Author Topic: Help with System Tools virus (Read 36623 times)

hazel312001a · « **on:** January 12, 2011, 06:08:18 PM »

First of all let me say Thank you to all of you who donate your time and talents to this site to help the less computer literate in the world! (Like myself)

My issue: The day after Christmas my daughter reported a strange occurrence on her brand new Compaq Netbook Computer CQ10-405DX Intel Atom Windows XP SP3 machine. I knew right away it was a fake program an deeply rooted to be able to block applications and change the background.

I reviewed this site and proceeded as instructed on http://www.computerhope.com/forum/index.php/topic,46313.0.html. However, I ran into trouble on Step 5 :Update Your Java (JRE). Since I was unable to access the internet in Normal mode I used safe mode with networking to do the first 4 steps. But when I got to the Java update the system told me I didn't have the correct permissions.

I started in normal mode and tried to update my Java version but now it is giving me an install error. So I stopped since the instructions said to do the steps in order. Any ideas on how I can get the Java updated and proceed?

Thanx again for all you do!

Gina

geek hoodlum · « **Reply #1 on:** January 12, 2011, 06:21:57 PM »

Hi,

How is your computer running after you did steps 1-4? Can you please post here all the logs so that our experts may analyze and help you.

In updating your Java, can you please try this and see what will happen:
Go to Control Panel > Java Plug-in > Update tab > click Update Now
Then click Java Update in your system tray > click Download > click again Java Update in your system tray > click Install

[recovering disk space - old attachment deleted by admin]

hazel312001a · « **Reply #2 on:** January 12, 2011, 07:30:18 PM »

Quote from: geek hoodlum on January 12, 2011, 06:21:57 PM

Hi,

How is your computer running after you did steps 1-4? Can you please post here all the logs so that our experts may analyze and help you.

In updating your Java, can you please try this and see what will happen:
Go to Control Panel > Java Plug-in > Update tab > click Update Now
Then click Java Update in your system tray > click Download > click again Java Update in your system tray > click Install

My computer is running better but really slow. The "System Tools" icon and take over has stopped and I can now work in Normal mode.

I tried what you said about Java but I got this error:
The system can not find the registry key specified:
HKEY_LOCAL_MACHINE\SOFTWARE\Javasoft\Java Runtime Environment\1.6.0_18

Here are the logs from Mbam and SAS

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5505

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

1/11/2011 3:45:32 PM
mbam-log-2011-01-11 (15-45-32).txt

Scan type: Quick scan
Objects scanned: 148861
Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSN Messanger (Worm.AutoRun) -> Value: MSN Messanger -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\System.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\jocey\Desktop\system tool 2011.lnk (Rogue.SystemTool) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/11/2011 at 03:21 PM

Application Version : 4.47.1000

Core Rules Database Version : 6175
Trace Rules Database Version: 3987

Scan type : Complete Scan
Total Scan Time : 00:56:13

Memory items scanned : 284
Memory threats detected : 0
Registry items scanned : 6467
Registry threats detected : 1
File items scanned : 66725
File threats detected : 8

Trojan.Agent/Gen-FakeSoft
   [fPhCc06305] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\FPHCC06305\FPHCC06305.EXE
   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\FPHCC06305\FPHCC06305.EXE

Adware.Tracking Cookie
   C:\Documents and Settings\jocey\Cookies\jocey@atdmt[2].txt
   C:\Documents and Settings\jocey\Cookies\[email protected][2].txt
   C:\Documents and Settings\jocey\Cookies\jocey@doubleclick[1].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt

Thanx for your help!

geek hoodlum · « **Reply #3 on:** January 12, 2011, 08:10:49 PM »

It seems we did already what we know to update your Java, but failed.

Let's wait for any CH experts before proceeding Step 6.

Btw, you may do personal testing again while waiting for advise. You may repeat Steps 2-4, but this time, just save the logs on your desktop, you'll need it if necessary.

harry 48 · « **Reply #4 on:** January 13, 2011, 05:33:55 AM »

please proceed with step 6 an expert needs that log , dont do steps 2 to 4 one day after posting them

SuperDave · « **Reply #5 on:** January 13, 2011, 08:49:00 AM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

hazel312001a · « **Reply #6 on:** January 14, 2011, 05:16:49 AM »

Per your instructions my captain:

