Author Topic: Help with System Tools virus (Read 36618 times)

hazel312001a · « **Reply #15 on:** January 19, 2011, 05:19:10 AM »

Hi Super Dave,

I can't find anythig related to WildTangent in my programs so I didn't remove anything.

I ran Combo fix and GMER as instructed. Here are the logs:

ComboFix 11-01-15.01 - jocey 01/18/2011 21:52:04.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.534 [GMT -6:00]
Running from: c:\documents and settings\jocey\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jocey\Desktop\CFScript.txt
AV: Norton Internet Security Netbook Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security Netbook Edition *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

FILE ::
"C:\found.000"
.

((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))
.

2011-01-16 22:02 . 2001-08-17 19:48   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2011-01-16 22:02 . 2001-08-17 19:48   12160   ----a-w-   c:\windows\system32\dllcache\mouhid.sys
2011-01-16 22:02 . 2008-04-14 06:15   10368   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2011-01-16 22:02 . 2008-04-14 06:15   10368   ----a-w-   c:\windows\system32\dllcache\hidusb.sys
2011-01-15 22:45 . 2011-01-15 22:45   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2011-01-15 20:56 . 2011-01-15 22:17   --------   d-----w-   c:\windows\ie8updates
2011-01-15 20:50 . 2011-01-15 20:50   --------   d-----w-   c:\program files\Trend Micro
2011-01-14 12:05 . 2008-06-13 11:05   272128   ------w-   c:\windows\system32\drivers\bthport.sys
2011-01-14 12:05 . 2008-06-13 11:05   272128   ------w-   c:\windows\system32\dllcache\bthport.sys
2011-01-14 12:04 . 2010-09-18 06:53   954368   ----a-w-   c:\windows\system32\mfc40.dll
2011-01-14 12:04 . 2010-09-18 06:53   954368   ------w-   c:\windows\system32\dllcache\mfc40.dll
2011-01-14 12:04 . 2010-09-18 06:53   953856   ----a-w-   c:\windows\system32\mfc40u.dll
2011-01-14 12:04 . 2010-09-18 06:53   953856   ------w-   c:\windows\system32\dllcache\mfc40u.dll
2011-01-14 12:04 . 2010-09-18 06:53   974848   ----a-w-   c:\windows\system32\mfc42.dll
2011-01-14 12:04 . 2010-09-18 06:53   974848   ------w-   c:\windows\system32\dllcache\mfc42.dll
2011-01-14 12:04 . 2008-08-14 10:04   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-01-14 12:04 . 2008-08-14 10:04   138496   ------w-   c:\windows\system32\dllcache\afd.sys
2011-01-14 12:04 . 2010-08-23 16:12   617472   ----a-w-   c:\windows\system32\comctl32.dll
2011-01-14 12:04 . 2010-08-23 16:12   617472   ------w-   c:\windows\system32\dllcache\comctl32.dll
2011-01-14 11:59 . 2009-06-21 21:44   153088   ----a-w-   c:\program files\Common Files\Microsoft Shared\Triedit\triedit.dll
2011-01-14 11:59 . 2009-06-21 21:44   153088   ------w-   c:\windows\system32\dllcache\triedit.dll
2011-01-14 11:54 . 2009-12-09 05:53   726528   ----a-w-   c:\windows\system32\dllcache\jscript.dll
2011-01-14 11:52 . 2010-02-24 13:11   455680   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-01-14 11:52 . 2010-02-24 13:11   455680   ------w-   c:\windows\system32\dllcache\mrxsmb.sys
2011-01-13 03:22 . 2009-11-21 15:51   471552   ------w-   c:\windows\system32\dllcache\aclayers.dll
2011-01-13 02:29 . 2010-11-06 00:26   5959168   ----a-w-   c:\windows\system32\dllcache\mshtml.dll
2011-01-13 02:29 . 2010-11-06 00:26   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-01-13 02:29 . 2010-11-06 00:26   11080704   ------w-   c:\windows\system32\dllcache\ieframe.dll
2011-01-13 02:29 . 2010-11-02 15:17   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2011-01-13 02:29 . 2010-11-02 15:17   40960   ------w-   c:\windows\system32\dllcache\ndproxy.sys
2011-01-13 02:27 . 2010-04-27 13:59   2146304   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-01-13 02:27 . 2010-04-27 13:59   2146304   ------w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-13 02:27 . 2010-04-28 02:25   2189952   ------w-   c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-13 02:27 . 2010-04-27 13:05   2024448   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-01-13 02:27 . 2010-04-27 13:05   2024448   ------w-   c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-13 02:27 . 2010-04-27 13:05   2066816   ------w-   c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-13 02:25 . 2008-05-08 14:02   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys
2011-01-13 02:25 . 2008-05-08 14:02   203136   ------w-   c:\windows\system32\dllcache\rmcast.sys
2011-01-13 02:25 . 2008-05-01 14:33   331776   ----a-w-   c:\program files\Common Files\System\msadc\msadce.dll
2011-01-13 02:25 . 2008-05-01 14:33   331776   ------w-   c:\windows\system32\dllcache\msadce.dll
2011-01-13 02:22 . 2011-01-16 22:21   --------   d-----w-   c:\windows\system32\drivers\NIS\1107000.00C
2011-01-13 02:21 . 2010-03-10 06:15   420352   ----a-w-   c:\windows\system32\vbscript.dll
2011-01-13 02:21 . 2010-03-10 06:15   420352   ----a-w-   c:\windows\system32\dllcache\vbscript.dll
2011-01-13 02:19 . 2008-10-15 16:34   337408   ------w-   c:\windows\system32\dllcache\netapi32.dll
2011-01-13 02:18 . 2010-10-11 14:59   45568   ----a-w-   c:\program files\Outlook Express\wab.exe
2011-01-13 02:18 . 2010-10-11 14:59   45568   ------w-   c:\windows\system32\dllcache\wab.exe
2011-01-13 02:18 . 2010-08-16 08:45   590848   ----a-w-   c:\windows\system32\rpcrt4.dll
2011-01-13 02:18 . 2010-08-16 08:45   590848   ------w-   c:\windows\system32\dllcache\rpcrt4.dll
2011-01-12 01:32 . 2011-01-12 01:32   --------   d-----w-   C:\found.000
