php/topic,46313.0.html. (http://www.computerhope.com/forum/index.php/topic,46313.0.html.) However, I ran into trouble on Step 5 :Update Your Java (JRE). Since I was unable to access the internet in Normal mode I used safe mode with networking to do the first 4 steps. But when I got to the Java update the system told me I didn't have the correct permissions.
I started in normal mode and tried to update my Java version but now it is giving me an install error. So I stopped since the instructions said to do the steps in order. Any ideas on how I can get the Java updated and proceed?
Thanx again for all you do!
Gina
-
Hi,
How is your computer running after you did steps 1-4? Can you please post here all the logs so that our experts may analyze and help you.
In updating your Java, can you please try this and see what will happen:
Go to Control Panel > Java Plug-in > Update tab > click Update Now
Then click Java Update in your system tray > click Download > click again Java Update in your system tray > click Install
[recovering disk space - old attachment deleted by admin]
-
Hi,
How is your computer running after you did steps 1-4? Can you please post here all the logs so that our experts may analyze and help you.
In updating your Java, can you please try this and see what will happen:
Go to Control Panel > Java Plug-in > Update tab > click Update Now
Then click Java Update in your system tray > click Download > click again Java Update in your system tray > click Install
My computer is running better but really slow. The "System Tools" icon and take over has stopped and I can now work in Normal mode.
I tried what you said about Java but I got this error:
The system can not find the registry key specified:
HKEY_LOCAL_MACHINE\SOFTWARE\Javasoft\Java Runtime Environment\1.6.0_18
Here are the logs from Mbam and SAS
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5505
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
1/11/2011 3:45:32 PM
mbam-log-2011-01-11 (15-45-32).txt
Scan type: Quick scan
Objects scanned: 148861
Time elapsed: 2 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSN Messanger (Worm.AutoRun) -> Value: MSN Messanger -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\System.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\jocey\Desktop\system tool 2011.lnk (Rogue.SystemTool) -> Quarantined and deleted successfully.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/11/2011 at 03:21 PM
Application Version : 4.47.1000
Core Rules Database Version : 6175
Trace Rules Database Version: 3987
Scan type : Complete Scan
Total Scan Time : 00:56:13
Memory items scanned : 284
Memory threats detected : 0
Registry items scanned : 6467
Registry threats detected : 1
File items scanned : 66725
File threats detected : 8
Trojan.Agent/Gen-FakeSoft
[fPhCc06305] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\FPHCC06305\FPHCC06305.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\FPHCC06305\FPHCC06305.EXE
Adware.Tracking Cookie
C:\Documents and Settings\jocey\Cookies\jocey@atdmt[2].txt
C:\Documents and Settings\jocey\Cookies\[email protected][2].txt
C:\Documents and Settings\jocey\Cookies\jocey@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Thanx for your help!
-
It seems we did already what we know to update your Java, but failed. :( Let's wait for any CH experts before proceeding Step 6.
Btw, you may do personal testing again while waiting for advise. You may repeat Steps 2-4, but this time, just save the logs on your desktop, you'll need it if necessary.
-
please proceed with step 6 an expert needs that log , dont do steps 2 to 4 one day after posting them
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
********************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
-
Per your instructions my captain:
Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Online Armor 4.5
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 18
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.3 MUI
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Tall Emu Online Armor OAcat.exe
Tall Emu Online Armor oasrv.exe
Tall Emu Online Armor oaui.exe
Tall Emu Online Armor OAhlp.exe
``````````End of Log````````````
DDS (Ver_10-12-12.02) - NTFSx86
Run by jocey at 6:08:01.39 on Fri 01/14/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.336 [GMT -6:00]
AV: Norton Internet Security Netbook Edition *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Online Armor Firewall *Enabled*
FW: Norton Internet Security Netbook Edition *Disabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\SWSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skyhook Wireless\XPS\xpscontrolpanel.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Roxio\BackOnTrack\Main\Backup_Central10.exe
C:\Documents and Settings\jocey\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com/sphome.aspx?mkt={SUB_RFC1766}
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.bing.com/sphome.aspx?mkt={SUB_RFC1766}
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.0.0.136\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0369.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0369.0\npwinext.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [ZumoDrive] "c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Skyhook Wireless XPS Service] c:\program files\skyhook wireless\xps\xpscontrolpanel.exe --no-info
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0369.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpmedi~1.lnk - c:\program files\hewlett-packard\hp media suite\home\ArcStart.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll
mASetup: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - c:\program files\hewlett-packard\hp media suite\home\quicklaunch.exe "c:\program files\hewlett-packard\hp media suite\home\HPMediaSuite.lnk" 2
============= SERVICES / DRIVERS ===============
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2010-8-26 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2010-8-26 15856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1100000.088\SymDS.sys [2010-8-26 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1100000.088\SymEFA.sys [2010-8-26 169008]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [2009-12-28 106096]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1100000.088\ccHPx86.sys [2010-8-26 501888]
R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [2009-11-11 18136]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-1-11 202064]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-1-11 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-1-11 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2011-1-11 29272]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2010-8-26 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1100000.088\Ironx86.sys [2010-8-26 114736]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
R2 BOTService;BOTService;c:\program files\roxio\backontrack\instant restore\BOTService.exe [2010-2-4 211440]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\quickweb\qw.sys\config\DVMExportService.exe [2010-4-12 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-4-5 103992]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.0.0.136\ccSvcHst.exe [2010-8-26 126392]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2011-1-11 380784]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2011-1-11 3652696]
R2 xpssvc;Skyhook Wireless XPS Service;c:\program files\skyhook wireless\xps\xpssvc.exe [2010-4-1 699720]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-8-26 113664]
R3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [2010-12-25 363904]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-8-26 227896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-1-12 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20110113.001\IDSXpx86.sys [2011-1-14 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20110113.036\NAVENG.SYS [2011-1-14 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20110113.036\NAVEX15.SYS [2011-1-14 1360760]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2010-8-26 230944]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2010-12-25 1323296]
R3 XPSVCOM;XPSVCOM;c:\windows\system32\drivers\XPSVCOM.sys [2010-2-4 12416]
=============== Created Last 30 ================
2011-01-13 03:22:12 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-01-13 02:22:57 339504 ----a-w- c:\windows\system32\drivers\nis\1107000.00c\symtdiv.sys
2011-01-13 02:22:56 43696 ----a-w- c:\windows\system32\drivers\nis\1107000.00c\srtspx.sys
2011-01-13 02:22:56 361904 ----a-w- c:\windows\system32\drivers\nis\1107000.00c\symtdi.sys
2011-01-13 02:22:56 328752 ----a-r- c:\windows\system32\drivers\nis\1107000.00c\symds.sys
2011-01-13 02:22:56 173104 ----a-w- c:\windows\system32\drivers\nis\1107000.00c\symefa.sys
2011-01-13 02:22:55 501888 ----a-w- c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys
2011-01-13 02:22:55 325680 ----a-w- c:\windows\system32\drivers\nis\1107000.00c\srtsp.sys
2011-01-13 02:22:55 116784 ----a-w- c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys
2011-01-13 02:22:18 -------- d-----w- c:\windows\system32\drivers\nis\1107000.00C
2011-01-12 01:32:43 -------- d-sh--w- C:\found.000
2011-01-12 01:03:10 -------- d-----w- c:\windows\system32\PreInstall
2011-01-12 01:03:07 -------- d--h--w- c:\windows\$hf_mig$
2011-01-11 23:16:50 3558912 ----a-w- c:\program files\movie maker\moviemk.exe
2011-01-11 23:16:50 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-01-11 21:40:09 -------- d-----w- c:\docume~1\jocey\applic~1\Malwarebytes
2011-01-11 21:40:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-11 21:40:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-11 21:39:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-11 21:39:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-11 20:20:03 -------- d-----w- c:\docume~1\jocey\applic~1\SUPERAntiSpyware.com
2011-01-11 20:20:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-11 20:19:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-11 19:54:54 -------- d-----w- c:\program files\CCleaner
2011-01-11 19:47:52 -------- d-----w- c:\docume~1\jocey\applic~1\OnlineArmor
2011-01-11 19:47:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor
2011-01-11 19:47:34 38856 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-01-11 19:47:34 25000 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-01-11 19:47:33 29272 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-01-11 19:47:33 202064 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-01-11 19:47:25 -------- d-----w- c:\program files\Online Armor
2010-12-26 22:03:11 -------- d-----w- c:\program files\PC Tools Security
2010-12-26 22:03:11 -------- d-----w- c:\program files\common files\PC Tools
2010-12-26 21:54:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-12-26 20:32:09 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-12-26 20:32:08 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-26 20:32:08 -------- d-----w- c:\program files\Symantec