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Online Armor 4.5
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 18
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.3 MUI
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Tall Emu Online Armor OAcat.exe
Tall Emu Online Armor oasrv.exe
Tall Emu Online Armor oaui.exe
Tall Emu Online Armor OAhlp.exe
``````````End of Log````````````

DDS (Ver_10-12-12.02) - NTFSx86
Run by jocey at 6:08:01.39 on Fri 01/14/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.336 [GMT -6:00]

AV: Norton Internet Security Netbook Edition *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Online Armor Firewall *Enabled*
FW: Norton Internet Security Netbook Edition *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\SWSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skyhook Wireless\XPS\xpscontrolpanel.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Roxio\BackOnTrack\Main\Backup_Central10.exe
C:\Documents and Settings\jocey\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com/sphome.aspx?mkt={SUB_RFC1766}
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.bing.com/sphome.aspx?mkt={SUB_RFC1766}
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.0.0.136\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0369.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0369.0\npwinext.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [ZumoDrive] "c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Skyhook Wireless XPS Service] c:\program files\skyhook wireless\xps\xpscontrolpanel.exe --no-info
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0369.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpmedi~1.lnk - c:\program files\hewlett-packard\hp media suite\home\ArcStart.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll
mASetup: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - c:\program files\hewlett-packard\hp media suite\home\quicklaunch.exe "c:\program files\hewlett-packard\hp media suite\home\HPMediaSuite.lnk" 2

============= SERVICES / DRIVERS ===============

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2010-8-26 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2010-8-26 15856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1100000.088\SymDS.sys [2010-8-26 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1100000.088\SymEFA.sys [2010-8-26 169008]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [2009-12-28 106096]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1100000.088\ccHPx86.sys [2010-8-26 501888]
R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [2009-11-11 18136]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-1-11 202064]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-1-11 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-1-11 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2011-1-11 29272]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2010-8-26 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1100000.088\Ironx86.sys [2010-8-26 114736]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
R2 BOTService;BOTService;c:\program files\roxio\backontrack\instant restore\BOTService.exe [2010-2-4 211440]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\quickweb\qw.sys\config\DVMExportService.exe [2010-4-12 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-4-5 103992]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.0.0.136\ccSvcHst.exe [2010-8-26 126392]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2011-1-11 380784]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2011-1-11 3652696]
R2 xpssvc;Skyhook Wireless XPS Service;c:\program files\skyhook wireless\xps\xpssvc.exe [2010-4-1 699720]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-8-26 113664]
R3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [2010-12-25 363904]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-8-26 227896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-1-12 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20110113.001\IDSXpx86.sys [2011-1-14 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20110113.036\NAVENG.SYS [2011-1-14 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20110113.036\NAVEX15.SYS [2011-1-14 1360760]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2010-8-26 230944]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2010-12-25 1323296]
R3 XPSVCOM;XPSVCOM;c:\windows\system32\drivers\XPSVCOM.sys [2010-2-4 12416]

=============== Created Last 30 ================

2011-01-13 03:22:12   471552   ------w-   c:\windows\system32\dllcache\aclayers.dll
2011-01-13 02:22:57   339504   ----a-w-   c:\windows\system32\drivers\nis\1107000.00c\symtdiv.sys
2011-01-13 02:22:56   43696   ----a-w-   c:\windows\system32\drivers\nis\1107000.00c\srtspx.sys
2011-01-13 02:22:56   361904   ----a-w-   c:\windows\system32\drivers\nis\1107000.00c\symtdi.sys
2011-01-13 02:22:56   328752   ----a-r-   c:\windows\system32\drivers\nis\1107000.00c\symds.sys
2011-01-13 02:22:56   173104   ----a-w-   c:\windows\system32\drivers\nis\1107000.00c\symefa.sys
2011-01-13 02:22:55   501888   ----a-w-   c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys
2011-01-13 02:22:55   325680   ----a-w-   c:\windows\system32\drivers\nis\1107000.00c\srtsp.sys
2011-01-13 02:22:55   116784   ----a-w-   c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys
2011-01-13 02:22:18   --------   d-----w-   c:\windows\system32\drivers\nis\1107000.00C
2011-01-12 01:32:43   --------   d-sh--w-   C:\found.000
2011-01-12 01:03:10   --------   d-----w-   c:\windows\system32\PreInstall
2011-01-12 01:03:07   --------   d--h--w-   c:\windows\$hf_mig$
2011-01-11 23:16:50   3558912   ----a-w-   c:\program files\movie maker\moviemk.exe
2011-01-11 23:16:50   3558912   ------w-   c:\windows\system32\dllcache\moviemk.exe
2011-01-11 21:40:09   --------   d-----w-   c:\docume~1\jocey\applic~1\Malwarebytes
2011-01-11 21:40:04   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-11 21:40:02   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-11 21:39:59   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-01-11 21:39:59   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-01-11 20:20:03   --------   d-----w-   c:\docume~1\jocey\applic~1\SUPERAntiSpyware.com
2011-01-11 20:20:03   --------   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-11 20:19:50   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-01-11 19:54:54   --------   d-----w-   c:\program files\CCleaner
2011-01-11 19:47:52   --------   d-----w-   c:\docume~1\jocey\applic~1\OnlineArmor
2011-01-11 19:47:52   --------   d-----w-   c:\docume~1\alluse~1\applic~1\OnlineArmor
2011-01-11 19:47:34   38856   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-01-11 19:47:34   25000   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-01-11 19:47:33   29272   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-01-11 19:47:33   202064   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-01-11 19:47:25   --------   d-----w-   c:\program files\Online Armor
2010-12-26 22:03:11   --------   d-----w-   c:\program files\PC Tools Security
2010-12-26 22:03:11   --------   d-----w-   c:\program files\common files\PC Tools
2010-12-26 21:54:14   --------   d-----w-   c:\docume~1\alluse~1\applic~1\PC Tools
2010-12-26 20:32:09   60808   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2010-12-26 20:32:08   124976   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-26 20:32:08   --------   d-----w-   c:\program files\Symantec
2010-12-26 20:32:08   --------   d-----w-   c:\program files\common files\Symantec Shared
2010-12-26 20:21:41   --------   d-----w-   c:\windows\pss
2010-12-25 23:01:47   5632   ----a-w-   c:\windows\system32\ptpusb.dll
2010-12-25 23:01:45   159232   ----a-w-   c:\windows\system32\ptpusd.dll
2010-12-25 23:01:42   15104   ----a-w-   c:\windows\system32\drivers\usbscan.sys
2010-12-25 23:01:42   15104   ----a-w-   c:\windows\system32\dllcache\usbscan.sys
2010-12-25 23:00:24   --------   d-----w-   c:\docume~1\alluse~1\applic~1\fPhCc06305
2010-12-25 22:31:06   --------   d-----w-   c:\docume~1\jocey\applic~1\Macrovision
2010-12-25 22:14:20   --------   d-----w-   c:\docume~1\jocey\applic~1\ZumoDrive
2010-12-25 22:14:14   259584   ----a-w-   c:\windows\system32\bcdedit.exe
2010-12-25 22:14:13   --------   d-sh--w-   C:\Boot
2010-12-25 22:13:49   221184   ----a-w-   c:\windows\system32\wmpns.dll
2010-12-25 22:13:30   --------   d-----w-   C:\WildTangent
2010-12-25 22:13:30   --------   d-----w-   C:\Users
2010-12-25 22:13:04   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Skyhook Wireless
2010-12-25 22:13:00   13568   ----a-w-   c:\windows\system32\drivers\wpsnuio.sys
2010-12-25 22:12:58   --------   d-----w-   c:\program files\Skyhook Wireless
2010-12-25 22:11:47   363904   ----a-w-   c:\windows\system32\drivers\cam3820a.sys
2010-12-25 22:11:47   217088   ----a-w-   c:\windows\system32\ACamPropertyPage.dll
2010-12-25 22:11:47   212992   ----a-w-   c:\windows\system32\cocam3820.dll
2010-12-25 22:11:47   110592   ----a-w-   c:\windows\system32\cam3820n.ax
2010-12-25 22:11:47   --------   d-----w-   c:\program files\HP Webcam
2010-12-25 22:11:09   238880   ----a-w-   c:\windows\system32\RaCoInst.dll
2010-12-25 22:11:09   1323296   ----a-w-   c:\windows\system32\drivers\rt2860.sys
2010-12-25 22:11:08   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Ralink Driver
2010-12-25 18:35:14   26368   ----a-w-   c:\windows\system32\dllcache\usbstor.sys
2010-12-25 17:59:15   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-25 17:59:15   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2010-12-25 17:57:06   --------   d-----w-   c:\program files\iPod
2010-12-25 17:56:58   --------   d-----w-   c:\program files\iTunes
2010-12-25 17:56:58   --------   d-----w-   c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-25 17:55:33   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-25 17:55:33   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-25 17:55:33   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-25 17:55:33   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-25 17:55:33   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-25 17:55:33   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-25 17:55:33   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-25 17:51:29   --------   d-----w-   c:\docume~1\jocey\locals~1\applic~1\Apple
2010-12-25 17:50:28   41984   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2010-12-25 17:50:28   4184352   ----a-w-   c:\windows\system32\usbaaplrc.dll
2010-12-25 17:49:27   --------   d-----w-   c:\program files\Bonjour
2010-12-25 17:47:48   --------   d-----w-   c:\docume~1\jocey\locals~1\applic~1\Apple Computer
2010-12-25 15:31:47   --------   d-sh--w-   c:\documents and settings\jocey\PrivacIE
2010-12-25 15:31:31   --------   d-----w-   c:\windows\system32\SoftwareDistribution

==================== Find3M ====================

2010-11-29 23:38:30   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30   69632   ----a-w-   c:\windows\system32\QuickTime.qts

============= FINISH: 6:12:16.03 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2010 4:08:49 PM
System Uptime: 1/14/2011 5:41:44 AM (1 hours ago)

Motherboard: Hewlett-Packard | | 148A
Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz | CPU | 1662/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 129.781 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3 MUI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bejeweled 2 Deluxe
Blasterball 3
Bonjour
CCleaner
Chuzzle Deluxe
Compatibility Pack for the 2007 Office system
Diner Dash 2 Restaurant Rescue
Dream Chronicles
Faerie Solitaire
FATE
Gem Shop
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
HP BatteryCheck 2.10 A4
HP CloudDrive
HP Game Console
HP Games
HP Help and Support
HP HomeBase
HP Quick Launch Buttons
HP QuickSync
HP QuickWeb Installer
HP User Guides 0197
HP Webcam
HP Wireless Assistant
HpSdpAppCoreApp
IDT Audio
Insaniquarium Deluxe
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Jewel Match 2
Jewel Quest II
Jewel Quest Solitaire
JoJo's Fashion Show
Junk Mail filter update
Mahjongg Artifacts
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 6.0 Parser (KB925673)
Online Armor 4.5
Penguins!
Plants vs. Zombies
Polar Bowler
QLBCASL
QuickTime
Ralink RT2860 Wireless LAN Card
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek PCIE Card Reader
Roxio BackOnTrack
Roxio Disaster Recovery
Roxio Instant Restore
Roxio Instant Restore Recovery Disk
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB981997)
Segoe UI
Skyhook Wireless XPS Service
Slingo Deluxe
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Tool2011
Times Reader
Update for Microsoft Office Word 2007 (KB974631)
Update for Office 2007 (KB934528)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Virtual Villagers - The Secret City
WebFldrs XP
Wedding Dash
Windows Backup Utility
Windows Driver Package - Skyhook Wireless NetTrans (01/24/2010 3.4.1.04)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

1/14/2011 5:43:45 AM, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared.
1/12/2011 8:24:02 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.
1/11/2011 6:00:28 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/11/2011 4:21:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/11/2011 4:14:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/11/2011 4:04:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/11/2011 3:49:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde BHDrvx86 ccHP DVMIO eeCtrl Fips IntelIde intelppm OADevice PCIIde SaibVd32 SASDIFSV SASKUTIL SRTSP SRTSPX SymIRON SYMTDI ViaIde
1/11/2011 3:32:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP DVMIO eeCtrl Fips intelppm OADevice SaibVd32 SASDIFSV SASKUTIL SRTSP SRTSPX SymIRON SYMTDI
1/11/2011 1:36:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP DVMIO eeCtrl Fips intelppm SaibVd32 SRTSP SRTSPX SymIRON SYMTDI

==== End Of File ===========================

Thanx for your help Super Dave!

SuperDave · « **Reply #7 on:** January 14, 2011, 01:08:33 PM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
****************************************************
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.
***************************************************
Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

•WildTangent Web Driveror anything related to WildTangent.
*********************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

hazel312001a · « **Reply #8 on:** January 14, 2011, 05:56:51 PM »

From my original post:

My issue: The day after Christmas my daughter reported a strange occurrence on her brand new Compaq Netbook Computer CQ10-405DX Intel Atom Windows XP SP3 machine. I knew right away it was a fake program an deeply rooted to be able to block applications and change the background.

I reviewed this site and proceeded as instructed on http://www.computerhope.com/forum/index.php/topic,46313.0.html. However, I ran into trouble on Step 5 :Update Your Java (JRE). Since I was unable to access the internet in Normal mode I used safe mode with networking to do the first 4 steps. But when I got to the Java update the system told me I didn't have the correct permissions.

I started in normal mode and tried to update my Java version but now it is giving me an install error. So I stopped since the instructions said to do the steps in order. Any ideas on how I can get the Java updated and proceed?

SuperDave · « **Reply #9 on:** January 15, 2011, 12:28:27 PM »

Please skip java update and proceed with the others.

hazel312001a · « **Reply #10 on:** January 15, 2011, 02:06:21 PM »

Quote from: SuperDave on January 15, 2011, 12:28:27 PM

Please skip java update and proceed with the others.

Ok...Here's the HJT log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:55:32 PM, on 1/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\SWSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skyhook Wireless\XPS\xpscontrolpanel.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Trend Micro\HiJackThis\Sniper.exe.exe
c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/sphome.aspx?mkt={SUB_RFC1766}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/sphome.aspx?mkt={SUB_RFC1766}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
O4 - HKLM\..\Run: [ZumoDrive] "C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Skyhook Wireless XPS Service] C:\Program Files\Skyhook Wireless\XPS\xpscontrolpanel.exe --no-info
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\oaui.exe"
O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.1.4322] "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 0 v1.1.4322 GAC + NI NID