2011-01-12 01:03 . 2011-01-16 15:04   --------   d--h--w-   c:\windows\$hf_mig$
2011-01-11 23:16 . 2010-06-18 13:36   3558912   ----a-w-   c:\program files\Movie Maker\moviemk.exe
2011-01-11 23:16 . 2010-06-18 13:36   3558912   ------w-   c:\windows\system32\dllcache\moviemk.exe
2011-01-11 21:40 . 2010-12-21 00:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-11 21:40 . 2011-01-11 21:40   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-11 21:39 . 2011-01-11 21:40   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-01-11 21:39 . 2010-12-21 00:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-01-11 20:20 . 2011-01-11 20:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-11 20:19 . 2011-01-11 20:20   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-01-11 19:54 . 2011-01-11 19:54   --------   d-----w-   c:\program files\CCleaner
2011-01-11 19:47 . 2011-01-11 23:17   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2011-01-11 19:47 . 2010-11-03 21:57   38856   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-01-11 19:47 . 2010-11-03 21:55   25000   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-01-11 19:47 . 2010-11-03 21:55   29272   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-01-11 19:47 . 2010-11-03 21:52   202064   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-01-11 19:47 . 2011-01-19 03:40   --------   d-----w-   c:\program files\Online Armor
2010-12-26 22:57 . 2010-12-26 23:06   --------   d-----w-   c:\documents and settings\Administrator
2010-12-26 22:03 . 2010-12-26 22:32   --------   d-----w-   c:\program files\PC Tools Security
2010-12-26 22:03 . 2010-12-26 22:32   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-12-26 21:54 . 2010-12-26 22:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2010-12-26 21:44 . 2010-12-26 22:32   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-12-26 20:32 . 2010-12-26 20:32   60808   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2010-12-26 20:32 . 2010-12-26 21:13   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-12-26 20:32 . 2010-12-26 20:32   --------   d-----w-   c:\program files\Symantec
2010-12-26 20:32 . 2010-12-26 20:32   124976   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-25 23:01 . 2001-08-18 04:36   5632   ----a-w-   c:\windows\system32\ptpusb.dll
2010-12-25 23:01 . 2008-04-14 11:42   159232   ----a-w-   c:\windows\system32\ptpusd.dll
2010-12-25 23:01 . 2008-04-14 06:15   15104   ----a-w-   c:\windows\system32\drivers\usbscan.sys
2010-12-25 23:01 . 2008-04-14 06:15   15104   ----a-w-   c:\windows\system32\dllcache\usbscan.sys
2010-12-25 23:00 . 2011-01-11 21:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\fPhCc06305
2010-12-25 23:00 . 2010-12-25 23:00   --------   d-----w-   c:\windows\Sun
2010-12-25 22:14 . 2010-02-04 20:32   259584   ----a-w-   c:\windows\system32\bcdedit.exe
2010-12-25 22:14 . 2010-12-25 22:14   --------   d-----w-   C:\Boot
2010-12-25 22:13 . 2008-04-15 12:00   221184   ----a-w-   c:\windows\system32\wmpns.dll
2010-12-25 22:13 . 2010-12-25 22:13   --------   d-----w-   C:\WildTangent
2010-12-25 22:13 . 2010-12-25 22:13   --------   d-----w-   C:\Users
2010-12-25 22:13 . 2010-12-25 22:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skyhook Wireless
2010-12-25 22:13 . 2010-12-25 22:13   --------   d-----w-   c:\program files\DIFX
2010-12-25 22:13 . 2010-02-17 07:11   13568   ----a-w-   c:\windows\system32\drivers\wpsnuio.sys
2010-12-25 22:12 . 2010-12-25 22:12   --------   d-----w-   c:\program files\Skyhook Wireless
2010-12-25 22:11 . 2010-12-25 22:11   --------   d-----w-   c:\program files\HP Webcam
2010-12-25 22:11 . 2010-03-10 03:17   217088   ----a-w-   c:\windows\system32\ACamPropertyPage.dll
2010-12-25 22:11 . 2010-03-03 20:39   363904   ----a-w-   c:\windows\system32\drivers\cam3820a.sys
2010-12-25 22:11 . 2010-03-02 21:51   212992   ----a-w-   c:\windows\system32\cocam3820.dll
2010-12-25 22:11 . 2010-03-02 21:51   110592   ----a-w-   c:\windows\system32\cam3820n.ax
2010-12-25 22:11 . 2010-03-01 15:54   1323296   ----a-w-   c:\windows\system32\drivers\rt2860.sys
2010-12-25 22:11 . 2010-03-01 15:50   238880   ----a-w-   c:\windows\system32\RaCoInst.dll
2010-12-25 22:11 . 2010-12-25 22:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\Ralink Driver
2010-12-25 22:10 . 2011-01-13 03:22   --------   d-----w-   c:\documents and settings\jocey
2010-12-25 22:08 . 2010-08-27 02:34   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
2010-12-25 22:08 . 2010-08-27 04:54   --------   d-----w-   c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-12-25 22:08 . 2010-08-27 03:57   --------   d-----w-   c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-12-25 22:08 . 2010-08-27 02:34   --------   d-sh--w-   c:\documents and settings\Default User\IETldCache
2010-12-25 22:08 . 2010-08-27 01:37   --------   d-----w-   c:\documents and settings\Default User\Local Settings\Application Data\ApplicationHistory
2010-12-25 18:35 . 2008-04-14 06:15   26368   ----a-w-   c:\windows\system32\dllcache\usbstor.sys
2010-12-25 18:19 . 2010-12-25 18:19   --------   d-----w-   c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-25 17:59 . 2009-05-18 19:17   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-25 17:59 . 2008-04-17 18:12   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2010-12-25 17:57 . 2010-12-25 17:57   --------   d-----w-   c:\program files\iPod