2010-12-26 20:32:08 -------- d-----w- c:\program files\common files\Symantec Shared
2010-12-26 20:21:41 -------- d-----w- c:\windows\pss
2010-12-25 23:01:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-25 23:01:45 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-25 23:01:42 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-25 23:01:42 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-12-25 23:00:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\fPhCc06305
2010-12-25 22:31:06 -------- d-----w- c:\docume~1\jocey\applic~1\Macrovision
2010-12-25 22:14:20 -------- d-----w- c:\docume~1\jocey\applic~1\ZumoDrive
2010-12-25 22:14:14 259584 ----a-w- c:\windows\system32\bcdedit.exe
2010-12-25 22:14:13 -------- d-sh--w- C:\Boot
2010-12-25 22:13:49 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-12-25 22:13:30 -------- d-----w- C:\WildTangent
2010-12-25 22:13:30 -------- d-----w- C:\Users
2010-12-25 22:13:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Skyhook Wireless
2010-12-25 22:13:00 13568 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2010-12-25 22:12:58 -------- d-----w- c:\program files\Skyhook Wireless
2010-12-25 22:11:47 363904 ----a-w- c:\windows\system32\drivers\cam3820a.sys
2010-12-25 22:11:47 217088 ----a-w- c:\windows\system32\ACamPropertyPage.dll
2010-12-25 22:11:47 212992 ----a-w- c:\windows\system32\cocam3820.dll
2010-12-25 22:11:47 110592 ----a-w- c:\windows\system32\cam3820n.ax
2010-12-25 22:11:47 -------- d-----w- c:\program files\HP Webcam
2010-12-25 22:11:09 238880 ----a-w- c:\windows\system32\RaCoInst.dll
2010-12-25 22:11:09 1323296 ----a-w- c:\windows\system32\drivers\rt2860.sys
2010-12-25 22:11:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\Ralink Driver
2010-12-25 18:35:14 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-12-25 17:59:15 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-25 17:59:15 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-25 17:57:06 -------- d-----w- c:\program files\iPod
2010-12-25 17:56:58 -------- d-----w- c:\program files\iTunes
2010-12-25 17:56:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-25 17:55:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-25 17:55:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-25 17:55:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-25 17:55:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-25 17:55:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-25 17:55:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-25 17:55:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-25 17:51:29 -------- d-----w- c:\docume~1\jocey\locals~1\applic~1\Apple
2010-12-25 17:50:28 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-25 17:50:28 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-25 17:49:27 -------- d-----w- c:\program files\Bonjour
2010-12-25 17:47:48 -------- d-----w- c:\docume~1\jocey\locals~1\applic~1\Apple Computer
2010-12-25 15:31:47 -------- d-sh--w- c:\documents and settings\jocey\PrivacIE
2010-12-25 15:31:31 -------- d-----w- c:\windows\system32\SoftwareDistribution
==================== Find3M ====================
2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
============= FINISH: 6:12:16.03 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2010 4:08:49 PM
System Uptime: 1/14/2011 5:41:44 AM (1 hours ago)
Motherboard: Hewlett-Packard | | 148A
Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz | CPU | 1662/667mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 129.781 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3 MUI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bejeweled 2 Deluxe
Blasterball 3
Bonjour
CCleaner
Chuzzle Deluxe
Compatibility Pack for the 2007 Office system
Diner Dash 2 Restaurant Rescue
Dream Chronicles
Faerie Solitaire
FATE
Gem Shop
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
HP BatteryCheck 2.10 A4
HP CloudDrive
HP Game Console
HP Games
HP Help and Support
HP HomeBase
HP Quick Launch Buttons
HP QuickSync
HP QuickWeb Installer
HP User Guides 0197
HP Webcam
HP Wireless Assistant
HpSdpAppCoreApp
IDT Audio
Insaniquarium Deluxe
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Jewel Match 2
Jewel Quest II
Jewel Quest Solitaire
JoJo's Fashion Show
Junk Mail filter update
Mahjongg Artifacts
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 6.0 Parser (KB925673)
Online Armor 4.5
Penguins!
Plants vs. Zombies
Polar Bowler
QLBCASL
QuickTime
Ralink RT2860 Wireless LAN Card
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek PCIE Card Reader
Roxio BackOnTrack
Roxio Disaster Recovery
Roxio Instant Restore
Roxio Instant Restore Recovery Disk
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB981997)
Segoe UI
Skyhook Wireless XPS Service
Slingo Deluxe
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Tool2011
Times Reader
Update for Microsoft Office Word 2007 (KB974631)
Update for Office 2007 (KB934528)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Virtual Villagers - The Secret City
WebFldrs XP
Wedding Dash
Windows Backup Utility
Windows Driver Package - Skyhook Wireless NetTrans (01/24/2010 3.4.1.04)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
Zuma Deluxe
==== Event Viewer Messages From Past Week ========
1/14/2011 5:43:45 AM, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared.
1/12/2011 8:24:02 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.
1/11/2011 6:00:28 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/11/2011 4:21:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/11/2011 4:14:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/11/2011 4:04:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/11/2011 3:49:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde BHDrvx86 ccHP DVMIO eeCtrl Fips IntelIde intelppm OADevice PCIIde SaibVd32 SASDIFSV SASKUTIL SRTSP SRTSPX SymIRON SYMTDI ViaIde
1/11/2011 3:32:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP DVMIO eeCtrl Fips intelppm OADevice SaibVd32 SASDIFSV SASKUTIL SRTSP SRTSPX SymIRON SYMTDI
1/11/2011 1:36:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP DVMIO eeCtrl Fips intelppm SaibVd32 SRTSP SRTSPX SymIRON SYMTDI
==== End Of File ===========================
Thanx for your help Super Dave!
-
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com (http://www.adobe.com/products/acrobat/readstep2.html)
Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.
Once old versions are gone, please install the newest version.
****************************************************
Download Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the desktop to remove Windows Messenger.
Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.
Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.
Exit out of MessengerDisable then delete the two files that were put on the desktop.
***************************************************
Please read here for more information about WildTangent (http://it.toolbox.com/blogs/enterprise-solutions/question-of-the-week-is-wildtanget-actually-spyware-6472). Your choice if you want to remove it or not.
If you choose to follow my advice, please follow these instructions.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs.
•WildTangent Web Driveror anything related to WildTangent.
*********************************************************
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://subs.geekstogo.com/ComboFix.exe)
and you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
(http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
From my original post:
My issue: The day after Christmas my daughter reported a strange occurrence on her brand new Compaq Netbook Computer CQ10-405DX Intel Atom Windows XP SP3 machine. I knew right away it was a fake program an deeply rooted to be able to block applications and change the background.
I reviewed this site and proceeded as instructed on http://www.computerhope.com/forum/index.php/topic,46313.0.html. However, I ran into trouble on Step 5 :Update Your Java (JRE). Since I was unable to access the internet in Normal mode I used safe mode with networking to do the first 4 steps. But when I got to the Java update the system told me I didn't have the correct permissions.
I started in normal mode and tried to update my Java version but now it is giving me an install error. So I stopped since the instructions said to do the steps in order. Any ideas on how I can get the Java updated and proceed?
-
Please skip java update and proceed with the others.
-
Please skip java update and proceed with the others.
Ok...Here's the HJT log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:55:32 PM, on 1/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\SWSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skyhook Wireless\XPS\xpscontrolpanel.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Trend Micro\HiJackThis\Sniper.exe.exe
c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/sphome.aspx?mkt={SUB_RFC1766}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/sphome.aspx?mkt={SUB_RFC1766}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
O4 - HKLM\..\Run: [ZumoDrive] "C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Skyhook Wireless XPS Service] C:\Program Files\Skyhook Wireless\XPS\xpscontrolpanel.exe --no-info
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\oaui.exe"
O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.1.4322] "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 0 v1.1.4322 GAC + NI NID
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Media Suite.lnk = C:\Program Files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BOTService - Sonic Solutions - C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SWSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe
O23 - Service: Skyhook Wireless XPS Service (xpssvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe
--
End of file - 11527 bytes
What next? Am I clean?
-
Oh and am I supposed to go ahead with the Adobe update, Disabling windows messenger and Combo fix?
-
Oh and am I supposed to go ahead with the Adobe update, Disabling windows messenger and Combo fix?
Yes, please.
-
I hope we are almost done ...Thanx again for all your help! You wonderful people are a God send!
I updated Adobe...uninstalled messenger and downloaded/ran combofix. Here is the log:
ComboFix 11-01-15.01 - jocey 01/16/2011 9:27.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.348 [GMT -6:00]
Running from: c:\documents and settings\jocey\Desktop\ComboFix.exe
AV: Norton Internet Security Netbook Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security Netbook Edition *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\jocey\Start Menu\Programs\System Tool
c:\documents and settings\jocey\Start Menu\Programs\System Tool\System Tool 2011.lnk
.
((((((((((((((((((((((((( Files Created from 2010-12-16 to 2011-01-16 )))))))))))))))))))))))))))))))
.