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Media Suite.lnk = C:\Program Files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BOTService - Sonic Solutions - C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SWSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe
O23 - Service: Skyhook Wireless XPS Service (xpssvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe

--
End of file - 11527 bytes

What next? Am I clean?

hazel312001a · « **Reply #11 on:** January 15, 2011, 02:08:26 PM »

Oh and am I supposed to go ahead with the Adobe update, Disabling windows messenger and Combo fix?

SuperDave · « **Reply #12 on:** January 15, 2011, 07:29:53 PM »

Quote from: hazel312001a on January 15, 2011, 02:08:26 PM

Oh and am I supposed to go ahead with the Adobe update, Disabling windows messenger and Combo fix?

Yes, please.

hazel312001a · « **Reply #13 on:** January 16, 2011, 09:11:16 AM »

I hope we are almost done ...Thanx again for all your help! You wonderful people are a God send!

I updated Adobe...uninstalled messenger and downloaded/ran combofix. Here is the log:

ComboFix 11-01-15.01 - jocey 01/16/2011 9:27.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.348 [GMT -6:00]
Running from: c:\documents and settings\jocey\Desktop\ComboFix.exe
AV: Norton Internet Security Netbook Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security Netbook Edition *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jocey\Start Menu\Programs\System Tool
c:\documents and settings\jocey\Start Menu\Programs\System Tool\System Tool 2011.lnk

.
((((((((((((((((((((((((( Files Created from 2010-12-16 to 2011-01-16 )))))))))))))))))))))))))))))))
.

2011-01-16 15:03 . 2011-01-16 15:03   --------   d-----w-   c:\windows\LastGood
2011-01-15 22:45 . 2011-01-15 22:45   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2011-01-15 20:56 . 2011-01-15 22:17   --------   d-----w-   c:\windows\ie8updates
2011-01-15 20:50 . 2011-01-15 20:50   --------   d-----w-   c:\program files\Trend Micro
2011-01-14 12:05 . 2008-06-13 11:05   272128   ------w-   c:\windows\system32\drivers\bthport.sys
2011-01-14 12:05 . 2008-06-13 11:05   272128   ------w-   c:\windows\system32\dllcache\bthport.sys
2011-01-14 12:04 . 2010-09-18 06:53   954368   ----a-w-   c:\windows\system32\mfc40.dll
2011-01-14 12:04 . 2010-09-18 06:53   954368   ------w-   c:\windows\system32\dllcache\mfc40.dll
2011-01-14 12:04 . 2010-09-18 06:53   953856   ----a-w-   c:\windows\system32\mfc40u.dll
2011-01-14 12:04 . 2010-09-18 06:53   953856   ------w-   c:\windows\system32\dllcache\mfc40u.dll
2011-01-14 12:04 . 2010-09-18 06:53   974848   ----a-w-   c:\windows\system32\mfc42.dll
2011-01-14 12:04 . 2010-09-18 06:53   974848   ------w-   c:\windows\system32\dllcache\mfc42.dll
2011-01-14 12:04 . 2008-08-14 10:04   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-01-14 12:04 . 2008-08-14 10:04   138496   ------w-   c:\windows\system32\dllcache\afd.sys
2011-01-14 12:04 . 2010-06-21 15:27   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-01-14 12:04 . 2010-06-21 15:27   354304   ------w-   c:\windows\system32\dllcache\srv.sys
2011-01-14 12:04 . 2010-08-23 16:12   617472   ----a-w-   c:\windows\system32\comctl32.dll
2011-01-14 12:04 . 2010-08-23 16:12   617472   ------w-   c:\windows\system32\dllcache\comctl32.dll
2011-01-14 11:59 . 2009-06-21 21:44   153088   ----a-w-   c:\program files\Common Files\Microsoft Shared\Triedit\triedit.dll
2011-01-14 11:59 . 2009-06-21 21:44   153088   ------w-   c:\windows\system32\dllcache\triedit.dll
2011-01-14 11:54 . 2009-12-09 05:53   726528   ----a-w-   c:\windows\system32\dllcache\jscript.dll
2011-01-14 11:52 . 2010-02-24 13:11   455680   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-01-14 11:52 . 2010-02-24 13:11   455680   ------w-   c:\windows\system32\dllcache\mrxsmb.sys
2011-01-13 03:22 . 2009-11-21 15:51   471552   ------w-   c:\windows\system32\dllcache\aclayers.dll
2011-01-13 02:29 . 2010-11-06 00:26   5959168   ----a-w-   c:\windows\system32\dllcache\mshtml.dll
2011-01-13 02:29 . 2010-11-06 00:26   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-01-13 02:29 . 2010-11-06 00:26   11080704   ------w-   c:\windows\system32\dllcache\ieframe.dll
2011-01-13 02:29 . 2010-11-02 15:17   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2011-01-13 02:29 . 2010-11-02 15:17   40960   ------w-   c:\windows\system32\dllcache\ndproxy.sys
2011-01-13 02:27 . 2010-04-27 13:59   2146304   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-01-13 02:27 . 2010-04-27 13:59   2146304   ------w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-13 02:27 . 2010-04-28 02:25   2189952   ------w-   c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-13 02:27 . 2010-04-27 13:05   2024448   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-01-13 02:27 . 2010-04-27 13:05   2024448   ------w-   c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-13 02:27 . 2010-04-27 13:05   2066816   ------w-   c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-13 02:25 . 2008-05-08 14:02   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys
2011-01-13 02:25 . 2008-05-08 14:02   203136   ------w-   c:\windows\system32\dllcache\rmcast.sys
2011-01-13 02:25 . 2008-05-01 14:33   331776   ----a-w-   c:\program files\Common Files\System\msadc\msadce.dll
2011-01-13 02:25 . 2008-05-01 14:33   331776   ------w-   c:\windows\system32\dllcache\msadce.dll
2011-01-13 02:22 . 2011-01-16 15:03   --------   d-----w-   c:\windows\system32\drivers\NIS\1107000.00C
2011-01-13 02:21 . 2010-03-10 06:15   420352   ----a-w-   c:\windows\system32\vbscript.dll
2011-01-13 02:21 . 2010-03-10 06:15   420352   ----a-w-   c:\windows\system32\dllcache\vbscript.dll
2011-01-13 02:19 . 2008-10-15 16:34   337408   ------w-   c:\windows\system32\dllcache\netapi32.dll
2011-01-13 02:18 . 2010-10-11 14:59   45568   ----a-w-   c:\program files\Outlook Express\wab.exe
2011-01-13 02:18 . 2010-10-11 14:59   45568   ------w-   c:\windows\system32\dllcache\wab.exe
2011-01-13 02:18 . 2010-08-16 08:45   590848   ----a-w-   c:\windows\system32\rpcrt4.dll
2011-01-13 02:18 . 2010-08-16 08:45   590848   ------w-   c:\windows\system32\dllcache\rpcrt4.dll
2011-01-13 02:18 . 2010-08-13 12:53   5120   ------w-   c:\windows\system32\xpsp4res.dll
2011-01-12 01:32 . 2011-01-12 01:32   --------   d-----w-   C:\found.000
2011-01-12 01:03 . 2011-01-16 15:04   --------   d--h--w-   c:\windows\$hf_mig$
2011-01-11 23:16 . 2010-06-18 13:36   3558912   ----a-w-   c:\program files\Movie Maker\moviemk.exe
2011-01-11 23:16 . 2010-06-18 13:36   3558912   ------w-   c:\windows\system32\dllcache\moviemk.exe
2011-01-11 21:40 . 2010-12-21 00:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-11 21:40 . 2011-01-11 21:40   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-11 21:39 . 2011-01-11 21:40   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-01-11 21:39 . 2010-12-21 00:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-01-11 20:20 . 2011-01-11 20:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-11 20:19 . 2011-01-11 20:20   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-01-11 19:54 . 2011-01-11 19:54   --------   d-----w-   c:\program files\CCleaner
2011-01-11 19:47 . 2011-01-11 23:17   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2011-01-11 19:47 . 2010-11-03 21:57   38856   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-01-11 19:47 . 2010-11-03 21:55   25000   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-01-11 19:47 . 2010-11-03 21:55   29272   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-01-11 19:47 . 2010-11-03 21:52   202064   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-01-11 19:47 . 2011-01-16 15:10   --------   d-----w-   c:\program files\Online Armor
2010-12-26 22:57 . 2010-12-26 23:06   --------   d-----w-   c:\documents and settings\Administrator
2010-12-26 22:03 . 2010-12-26 22:32   --------   d-----w-   c:\program files\PC Tools Security
2010-12-26 22:03 . 2010-12-26 22:32   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-12-26 21:54 . 2010-12-26 22:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2010-12-26 21:44 . 2010-12-26 22:32   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-12-26 20:32 . 2010-12-26 20:32   60808   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2010-12-26 20:32 . 2010-12-26 21:13   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-12-26 20:32 . 2010-12-26 20:32   --------   d-----w-   c:\program files\Symantec
2010-12-26 20:32 . 2010-12-26 20:32   124976   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-25 23:01 . 2001-08-18 04:36   5632   ----a-w-   c:\windows\system32\ptpusb.dll
2010-12-25 23:01 . 2008-04-14 11:42   159232   ----a-w-   c:\windows\system32\ptpusd.dll
2010-12-25 23:01 . 2008-04-14 06:15   15104   ----a-w-   c:\windows\system32\drivers\usbscan.sys
2010-12-25 23:01 . 2008-04-14 06:15   15104   ----a-w-   c:\windows\system32\dllcache\usbscan.sys
2010-12-25 23:00 . 2011-01-11 21:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\fPhCc06305
2010-12-25 23:00 . 2010-12-25 23:00   --------   d-----w-   c:\windows\Sun
2010-12-25 22:14 . 2010-02-04 20:32   259584   ----a-w-   c:\windows\system32\bcdedit.exe
2010-12-25 22:14 . 2010-12-25 22:14   --------   d-----w-   C:\Boot
2010-12-25 22:13 . 2008-04-15 12:00   221184   ----a-w-   c:\windows\system32\wmpns.dll
2010-12-25 22:13 . 2010-12-25 22:13   --------   d-----w-   C:\WildTangent
2010-12-25 22:13 . 2010-12-25 22:13   --------   d-----w-   C:\Users
2010-12-25 22:13 . 2010-12-25 22:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skyhook Wireless
2010-12-25 22:13 . 2010-12-25 22:13   --------   d-----w-   c:\program files\DIFX
2010-12-25 22:13 . 2010-02-17 07:11   13568   ----a-w-   c:\windows\system32\drivers\wpsnuio.sys
2010-12-25 22:12 . 2010-12-25 22:12   --------   d-----w-   c:\program files\Skyhook Wireless
2010-12-25 22:11 . 2010-12-25 22:11   --------   d-----w-   c:\program files\HP Webcam
2010-12-25 22:11 . 2010-03-10 03:17   217088   ----a-w-   c:\windows\system32\ACamPropertyPage.dll
2010-12-25 22:11 . 2010-03-03 20:39   363904   ----a-w-   c:\windows\system32\drivers\cam3820a.sys
2010-12-25 22:11 . 2010-03-02 21:51   212992   ----a-w-   c:\windows\system32\cocam3820.dll
2010-12-25 22:11 . 2010-03-02 21:51   110592   ----a-w-   c:\windows\system32\cam3820n.ax
2010-12-25 22:11 . 2010-03-01 15:54   1323296   ----a-w-   c:\windows\system32\drivers\rt2860.sys
2010-12-25 22:11 . 2010-03-01 15:50   238880   ----a-w-   c:\windows\system32\RaCoInst.dll
2010-12-25 22:11 . 2010-12-25 22:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\Ralink Driver
2010-12-25 22:10 . 2011-01-13 03:22   --------   d-----w-   c:\documents and settings\jocey
2010-12-25 22:08 . 2010-08-27 02:34   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
2010-12-25 22:08 . 2010-08-27 04:54   --------   d-----w-   c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-12-25 22:08 . 2010-08-27 03:57   --------   d-----w-   c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-12-25 22:08 . 2010-08-27 02:34   --------   d-sh--w-   c:\documents and settings\Default User\IETldCache
2010-12-25 22:08 . 2010-08-27 01:37   --------   d-----w-   c:\documents and settings\Default User\Local Settings\Application Data\ApplicationHistory
2010-12-25 18:35 . 2008-04-14 06:15   26368   ----a-w-   c:\windows\system32\dllcache\usbstor.sys
2010-12-25 18:19 . 2010-12-25 18:19   --------   d-----w-   c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-25 17:59 . 2009-05-18 19:17   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-25 17:59 . 2008-04-17 18:12   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2010-12-25 17:57 . 2010-12-25 17:57   --------   d-----w-   c:\program files\iPod
2010-12-25 17:56 . 2010-12-25 17:59   --------   d-----w-   c:\program files\iTunes
2010-12-25 17:56 . 2010-12-25 17:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-25 17:52 . 2010-12-25 17:55   --------   d-----w-   c:\program files\QuickTime
2010-12-25 17:51 . 2010-12-25 17:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2010-12-25 17:51 . 2010-12-25 17:51   --------   d-----w-   c:\program files\Apple Software Update
2010-12-25 17:50 . 2010-09-28 21:44   41984   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2010-12-25 17:50 . 2010-09-28 21:44   4184352   ----a-w-   c:\windows\system32\usbaaplrc.dll
2010-12-25 17:49 . 2010-12-25 17:49   --------   d-----w-   c:\program files\Bonjour
2010-12-25 17:48 . 2010-12-25 18:19   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple
2010-12-25 17:48 . 2010-12-25 17:57   --------   d-----w-   c:\program files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:38 . 2010-11-29 23:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2010-11-18 18:12   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2010-11-09 14:52   249856   ----a-w-   c:\windows\system32\odbc32.dll
2010-10-28 13:13 . 2010-10-28 13:13   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2010-10-26 13:25   1853312   ----a-w-   c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-03-28 22:22   718848   ----a-w-   c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-03-28 22:22   718848   ----a-w-   c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-03-28 22:22   718848   ----a-w-   c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-03-28 22:22   718848   ----a-w-   c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-03-28 22:22   718848   ----a-w-   c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-12-25 1733]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Skyhook Wireless XPS Service"="c:\program files\Skyhook Wireless\XPS\xpscontrolpanel.exe" [2010-04-02 632136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-17 141336]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe" [2009-11-30 240472]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-17 173592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2010-11-03 2345000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2010-11-03 353992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\HP CloudDrive\\zumodrive.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Java(TM) Platform SE binary
"8182:TCP"= 8182:TCP:Java(TM) Platform SE binary

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [8/26/2010 10:26 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [8/26/2010 10:26 PM 15856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1100000.088\SymDS.sys [8/26/2010 8:49 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1100000.088\SymEFA.sys [8/26/2010 8:49 PM 169008]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [12/28/2009 12:17 AM 106096]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/23/2010 3:34 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1100000.088\ccHPx86.sys [8/26/2010 8:49 PM 501888]
R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [11/11/2009 2:09 PM 18136]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [1/11/2011 1:47 PM 202064]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [1/11/2011 1:47 PM 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [1/11/2011 1:47 PM 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [1/11/2011 1:47 PM 29272]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [8/26/2010 10:26 PM 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [1/12/2011 8:22 PM 116784]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 8:05 PM 457200]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2/4/2010 3:00 PM 211440]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [4/12/2010 8:37 PM 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [4/5/2010 12:12 PM 103992]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [8/26/2010 8:49 PM 126392]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [1/11/2011 1:47 PM 380784]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [1/11/2011 1:47 PM 3652696]
R2 xpssvc;Skyhook Wireless XPS Service;c:\program files\Skyhook Wireless\XPS\xpssvc.exe [4/1/2010 8:04 PM 699720]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/26/2010 9:06 PM 113664]
R3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [12/25/2010 4:11 PM 363904]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [8/26/2010 9:10 PM 227896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/12/2011 8:24 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110114.002\IDSXpx86.sys [1/15/2011 2:57 PM 341944]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [8/26/2010 9:08 PM 230944]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [12/25/2010 4:11 PM 1323296]
R3 XPSVCOM;XPSVCOM;c:\windows\system32\drivers\XPSVCOM.sys [2/4/2010 12:07 AM 12416]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2010-03-26 23:27   200769   ----a-w-   c:\program files\Hewlett-Packard\HP Media Suite\Home\QuickLaunch.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]