2010-12-25 17:56 . 2010-12-25 17:59   --------   d-----w-   c:\program files\iTunes
2010-12-25 17:56 . 2010-12-25 17:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-25 17:55 . 2010-12-25 17:55   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-25 17:52 . 2010-12-25 17:55   --------   d-----w-   c:\program files\QuickTime
2010-12-25 17:51 . 2010-12-25 17:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2010-12-25 17:51 . 2010-12-25 17:51   --------   d-----w-   c:\program files\Apple Software Update
2010-12-25 17:50 . 2010-09-28 21:44   41984   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2010-12-25 17:50 . 2010-09-28 21:44   4184352   ----a-w-   c:\windows\system32\usbaaplrc.dll
2010-12-25 17:49 . 2010-12-25 17:49   --------   d-----w-   c:\program files\Bonjour
2010-12-25 17:48 . 2010-12-25 18:19   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple
2010-12-25 17:48 . 2010-12-25 17:57   --------   d-----w-   c:\program files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:38 . 2010-11-29 23:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2010-11-18 18:12   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2010-11-09 14:52   249856   ----a-w-   c:\windows\system32\odbc32.dll
2010-10-28 13:13 . 2010-10-28 13:13   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2010-10-26 13:25   1853312   ----a-w-   c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2011-01-16_15.54.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-19 04:10 . 2011-01-19 04:10   16384 c:\windows\temp\Perflib_Perfdata_700.dat
- 2008-04-15 12:00 . 2008-04-15 12:00   75776 c:\windows\system32\strmfilt.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38   75776 c:\windows\system32\strmfilt.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57   99840 c:\windows\system32\srvsvc.dll
+ 2009-04-11 02:06 . 2011-01-19 04:12   69172 c:\windows\system32\perfc009.dat
- 2009-04-11 02:06 . 2011-01-15 22:33   69172 c:\windows\system32\perfc009.dat
+ 2009-10-21 05:38 . 2009-10-21 05:38   25088 c:\windows\system32\httpapi.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38   75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57   99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38   25088 c:\windows\system32\dllcache\httpapi.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
- 2011-01-13 02:18 . 2010-08-13 12:53   5120 c:\windows\system32\xpsp4res.dll
+ 2010-08-26 12:52 . 2010-08-26 12:52   5120 c:\windows\system32\xpsp4res.dll
+ 2009-08-25 09:17 . 2009-08-25 09:17   354816 c:\windows\system32\winhttp.dll
- 2009-04-11 02:06 . 2011-01-15 22:33   434966 c:\windows\system32\perfh009.dat
+ 2009-04-11 02:06 . 2011-01-19 04:12   434966 c:\windows\system32\perfh009.dat
+ 2010-06-09 07:43 . 2010-06-09 07:43   692736 c:\windows\system32\inetcomm.dll
+ 2010-08-26 13:39 . 2010-08-26 13:39   357248 c:\windows\system32\drivers\srv.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20   265728 c:\windows\system32\drivers\http.sys
+ 2009-08-25 09:17 . 2009-08-25 09:17   354816 c:\windows\system32\dllcache\winhttp.dll
+ 2010-08-26 13:39 . 2010-08-26 13:39   357248 c:\windows\system32\dllcache\srv.sys
+ 2010-06-09 07:43 . 2010-06-09 07:43   692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20   265728 c:\windows\system32\dllcache\http.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20   265728 c:\windows\Driver Cache\i386\http.sys
+ 2011-01-16 16:20 . 2011-01-16 16:20   400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2011-01-16 16:20 . 2011-01-16 16:20   593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\97bd2a5d946aa3a824e4cfe5b6ef95aa\System.Messaging.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2011-01-16 16:20 . 2011-01-16 16:20   1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2011-01-16 16:20 . 2011-01-16 16:20   1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2011-01-16 16:20 . 2011-01-16 16:20   4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2011-01-16 16:20 . 2011-01-16 16:20   2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2011-01-16 16:19 . 2011-01-16 16:19   1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2011-01-16 16:17 . 2011-01-16 16:18   9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2011-01-16 16:18 . 2011-01-16 16:18   2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-03-28 22:22   718848   ----a-w-   c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-03-28 22:22   718848   ----a-w-   c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-03-28 22:22   718848   ----a-w-   c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-03-28 22:22   718848   ----a-w-   c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-03-28 22:22   718848   ----a-w-   c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-12-25 1733]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Skyhook Wireless XPS Service"="c:\program files\Skyhook Wireless\XPS\xpscontrolpanel.exe" [2010-04-02 632136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-17 141336]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe" [2009-11-30 240472]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-17 173592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2010-11-03 2345000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2010-11-03 353992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\HP CloudDrive\\zumodrive.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Java(TM) Platform SE binary
"8182:TCP"= 8182:TCP:Java(TM) Platform SE binary