2011-01-16 15:03 . 2011-01-16 15:03 -------- d-----w- c:\windows\LastGood
2011-01-15 22:45 . 2011-01-15 22:45 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-01-15 20:56 . 2011-01-15 22:17 -------- d-----w- c:\windows\ie8updates
2011-01-15 20:50 . 2011-01-15 20:50 -------- d-----w- c:\program files\Trend Micro
2011-01-14 12:05 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-14 12:05 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-01-14 12:04 . 2010-09-18 06:53 954368 ----a-w- c:\windows\system32\mfc40.dll
2011-01-14 12:04 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-01-14 12:04 . 2010-09-18 06:53 953856 ----a-w- c:\windows\system32\mfc40u.dll
2011-01-14 12:04 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-14 12:04 . 2010-09-18 06:53 974848 ----a-w- c:\windows\system32\mfc42.dll
2011-01-14 12:04 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-01-14 12:04 . 2008-08-14 10:04 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-01-14 12:04 . 2008-08-14 10:04 138496 ------w- c:\windows\system32\dllcache\afd.sys
2011-01-14 12:04 . 2010-06-21 15:27 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2011-01-14 12:04 . 2010-06-21 15:27 354304 ------w- c:\windows\system32\dllcache\srv.sys
2011-01-14 12:04 . 2010-08-23 16:12 617472 ----a-w- c:\windows\system32\comctl32.dll
2011-01-14 12:04 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-01-14 11:59 . 2009-06-21 21:44 153088 ----a-w- c:\program files\Common Files\Microsoft Shared\Triedit\triedit.dll
2011-01-14 11:59 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-01-14 11:54 . 2009-12-09 05:53 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2011-01-14 11:52 . 2010-02-24 13:11 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-01-14 11:52 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-13 03:22 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-01-13 02:29 . 2010-11-06 00:26 5959168 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2011-01-13 02:29 . 2010-11-06 00:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-01-13 02:29 . 2010-11-06 00:26 11080704 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-01-13 02:29 . 2010-11-02 15:17 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2011-01-13 02:29 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-13 02:27 . 2010-04-27 13:59 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-01-13 02:27 . 2010-04-27 13:59 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-13 02:27 . 2010-04-28 02:25 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-13 02:27 . 2010-04-27 13:05 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-01-13 02:27 . 2010-04-27 13:05 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-13 02:27 . 2010-04-27 13:05 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-13 02:25 . 2008-05-08 14:02 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys
2011-01-13 02:25 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-01-13 02:25 . 2008-05-01 14:33 331776 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2011-01-13 02:25 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-01-13 02:22 . 2011-01-16 15:03 -------- d-----w- c:\windows\system32\drivers\NIS\1107000.00C
2011-01-13 02:21 . 2010-03-10 06:15 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-13 02:21 . 2010-03-10 06:15 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2011-01-13 02:19 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-01-13 02:18 . 2010-10-11 14:59 45568 ----a-w- c:\program files\Outlook Express\wab.exe
2011-01-13 02:18 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-01-13 02:18 . 2010-08-16 08:45 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2011-01-13 02:18 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-01-13 02:18 . 2010-08-13 12:53 5120 ------w- c:\windows\system32\xpsp4res.dll
2011-01-12 01:32 . 2011-01-12 01:32 -------- d-----w- C:\found.000
2011-01-12 01:03 . 2011-01-16 15:04 -------- d--h--w- c:\windows\$hf_mig$
2011-01-11 23:16 . 2010-06-18 13:36 3558912 ----a-w- c:\program files\Movie Maker\moviemk.exe
2011-01-11 23:16 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-01-11 21:40 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-11 21:40 . 2011-01-11 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-11 21:39 . 2011-01-11 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-11 21:39 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-11 20:20 . 2011-01-11 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-11 20:19 . 2011-01-11 20:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-11 19:54 . 2011-01-11 19:54 -------- d-----w- c:\program files\CCleaner
2011-01-11 19:47 . 2011-01-11 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2011-01-11 19:47 . 2010-11-03 21:57 38856 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-01-11 19:47 . 2010-11-03 21:55 25000 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-01-11 19:47 . 2010-11-03 21:55 29272 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-01-11 19:47 . 2010-11-03 21:52 202064 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-01-11 19:47 . 2011-01-16 15:10 -------- d-----w- c:\program files\Online Armor
2010-12-26 22:57 . 2010-12-26 23:06 -------- d-----w- c:\documents and settings\Administrator
2010-12-26 22:03 . 2010-12-26 22:32 -------- d-----w- c:\program files\PC Tools Security
2010-12-26 22:03 . 2010-12-26 22:32 -------- d-----w- c:\program files\Common Files\PC Tools
2010-12-26 21:54 . 2010-12-26 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-12-26 21:44 . 2010-12-26 22:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-26 20:32 . 2010-12-26 20:32 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-12-26 20:32 . 2010-12-26 21:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-26 20:32 . 2010-12-26 20:32 -------- d-----w- c:\program files\Symantec
2010-12-26 20:32 . 2010-12-26 20:32 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-25 23:01 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-25 23:01 . 2008-04-14 11:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-25 23:01 . 2008-04-14 06:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-25 23:01 . 2008-04-14 06:15 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-12-25 23:00 . 2011-01-11 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\fPhCc06305
2010-12-25 23:00 . 2010-12-25 23:00 -------- d-----w- c:\windows\Sun
2010-12-25 22:14 . 2010-02-04 20:32 259584 ----a-w- c:\windows\system32\bcdedit.exe
2010-12-25 22:14 . 2010-12-25 22:14 -------- d-----w- C:\Boot
2010-12-25 22:13 . 2008-04-15 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-12-25 22:13 . 2010-12-25 22:13 -------- d-----w- C:\WildTangent
2010-12-25 22:13 . 2010-12-25 22:13 -------- d-----w- C:\Users
2010-12-25 22:13 . 2010-12-25 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skyhook Wireless
2010-12-25 22:13 . 2010-12-25 22:13 -------- d-----w- c:\program files\DIFX
2010-12-25 22:13 . 2010-02-17 07:11 13568 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2010-12-25 22:12 . 2010-12-25 22:12 -------- d-----w- c:\program files\Skyhook Wireless
2010-12-25 22:11 . 2010-12-25 22:11 -------- d-----w- c:\program files\HP Webcam
2010-12-25 22:11 . 2010-03-10 03:17 217088 ----a-w- c:\windows\system32\ACamPropertyPage.dll
2010-12-25 22:11 . 2010-03-03 20:39 363904 ----a-w- c:\windows\system32\drivers\cam3820a.sys
2010-12-25 22:11 . 2010-03-02 21:51 212992 ----a-w- c:\windows\system32\cocam3820.dll
2010-12-25 22:11 . 2010-03-02 21:51 110592 ----a-w- c:\windows\system32\cam3820n.ax
2010-12-25 22:11 . 2010-03-01 15:54 1323296 ----a-w- c:\windows\system32\drivers\rt2860.sys
2010-12-25 22:11 . 2010-03-01 15:50 238880 ----a-w- c:\windows\system32\RaCoInst.dll
2010-12-25 22:11 . 2010-12-25 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Ralink Driver
2010-12-25 22:10 . 2011-01-13 03:22 -------- d-----w- c:\documents and settings\jocey
2010-12-25 22:08 . 2010-08-27 02:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-12-25 22:08 . 2010-08-27 04:54 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-12-25 22:08 . 2010-08-27 03:57 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-12-25 22:08 . 2010-08-27 02:34 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-12-25 22:08 . 2010-08-27 01:37 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\ApplicationHistory
2010-12-25 18:35 . 2008-04-14 06:15 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-12-25 18:19 . 2010-12-25 18:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-25 17:59 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-25 17:59 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-25 17:57 . 2010-12-25 17:57 -------- d-----w- c:\program files\iPod
2010-12-25 17:56 . 2010-12-25 17:59 -------- d-----w- c:\program files\iTunes
2010-12-25 17:56 . 2010-12-25 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-25 17:52 . 2010-12-25 17:55 -------- d-----w- c:\program files\QuickTime
2010-12-25 17:51 . 2010-12-25 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-12-25 17:51 . 2010-12-25 17:51 -------- d-----w- c:\program files\Apple Software Update
2010-12-25 17:50 . 2010-09-28 21:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-25 17:50 . 2010-09-28 21:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-25 17:49 . 2010-12-25 17:49 -------- d-----w- c:\program files\Bonjour
2010-12-25 17:48 . 2010-12-25 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-12-25 17:48 . 2010-12-25 17:57 -------- d-----w- c:\program files\Common Files\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2010-11-18 18:12 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2010-11-09 14:52 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-10-28 13:13 . 2010-10-28 13:13 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2010-10-26 13:25 1853312 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-12-25 1733]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Skyhook Wireless XPS Service"="c:\program files\Skyhook Wireless\XPS\xpscontrolpanel.exe" [2010-04-02 632136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-17 141336]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe" [2009-11-30 240472]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-17 173592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2010-11-03 2345000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2010-11-03 353992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\HP CloudDrive\\zumodrive.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Java(TM) Platform SE binary
"8182:TCP"= 8182:TCP:Java(TM) Platform SE binary
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [8/26/2010 10:26 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [8/26/2010 10:26 PM 15856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1100000.088\SymDS.sys [8/26/2010 8:49 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1100000.088\SymEFA.sys [8/26/2010 8:49 PM 169008]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [12/28/2009 12:17 AM 106096]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/23/2010 3:34 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1100000.088\ccHPx86.sys [8/26/2010 8:49 PM 501888]
R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [11/11/2009 2:09 PM 18136]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [1/11/2011 1:47 PM 202064]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [1/11/2011 1:47 PM 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [1/11/2011 1:47 PM 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [1/11/2011 1:47 PM 29272]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [8/26/2010 10:26 PM 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [1/12/2011 8:22 PM 116784]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 8:05 PM 457200]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2/4/2010 3:00 PM 211440]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [4/12/2010 8:37 PM 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [4/5/2010 12:12 PM 103992]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [8/26/2010 8:49 PM 126392]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [1/11/2011 1:47 PM 380784]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [1/11/2011 1:47 PM 3652696]
R2 xpssvc;Skyhook Wireless XPS Service;c:\program files\Skyhook Wireless\XPS\xpssvc.exe [4/1/2010 8:04 PM 699720]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/26/2010 9:06 PM 113664]
R3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [12/25/2010 4:11 PM 363904]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [8/26/2010 9:10 PM 227896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/12/2011 8:24 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110114.002\IDSXpx86.sys [1/15/2011 2:57 PM 341944]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [8/26/2010 9:08 PM 230944]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [12/25/2010 4:11 PM 1323296]
R3 XPSVCOM;XPSVCOM;c:\windows\system32\drivers\XPSVCOM.sys [2/4/2010 12:07 AM 12416]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2010-03-26 23:27 200769 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\QuickLaunch.exe
.