2011-01-15 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2010-02-04 21:00]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-AESTFltr - c:\windows\system32\AESTFltr.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-16 09:53
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-01-16 10:04:28
ComboFix-quarantined-files.txt 2011-01-16 16:04

Pre-Run: 137,427,267,584 bytes free
Post-Run: 137,535,344,640 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9AA66AC165750B17516075E855893A12

SuperDave · « **Reply #14 on:** January 16, 2011, 10:29:29 AM »

Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

•WildTangent Web Driveror anything related to WildTangent.
******************************************************
Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::
C:\found.000
MBR::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

***********************************************
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

hazel312001a · « **Reply #15 on:** January 19, 2011, 05:19:10 AM »

Hi Super Dave,

I can't find anythig related to WildTangent in my programs so I didn't remove anything.

I ran Combo fix and GMER as instructed. Here are the logs:

ComboFix 11-01-15.01 - jocey 01/18/2011 21:52:04.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.534 [GMT -6:00]
Running from: c:\documents and settings\jocey\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jocey\Desktop\CFScript.txt
AV: Norton Internet Security Netbook Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security Netbook Edition *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

FILE ::
"C:\found.000"
.

((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))
.

2011-01-16 22:02 . 2001-08-17 19:48   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2011-01-16 22:02 . 2001-08-17 19:48   12160   ----a-w-   c:\windows\system32\dllcache\mouhid.sys
2011-01-16 22:02 . 2008-04-14 06:15   10368   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2011-01-16 22:02 . 2008-04-14 06:15   10368   ----a-w-   c:\windows\system32\dllcache\hidusb.sys
2011-01-15 22:45 . 2011-01-15 22:45   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2011-01-15 20:56 . 2011-01-15 22:17   --------   d-----w-   c:\windows\ie8updates
2011-01-15 20:50 . 2011-01-15 20:50   --------   d-----w-   c:\program files\Trend Micro
2011-01-14 12:05 . 2008-06-13 11:05   272128   ------w-   c:\windows\system32\drivers\bthport.sys
2011-01-14 12:05 . 2008-06-13 11:05   272128   ------w-   c:\windows\system32\dllcache\bthport.sys
2011-01-14 12:04 . 2010-09-18 06:53   954368   ----a-w-   c:\windows\system32\mfc40.dll
2011-01-14 12:04 . 2010-09-18 06:53   954368   ------w-   c:\windows\system32\dllcache\mfc40.dll
2011-01-14 12:04 . 2010-09-18 06:53   953856   ----a-w-   c:\windows\system32\mfc40u.dll
2011-01-14 12:04 . 2010-09-18 06:53   953856   ------w-   c:\windows\system32\dllcache\mfc40u.dll
2011-01-14 12:04 . 2010-09-18 06:53   974848   ----a-w-   c:\windows\system32\mfc42.dll
2011-01-14 12:04 . 2010-09-18 06:53   974848   ------w-   c:\windows\system32\dllcache\mfc42.dll
2011-01-14 12:04 . 2008-08-14 10:04   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-01-14 12:04 . 2008-08-14 10:04   138496   ------w-   c:\windows\system32\dllcache\afd.sys
2011-01-14 12:04 . 2010-08-23 16:12   617472   ----a-w-   c:\windows\system32\comctl32.dll
2011-01-14 12:04 . 2010-08-23 16:12   617472   ------w-   c:\windows\system32\dllcache\comctl32.dll
2011-01-14 11:59 . 2009-06-21 21:44   153088   ----a-w-   c:\program files\Common Files\Microsoft Shared\Triedit\triedit.dll
2011-01-14 11:59 . 2009-06-21 21:44   153088   ------w-   c:\windows\system32\dllcache\triedit.dll
2011-01-14 11:54 . 2009-12-09 05:53   726528   ----a-w-   c:\windows\system32\dllcache\jscript.dll
2011-01-14 11:52 . 2010-02-24 13:11   455680   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-01-14 11:52 . 2010-02-24 13:11   455680   ------w-   c:\windows\system32\dllcache\mrxsmb.sys
2011-01-13 03:22 . 2009-11-21 15:51   471552   ------w-   c:\windows\system32\dllcache\aclayers.dll
2011-01-13 02:29 . 2010-11-06 00:26   5959168   ----a-w-   c:\windows\system32\dllcache\mshtml.dll
2011-01-13 02:29 . 2010-11-06 00:26   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-01-13 02:29 . 2010-11-06 00:26   11080704   ------w-   c:\windows\system32\dllcache\ieframe.dll
2011-01-13 02:29 . 2010-11-02 15:17   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2011-01-13 02:29 . 2010-11-02 15:17   40960   ------w-   c:\windows\system32\dllcache\ndproxy.sys
2011-01-13 02:27 . 2010-04-27 13:59   2146304   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-01-13 02:27 . 2010-04-27 13:59   2146304   ------w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-13 02:27 . 2010-04-28 02:25   2189952   ------w-   c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-13 02:27 . 2010-04-27 13:05   2024448   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-01-13 02:27 . 2010-04-27 13:05   2024448   ------w-   c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-13 02:27 . 2010-04-27 13:05   2066816   ------w-   c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-13 02:25 . 2008-05-08 14:02   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys
2011-01-13 02:25 . 2008-05-08 14:02   203136   ------w-   c:\windows\system32\dllcache\rmcast.sys
2011-01-13 02:25 . 2008-05-01 14:33   331776   ----a-w-   c:\program files\Common Files\System\msadc\msadce.dll
2011-01-13 02:25 . 2008-05-01 14:33   331776   ------w-   c:\windows\system32\dllcache\msadce.dll
2011-01-13 02:22 . 2011-01-16 22:21   --------   d-----w-   c:\windows\system32\drivers\NIS\1107000.00C
2011-01-13 02:21 . 2010-03-10 06:15   420352   ----a-w-   c:\windows\system32\vbscript.dll
2011-01-13 02:21 . 2010-03-10 06:15   420352   ----a-w-   c:\windows\system32\dllcache\vbscript.dll
2011-01-13 02:19 . 2008-10-15 16:34   337408   ------w-   c:\windows\system32\dllcache\netapi32.dll
2011-01-13 02:18 . 2010-10-11 14:59   45568   ----a-w-   c:\program files\Outlook Express\wab.exe
2011-01-13 02:18 . 2010-10-11 14:59   45568   ------w-   c:\windows\system32\dllcache\wab.exe
2011-01-13 02:18 . 2010-08-16 08:45   590848   ----a-w-   c:\windows\system32\rpcrt4.dll
2011-01-13 02:18 . 2010-08-16 08:45   590848   ------w-   c:\windows\system32\dllcache\rpcrt4.dll
2011-01-12 01:32 . 2011-01-12 01:32   --------   d-----w-   C:\found.000
2011-01-12 01:03 . 2011-01-16 15:04   --------   d--h--w-   c:\windows\$hf_mig$
2011-01-11 23:16 . 2010-06-18 13:36   3558912   ----a-w-   c:\program files\Movie Maker\moviemk.exe
2011-01-11 23:16 . 2010-06-18 13:36   3558912   ------w-   c:\windows\system32\dllcache\moviemk.exe
2011-01-11 21:40 . 2010-12-21 00:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-11 21:40 . 2011-01-11 21:40   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-11 21:39 . 2011-01-11 21:40   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-01-11 21:39 . 2010-12-21 00:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-01-11 20:20 . 2011-01-11 20:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-11 20:19 . 2011-01-11 20:20   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-01-11 19:54 . 2011-01-11 19:54   --------   d-----w-   c:\program files\CCleaner
2011-01-11 19:47 . 2011-01-11 23:17   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2011-01-11 19:47 . 2010-11-03 21:57   38856   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-01-11 19:47 . 2010-11-03 21:55   25000   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-01-11 19:47 . 2010-11-03 21:55   29272   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-01-11 19:47 . 2010-11-03 21:52   202064   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-01-11 19:47 . 2011-01-19 03:40   --------   d-----w-   c:\program files\Online Armor
2010-12-26 22:57 . 2010-12-26 23:06   --------   d-----w-   c:\documents and settings\Administrator
2010-12-26 22:03 . 2010-12-26 22:32   --------   d-----w-   c:\program files\PC Tools Security
2010-12-26 22:03 . 2010-12-26 22:32   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-12-26 21:54 . 2010-12-26 22:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2010-12-26 21:44 . 2010-12-26 22:32   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-12-26 20:32 . 2010-12-26 20:32   60808   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2010-12-26 20:32 . 2010-12-26 21:13   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-12-26 20:32 . 2010-12-26 20:32   --------   d-----w-   c:\program files\Symantec
2010-12-26 20:32 . 2010-12-26 20:32   124976   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-25 23:01 . 2001-08-18 04:36   5632   ----a-w-   c:\windows\system32\ptpusb.dll
2010-12-25 23:01 . 2008-04-14 11:42   159232   ----a-w-   c:\windows\system32\ptpusd.dll
2010-12-25 23:01 . 2008-04-14 06:15   15104   ----a-w-   c:\windows\system32\drivers\usbscan.sys
2010-12-25 23:01 . 2008-04-14 06:15   15104   ----a-w-   c:\windows\system32\dllcache\usbscan.sys
2010-12-25 23:00 . 2011-01-11 21:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\fPhCc06305
2010-12-25 23:00 . 2010-12-25 23:00   --------   d-----w-   c:\windows\Sun
2010-12-25 22:14 . 2010-02-04 20:32   259584   ----a-w-   c:\windows\system32\bcdedit.exe
2010-12-25 22:14 . 2010-12-25 22:14   --------   d-----w-   C:\Boot
2010-12-25 22:13 . 2008-04-15 12:00   221184   ----a-w-   c:\windows\system32\wmpns.dll
2010-12-25 22:13 . 2010-12-25 22:13   --------   d-----w-   C:\WildTangent
2010-12-25 22:13 . 2010-12-25 22:13   --------   d-----w-   C:\Users
2010-12-25 22:13 . 2010-12-25 22:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skyhook Wireless
2010-12-25 22:13 . 2010-12-25 22:13   --------   d-----w-   c:\program files\DIFX
2010-12-25 22:13 . 2010-02-17 07:11   13568   ----a-w-   c:\windows\system32\drivers\wpsnuio.sys
2010-12-25 22:12 . 2010-12-25 22:12   --------   d-----w-   c:\program files\Skyhook Wireless
2010-12-25 22:11 . 2010-12-25 22:11   --------   d-----w-   c:\program files\HP Webcam
2010-12-25 22:11 . 2010-03-10 03:17   217088   ----a-w-   c:\windows\system32\ACamPropertyPage.dll
2010-12-25 22:11 . 2010-03-03 20:39   363904   ----a-w-   c:\windows\system32\drivers\cam3820a.sys
2010-12-25 22:11 . 2010-03-02 21:51   212992   ----a-w-   c:\windows\system32\cocam3820.dll
2010-12-25 22:11 . 2010-03-02 21:51   110592   ----a-w-   c:\windows\system32\cam3820n.ax
2010-12-25 22:11 . 2010-03-01 15:54   1323296   ----a-w-   c:\windows\system32\drivers\rt2860.sys
2010-12-25 22:11 . 2010-03-01 15:50   238880   ----a-w-   c:\windows\system32\RaCoInst.dll
2010-12-25 22:11 . 2010-12-25 22:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\Ralink Driver
2010-12-25 22:10 . 2011-01-13 03:22   --------   d-----w-   c:\documents and settings\jocey
2010-12-25 22:08 . 2010-08-27 02:34   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
2010-12-25 22:08 . 2010-08-27 04:54   --------   d-----w-   c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-12-25 22:08 . 2010-08-27 03:57   --------   d-----w-   c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-12-25 22:08 . 2010-08-27 02:34   --------   d-sh--w-   c:\documents and settings\Default User\IETldCache
2010-12-25 22:08 . 2010-08-27 01:37   --------   d-----w-   c:\documents and settings\Default User\Local Settings\Application Data\ApplicationHistory
2010-12-25 18:35 . 2008-04-14 06:15   26368   ----a-w-   c:\windows\system32\dllcache\usbstor.sys
2010-12-25 18:19 . 2010-12-25 18:19   --------   d-----w-   c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-25 17:59 . 2009-05-18 19:17   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-25 17:59 . 2008-04-17 18:12   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2010-12-25 17:57 . 2010-12-25 17:57   --------   d-----w-   c:\program files\iPod
2010-12-25 17:56 . 2010-12-25 17:59   --------   d-----w-   c:\program files\iTunes
2010-12-25 17:56 . 2010-12-25 17:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-25 17:52 . 2010-12-25 17:55   --------   d-----w-   c:\program files\QuickTime
2010-12-25 17:51 . 2010-12-25 17:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2010-12-25 17:51 . 2010-12-25 17:51   --------   d-----w-   c:\program files\Apple Software Update
2010-12-25 17:50 . 2010-09-28 21:44   41984   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2010-12-25 17:50 . 2010-09-28 21:44   4184352   ----a-w-   c:\windows\system32\usbaaplrc.dll
2010-12-25 17:49 . 2010-12-25 17:49   --------   d-----w-   c:\program files\Bonjour
2010-12-25 17:48 . 2010-12-25 18:19   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple
2010-12-25 17:48 . 2010-12-25 17:57   --------   d-----w-   c:\program files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:38 . 2010-11-29 23:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2010-11-18 18:12   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2010-11-09 14:52   249856   ----a-w-   c:\windows\system32\odbc32.dll
2010-10-28 13:13 . 2010-10-28 13:13   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2010-10-26 13:25   1853312   ----a-w-   c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2011-01-16_15.54.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-19 04:10 . 2011-01-19 04:10   16384 c:\windows\temp\Perflib_Perfdata_700.dat
- 2008-04-15 12:00 . 2008-04-15 12:00   75776 c:\windows\system32\strmfilt.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38   75776 c:\windows\system32\strmfilt.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57   99840 c:\windows\system32\srvsvc.dll
+ 2009-04-11 02:06 . 2011-01-19 04:12   69172 c:\windows\system32\perfc009.dat
- 2009-04-11 02:06 . 2011-01-15 22:33   69172 c:\windows\system32\perfc009.dat
+ 2009-10-21 05:38 . 2009-10-21 05:38   25088 c:\windows\system32\httpapi.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38   75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57   99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38   25088 c:\windows\system32\dllcache\httpapi.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
- 2011-01-13 02:18 . 2010-08-13 12:53   5120 c:\windows\system32\xpsp4res.dll
+ 2010-08-26 12:52 . 2010-08-26 12:52   5120 c:\windows\system32\xpsp4res.dll
+ 2009-08-25 09:17 . 2009-08-25 09:17   354816 c:\windows\system32\winhttp.dll
- 2009-04-11 02:06 . 2011-01-15 22:33   434966 c:\windows\system32\perfh009.dat
+ 2009-04-11 02:06 . 2011-01-19 04:12   434966 c:\windows\system32\perfh009.dat
+ 2010-06-09 07:43 . 2010-06-09 07:43   692736 c:\windows\system32\inetcomm.dll
+ 2010-08-26 13:39 . 2010-08-26 13:39   357248 c:\windows\system32\drivers\srv.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20   265728 c:\windows\system32\drivers\http.sys
+ 2009-08-25 09:17 . 2009-08-25 09:17   354816 c:\windows\system32\dllcache\winhttp.dll
+ 2010-08-26 13:39 . 2010-08-26 13:39   357248 c:\windows\system32\dllcache\srv.sys
+ 2010-06-09 07:43 . 2010-06-09 07:43   692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20   265728 c:\windows\system32\dllcache\http.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20   265728 c:\windows\Driver Cache\i386\http.sys
+ 2011-01-16 16:20 . 2011-01-16 16:20   400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2011-01-16 16:20 . 2011-01-16 16:20   593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\97bd2a5d946aa3a824e4cfe5b6ef95aa\System.Messaging.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2011-01-16 16:20 . 2011-01-16 16:20   1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2011-01-16 16:20 . 2011-01-16 16:20   1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2011-01-16 16:20 . 2011-01-16 16:20   4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2011-01-16 16:20 . 2011-01-16 16:20   2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2011-01-16 16:17 . 2011-01-16 16:18   9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-03-28 22:22   718848   ----a-w-   c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-03-28 22:22   718848   ----a-w-   c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-03-28 22:22   718848   ----a-w-   c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-03-28 22:22   718848   ----a-w-   c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-03-28 22:22   718848   ----a-w-   c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-12-25 1733]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Skyhook Wireless XPS Service"="c:\program files\Skyhook Wireless\XPS\xpscontrolpanel.exe" [2010-04-02 632136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-17 141336]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe" [2009-11-30 240472]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-17 173592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2010-11-03 2345000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2010-11-03 353992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\HP CloudDrive\\zumodrive.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Java(TM) Platform SE binary