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [8/26/2010 10:26 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [8/26/2010 10:26 PM 15856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [1/12/2011 8:22 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [1/12/2011 8:22 PM 173104]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [12/28/2009 12:17 AM 106096]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/23/2010 3:34 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [1/12/2011 8:22 PM 501888]
R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [11/11/2009 2:09 PM 18136]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [1/11/2011 1:47 PM 202064]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [1/11/2011 1:47 PM 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [1/11/2011 1:47 PM 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [1/11/2011 1:47 PM 29272]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [8/26/2010 10:26 PM 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [1/12/2011 8:22 PM 116784]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 8:05 PM 457200]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2/4/2010 3:00 PM 211440]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [4/12/2010 8:37 PM 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [4/5/2010 12:12 PM 103992]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [1/12/2011 8:22 PM 126392]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [1/11/2011 1:47 PM 380784]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [1/11/2011 1:47 PM 3652696]
R2 xpssvc;Skyhook Wireless XPS Service;c:\program files\Skyhook Wireless\XPS\xpssvc.exe [4/1/2010 8:04 PM 699720]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/26/2010 9:06 PM 113664]
R3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [12/25/2010 4:11 PM 363904]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [8/26/2010 9:10 PM 227896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/12/2011 8:24 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110114.002\IDSXpx86.sys [1/15/2011 2:57 PM 341944]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [8/26/2010 9:08 PM 230944]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [12/25/2010 4:11 PM 1323296]
R3 XPSVCOM;XPSVCOM;c:\windows\system32\drivers\XPSVCOM.sys [2/4/2010 12:07 AM 12416]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2010-03-26 23:27   200769   ----a-w-   c:\program files\Hewlett-Packard\HP Media Suite\Home\QuickLaunch.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]