Contents of the 'Scheduled Tasks' folder
2010-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
2011-01-15 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2010-02-04 21:00]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-AESTFltr - c:\windows\system32\AESTFltr.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-16 09:53
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(504)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-01-16 10:04:28
ComboFix-quarantined-files.txt 2011-01-16 16:04
Pre-Run: 137,427,267,584 bytes free
Post-Run: 137,535,344,640 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 9AA66AC165750B17516075E855893A12
-
Please read here for more information about WildTangent (http://it.toolbox.com/blogs/enterprise-solutions/question-of-the-week-is-wildtanget-actually-spyware-6472). Your choice if you want to remove it or not.
If you choose to follow my advice, please follow these instructions.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs.
•WildTangent Web Driveror anything related to WildTangent.
******************************************************
Re-running ComboFix to remove infections:
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:
KillAll::
File::
C:\found.000
MBR::
- Save this as CFScript.txt, in the same location as ComboFix.exe
(http://img19.imageshack.us/img19/5660/cfscriptb4.gif)
- Referring to the picture above, drag CFScript into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt
- Please post the contents of the log in your next reply.
***********************************************
Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
- Click NO
- In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
- Now click the Scan button.
- Once the scan is complete, you may receive another notice about rootkit activity.
- Click OK.
- GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
- Save it where you can easily find it, such as your desktop.
-
Hi Super Dave,
I can't find anythig related to WildTangent in my programs so I didn't remove anything.
I ran Combo fix and GMER as instructed. Here are the logs:
ComboFix 11-01-15.01 - jocey 01/18/2011 21:52:04.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.534 [GMT -6:00]
Running from: c:\documents and settings\jocey\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jocey\Desktop\CFScript.txt
AV: Norton Internet Security Netbook Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security Netbook Edition *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
FILE ::
"C:\found.000"
.
((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))
.
2011-01-16 22:02 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-01-16 22:02 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-01-16 22:02 . 2008-04-14 06:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-01-16 22:02 . 2008-04-14 06:15 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-01-15 22:45 . 2011-01-15 22:45 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-01-15 20:56 . 2011-01-15 22:17 -------- d-----w- c:\windows\ie8updates
2011-01-15 20:50 . 2011-01-15 20:50 -------- d-----w- c:\program files\Trend Micro
2011-01-14 12:05 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-14 12:05 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-01-14 12:04 . 2010-09-18 06:53 954368 ----a-w- c:\windows\system32\mfc40.dll
2011-01-14 12:04 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-01-14 12:04 . 2010-09-18 06:53 953856 ----a-w- c:\windows\system32\mfc40u.dll
2011-01-14 12:04 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-14 12:04 . 2010-09-18 06:53 974848 ----a-w- c:\windows\system32\mfc42.dll
2011-01-14 12:04 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-01-14 12:04 . 2008-08-14 10:04 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-01-14 12:04 . 2008-08-14 10:04 138496 ------w- c:\windows\system32\dllcache\afd.sys
2011-01-14 12:04 . 2010-08-23 16:12 617472 ----a-w- c:\windows\system32\comctl32.dll
2011-01-14 12:04 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-01-14 11:59 . 2009-06-21 21:44 153088 ----a-w- c:\program files\Common Files\Microsoft Shared\Triedit\triedit.dll
2011-01-14 11:59 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-01-14 11:54 . 2009-12-09 05:53 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2011-01-14 11:52 . 2010-02-24 13:11 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-01-14 11:52 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-13 03:22 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-01-13 02:29 . 2010-11-06 00:26 5959168 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2011-01-13 02:29 . 2010-11-06 00:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-01-13 02:29 . 2010-11-06 00:26 11080704 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-01-13 02:29 . 2010-11-02 15:17 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2011-01-13 02:29 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-13 02:27 . 2010-04-27 13:59 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-01-13 02:27 . 2010-04-27 13:59 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-13 02:27 . 2010-04-28 02:25 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-13 02:27 . 2010-04-27 13:05 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-01-13 02:27 . 2010-04-27 13:05 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-13 02:27 . 2010-04-27 13:05 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-13 02:25 . 2008-05-08 14:02 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys
2011-01-13 02:25 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-01-13 02:25 . 2008-05-01 14:33 331776 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2011-01-13 02:25 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-01-13 02:22 . 2011-01-16 22:21 -------- d-----w- c:\windows\system32\drivers\NIS\1107000.00C
2011-01-13 02:21 . 2010-03-10 06:15 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-13 02:21 . 2010-03-10 06:15 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2011-01-13 02:19 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-01-13 02:18 . 2010-10-11 14:59 45568 ----a-w- c:\program files\Outlook Express\wab.exe
2011-01-13 02:18 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-01-13 02:18 . 2010-08-16 08:45 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2011-01-13 02:18 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-01-12 01:32 . 2011-01-12 01:32 -------- d-----w- C:\found.000
2011-01-12 01:03 . 2011-01-16 15:04 -------- d--h--w- c:\windows\$hf_mig$
2011-01-11 23:16 . 2010-06-18 13:36 3558912 ----a-w- c:\program files\Movie Maker\moviemk.exe
2011-01-11 23:16 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-01-11 21:40 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-11 21:40 . 2011-01-11 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-11 21:39 . 2011-01-11 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-11 21:39 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-11 20:20 . 2011-01-11 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-11 20:19 . 2011-01-11 20:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-11 19:54 . 2011-01-11 19:54 -------- d-----w- c:\program files\CCleaner
2011-01-11 19:47 . 2011-01-11 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2011-01-11 19:47 . 2010-11-03 21:57 38856 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-01-11 19:47 . 2010-11-03 21:55 25000 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-01-11 19:47 . 2010-11-03 21:55 29272 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-01-11 19:47 . 2010-11-03 21:52 202064 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-01-11 19:47 . 2011-01-19 03:40 -------- d-----w- c:\program files\Online Armor
2010-12-26 22:57 . 2010-12-26 23:06 -------- d-----w- c:\documents and settings\Administrator
2010-12-26 22:03 . 2010-12-26 22:32 -------- d-----w- c:\program files\PC Tools Security
2010-12-26 22:03 . 2010-12-26 22:32 -------- d-----w- c:\program files\Common Files\PC Tools
2010-12-26 21:54 . 2010-12-26 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-12-26 21:44 . 2010-12-26 22:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-26 20:32 . 2010-12-26 20:32 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-12-26 20:32 . 2010-12-26 21:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-26 20:32 . 2010-12-26 20:32 -------- d-----w- c:\program files\Symantec
2010-12-26 20:32 . 2010-12-26 20:32 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-25 23:01 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-25 23:01 . 2008-04-14 11:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-25 23:01 . 2008-04-14 06:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-25 23:01 . 2008-04-14 06:15 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-12-25 23:00 . 2011-01-11 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\fPhCc06305
2010-12-25 23:00 . 2010-12-25 23:00 -------- d-----w- c:\windows\Sun
2010-12-25 22:14 . 2010-02-04 20:32 259584 ----a-w- c:\windows\system32\bcdedit.exe
2010-12-25 22:14 . 2010-12-25 22:14 -------- d-----w- C:\Boot
2010-12-25 22:13 . 2008-04-15 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-12-25 22:13 . 2010-12-25 22:13 -------- d-----w- C:\WildTangent
2010-12-25 22:13 . 2010-12-25 22:13 -------- d-----w- C:\Users
2010-12-25 22:13 . 2010-12-25 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skyhook Wireless
2010-12-25 22:13 . 2010-12-25 22:13 -------- d-----w- c:\program files\DIFX
2010-12-25 22:13 . 2010-02-17 07:11 13568 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2010-12-25 22:12 . 2010-12-25 22:12 -------- d-----w- c:\program files\Skyhook Wireless
2010-12-25 22:11 . 2010-12-25 22:11 -------- d-----w- c:\program files\HP Webcam
2010-12-25 22:11 . 2010-03-10 03:17 217088 ----a-w- c:\windows\system32\ACamPropertyPage.dll
2010-12-25 22:11 . 2010-03-03 20:39 363904 ----a-w- c:\windows\system32\drivers\cam3820a.sys
2010-12-25 22:11 . 2010-03-02 21:51 212992 ----a-w- c:\windows\system32\cocam3820.dll
2010-12-25 22:11 . 2010-03-02 21:51 110592 ----a-w- c:\windows\system32\cam3820n.ax
2010-12-25 22:11 . 2010-03-01 15:54 1323296 ----a-w- c:\windows\system32\drivers\rt2860.sys
2010-12-25 22:11 . 2010-03-01 15:50 238880 ----a-w- c:\windows\system32\RaCoInst.dll
2010-12-25 22:11 . 2010-12-25 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Ralink Driver
2010-12-25 22:10 . 2011-01-13 03:22 -------- d-----w- c:\documents and settings\jocey
2010-12-25 22:08 . 2010-08-27 02:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-12-25 22:08 . 2010-08-27 04:54 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-12-25 22:08 . 2010-08-27 03:57 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-12-25 22:08 . 2010-08-27 02:34 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-12-25 22:08 . 2010-08-27 01:37 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\ApplicationHistory
2010-12-25 18:35 . 2008-04-14 06:15 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-12-25 18:19 . 2010-12-25 18:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-25 17:59 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-25 17:59 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-25 17:57 . 2010-12-25 17:57 -------- d-----w- c:\program files\iPod
2010-12-25 17:56 . 2010-12-25 17:59 -------- d-----w- c:\program files\iTunes