"8182:TCP"= 8182:TCP:Java(TM) Platform SE binary

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [8/26/2010 10:26 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [8/26/2010 10:26 PM 15856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [1/12/2011 8:22 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [1/12/2011 8:22 PM 173104]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [12/28/2009 12:17 AM 106096]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/23/2010 3:34 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [1/12/2011 8:22 PM 501888]
R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [11/11/2009 2:09 PM 18136]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [1/11/2011 1:47 PM 202064]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [1/11/2011 1:47 PM 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [1/11/2011 1:47 PM 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [1/11/2011 1:47 PM 29272]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [8/26/2010 10:26 PM 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [1/12/2011 8:22 PM 116784]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 8:05 PM 457200]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2/4/2010 3:00 PM 211440]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [4/12/2010 8:37 PM 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [4/5/2010 12:12 PM 103992]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [1/12/2011 8:22 PM 126392]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [1/11/2011 1:47 PM 380784]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [1/11/2011 1:47 PM 3652696]
R2 xpssvc;Skyhook Wireless XPS Service;c:\program files\Skyhook Wireless\XPS\xpssvc.exe [4/1/2010 8:04 PM 699720]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/26/2010 9:06 PM 113664]
R3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [12/25/2010 4:11 PM 363904]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [8/26/2010 9:10 PM 227896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/12/2011 8:24 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110114.002\IDSXpx86.sys [1/15/2011 2:57 PM 341944]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [8/26/2010 9:08 PM 230944]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [12/25/2010 4:11 PM 1323296]
R3 XPSVCOM;XPSVCOM;c:\windows\system32\drivers\XPSVCOM.sys [2/4/2010 12:07 AM 12416]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2010-03-26 23:27   200769   ----a-w-   c:\program files\Hewlett-Packard\HP Media Suite\Home\QuickLaunch.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]

2011-01-19 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2010-02-04 21:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-18 22:11
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\SEP2.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(492)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2128)
c:\windows\system32\WININET.dll
c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\idt\wdm\STacSV.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Online Armor\OAhlp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
.
**************************************************************************
.
Completion time: 2011-01-18 22:24:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-19 04:24
ComboFix2.txt 2011-01-16 16:04

Pre-Run: 138,545,422,336 bytes free
Post-Run: 138,634,129,408 bytes free

- - End Of File - - CE4854CFD9A22F34F22F584A53EAA59C

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-19 06:13:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0001
Running: gmer.exe; Driver: C:\DOCUME~1\jocey\LOCALS~1\Temp\pxlcypow.sys

---- System - GMER 1.0.15 ----

SSDT 857EDB30 ZwAlertResumeThread
SSDT 85E8DA78 ZwAlertThread
SSDT 85821738 ZwAllocateVirtualMemory
SSDT 8619DE40 ZwAssignProcessToJobObject
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwConnectPort [0x9E6FB64C]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateFile [0x9E7021F8]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA2FC9210]
SSDT 851987B8 ZwCreateMutant
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreatePort [0x9E6FB46A]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateProcess [0x9E6FCDE4]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateProcessEx [0x9E6F9978]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateSection [0x9E6F94F2]
SSDT 8520A9B8 ZwCreateSymbolicLinkObject
SSDT 850B81A8 ZwCreateThread
SSDT 86168E40 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA2FC9490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA2FC99F0]
SSDT 85821910 ZwDuplicateObject
SSDT 857E5DB8 ZwFreeVirtualMemory
SSDT 851B1628 ZwImpersonateAnonymousToken
SSDT 85F771B8 ZwImpersonateThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwLoadDriver [0x9E6FC24C]
SSDT 8582E450 ZwMapViewOfSection
SSDT 851C7628 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwOpenFile [0x9E702554]
SSDT 852438B0 ZwOpenProcess
SSDT 85189630 ZwOpenProcessToken
SSDT 85242628 ZwOpenSection
SSDT 852437A0 ZwOpenThread
SSDT 8520E9B8 ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwQueueApcThread [0x9E6FC940]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRequestPort [0x9E6FBCB0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0x9E6FBF14]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRestoreKey [0x9E701FF0]
SSDT 85E85C70 ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSecureConnectPort [0x9E6FB86E]
SSDT 851E0630 ZwSetContextThread
SSDT 8582E238 ZwSetInformationProcess
SSDT 857A6C30 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA2FC9C40]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwShutdownSystem [0x9E6FC186]
SSDT 8521F628 ZwSuspendProcess
SSDT 85240630 ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSystemDebugControl [0x9E6FAE40]
SSDT 85180630 ZwTerminateProcess
SSDT 851E8630 ZwTerminateThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwUnloadDriver [0x9E6FC414]
SSDT 851BF630 ZwUnmapViewOfSection
SSDT 85062DC0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80504538 12 Bytes [6A, B4, 6F, 9E, E4, CD, 6F, ...] {PUSH -0x4c; OUTSD ; SAHF ; IN AL, 0xcd; OUTSD ; SAHF ; JS 0xffffffffffffffa3; OUTSD ; SAHF }
.text ntkrnlpa.exe!ZwCallbackReturn + 2E08 805046A4 4 Bytes JMP 683CCBC9
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [28, F6, 21, 85, 30, 06, 24, ...] {SUB DH, DH; AND [EBP-0x7adbf9d0], EAX; INC EAX; SCASB ; OUTSD ; SAHF }
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] ntdll.dll!NtCreateSymbolicLinkObject 7C90D19E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D1A2 2 Bytes [77, 71] {JA 0x73}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 71] {JZ 0x73}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AA0001
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71720F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!CloseHandle 7C809BE7 6 Bytes JMP 71960F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716F0F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!CreateFileW 7C810800 6 Bytes JMP 71990F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [89, 71]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 718D0F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [86, 71]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 717E0F5A
.tex

SuperDave · « **Reply #16 on:** January 19, 2011, 12:29:03 PM »

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

hazel312001a · « **Reply #17 on:** January 19, 2011, 05:47:38 PM »

Hi Superdave!

I just want to tell you again how grateful I am for you and all the other experts here on Computerhope.com. I know beyond a shadow of a doubt that I would have ended up racking my brain and then trashing this laptop! So I am forever indebted! Is there anyway I can support computerhope.com?

I ran the TDSSKiller...here's the log:

2011/01/19 18:41:20.0765   TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/19 18:41:20.0765   ================================================================================
2011/01/19 18:41:20.0765   SystemInfo:
2011/01/19 18:41:20.0765
2011/01/19 18:41:20.0765   OS Version: 5.1.2600 ServicePack: 3.0
2011/01/19 18:41:20.0765   Product type: Workstation
2011/01/19 18:41:20.0765   ComputerName: JOCELYNN
2011/01/19 18:41:20.0765   UserName: jocey
2011/01/19 18:41:20.0765   Windows directory: C:\WINDOWS
2011/01/19 18:41:20.0765   System windows directory: C:\WINDOWS
2011/01/19 18:41:20.0765   Processor architecture: Intel x86
2011/01/19 18:41:20.0765   Number of processors: 2
2011/01/19 18:41:20.0765   Page size: 0x1000
2011/01/19 18:41:20.0765   Boot type: Normal boot
2011/01/19 18:41:20.0765   ================================================================================
2011/01/19 18:41:21.0203   Initialize success
2011/01/19 18:41:26.0203   ================================================================================
2011/01/19 18:41:26.0203   Scan started
2011/01/19 18:41:26.0203   Mode: Manual;
2011/01/19 18:41:26.0203   ================================================================================
2011/01/19 18:41:26.0796   abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/19 18:41:26.0843   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/19 18:41:26.0875   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/19 18:41:26.0937   adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/19 18:41:27.0000   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/19 18:41:27.0062   AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
2011/01/19 18:41:27.0140   AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/19 18:41:27.0187   agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/19 18:41:27.0234   agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/19 18:41:27.0281   Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/19 18:41:27.0328   aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/19 18:41:27.0375   aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/19 18:41:27.0437   AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/19 18:41:27.0468   alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/19 18:41:27.0500   amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/19 18:41:27.0546   amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/19 18:41:27.0593   asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/19 18:41:27.0640   asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/19 18:41:27.0687   asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/19 18:41:27.0781   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/19 18:41:27.0812   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/19 18:41:27.0890   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/19 18:41:27.0953   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/19 18:41:28.0000   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/19 18:41:28.0140   BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
2011/01/19 18:41:28.0343   Cam3820 (d814dc013ca490bf696850c5281641fe) C:\WINDOWS\system32\Drivers\cam3820a.sys
2011/01/19 18:41:28.0437   cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/19 18:41:28.0468   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/19 18:41:28.0531   CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/19 18:41:28.0640   ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys
2011/01/19 18:41:28.0687   cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/19 18:41:28.0734   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/19 18:41:28.0765   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/19 18:41:28.0828   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/19 18:41:28.0937   CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/19 18:41:29.0000   CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/19 18:41:29.0046   Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/19 18:41:29.0125   Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/19 18:41:29.0171   dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/19 18:41:29.0203   dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/19 18:41:29.0265   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/19 18:41:29.0343   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/19 18:41:29.0421   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/19 18:41:29.0468   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/19 18:41:29.0578   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/19 18:41:29.0671   dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/19 18:41:29.0765   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/19 18:41:29.0843   DVMIO (ff7a7a1e0f9a0ab892a454ffb9d14bbe) C:\WINDOWS\system32\DRIVERS\dvmio.sys
2011/01/19 18:41:30.0000   eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/19 18:41:30.0046   EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/01/19 18:41:30.0218   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/19 18:41:30.0296   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/19 18:41:30.0343   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/19 18:41:30.0375   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/19 18:41:30.0421   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/19 18:41:30.0468   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/19 18:41:30.0515   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/19 18:41:30.0578   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/19 18:41:30.0609   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/19 18:41:30.0671   HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/19 18:41:30.0765   HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/19 18:41:30.0828   hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/19 18:41:30.0875   HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2011/01/19 18:41:30.0968   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/19 18:41:31.0015   i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/19 18:41:31.0062   i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/19 18:41:31.0125   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/19 18:41:31.0250   ialm (0e501525f2b67aa17fe143d7c5e6a649) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/01/19 18:41:31.0343   iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/01/19 18:41:31.0515   IDSxpx86 (0308238c582a55d83d34feee39542793) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110114.002\IDSxpx86.sys
2011/01/19 18:41:31.0640   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/19 18:41:31.0734   ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/19 18:41:31.0796   IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/19 18:41:31.0843   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/19 18:41:31.0875   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/19 18:41:31.0937   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/19 18:41:31.0968   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/19 18:41:32.0031   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/19 18:41:32.0109   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/19 18:41:32.0171   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/19 18:41:32.0250   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/19 18:41:32.0312   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/19 18:41:32.0390   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/19 18:41:32.0484   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/19 18:41:32.0625   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/19 18:41:32.0687   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/19 18:41:32.0734   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/19 18:41:32.0812   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/19 18:41:32.0875   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/19 18:41:32.0921   mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/19 18:41:32.0984   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/19 18:41:33.0046   MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/19 18:41:33.0125   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/19 18:41:33.0203   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/19 18:41:33.0265   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/19 18:41:33.0296   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/19 18:41:33.0375   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/19 18:41:33.0437   MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/19 18:41:33.0484   Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/19 18:41:33.0531   NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/19 18:41:33.0640   NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110116.003\NAVENG.SYS