2011-01-19 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2010-02-04 21:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-18 22:11
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\SEP2.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(492)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2128)
c:\windows\system32\WININET.dll
c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\idt\wdm\STacSV.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Online Armor\OAhlp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
.
**************************************************************************
.
Completion time: 2011-01-18 22:24:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-19 04:24
ComboFix2.txt 2011-01-16 16:04

Pre-Run: 138,545,422,336 bytes free
Post-Run: 138,634,129,408 bytes free

- - End Of File - - CE4854CFD9A22F34F22F584A53EAA59C

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-19 06:13:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0001
Running: gmer.exe; Driver: C:\DOCUME~1\jocey\LOCALS~1\Temp\pxlcypow.sys

---- System - GMER 1.0.15 ----

SSDT 857EDB30 ZwAlertResumeThread
SSDT 85E8DA78 ZwAlertThread
SSDT 85821738 ZwAllocateVirtualMemory
SSDT 8619DE40 ZwAssignProcessToJobObject
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwConnectPort [0x9E6FB64C]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateFile [0x9E7021F8]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA2FC9210]
SSDT 851987B8 ZwCreateMutant
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreatePort [0x9E6FB46A]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateProcess [0x9E6FCDE4]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateProcessEx [0x9E6F9978]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateSection [0x9E6F94F2]
SSDT 8520A9B8 ZwCreateSymbolicLinkObject
SSDT 850B81A8 ZwCreateThread
SSDT 86168E40 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA2FC9490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA2FC99F0]
SSDT 85821910 ZwDuplicateObject
SSDT 857E5DB8 ZwFreeVirtualMemory
SSDT 851B1628 ZwImpersonateAnonymousToken
SSDT 85F771B8 ZwImpersonateThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwLoadDriver [0x9E6FC24C]
SSDT 8582E450 ZwMapViewOfSection
SSDT 851C7628 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwOpenFile [0x9E702554]
SSDT 852438B0 ZwOpenProcess
SSDT 85189630 ZwOpenProcessToken
SSDT 85242628 ZwOpenSection
SSDT 852437A0 ZwOpenThread
SSDT 8520E9B8 ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwQueueApcThread [0x9E6FC940]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRequestPort [0x9E6FBCB0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0x9E6FBF14]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRestoreKey [0x9E701FF0]
SSDT 85E85C70 ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSecureConnectPort [0x9E6FB86E]
SSDT 851E0630 ZwSetContextThread
SSDT 8582E238 ZwSetInformationProcess
SSDT 857A6C30 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA2FC9C40]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwShutdownSystem [0x9E6FC186]
SSDT 8521F628 ZwSuspendProcess
SSDT 85240630 ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSystemDebugControl [0x9E6FAE40]
SSDT 85180630 ZwTerminateProcess
SSDT 851E8630 ZwTerminateThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwUnloadDriver [0x9E6FC414]
SSDT 851BF630 ZwUnmapViewOfSection
SSDT 85062DC0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80504538 12 Bytes [6A, B4, 6F, 9E, E4, CD, 6F, ...] {PUSH -0x4c; OUTSD ; SAHF ; IN AL, 0xcd; OUTSD ; SAHF ; JS 0xffffffffffffffa3; OUTSD ; SAHF }
.text ntkrnlpa.exe!ZwCallbackReturn + 2E08 805046A4 4 Bytes JMP 683CCBC9
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [28, F6, 21, 85, 30, 06, 24, ...] {SUB DH, DH; AND [EBP-0x7adbf9d0], EAX; INC EAX; SCASB ; OUTSD ; SAHF }
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] ntdll.dll!NtCreateSymbolicLinkObject 7C90D19E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D1A2 2 Bytes [77, 71] {JA 0x73}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 71] {JZ 0x73}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AA0001
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71720F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!CloseHandle 7C809BE7 6 Bytes JMP 71960F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716F0F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] KERNEL32.dll!CreateFileW 7C810800 6 Bytes JMP 71990F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [89, 71]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 718D0F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] user32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [86, 71]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2288] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 717E0F5A
.tex

SuperDave · « **Reply #16 on:** January 19, 2011, 12:29:03 PM »

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

hazel312001a · « **Reply #17 on:** January 19, 2011, 05:47:38 PM »

Hi Superdave!

I just want to tell you again how grateful I am for you and all the other experts here on Computerhope.com. I know beyond a shadow of a doubt that I would have ended up racking my brain and then trashing this laptop! So I am forever indebted! Is there anyway I can support computerhope.com?

I ran the TDSSKiller...here's the log:

2011/01/19 18:41:20.0765   TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/19 18:41:20.0765   ================================================================================
2011/01/19 18:41:20.0765   SystemInfo:
2011/01/19 18:41:20.0765
2011/01/19 18:41:20.0765   OS Version: 5.1.2600 ServicePack: 3.0
2011/01/19 18:41:20.0765   Product type: Workstation
2011/01/19 18:41:20.0765   ComputerName: JOCELYNN
2011/01/19 18:41:20.0765   UserName: jocey
2011/01/19 18:41:20.0765   Windows directory: C:\WINDOWS
2011/01/19 18:41:20.0765   System windows directory: C:\WINDOWS
2011/01/19 18:41:20.0765   Processor architecture: Intel x86
2011/01/19 18:41:20.0765   Number of processors: 2
2011/01/19 18:41:20.0765   Page size: 0x1000
2011/01/19 18:41:20.0765   Boot type: Normal boot
2011/01/19 18:41:20.0765   ================================================================================
2011/01/19 18:41:21.0203   Initialize success
2011/01/19 18:41:26.0203   ================================================================================
2011/01/19 18:41:26.0203   Scan started
2011/01/19 18:41:26.0203   Mode: Manual;
2011/01/19 18:41:26.0203   ================================================================================
2011/01/19 18:41:26.0796   abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/19 18:41:26.0843   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/19 18:41:26.0875   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/19 18:41:26.0937   adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/19 18:41:27.0000   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/19 18:41:27.0062   AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
2011/01/19 18:41:27.0140   AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/19 18:41:27.0187   agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/19 18:41:27.0234   agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/19 18:41:27.0281   Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/19 18:41:27.0328   aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/19 18:41:27.0375   aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/19 18:41:27.0437   AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/19 18:41:27.0468   alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/19 18:41:27.0500   amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/19 18:41:27.0546   amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/19 18:41:27.0593   asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/19 18:41:27.0640   asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/19 18:41:27.0687   asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/19 18:41:27.0781   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/19 18:41:27.0812   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/19 18:41:27.0890   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/19 18:41:27.0953   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/19 18:41:28.0000   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/19 18:41:28.0140   BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
2011/01/19 18:41:28.0343   Cam3820 (d814dc013ca490bf696850c5281641fe) C:\WINDOWS\system32\Drivers\cam3820a.sys
2011/01/19 18:41:28.0437   cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/19 18:41:28.0468   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/19 18:41:28.0531   CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/19 18:41:28.0640   ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys
2011/01/19 18:41:28.0687   cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/19 18:41:28.0734   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/19 18:41:28.0765   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/19 18:41:28.0828   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/19 18:41:28.0937   CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/19 18:41:29.0000   CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/19 18:41:29.0046   Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/19 18:41:29.0125   Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/19 18:41:29.0171   dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/19 18:41:29.0203   dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/19 18:41:29.0265   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/19 18:41:29.0343   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/19 18:41:29.0421   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/19 18:41:29.0468   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/19 18:41:29.0578   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/19 18:41:29.0671   dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/19 18:41:29.0765   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/19 18:41:29.0843   DVMIO (ff7a7a1e0f9a0ab892a454ffb9d14bbe) C:\WINDOWS\system32\DRIVERS\dvmio.sys
2011/01/19 18:41:30.0000   eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/19 18:41:30.0046   EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/01/19 18:41:30.0218   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/19 18:41:30.0296   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/19 18:41:30.0343   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/19 18:41:30.0375   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/19 18:41:30.0421   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/19 18:41:30.0468   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/19 18:41:30.0515   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/19 18:41:30.0578   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/19 18:41:30.0609   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/19 18:41:30.0671   HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/19 18:41:30.0765   HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/19 18:41:30.0828   hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/19 18:41:30.0875   HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2011/01/19 18:41:30.0968   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/19 18:41:31.0015   i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/19 18:41:31.0062   i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/19 18:41:31.0125   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/19 18:41:31.0250   ialm (0e501525f2b67aa17fe143d7c5e6a649) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/01/19 18:41:31.0343   iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/01/19 18:41:31.0515   IDSxpx86 (0308238c582a55d83d34feee39542793) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110114.002\IDSxpx86.sys
2011/01/19 18:41:31.0640   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/19 18:41:31.0734   ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/19 18:41:31.0796   IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/19 18:41:31.0843   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/19 18:41:31.0875   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/19 18:41:31.0937   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/19 18:41:31.0968   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/19 18:41:32.0031   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/19 18:41:32.0109   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/19 18:41:32.0171   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/19 18:41:32.0250   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/19 18:41:32.0312   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/19 18:41:32.0390   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/19 18:41:32.0484   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/19 18:41:32.0625   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/19 18:41:32.0687   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/19 18:41:32.0734   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/19 18:41:32.0812   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/19 18:41:32.0875   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/19 18:41:32.0921   mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/19 18:41:32.0984   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/19 18:41:33.0046   MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/19 18:41:33.0125   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/19 18:41:33.0203   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/19 18:41:33.0265   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/19 18:41:33.0296   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/19 18:41:33.0375   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/19 18:41:33.0437   MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/19 18:41:33.0484   Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/19 18:41:33.0531   NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/19 18:41:33.0640   NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110116.003\NAVENG.SYS