2010-12-25 17:56 . 2010-12-25 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-25 17:52 . 2010-12-25 17:55 -------- d-----w- c:\program files\QuickTime
2010-12-25 17:51 . 2010-12-25 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-12-25 17:51 . 2010-12-25 17:51 -------- d-----w- c:\program files\Apple Software Update
2010-12-25 17:50 . 2010-09-28 21:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-25 17:50 . 2010-09-28 21:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-25 17:49 . 2010-12-25 17:49 -------- d-----w- c:\program files\Bonjour
2010-12-25 17:48 . 2010-12-25 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-12-25 17:48 . 2010-12-25 17:57 -------- d-----w- c:\program files\Common Files\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2010-11-18 18:12 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2010-11-09 14:52 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-10-28 13:13 . 2010-10-28 13:13 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2010-10-26 13:25 1853312 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-01-16_15.54.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-19 04:10 . 2011-01-19 04:10 16384 c:\windows\temp\Perflib_Perfdata_700.dat
- 2008-04-15 12:00 . 2008-04-15 12:00 75776 c:\windows\system32\strmfilt.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
+ 2009-04-11 02:06 . 2011-01-19 04:12 69172 c:\windows\system32\perfc009.dat
- 2009-04-11 02:06 . 2011-01-15 22:33 69172 c:\windows\system32\perfc009.dat
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
- 2011-01-13 02:18 . 2010-08-13 12:53 5120 c:\windows\system32\xpsp4res.dll
+ 2010-08-26 12:52 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll
+ 2009-08-25 09:17 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
- 2009-04-11 02:06 . 2011-01-15 22:33 434966 c:\windows\system32\perfh009.dat
+ 2009-04-11 02:06 . 2011-01-19 04:12 434966 c:\windows\system32\perfh009.dat
+ 2010-06-09 07:43 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2010-08-26 13:39 . 2010-08-26 13:39 357248 c:\windows\system32\drivers\srv.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
+ 2009-08-25 09:17 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2010-08-26 13:39 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
+ 2010-06-09 07:43 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2011-01-16 16:20 . 2011-01-16 16:20 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2011-01-16 16:20 . 2011-01-16 16:20 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\97bd2a5d946aa3a824e4cfe5b6ef95aa\System.Messaging.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2011-01-16 16:20 . 2011-01-16 16:20 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2011-01-16 16:20 . 2011-01-16 16:20 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2011-01-16 16:20 . 2011-01-16 16:20 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2011-01-16 16:20 . 2011-01-16 16:20 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2011-01-16 16:17 . 2011-01-16 16:18 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-12-25 1733]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Skyhook Wireless XPS Service"="c:\program files\Skyhook Wireless\XPS\xpscontrolpanel.exe" [2010-04-02 632136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-17 141336]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe" [2009-11-30 240472]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-17 173592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2010-11-03 2345000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2010-11-03 353992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\HP CloudDrive\\zumodrive.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Java(TM) Platform SE binary
"8182:TCP"= 8182:TCP:Java(TM) Platform SE binary
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [8/26/2010 10:26 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [8/26/2010 10:26 PM 15856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [1/12/2011 8:22 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [1/12/2011 8:22 PM 173104]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [12/28/2009 12:17 AM 106096]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/23/2010 3:34 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [1/12/2011 8:22 PM 501888]
R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [11/11/2009 2:09 PM 18136]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [1/11/2011 1:47 PM 202064]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [1/11/2011 1:47 PM 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [1/11/2011 1:47 PM 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [1/11/2011 1:47 PM 29272]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [8/26/2010 10:26 PM 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [1/12/2011 8:22 PM 116784]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 8:05 PM 457200]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2/4/2010 3:00 PM 211440]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [4/12/2010 8:37 PM 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [4/5/2010 12:12 PM 103992]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [1/12/2011 8:22 PM 126392]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [1/11/2011 1:47 PM 380784]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [1/11/2011 1:47 PM 3652696]
R2 xpssvc;Skyhook Wireless XPS Service;c:\program files\Skyhook Wireless\XPS\xpssvc.exe [4/1/2010 8:04 PM 699720]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/26/2010 9:06 PM 113664]
R3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [12/25/2010 4:11 PM 363904]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [8/26/2010 9:10 PM 227896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/12/2011 8:24 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110114.002\IDSXpx86.sys [1/15/2011 2:57 PM 341944]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [8/26/2010 9:08 PM 230944]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [12/25/2010 4:11 PM 1323296]
R3 XPSVCOM;XPSVCOM;c:\windows\system32\drivers\XPSVCOM.sys [2/4/2010 12:07 AM 12416]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2010-03-26 23:27 200769 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\QuickLaunch.exe
.
Contents of the 'Scheduled Tasks' folder
2010-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
2011-01-19 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2010-02-04 21:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-18 22:11
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\SEP2.tmp 0 bytes
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(492)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2128)
c:\windows\system32\WININET.dll
c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\idt\wdm\STacSV.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Online Armor\OAhlp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
.
**************************************************************************
.
Completion time: 2011-01-18 22:24:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-19 04:24
ComboFix2.txt 2011-01-16 16:04
Pre-Run: 138,545,422,336 bytes free
Post-Run: 138,634,129,408 bytes free
- - End Of File - - CE4854CFD9A22F34F22F584A53EAA59C
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-19 06:13:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0001
Running: gmer.exe; Driver: C:\DOCUME~1\jocey\LOCALS~1\Temp\pxlcypow.sys
---- System - GMER 1.0.15 ----
SSDT 857EDB30 ZwAlertResumeThread
SSDT 85E8DA78 ZwAlertThread
SSDT 85821738 ZwAllocateVirtualMemory
SSDT 8619DE40 ZwAssignProcessToJobObject
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwConnectPort [0x9E6FB64C]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateFile [0x9E7021F8]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA2FC9210]
SSDT 851987B8 ZwCreateMutant
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreatePort [0x9E6FB46A]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateProcess [0x9E6FCDE4]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateProcessEx [0x9E6F9978]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateSection [0x9E6F94F2]
SSDT 8520A9B8 ZwCreateSymbolicLinkObject
SSDT 850B81A8 ZwCreateThread
SSDT 86168E40 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA2FC9490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA2FC99F0]
SSDT 85821910 ZwDuplicateObject
SSDT 857E5DB8 ZwFreeVirtualMemory
SSDT 851B1628 ZwImpersonateAnonymousToken
SSDT 85F771B8 ZwImpersonateThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwLoadDriver [0x9E6FC24C]
SSDT 8582E450 ZwMapViewOfSection
SSDT 851C7628 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwOpenFile [0x9E702554]
SSDT 852438B0 ZwOpenProcess
SSDT 85189630 ZwOpenProcessToken
SSDT 85242628 ZwOpenSection
SSDT 852437A0 ZwOpenThread
SSDT 8520E9B8 ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwQueueApcThread [0x9E6FC940]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRequestPort [0x9E6FBCB0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0x9E6FBF14]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRestoreKey [0x9E701FF0]
SSDT 85E85C70 ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSecureConnectPort [0x9E6FB86E]
SSDT 851E0630 ZwSetContextThread
SSDT 8582E238 ZwSetInformationProcess
SSDT 857A6C30 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA2FC9C40]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwShutdownSystem [0x9E6FC186]
SSDT 8521F628 ZwSuspendProcess
SSDT 85240630 ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSystemDebugControl [0x9E6FAE40]
SSDT 85180630 ZwTerminateProcess
SSDT 851E8630 ZwTerminateThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwUnloadDriver [0x9E6FC414]
SSDT 851BF630 ZwUnmapViewOfSection
SSDT 85062DC0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80504538 12 Bytes [6A, B4, 6F, 9E, E4, CD, 6F, ...] {PUSH -0x4c; OUTSD ; SAHF ; IN AL, 0xcd; OUTSD ; SAHF ; JS 0xffffffffffffffa3; OUTSD ; SAHF }
.text ntkrnlpa.exe!ZwCallbackReturn + 2E08 805046A4 4 Bytes JMP 683CCBC9
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [28, F6, 21, 85, 30, 06, 24, ...] {SUB DH, DH; AND [EBP-0x7adbf9d0], EAX; INC EAX; SCASB ; OUTSD ; SAHF }
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] ntdll.dll!NtCreateSymbolicLinkObject 7C90D19E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D1A2 2 Bytes [77, 71] {JA 0x73}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 71] {JZ 0x73}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AA0001
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71720F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!CloseHandle 7C809BE7 6 Bytes JMP 71960F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716F0F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!CreateFileW 7C810800 6 Bytes JMP 71990F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [89, 71]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 718D0F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [86, 71]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 717E0F5A
.tex
-
Please download TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
- Doubleclick TDSSKiller.exe to run the tool
- Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
- After the scan has finished, click the Close button
- Click the Report button and copy/paste the contents of it into your next reply
- Note:It will also create a log in the C:\ directory.