2011/01/19 18:41:33.0734   NAVEX15 (94b3164055d821a62944d9fe84036470) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110116.003\NAVEX15.SYS
2011/01/19 18:41:33.0890   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/19 18:41:33.0968   NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/19 18:41:34.0015   NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/19 18:41:34.0046   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/19 18:41:34.0078   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/19 18:41:34.0125   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/19 18:41:34.0171   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/19 18:41:34.0234   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/19 18:41:34.0343   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/19 18:41:34.0390   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/19 18:41:34.0468   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/19 18:41:34.0515   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/19 18:41:34.0546   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/19 18:41:34.0609   OADevice (422cf292a3fd758418c5b79405c93331) C:\WINDOWS\system32\drivers\OADriver.sys
2011/01/19 18:41:34.0656   oahlpXX (4b21bc5a58c9a62e9c26ef7f337dca0c) C:\WINDOWS\system32\drivers\oahlp32.sys
2011/01/19 18:41:34.0703   OAmon (6243e6db6399a95fd401090fc0d0c3ab) C:\WINDOWS\system32\drivers\OAmon.sys
2011/01/19 18:41:34.0734   OAnet (f87647d8e994032ee9a50f8a3a144671) C:\WINDOWS\system32\drivers\OAnet.sys
2011/01/19 18:41:34.0812   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/19 18:41:34.0859   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/19 18:41:34.0890   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/19 18:41:34.0953   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/19 18:41:35.0031   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/19 18:41:35.0078   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/19 18:41:35.0250   perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/19 18:41:35.0265   perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/19 18:41:35.0406   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/19 18:41:35.0453   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/19 18:41:35.0515   PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/19 18:41:35.0546   ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/19 18:41:35.0593   Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/19 18:41:35.0625   ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/19 18:41:35.0671   ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/19 18:41:35.0703   ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/19 18:41:35.0750   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/19 18:41:35.0796   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/19 18:41:35.0843   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/19 18:41:35.0875   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/19 18:41:35.0968   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/19 18:41:36.0000   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/19 18:41:36.0062   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/19 18:41:36.0109   RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/19 18:41:36.0171   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/19 18:41:36.0281   RSPCIESTOR (2ad7b2b3d7a10ae3d534877d543eed74) C:\WINDOWS\system32\DRIVERS\RtsPStor.sys
2011/01/19 18:41:36.0406   RT80x86 (ff2832e18a9e8d58c0a74e4fdd6589f9) C:\WINDOWS\system32\DRIVERS\RT2860.sys
2011/01/19 18:41:36.0484   rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/01/19 18:41:36.0546   RTLE8023xp (c8bb947520bc4116882bd9f70d8b512f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/01/19 18:41:36.0609   SahdIa32 (0b2d5d2341437d7d7e1a6c7bbce3786a) C:\WINDOWS\system32\Drivers\SahdIa32.sys
2011/01/19 18:41:36.0625   SaibIa32 (7a5f65b16249af2bc9d18d815f5d7172) C:\WINDOWS\system32\Drivers\SaibIa32.sys
2011/01/19 18:41:36.0718   SaibVd32 (e333c9515822de586a3ff759a0c9b7bf) C:\WINDOWS\system32\Drivers\SaibVd32.sys
2011/01/19 18:41:36.0812   SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/19 18:41:36.0843   SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/01/19 18:41:36.0953   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/19 18:41:37.0000   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/19 18:41:37.0078   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/19 18:41:37.0187   sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/19 18:41:37.0250   SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/19 18:41:37.0281   Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/19 18:41:37.0343   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/19 18:41:37.0390   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/19 18:41:37.0500   SRTSP (00f20cf8956b22c392aaae949d84c3e8) C:\WINDOWS\system32\drivers\NIS\1100000.088\SRTSP.SYS
2011/01/19 18:41:37.0578   SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS
2011/01/19 18:41:37.0640   Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/19 18:41:37.0781   STHDA (a71f9a0db6904a998988c5316e3ff90a) C:\WINDOWS\system32\drivers\sthda.sys
2011/01/19 18:41:37.0906   streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/19 18:41:38.0015   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/19 18:41:38.0140   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/19 18:41:38.0203   symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/19 18:41:38.0234   symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/19 18:41:38.0328   SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS
2011/01/19 18:41:38.0390   SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS
2011/01/19 18:41:38.0468   SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/01/19 18:41:38.0500   SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS
2011/01/19 18:41:38.0578   SYMTDI (6baf78bdd3fe4437085ea45cda625f2d) C:\WINDOWS\system32\drivers\NIS\1100000.088\SYMTDI.SYS
2011/01/19 18:41:38.0656   sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/19 18:41:38.0671   sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/19 18:41:38.0734   SynTP (60900234ec482627a33081a453c63776) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/01/19 18:41:38.0796   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/19 18:41:38.0875   SysCow (e26c320c315174f79ff314e7db64210c) C:\WINDOWS\system32\drivers\syscow32x.sys
2011/01/19 18:41:38.0968   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/19 18:41:39.0062   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/19 18:41:39.0109   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/19 18:41:39.0171   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/19 18:41:39.0250   TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/19 18:41:39.0312   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/19 18:41:39.0343   ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/19 18:41:39.0390   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/19 18:41:39.0484   USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/19 18:41:39.0531   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/19 18:41:39.0578   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/19 18:41:39.0625   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/19 18:41:39.0687   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/19 18:41:39.0734   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/19 18:41:39.0796   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/19 18:41:39.0859   usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/01/19 18:41:39.0921   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/19 18:41:39.0984   viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/19 18:41:40.0031   ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/19 18:41:40.0046   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/19 18:41:40.0125   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/19 18:41:40.0203   Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/01/19 18:41:40.0281   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/19 18:41:40.0421   WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/01/19 18:41:40.0515   Wpsnuio (9dfc61a363467c29f0ebe87af5a67060) C:\WINDOWS\system32\DRIVERS\wpsnuio.sys
2011/01/19 18:41:40.0593   WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/19 18:41:40.0671   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/19 18:41:40.0718   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/19 18:41:40.0828   XPSVCOM (c264a100552e409949ac249b8845a7ea) C:\WINDOWS\system32\DRIVERS\XPSVCOM.sys
2011/01/19 18:41:40.0921   ================================================================================
2011/01/19 18:41:40.0921   Scan finished
2011/01/19 18:41:40.0921   ================================================================================

SuperDave · « **Reply #18 on:** January 19, 2011, 06:05:26 PM »

Quote

Is there anyway I can support computerhope.com?

A simple thank you and recommend us to your friends is all that is necessary.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

hazel312001a · « **Reply #19 on:** January 20, 2011, 05:33:41 PM »

Hi Superdave,

I tried running ESET onnline but I got an error that says" Can not get update. Is proxy configured?"

Thanx!
gina

SuperDave · « **Reply #20 on:** January 21, 2011, 12:52:10 PM »

Ok. Let's try this:
Remove the Proxy setting in Internet Explorer and/or in FireFox.
In Internet Explorer

Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously

In Firefox

Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
Click the apply button and restart that computer in normal mode.

Now please try running the ESET scan again.

hazel312001a · « **Reply #21 on:** January 22, 2011, 05:22:33 AM »

Quote from: SuperDave on January 21, 2011, 12:52:10 PM

Ok. Let's try this:
Remove the Proxy setting in Internet Explorer and/or in FireFox.
In Internet Explorer
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously
In Firefox
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
Click the apply button and restart that computer in normal mode.
Now please try running the ESET scan again.

Hi Super Dave!

I checked but ...the "use a proxy server..." wasn't selected in my LAN settings. I also noticed that Windows Firewall somehow had turned itself back on so I turned it off. But I am still getting the same message from EST.

Thanx!
Gina

SuperDave · « **Reply #22 on:** January 22, 2011, 12:43:04 PM »

Ok. Let's try this one.

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives

5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply along with a fresh HijackThis log.

hazel312001a · « **Reply #23 on:** January 22, 2011, 04:06:44 PM »

This keeps getting better and better!

I tried the Kaspersky online scan which gave me an error that it requires Java Framework version 1.5 or later. I got redirected to the Java site (in my earlier posts I mentioned that I was unable to update my Java version) where I tried to download Java(apparently I don't have it anymore?) To which I encountered another error which says: " The installer can not proceed with the current Internet Connection settings. Please visit the following web page for more information" with a link to the Java help page but no specific reason or settings that may be interferring with the download.

I really must thank you again...If this sux so bad for me I can't believe what you go thru helping so many people!

gina

SuperDave · « **Reply #24 on:** January 22, 2011, 07:19:33 PM »

Ok Gina. What browser are you using?

Run the F-Secure Online Scanner for Viruses, Spyware and Rootkits.

Note: This Scanner is for Internet Explorer Only!

•Click on Online Services and then Online Scanner
•Accept the License Agreement.
•Once the ActiveX installs,Click Full System Scan
•Once the download completes,the scan will begin automatically.
•The scan will take some time to finish,so please be patient.
•When the scan completes, click the Automatic cleaning (recommended) button.

•Click the Show Report button and Copy&Paste the entire report in your next reply.

hazel312001a · « **Reply #25 on:** January 23, 2011, 09:21:05 AM »

Quote from: SuperDave on January 22, 2011, 07:19:33 PM

Ok Gina. What browser are you using?

Run the F-Secure Online Scanner for Viruses, Spyware and Rootkits.

Note: This Scanner is for Internet Explorer Only!

•Click on Online Services and then Online Scanner
•Accept the License Agreement.
•Once the ActiveX installs,Click Full System Scan
•Once the download completes,the scan will begin automatically.
•The scan will take some time to finish,so please be patient.
•When the scan completes, click the Automatic cleaning (recommended) button.

•Click the Show Report button and Copy&Paste the entire report in your next reply.

Hi SuperDave,

I have IE 8 as my browser. But I hit another wall when trying to use the F-Secure Online Scanner. As soon as I clicked the link a box o the site said" The latest version of Java is required to run F-Secure Online Scanner. You can download it from http://java.sun.com."

Previouly when I tried to uninstall it I got an error that said "Internal Error 2753.RegUtils." I did some research on that and found a blog that says people have successfully corrected this with something called Microsoft Installer Clean Up Utility. Do you think it would be safe to try that to fix the Java situation?

And you know what else...I think Java was corrupted by that Malware program...when I tried to open it manually it gives me this notice" The system can not find the registry key specified: HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_18. I think this got quarantined and deleted in one of the previous scans.

Thanx again for all you do! I really appreciate it!

gina

SuperDave · « **Reply #26 on:** January 23, 2011, 04:09:32 PM »

Quote

Previouly when I tried to uninstall it I got an error that said "Internal Error 2753.RegUtils." I did some research on that and found a blog that says people have successfully corrected this with something called Microsoft Installer Clean Up Utility. Do you think it would be safe to try that to fix the Java situation?

The Microsoft Installer Clean Up Utility has been removed from the MS site because it was causing problems with other programs.
Please try this:

Download Revo Uninstaller
* Open Revo and let the list populate (can take several seconds to finish).
* Right click what you want to uninstall and choose Uninstall
* Next choose Advanced then click Next
* This will (try to) launch the programs built in uninstaller and go through the normal uninstall process.
* If the uninstaller fails just continue on with the Revo instructions.
* Once complete: In Revo Uninstaller click Next and Revo will scan the registry for leftovers.
* This scan can take several seconds.
* Once the results are shown look at each one to ensure they are all related to the program that was uninstalled.
* Choose Select All then click Delete
* Click Next and Revo will scan for any files or folders that were not removed.
* If any files/folders are found choose Select all > Delete

Once Java is uninstalled, download and install the new one and try running the ESET scan.

hazel312001a · « **Reply #27 on:** January 23, 2011, 09:58:07 PM »

Hi Superdave,

I think by now we can assume that JAVA HATES ME! I uninstalled the old version completely with the Revo tool. But when I tried to reinstall the online version I got the same "internet options" error. So I downloaded the offline version and installed successfully. But when it ran the verify check I failed!It doesn't give me a specific reason but I did all the checks (all with IE)and everything is set correctly. I even uninstalled and reinstalled it and got the same thing. Java is enabled under everything I could find in my internet options and I verified the add ons are in there too.

Grrrrr...
gina

PS. I might have to buy you lunch when this is all overwith! Thanx so much for your help!

SuperDave · « **Reply #28 on:** January 25, 2011, 12:39:43 PM »

Could you please run Security Check again as outlined in Reply # 5 and post the log?

hazel312001a · « **Reply #29 on:** January 25, 2011, 04:27:43 PM »

Hi SuperDave! Am I getting on your nerves yet? This thing sure is getting on mine! Thank you again for being so patient and kind in helping me with my computer issues. Here is my security check log:

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Online Armor 4.5
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Adobe Flash Player
Adobe Reader 9.4.1 MUI
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Tall Emu Online Armor OAcat.exe
``````````End of Log````````````