2011/01/19 18:41:33.0734   NAVEX15 (94b3164055d821a62944d9fe84036470) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110116.003\NAVEX15.SYS
2011/01/19 18:41:33.0890   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/19 18:41:33.0968   NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/19 18:41:34.0015   NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/19 18:41:34.0046   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/19 18:41:34.0078   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/19 18:41:34.0125   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/19 18:41:34.0171   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/19 18:41:34.0234   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/19 18:41:34.0343   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/19 18:41:34.0390   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/19 18:41:34.0468   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/19 18:41:34.0515   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/19 18:41:34.0546   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/19 18:41:34.0609   OADevice (422cf292a3fd758418c5b79405c93331) C:\WINDOWS\system32\drivers\OADriver.sys
2011/01/19 18:41:34.0656   oahlpXX (4b21bc5a58c9a62e9c26ef7f337dca0c) C:\WINDOWS\system32\drivers\oahlp32.sys
2011/01/19 18:41:34.0703   OAmon (6243e6db6399a95fd401090fc0d0c3ab) C:\WINDOWS\system32\drivers\OAmon.sys
2011/01/19 18:41:34.0734   OAnet (f87647d8e994032ee9a50f8a3a144671) C:\WINDOWS\system32\drivers\OAnet.sys
2011/01/19 18:41:34.0812   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/19 18:41:34.0859   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/19 18:41:34.0890   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/19 18:41:34.0953   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/19 18:41:35.0031   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/19 18:41:35.0078   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/19 18:41:35.0250   perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/19 18:41:35.0265   perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/19 18:41:35.0406   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/19 18:41:35.0453   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/19 18:41:35.0515   PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/19 18:41:35.0546   ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/19 18:41:35.0593   Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/19 18:41:35.0625   ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/19 18:41:35.0671   ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/19 18:41:35.0703   ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/19 18:41:35.0750   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/19 18:41:35.0796   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/19 18:41:35.0843   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/19 18:41:35.0875   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/19 18:41:35.0968   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/19 18:41:36.0000   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/19 18:41:36.0062   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/19 18:41:36.0109   RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/19 18:41:36.0171   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/19 18:41:36.0281   RSPCIESTOR (2ad7b2b3d7a10ae3d534877d543eed74) C:\WINDOWS\system32\DRIVERS\RtsPStor.sys
2011/01/19 18:41:36.0406   RT80x86 (ff2832e18a9e8d58c0a74e4fdd6589f9) C:\WINDOWS\system32\DRIVERS\RT2860.sys
2011/01/19 18:41:36.0484   rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/01/19 18:41:36.0546   RTLE8023xp (c8bb947520bc4116882bd9f70d8b512f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/01/19 18:41:36.0609   SahdIa32 (0b2d5d2341437d7d7e1a6c7bbce3786a) C:\WINDOWS\system32\Drivers\SahdIa32.sys
2011/01/19 18:41:36.0625   SaibIa32 (7a5f65b16249af2bc9d18d815f5d7172) C:\WINDOWS\system32\Drivers\SaibIa32.sys
2011/01/19 18:41:36.0718   SaibVd32 (e333c9515822de586a3ff759a0c9b7bf) C:\WINDOWS\system32\Drivers\SaibVd32.sys
2011/01/19 18:41:36.0812   SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/19 18:41:36.0843   SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/01/19 18:41:36.0953   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/19 18:41:37.0000   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/19 18:41:37.0078   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/19 18:41:37.0187   sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/19 18:41:37.0250   SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/19 18:41:37.0281   Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/19 18:41:37.0343   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/19 18:41:37.0390   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/19 18:41:37.0500   SRTSP (00f20cf8956b22c392aaae949d84c3e8) C:\WINDOWS\system32\drivers\NIS\1100000.088\SRTSP.SYS
2011/01/19 18:41:37.0578   SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS
2011/01/19 18:41:37.0640   Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/19 18:41:37.0781   STHDA (a71f9a0db6904a998988c5316e3ff90a) C:\WINDOWS\system32\drivers\sthda.sys
2011/01/19 18:41:37.0906   streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/19 18:41:38.0015   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/19 18:41:38.0140   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/19 18:41:38.0203   symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/19 18:41:38.0234   symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/19 18:41:38.0328   SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS
2011/01/19 18:41:38.0390   SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS
2011/01/19 18:41:38.0468   SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/01/19 18:41:38.0500   SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS
2011/01/19 18:41:38.0578   SYMTDI (6baf78bdd3fe4437085ea45cda625f2d) C:\WINDOWS\system32\drivers\NIS\1100000.088\SYMTDI.SYS
2011/01/19 18:41:38.0656   sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/19 18:41:38.0671   sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/19 18:41:38.0734   SynTP (60900234ec482627a33081a453c63776) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/01/19 18:41:38.0796   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/19 18:41:38.0875   SysCow (e26c320c315174f79ff314e7db64210c) C:\WINDOWS\system32\drivers\syscow32x.sys
2011/01/19 18:41:38.0968   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/19 18:41:39.0062   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/19 18:41:39.0109   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/19 18:41:39.0171   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/19 18:41:39.0250   TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/19 18:41:39.0312   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/19 18:41:39.0343   ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/19 18:41:39.0390   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/19 18:41:39.0484   USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/19 18:41:39.0531   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/19 18:41:39.0578   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/19 18:41:39.0625   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/19 18:41:39.0687   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/19 18:41:39.0734   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/19 18:41:39.0796   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/19 18:41:39.0859   usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/01/19 18:41:39.0921   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/19 18:41:39.0984   viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/19 18:41:40.0031   ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/19 18:41:40.0046   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/19 18:41:40.0125   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/19 18:41:40.0203   Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/01/19 18:41:40.0281   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/19 18:41:40.0421   WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/01/19 18:41:40.0515   Wpsnuio (9dfc61a363467c29f0ebe87af5a67060) C:\WINDOWS\system32\DRIVERS\wpsnuio.sys
2011/01/19 18:41:40.0593   WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/19 18:41:40.0671   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/19 18:41:40.0718   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/19 18:41:40.0828   XPSVCOM (c264a100552e409949ac249b8845a7ea) C:\WINDOWS\system32\DRIVERS\XPSVCOM.sys
2011/01/19 18:41:40.0921   ================================================================================
2011/01/19 18:41:40.0921   Scan finished
2011/01/19 18:41:40.0921   ================================================================================