-
Hi Superdave!
I just want to tell you again how grateful I am for you and all the other experts here on Computerhope.com. I know beyond a shadow of a doubt that I would have ended up racking my brain and then trashing this laptop! So I am forever indebted! Is there anyway I can support computerhope.com?
I ran the TDSSKiller...here's the log:
2011/01/19 18:41:20.0765 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/19 18:41:20.0765 ================================================================================
2011/01/19 18:41:20.0765 SystemInfo:
2011/01/19 18:41:20.0765
2011/01/19 18:41:20.0765 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/19 18:41:20.0765 Product type: Workstation
2011/01/19 18:41:20.0765 ComputerName: JOCELYNN
2011/01/19 18:41:20.0765 UserName: jocey
2011/01/19 18:41:20.0765 Windows directory: C:\WINDOWS
2011/01/19 18:41:20.0765 System windows directory: C:\WINDOWS
2011/01/19 18:41:20.0765 Processor architecture: Intel x86
2011/01/19 18:41:20.0765 Number of processors: 2
2011/01/19 18:41:20.0765 Page size: 0x1000
2011/01/19 18:41:20.0765 Boot type: Normal boot
2011/01/19 18:41:20.0765 ================================================================================
2011/01/19 18:41:21.0203 Initialize success
2011/01/19 18:41:26.0203 ================================================================================
2011/01/19 18:41:26.0203 Scan started
2011/01/19 18:41:26.0203 Mode: Manual;
2011/01/19 18:41:26.0203 ================================================================================
2011/01/19 18:41:26.0796 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/19 18:41:26.0843 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/19 18:41:26.0875 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/19 18:41:26.0937 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/19 18:41:27.0000 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/19 18:41:27.0062 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
2011/01/19 18:41:27.0140 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/19 18:41:27.0187 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/19 18:41:27.0234 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/19 18:41:27.0281 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/19 18:41:27.0328 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/19 18:41:27.0375 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/19 18:41:27.0437 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/19 18:41:27.0468 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/19 18:41:27.0500 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/19 18:41:27.0546 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/19 18:41:27.0593 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/19 18:41:27.0640 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/19 18:41:27.0687 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/19 18:41:27.0781 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/19 18:41:27.0812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/19 18:41:27.0890 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/19 18:41:27.0953 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/19 18:41:28.0000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/19 18:41:28.0140 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
2011/01/19 18:41:28.0343 Cam3820 (d814dc013ca490bf696850c5281641fe) C:\WINDOWS\system32\Drivers\cam3820a.sys
2011/01/19 18:41:28.0437 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/19 18:41:28.0468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/19 18:41:28.0531 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/19 18:41:28.0640 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys
2011/01/19 18:41:28.0687 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/19 18:41:28.0734 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/19 18:41:28.0765 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/19 18:41:28.0828 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/19 18:41:28.0937 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/19 18:41:29.0000 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/19 18:41:29.0046 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/19 18:41:29.0125 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/19 18:41:29.0171 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/19 18:41:29.0203 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/19 18:41:29.0265 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/19 18:41:29.0343 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/19 18:41:29.0421 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/19 18:41:29.0468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/19 18:41:29.0578 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/19 18:41:29.0671 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/19 18:41:29.0765 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/19 18:41:29.0843 DVMIO (ff7a7a1e0f9a0ab892a454ffb9d14bbe) C:\WINDOWS\system32\DRIVERS\dvmio.sys
2011/01/19 18:41:30.0000 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/19 18:41:30.0046 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/01/19 18:41:30.0218 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/19 18:41:30.0296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/19 18:41:30.0343 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/19 18:41:30.0375 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/19 18:41:30.0421 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/19 18:41:30.0468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/19 18:41:30.0515 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/19 18:41:30.0578 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/19 18:41:30.0609 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/19 18:41:30.0671 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/19 18:41:30.0765 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/19 18:41:30.0828 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/19 18:41:30.0875 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2011/01/19 18:41:30.0968 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/19 18:41:31.0015 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/19 18:41:31.0062 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/19 18:41:31.0125 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/19 18:41:31.0250 ialm (0e501525f2b67aa17fe143d7c5e6a649) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/01/19 18:41:31.0343 iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/01/19 18:41:31.0515 IDSxpx86 (0308238c582a55d83d34feee39542793) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110114.002\IDSxpx86.sys
2011/01/19 18:41:31.0640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/19 18:41:31.0734 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/19 18:41:31.0796 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/19 18:41:31.0843 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/19 18:41:31.0875 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/19 18:41:31.0937 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/19 18:41:31.0968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/19 18:41:32.0031 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/19 18:41:32.0109 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/19 18:41:32.0171 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/19 18:41:32.0250 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/19 18:41:32.0312 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/19 18:41:32.0390 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/19 18:41:32.0484 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/19 18:41:32.0625 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/19 18:41:32.0687 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/19 18:41:32.0734 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/19 18:41:32.0812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/19 18:41:32.0875 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/19 18:41:32.0921 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/19 18:41:32.0984 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/19 18:41:33.0046 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/19 18:41:33.0125 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/19 18:41:33.0203 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/19 18:41:33.0265 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/19 18:41:33.0296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/19 18:41:33.0375 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/19 18:41:33.0437 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/19 18:41:33.0484 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/19 18:41:33.0531 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/19 18:41:33.0640 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110116.003\NAVENG.SYS
2011/01/19 18:41:33.0734 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110116.003\NAVEX15.SYS
2011/01/19 18:41:33.0890 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/19 18:41:33.0968 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/19 18:41:34.0015 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/19 18:41:34.0046 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/19 18:41:34.0078 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/19 18:41:34.0125 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/19 18:41:34.0171 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/19 18:41:34.0234 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/19 18:41:34.0343 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/19 18:41:34.0390 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/19 18:41:34.0468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/19 18:41:34.0515 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/19 18:41:34.0546 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/19 18:41:34.0609 OADevice (422cf292a3fd758418c5b79405c93331) C:\WINDOWS\system32\drivers\OADriver.sys
2011/01/19 18:41:34.0656 oahlpXX (4b21bc5a58c9a62e9c26ef7f337dca0c) C:\WINDOWS\system32\drivers\oahlp32.sys
2011/01/19 18:41:34.0703 OAmon (6243e6db6399a95fd401090fc0d0c3ab) C:\WINDOWS\system32\drivers\OAmon.sys
2011/01/19 18:41:34.0734 OAnet (f87647d8e994032ee9a50f8a3a144671) C:\WINDOWS\system32\drivers\OAnet.sys
2011/01/19 18:41:34.0812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/19 18:41:34.0859 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/19 18:41:34.0890 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/19 18:41:34.0953 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/19 18:41:35.0031 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/19 18:41:35.0078 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/19 18:41:35.0250 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/19 18:41:35.0265 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/19 18:41:35.0406 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/19 18:41:35.0453 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/19 18:41:35.0515 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/19 18:41:35.0546 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/19 18:41:35.0593 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/19 18:41:35.0625 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/19 18:41:35.0671 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/19 18:41:35.0703 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/19 18:41:35.0750 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/19 18:41:35.0796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/19 18:41:35.0843 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/19 18:41:35.0875 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/19 18:41:35.0968 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/19 18:41:36.0000 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/19 18:41:36.0062 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/19 18:41:36.0109 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/19 18:41:36.0171 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/19 18:41:36.0281 RSPCIESTOR (2ad7b2b3d7a10ae3d534877d543eed74) C:\WINDOWS\system32\DRIVERS\RtsPStor.sys
2011/01/19 18:41:36.0406 RT80x86 (ff2832e18a9e8d58c0a74e4fdd6589f9) C:\WINDOWS\system32\DRIVERS\RT2860.sys
2011/01/19 18:41:36.0484 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/01/19 18:41:36.0546 RTLE8023xp (c8bb947520bc4116882bd9f70d8b512f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/01/19 18:41:36.0609 SahdIa32 (0b2d5d2341437d7d7e1a6c7bbce3786a) C:\WINDOWS\system32\Drivers\SahdIa32.sys
2011/01/19 18:41:36.0625 SaibIa32 (7a5f65b16249af2bc9d18d815f5d7172) C:\WINDOWS\system32\Drivers\SaibIa32.sys
2011/01/19 18:41:36.0718 SaibVd32 (e333c9515822de586a3ff759a0c9b7bf) C:\WINDOWS\system32\Drivers\SaibVd32.sys
2011/01/19 18:41:36.0812 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/19 18:41:36.0843 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/01/19 18:41:36.0953 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/19 18:41:37.0000 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/19 18:41:37.0078 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/19 18:41:37.0187 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/19 18:41:37.0250 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/19 18:41:37.0281 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/19 18:41:37.0343 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/19 18:41:37.0390 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/19 18:41:37.0500 SRTSP (00f20cf8956b22c392aaae949d84c3e8) C:\WINDOWS\system32\drivers\NIS\1100000.088\SRTSP.SYS
2011/01/19 18:41:37.0578 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS
2011/01/19 18:41:37.0640 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/19 18:41:37.0781 STHDA (a71f9a0db6904a998988c5316e3ff90a) C:\WINDOWS\system32\drivers\sthda.sys
2011/01/19 18:41:37.0906 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/19 18:41:38.0015 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/19 18:41:38.0140 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/19 18:41:38.0203 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/19 18:41:38.0234 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/19 18:41:38.0328 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS
2011/01/19 18:41:38.0390 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS
2011/01/19 18:41:38.0468 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/01/19 18:41:38.0500 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS
2011/01/19 18:41:38.0578 SYMTDI (6baf78bdd3fe4437085ea45cda625f2d) C:\WINDOWS\system32\drivers\NIS\1100000.088\SYMTDI.SYS
2011/01/19 18:41:38.0656 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/19 18:41:38.0671 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/19 18:41:38.0734 SynTP (60900234ec482627a33081a453c63776) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/01/19 18:41:38.0796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/19 18:41:38.0875 SysCow (e26c320c315174f79ff314e7db64210c) C:\WINDOWS\system32\drivers\syscow32x.sys
2011/01/19 18:41:38.0968 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/19 18:41:39.0062 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/19 18:41:39.0109 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/19 18:41:39.0171 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/19 18:41:39.0250 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/19 18:41:39.0312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/19 18:41:39.0343 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/19 18:41:39.0390 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/19 18:41:39.0484 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/19 18:41:39.0531 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/19 18:41:39.0578 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/19 18:41:39.0625 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/19 18:41:39.0687 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/19 18:41:39.0734 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/19 18:41:39.0796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/19 18:41:39.0859 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/01/19 18:41:39.0921 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/19 18:41:39.0984 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/19 18:41:40.0031 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/19 18:41:40.0046 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/19 18:41:40.0125 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/19 18:41:40.0203 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/01/19 18:41:40.0281 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/19 18:41:40.0421 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/01/19 18:41:40.0515 Wpsnuio (9dfc61a363467c29f0ebe87af5a67060) C:\WINDOWS\system32\DRIVERS\wpsnuio.sys
2011/01/19 18:41:40.0593 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/19 18:41:40.0671 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/19 18:41:40.0718 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/19 18:41:40.0828 XPSVCOM (c264a100552e409949ac249b8845a7ea) C:\WINDOWS\system32\DRIVERS\XPSVCOM.sys
2011/01/19 18:41:40.0921 ================================================================================
2011/01/19 18:41:40.0921 Scan finished
2011/01/19 18:41:40.0921 ================================================================================
-
Is there anyway I can support computerhope.com?