SuperDave · « **Reply #30 on:** January 25, 2011, 04:35:12 PM »

Quote

Hi SuperDave! Am I getting on your nerves yet? This thing sure is getting on mine! Thank you again for being so patient and kind in helping me with my computer issues.

Not at all. I'm enjoying myself. As you can see from the log, Java 23 was installed. Now let's try to run the ESET scan outlined in Reply # 18

hazel312001a · « **Reply #31 on:** January 26, 2011, 05:39:42 AM »

Well I'm glad YOUR enjoying yourself! lol I'm learning alot myself. Thank you as always for your time!

I tried to run the ESET scan but I got the same error: "Can't get updates...Is proxy configured?"

gina

SuperDave · « **Reply #32 on:** January 26, 2011, 12:17:25 PM »

Gina, can you please check the proxy settings?

hazel312001a · « **Reply #33 on:** January 26, 2011, 07:35:40 PM »

Hey SuperDave! Ajm I having dejevu' or didn't we already do this before? "Use a proxy server...." is not selected in my LAN settings. What now?

Thanx!
gina

SuperDave · « **Reply #34 on:** January 28, 2011, 04:59:10 PM »

Hi Gina. Sorry for being so late in getting back to you. Yes, we did the proxy thing but I thought it would be good to check it again. Could you please download and install FireFox here and see if you're still having problems?

hazel312001a · « **Reply #35 on:** January 28, 2011, 05:46:51 PM »

Please don't apologize SuperDave! I know this isn't your job...if it was then I might be a tad upset but it's all good. Thanx for all you have done and continue to help me with!!

I installed Firefox but it can't even connect to the net. I'm lost!?

gina

SuperDave · « **Reply #36 on:** January 29, 2011, 01:03:51 PM »

Ok. Let's try to see if the signal is going through.

Please run Notepad (start > All Programs > Accessories >
Notepad) and copy and paste the text in the code box into a new file:

Code: [Select]

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

•Go to the File menu at the top of the Notepad and select Save as.

•Select save in: desktop

•Fill in File name: test.bat

•Save as type: All file types (*.*)

•Click save.

•Close the Notepad.

•Locate and double-click test.bat on the desktop.

•A notepad opens, copy and paste the content it (log1.txt) to your reply.

hazel312001a · « **Reply #37 on:** January 31, 2011, 06:29:07 PM »

Hi SuperDave...Sorry for the delay...but I am getting a little tired of working on this machine,lol.

I did as instructed created and ran the test.bat file. Here is the log:

Windows IP Configuration

Host Name . . . . . . . . . . . . : Jocelynn

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : 802.11n Wireless LAN Card

Physical Address. . . . . . . . . : 00-1B-B1-46-12-1F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.67

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Monday, January 31, 2011 7:22:18 PM

Lease Expires . . . . . . . . . . : Tuesday, February 01, 2011 7:22:18 PM

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek PCIe FE Family Controller

Physical Address. . . . . . . . . : 00-21-CC-57-A1-87

Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.95.99, 74.125.95.104, 74.125.95.106, 74.125.95.103
     74.125.95.147, 74.125.95.105

Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
     69.147.125.65

Pinging google.com [74.125.95.104] with 32 bytes of data:

Reply from 74.125.95.104: bytes=32 time=23ms TTL=52

Reply from 74.125.95.104: bytes=32 time=22ms TTL=54

Ping statistics for 74.125.95.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 22ms, Maximum = 23ms, Average = 22ms

Pinging yahoo.com [67.195.160.76] with 32 bytes of data:

Reply from 67.195.160.76: bytes=32 time=70ms TTL=49

Reply from 67.195.160.76: bytes=32 time=59ms TTL=49

Ping statistics for 67.195.160.76:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 59ms, Maximum = 70ms, Average = 64ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 1b b1 46 12 1f ...... 802.11n Wireless LAN Card
0x10004 ...00 21 cc 57 a1 87 ...... Realtek PCIe FE Family Controller
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.67     20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1     1
169.254.0.0 255.255.0.0 192.168.1.67 192.168.1.67     20
192.168.1.0 255.255.255.0 192.168.1.67 192.168.1.67     20
192.168.1.67 255.255.255.255 127.0.0.1 127.0.0.1     20
192.168.1.255 255.255.255.255 192.168.1.67 192.168.1.67     20
224.0.0.0 240.0.0.0 192.168.1.67 192.168.1.67     20
255.255.255.255 255.255.255.255 192.168.1.67 10004     1
255.255.255.255 255.255.255.255 192.168.1.67 192.168.1.67     1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None

SuperDave · « **Reply #38 on:** February 01, 2011, 04:10:25 PM »

Don't give up. We'll beat this thing yet.

Reset Explorer Settings IE

hazel312001a · « **Reply #39 on:** February 02, 2011, 08:35:07 AM »

Quote from: SuperDave on February 01, 2011, 04:10:25 PM

Don't give up. We'll beat this thing yet.

Reset Explorer Settings IE

Thanx SuperDave for your inspiration! I'm not giving up...It's a vendetta now,lol.

I reset IE but still getting the error on the Java site when I tested my version.

Thanx!
gina

SuperDave · « **Reply #40 on:** February 02, 2011, 12:01:17 PM »

What kind of error on the java site?

hazel312001a · « **Reply #41 on:** February 03, 2011, 07:48:34 PM »

Quote from: SuperDave on February 02, 2011, 12:01:17 PM

What kind of error on the java site?

It doesn't tell me the error. It says "Error: click for details " but when I click it it just takes me to the page with the most common errors.

I really feel like if we could figure out what the "internet connection settings" are preventing me from dowloading/instaling the online version we would have this thing licked!

But I have checked everything. I have even tried installing it without running the add-ons in IE. I made the internet settings to mirror my other computer that runs Java without a hitch and that didn't work. I also tried using a hard connection to the internet and that didn't work. I'm out of ideas.

I bet it's some button somewhere thats ticked that shouldn't be ...or vice versa...I just don't know which one. lol

Thanx for your assistance Super Dave!
gina

SuperDave · « **Reply #42 on:** February 04, 2011, 04:28:49 PM »

Quote

I really feel like if we could figure out what the "internet connection settings" are preventing me from dowloading/instaling the online version we would have this thing licked!

We have already download and installed the latest version of java. Why are you going back to their website?

Quote

Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Adobe Flash Player
Adobe Reader 9.4.1 MUI

hazel312001a · « **Reply #43 on:** February 04, 2011, 04:31:39 PM »

Quote from: SuperDave on February 04, 2011, 04:28:49 PM

We have already download and installed the latest version of java. Why are you going back to their website?

Because it tells you to do that to "test your installation" . I also went to a web page that I knows uses appletts and it didn't work.

Thanx SuperDave!
gina

SuperDave · « **Reply #44 on:** February 04, 2011, 04:35:30 PM »

Can you please run the ESET scan as described in Reply # 18 and post the log?

hazel312001a · « **Reply #45 on:** February 04, 2011, 04:38:31 PM »

Quote from: SuperDave on February 04, 2011, 04:35:30 PM

Can you please run the ESET scan as described in Reply # 18 and post the log?

I think your forgetting Dave...ESET won't run either...that's how I got into this mess. It keeps asking me about a proxy...see reply #31.

gina

SuperDave · « **Reply #46 on:** February 04, 2011, 04:47:04 PM »

Quote

I think your forgetting Dave...ESET won't run either...that's how I got into this mess. It keeps asking me about a proxy...see reply #31.

No. I didn't forget. I was wondering if it was fixed yet. Could you please try running the F-Secure online scanner as described in Reply # 24 to see if that will work?

hazel312001a · « **Reply #47 on:** February 04, 2011, 05:38:17 PM »

Quote from: SuperDave on February 04, 2011, 04:47:04 PM

No. I didn't forget. I was wondering if it was fixed yet. Could you please try running the F-Secure online scanner as described in Reply # 24 to see if that will work?

How long does the F-Secure scan take? I don't know if it's working. There is just this circle going round and round...Is that normal?

Thanx!
gina

SuperDave · « **Reply #48 on:** February 05, 2011, 01:23:00 PM »

It's been almost 24 hrs. since you posted. If it won't run, please try the Kaspersky scan in Reply # 22

hazel312001a · « **Reply #49 on:** February 05, 2011, 06:06:24 PM »

Quote from: SuperDave on February 05, 2011, 01:23:00 PM

It's been almost 24 hrs. since you posted. If it won't run, please try the Kaspersky scan in Reply # 22

Yeah ..it didn't work..it got hung up on the java check/activex...running Kaspersky now.

Thanx SuperDave...your awesome!
gina

hazel312001a · « **Reply #50 on:** February 05, 2011, 06:24:01 PM »

No go SuperDave...After Kaspersky checked my system it came back with " Kasersky Online Scanner 7.0 download and operation require Java framework version 1.5 or later."

It's like Java is there...but it's not. Grrrrr...

I premptively ran security check again...just in case you ask to prove Java is installed. lol

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
Online Armor 4.5
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Adobe Flash Player
Adobe Reader 9.4.1 MUI
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Tall Emu Online Armor OAcat.exe
``````````End of Log````````````

Are you sure I'm not getting on your nerves yet?

gina

PS. I swore I updated Adobe already.

hazel312001a · « **Reply #51 on:** February 06, 2011, 10:12:28 AM »

Ok...good news and bad news...

Good News: I fixed Java! Score one for the newbie!! It was the "enable next gen plugin" stopping Java from working.

Bad news: 1. I did this after I tried running Kaspersy again because system requirements include a working Java RE. It was about 5000kbs from updating the data base and it stalled out and gave me some error about intermittent internet connection. I have not been able to run again. I keep getting the same error.

2. ESET keeps telling me "is proxy configured?"
3. F-Secure online scanner needed a working Java RE (that's why the circle just kept spinning) It passed the check but the window that opened, presumably to run the scan , said "web page not found!!??

4. I did update Adobe..but from 8 to 9. Tried to update to X and I got an error about proxy settings!!

Oh and I also did these things:
Uninstalled Norton Internet Security for Netbooks (piece of junk!) and installed Avast.(I love this product!!) Ran a full system scan..came back clean. Found a worm on my memory stick and blasted it off there (maybe the offending culprit that brought us together!)
Unistalled Online Armor...I found out that my router has an installed firewall and thought that maybe the 2 were conflicting. I will reinstall if you suggest it.

As you can see I have been very busy!!

But i have learned a ton and for that I am grateful this mess happened!

Just need to know how we can get this little netbook a clean bill of health?! Any other tools we can use for a scan?

I am so grateful for your help SuperDave!!! I never would have gotten this far without you!
gina

SuperDave · « **Reply #52 on:** February 06, 2011, 12:52:20 PM »

Did you ever have any luck getting Firefox to run? Please try this:

Run the BitDefender Online Scanner.

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.

hazel312001a · « **Reply #53 on:** February 06, 2011, 01:23:02 PM »

Hey SuperDave...I have more good news!! After I uninstalled Norton and downloaded Avast I went back and ran ESET..and guess what?? IT WORKED!!! It just got done and there were NO THREATS DETECTED!!

Is that a clean bill of health?

Thanx! gina

SuperDave · « **Reply #54 on:** February 07, 2011, 01:13:37 PM »

Quote

Is that a clean bill of health?

Hi Gina. That is really good news. Let's do some cleanup

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

***********************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

hazel312001a · « **Reply #55 on:** February 07, 2011, 06:31:30 PM »

Quote from: SuperDave on February 07, 2011, 01:13:37 PM

Hi Gina. That is really good news. Let's do some cleanup

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
***********************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Almost there aren't we SuperDave?! I'm so excited!!
I did everything except the Spyware stuff because I have a question. Am I supposed to install both or just one of the reccommended products?
Thanx!
gina

eri · « **Reply #56 on:** February 08, 2011, 05:42:15 AM »

Please do not hijack someone else's thread. If you need help, please go to this link and follow the directions and post the required logs. Please post your logs in this link.

SuperDave · « **Reply #57 on:** February 08, 2011, 12:55:57 PM »

Quote

I did everything except the Spyware stuff because I have a question. Am I supposed to install both or just one of the reccommended products?

It wouldn't hurt to have them, if you have the space.

hazel312001a · « **Reply #58 on:** February 08, 2011, 04:23:53 PM »

Quote from: SuperDave on February 08, 2011, 12:55:57 PM

It wouldn't hurt to have them, if you have the space.

Ok I got the Spybot...what now?

PS.Thanx for protecting my thread!

gina

SuperDave · « **Reply #59 on:** February 09, 2011, 12:04:44 PM »

Quote

Ok I got the Spybot...what now?

That's it. You can keep SAS and MBAM on your computer, if you wish. Update them and run them on a regular basis. Good Luck!

hazel312001a · « **Reply #60 on:** February 09, 2011, 05:23:49 PM »

Quote from: SuperDave on February 09, 2011, 12:04:44 PM

That's it. You can keep SAS and MBAM on your computer, if you wish. Update them and run them on a regular basis. Good Luck!

Really?? Seriously???...You're not messing with me right? lol

Well let me just say again...THANK YOU SuperDave from the bottom of my heart!!! I don't know what I would have done without this great website and all the wonderful people here donating their time!

Your the best!
gina

SuperDave · « **Reply #61 on:** February 10, 2011, 01:46:48 PM »

Quote

You're not messing with me right? lol

Gina, I wouldn't mess with you with something as important as your computer.

Quote

THANK YOU SuperDave from the bottom of my heart!!!

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Computer Hope Forum

News:

Author Topic: Help with System Tools virus (Read 36623 times)

hazel312001a

geek hoodlum

hazel312001a

geek hoodlum

harry 48

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

hazel312001a

hazel312001a

SuperDave

hazel312001a

SuperDave

hazel312001a

eri

SuperDave

hazel312001a

SuperDave

hazel312001a

SuperDave