A simple thank you and recommend us to your friends is all that is necessary.
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png) button.
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Hi Superdave,
I tried running ESET onnline but I got an error that says" Can not get update. Is proxy configured?"
Thanx!
gina
-
Ok. Let's try this:
Remove the Proxy setting in Internet Explorer and/or in FireFox.
In Internet Explorer
- Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously
In Firefox
- Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
- Click the apply button and restart that computer in normal mode.
Now please try running the ESET scan again.
-
Ok. Let's try this:
Remove the Proxy setting in Internet Explorer and/or in FireFox.
In Internet Explorer
- Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously
In Firefox
- Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
- Click the apply button and restart that computer in normal mode.
Now please try running the ESET scan again.
Hi Super Dave!
I checked but ...the "use a proxy server..." wasn't selected in my LAN settings. I also noticed that Windows Firewall somehow had turned itself back on so I turned it off. But I am still getting the same message from EST.
Thanx!
Gina
-
Ok. Let's try this one.
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply along with a fresh HijackThis log.
-
This keeps getting better and better! :'(
I tried the Kaspersky online scan which gave me an error that it requires Java Framework version 1.5 or later. I got redirected to the Java site (in my earlier posts I mentioned that I was unable to update my Java version) where I tried to download Java(apparently I don't have it anymore?) To which I encountered another error which says: " The installer can not proceed with the current Internet Connection settings. Please visit the following web page for more information" with a link to the Java help page but no specific reason or settings that may be interferring with the download. ???
I really must thank you again...If this sux so bad for me I can't believe what you go thru helping so many people! :-*
gina
-
Ok Gina. What browser are you using?
Run the F-Secure Online Scanner for Viruses, Spyware and Rootkits. (http://support.f-secure.com/enu/home/ols.shtml)
Note: This Scanner is for Internet Explorer Only!
•Click on Online Services and then Online Scanner
•Accept the License Agreement.
•Once the ActiveX installs,Click Full System Scan
•Once the download completes,the scan will begin automatically.
•The scan will take some time to finish,so please be patient.
•When the scan completes, click the Automatic cleaning (recommended) button.
•Click the Show Report button and Copy&Paste the entire report in your next reply.
-
Ok Gina. What browser are you using?
Run the F-Secure Online Scanner for Viruses, Spyware and Rootkits. (http://support.f-secure.com/enu/home/ols.shtml)
Note: This Scanner is for Internet Explorer Only!
•Click on Online Services and then Online Scanner
•Accept the License Agreement.
•Once the ActiveX installs,Click Full System Scan
•Once the download completes,the scan will begin automatically.
•The scan will take some time to finish,so please be patient.
•When the scan completes, click the Automatic cleaning (recommended) button.
•Click the Show Report button and Copy&Paste the entire report in your next reply.
Hi SuperDave,
I have IE 8 as my browser. But I hit another wall when trying to use the F-Secure Online Scanner. As soon as I clicked the link a box o the site said" The latest version of Java is required to run F-Secure Online Scanner. You can download it from http://java.sun.com."
Previouly when I tried to uninstall it I got an error that said "Internal Error 2753.RegUtils." I did some research on that and found a blog that says people have successfully corrected this with something called Microsoft Installer Clean Up Utility. Do you think it would be safe to try that to fix the Java situation?
And you know what else...I think Java was corrupted by that Malware program...when I tried to open it manually it gives me this notice" The system can not find the registry key specified: HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_18. I think this got quarantined and deleted in one of the previous scans.
Thanx again for all you do! I really appreciate it! :D
gina
-
Previouly when I tried to uninstall it I got an error that said "Internal Error 2753.RegUtils." I did some research on that and found a blog that says people have successfully corrected this with something called Microsoft Installer Clean Up Utility. Do you think it would be safe to try that to fix the Java situation?
The Microsoft Installer Clean Up Utility has been removed from the MS site because it was causing problems with other programs.
Please try this:
Download Revo Uninstaller (http://majorgeeks.com/Revo_Uninstaller_d5706.html)
* Open Revo and let the list populate (can take several seconds to finish).
* Right click what you want to uninstall and choose Uninstall
* Next choose Advanced then click Next
* This will (try to) launch the programs built in uninstaller and go through the normal uninstall process.
* If the uninstaller fails just continue on with the Revo instructions.
* Once complete: In Revo Uninstaller click Next and Revo will scan the registry for leftovers.
* This scan can take several seconds.
* Once the results are shown look at each one to ensure they are all related to the program that was uninstalled.
* Choose Select All then click Delete
* Click Next and Revo will scan for any files or folders that were not removed.
* If any files/folders are found choose Select all > Delete
Once Java is uninstalled, download and install the new one and try running the ESET scan.
-
Hi Superdave,
I think by now we can assume that JAVA HATES ME! I uninstalled the old version completely with the Revo tool. But when I tried to reinstall the online version I got the same "internet options" error. So I downloaded the offline version and installed successfully. But when it ran the verify check I failed!It doesn't give me a specific reason but I did all the checks (all with IE)and everything is set correctly. I even uninstalled and reinstalled it and got the same thing. Java is enabled under everything I could find in my internet options and I verified the add ons are in there too.
Grrrrr...
gina
PS. I might have to buy you lunch when this is all overwith! Thanx so much for your help!
-
Could you please run Security Check again as outlined in Reply # 5 and post the log?
-
Hi SuperDave! Am I getting on your nerves yet? This thing sure is getting on mine! Thank you again for being so patient and kind in helping me with my computer issues. Here is my security check log:
Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Online Armor 4.5
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Adobe Flash Player
Adobe Reader 9.4.1 MUI
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Tall Emu Online Armor OAcat.exe
``````````End of Log````````````
-
Hi SuperDave! Am I getting on your nerves yet? This thing sure is getting on mine! Thank you again for being so patient and kind in helping me with my computer issues.
Not at all. I'm enjoying myself. As you can see from the log, Java 23 was installed. Now let's try to run the ESET scan outlined in Reply # 18
-
Well I'm glad YOUR enjoying yourself! lol I'm learning alot myself. Thank you as always for your time!
I tried to run the ESET scan but I got the same error: "Can't get updates...Is proxy configured?"
gina
-
Gina, can you please check the proxy settings?
-
Hey SuperDave! Ajm I having dejevu' or didn't we already do this before? "Use a proxy server...." is not selected in my LAN settings. What now?
Thanx!
gina
-
Hi Gina. Sorry for being so late in getting back to you. Yes, we did the proxy thing but I thought it would be good to check it again. Could you please download and install FireFox here (http://www.mozilla.com/en-US/firefox/security/)and see if you're still having problems?
-
Please don't apologize SuperDave! I know this isn't your job...if it was then I might be a tad upset but it's all good. Thanx for all you have done and continue to help me with!!
I installed Firefox but it can't even connect to the net. I'm lost!?
gina
-
Ok. Let's try to see if the signal is going through.
Please run Notepad (start > All Programs > Accessories >
Notepad) and copy and paste the text in the code box into a new file:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
•Go to the File menu at the top of the Notepad and select Save as.
•Select save in: desktop
•Fill in File name: test.bat
•Save as type: All file types (*.*)
•Click save.
•Close the Notepad.
•Locate and double-click test.bat on the desktop.
•A notepad opens, copy and paste the content it (log1.txt) to your reply.
-
Hi SuperDave...Sorry for the delay...but I am getting a little tired of working on this machine,lol.
I did as instructed created and ran the test.bat file. Here is the log:
Windows IP Configuration
Host Name . . . . . . . . . . . . : Jocelynn
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : 00-1B-B1-46-12-1F
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.67
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
Lease Obtained. . . . . . . . . . : Monday, January 31, 2011 7:22:18 PM
Lease Expires . . . . . . . . . . : Tuesday, February 01, 2011 7:22:18 PM
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-21-CC-57-A1-87
Server: home
Address: 192.168.1.254
Name: google.com
Addresses: 74.125.95.99, 74.125.95.104, 74.125.95.106, 74.125.95.103
74.125.95.147, 74.125.95.105
Server: home
Address: 192.168.1.254
Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65
Pinging google.com [74.125.95.104] with 32 bytes of data:
Reply from 74.125.95.104: bytes=32 time=23ms TTL=52
Reply from 74.125.95.104: bytes=32 time=22ms TTL=54
Ping statistics for 74.125.95.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 23ms, Average = 22ms
Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=70ms TTL=49
Reply from 67.195.160.76: bytes=32 time=59ms TTL=49
Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 59ms, Maximum = 70ms, Average = 64ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 1b b1 46 12 1f ...... 802.11n Wireless LAN Card
0x10004 ...00 21 cc 57 a1 87 ...... Realtek PCIe FE Family Controller
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.67 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.67 192.168.1.67 20
192.168.1.0 255.255.255.0 192.168.1.67 192.168.1.67 20
192.168.1.67 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.67 192.168.1.67 20
224.0.0.0 240.0.0.0 192.168.1.67 192.168.1.67 20
255.255.255.255 255.255.255.255 192.168.1.67 10004 1
255.255.255.255 255.255.255.255 192.168.1.67 192.168.1.67 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
-
Don't give up. We'll beat this thing yet.
Reset Explorer Settings IE (http://blogs.msdn.com/ie/archive/2006/06/12/628499.aspx)
-
Don't give up. We'll beat this thing yet.
Reset Explorer Settings IE (http://blogs.msdn.com/ie/archive/2006/06/12/628499.aspx)
Thanx SuperDave for your inspiration! I'm not giving up...It's a vendetta now,lol.
I reset IE but still getting the error on the Java site when I tested my version.
Thanx!
gina
-
What kind of error on the java site?
-
What kind of error on the java site?
It doesn't tell me the error. It says "Error: click for details " but when I click it it just takes me to the page with the most common errors.
I really feel like if we could figure out what the "internet connection settings" are preventing me from dowloading/instaling the online version we would have this thing licked!
But I have checked everything. I have even tried installing it without running the add-ons in IE. I made the internet settings to mirror my other computer that runs Java without a hitch and that didn't work. I also tried using a hard connection to the internet and that didn't work. I'm out of ideas.
I bet it's some button somewhere thats ticked that shouldn't be ...or vice versa...I just don't know which one. lol
Thanx for your assistance Super Dave!
gina
-
I really feel like if we could figure out what the "internet connection settings" are preventing me from dowloading/instaling the online version we would have this thing licked!
We have already download and installed the latest version of java. Why are you going back to their website?
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Adobe Flash Player
Adobe Reader 9.4.1 MUI
-
We have already download and installed the latest version of java. Why are you going back to their website?
Because it tells you to do that to "test your installation" . I also went to a web page that I knows uses appletts and it didn't work.
Thanx SuperDave!
gina
-
Can you please run the ESET scan as described in Reply # 18 and post the log?
-
Can you please run the ESET scan as described in Reply # 18 and post the log?
I think your forgetting Dave...ESET won't run either...that's how I got into this mess. It keeps asking me about a proxy...see reply #31.
gina
-
I think your forgetting Dave...ESET won't run either...that's how I got into this mess. It keeps asking me about a proxy...see reply #31.
No. I didn't forget. I was wondering if it was fixed yet. Could you please try running the F-Secure online scanner as described in Reply # 24 to see if that will work?
-
No. I didn't forget. I was wondering if it was fixed yet. Could you please try running the F-Secure online scanner as described in Reply # 24 to see if that will work?
How long does the F-Secure scan take? I don't know if it's working. There is just this circle going round and round...Is that normal?
Thanx!
gina
-
It's been almost 24 hrs. since you posted. If it won't run, please try the Kaspersky scan in Reply # 22
-
It's been almost 24 hrs. since you posted. If it won't run, please try the Kaspersky scan in Reply # 22
Yeah ..it didn't work..it got hung up on the java check/activex...running Kaspersky now.
Thanx SuperDave...your awesome!
gina
-
No go SuperDave...After Kaspersky checked my system it came back with " Kasersky Online Scanner 7.0 download and operation require Java framework version 1.5 or later."
It's like Java is there...but it's not. Grrrrr...
I premptively ran security check again...just in case you ask to prove Java is installed. lol
Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
Online Armor 4.5
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Adobe Flash Player
Adobe Reader 9.4.1 MUI
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Tall Emu Online Armor OAcat.exe
``````````End of Log````````````
Are you sure I'm not getting on your nerves yet? ;D
gina
PS. I swore I updated Adobe already.
-
Ok...good news and bad news...
Good News: I fixed Java! Score one for the newbie!! It was the "enable next gen plugin" stopping Java from working.
Bad news: 1. I did this after I tried running Kaspersy again because system requirements include a working Java RE. It was about 5000kbs from updating the data base and it stalled out and gave me some error about intermittent internet connection. I have not been able to run again. I keep getting the same error.
2. ESET keeps telling me "is proxy configured?"
3. F-Secure online scanner needed a working Java RE (that's why the circle just kept spinning) It passed the check but the window that opened, presumably to run the scan , said "web page not found!!??
4. I did update Adobe..but from 8 to 9. Tried to update to X and I got an error about proxy settings!!
Oh and I also did these things:
Uninstalled Norton Internet Security for Netbooks (piece of junk!) and installed Avast.(I love this product!!) Ran a full system scan..came back clean. Found a worm on my memory stick and blasted it off there (maybe the offending culprit that brought us together!)
Unistalled Online Armor...I found out that my router has an installed firewall and thought that maybe the 2 were conflicting. I will reinstall if you suggest it.
As you can see I have been very busy!! :P But i have learned a ton and for that I am grateful this mess happened!
Just need to know how we can get this little netbook a clean bill of health?! Any other tools we can use for a scan?
I am so grateful for your help SuperDave!!! I never would have gotten this far without you!
gina
-
Did you ever have any luck getting Firefox to run? Please try this:
Run the BitDefender Online Scanner. (http://redirectingat.com/?id=1117X507075&url=http%3A%2F%2Fwww.bitdefender.com%2Fscan8%)
Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.
Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.
When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.
This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.
If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.
Post the bdscan.txt file as an Attachment.
-
Hey SuperDave...I have more good news!! After I uninstalled Norton and downloaded Avast I went back and ran ESET..and guess what?? IT WORKED!!! It just got done and there were NO THREATS DETECTED!!
Is that a clean bill of health?
Thanx! gina
-
Is that a clean bill of health?
Hi Gina. That is really good news. Let's do some cleanup
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i582.photobucket.com/albums/ss269/Cat_Byte/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
***********************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Hi Gina. That is really good news. Let's do some cleanup
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i582.photobucket.com/albums/ss269/Cat_Byte/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
***********************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Almost there aren't we SuperDave?! I'm so excited!!
I did everything except the Spyware stuff because I have a question. Am I supposed to install both or just one of the reccommended products?
Thanx!
gina
-
Please do not hijack someone else's thread. If you need help, please go to this link (http://www.computerhope.com/forum/index.php/topic,46313.0.html) and follow the directions and post the required logs. Please post your logs in this link. (http://www.computerhope.com/forum/index.php?board=53.0)
-
I did everything except the Spyware stuff because I have a question. Am I supposed to install both or just one of the reccommended products?
It wouldn't hurt to have them, if you have the space.
-
It wouldn't hurt to have them, if you have the space.
Ok I got the Spybot...what now?
PS.Thanx for protecting my thread! :-*
gina
-
Ok I got the Spybot...what now?
That's it. You can keep SAS and MBAM on your computer, if you wish. Update them and run them on a regular basis. Good Luck! ;D
-
That's it. You can keep SAS and MBAM on your computer, if you wish. Update them and run them on a regular basis. Good Luck! ;D
Really?? Seriously???...You're not messing with me right? lol
Well let me just say again...THANK YOU SuperDave from the bottom of my heart!!! I don't know what I would have done without this great website and all the wonderful people here donating their time!
Your the best!
gina
-
You're not messing with me right? lol
Gina, I wouldn't mess with you with something as important as your computer.
THANK YOU SuperDave from the bottom of my heart!!!
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.