SuperDave · « **Reply #18 on:** January 19, 2011, 06:05:26 PM »

Quote

Is there anyway I can support computerhope.com?

A simple thank you and recommend us to your friends is all that is necessary.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

hazel312001a · « **Reply #19 on:** January 20, 2011, 05:33:41 PM »

Hi Superdave,

I tried running ESET onnline but I got an error that says" Can not get update. Is proxy configured?"

Thanx!
gina

SuperDave · « **Reply #20 on:** January 21, 2011, 12:52:10 PM »

Ok. Let's try this:
Remove the Proxy setting in Internet Explorer and/or in FireFox.
In Internet Explorer

Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously

In Firefox

Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
Click the apply button and restart that computer in normal mode.

Now please try running the ESET scan again.

hazel312001a · « **Reply #21 on:** January 22, 2011, 05:22:33 AM »

Quote from: SuperDave on January 21, 2011, 12:52:10 PM

Ok. Let's try this:
Remove the Proxy setting in Internet Explorer and/or in FireFox.
In Internet Explorer
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously
In Firefox
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
Click the apply button and restart that computer in normal mode.
Now please try running the ESET scan again.

Hi Super Dave!

I checked but ...the "use a proxy server..." wasn't selected in my LAN settings. I also noticed that Windows Firewall somehow had turned itself back on so I turned it off. But I am still getting the same message from EST.

Thanx!
Gina

SuperDave · « **Reply #22 on:** January 22, 2011, 12:43:04 PM »

Ok. Let's try this one.

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives

5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply along with a fresh HijackThis log.

hazel312001a · « **Reply #23 on:** January 22, 2011, 04:06:44 PM »

This keeps getting better and better!

I tried the Kaspersky online scan which gave me an error that it requires Java Framework version 1.5 or later. I got redirected to the Java site (in my earlier posts I mentioned that I was unable to update my Java version) where I tried to download Java(apparently I don't have it anymore?) To which I encountered another error which says: " The installer can not proceed with the current Internet Connection settings. Please visit the following web page for more information" with a link to the Java help page but no specific reason or settings that may be interferring with the download.

I really must thank you again...If this sux so bad for me I can't believe what you go thru helping so many people!

gina

SuperDave · « **Reply #24 on:** January 22, 2011, 07:19:33 PM »

Ok Gina. What browser are you using?

Run the F-Secure Online Scanner for Viruses, Spyware and Rootkits.

Note: This Scanner is for Internet Explorer Only!

•Click on Online Services and then Online Scanner
•Accept the License Agreement.
•Once the ActiveX installs,Click Full System Scan
•Once the download completes,the scan will begin automatically.
•The scan will take some time to finish,so please be patient.
•When the scan completes, click the Automatic cleaning (recommended) button.

•Click the Show Report button and Copy&Paste the entire report in your next reply.

hazel312001a · « **Reply #25 on:** January 23, 2011, 09:21:05 AM »

Quote from: SuperDave on January 22, 2011, 07:19:33 PM

Ok Gina. What browser are you using?

Run the F-Secure Online Scanner for Viruses, Spyware and Rootkits.

Note: This Scanner is for Internet Explorer Only!

•Click on Online Services and then Online Scanner
•Accept the License Agreement.
•Once the ActiveX installs,Click Full System Scan
•Once the download completes,the scan will begin automatically.
•The scan will take some time to finish,so please be patient.
•When the scan completes, click the Automatic cleaning (recommended) button.

•Click the Show Report button and Copy&Paste the entire report in your next reply.

Hi SuperDave,

I have IE 8 as my browser. But I hit another wall when trying to use the F-Secure Online Scanner. As soon as I clicked the link a box o the site said" The latest version of Java is required to run F-Secure Online Scanner. You can download it from http://java.sun.com."

Previouly when I tried to uninstall it I got an error that said "Internal Error 2753.RegUtils." I did some research on that and found a blog that says people have successfully corrected this with something called Microsoft Installer Clean Up Utility. Do you think it would be safe to try that to fix the Java situation?

And you know what else...I think Java was corrupted by that Malware program...when I tried to open it manually it gives me this notice" The system can not find the registry key specified: HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_18. I think this got quarantined and deleted in one of the previous scans.

Thanx again for all you do! I really appreciate it!

gina

SuperDave · « **Reply #26 on:** January 23, 2011, 04:09:32 PM »

Quote

Previouly when I tried to uninstall it I got an error that said "Internal Error 2753.RegUtils." I did some research on that and found a blog that says people have successfully corrected this with something called Microsoft Installer Clean Up Utility. Do you think it would be safe to try that to fix the Java situation?

The Microsoft Installer Clean Up Utility has been removed from the MS site because it was causing problems with other programs.
Please try this:

Download Revo Uninstaller
* Open Revo and let the list populate (can take several seconds to finish).
* Right click what you want to uninstall and choose Uninstall
* Next choose Advanced then click Next
* This will (try to) launch the programs built in uninstaller and go through the normal uninstall process.
* If the uninstaller fails just continue on with the Revo instructions.
* Once complete: In Revo Uninstaller click Next and Revo will scan the registry for leftovers.
* This scan can take several seconds.
* Once the results are shown look at each one to ensure they are all related to the program that was uninstalled.
* Choose Select All then click Delete
* Click Next and Revo will scan for any files or folders that were not removed.
* If any files/folders are found choose Select all > Delete

Once Java is uninstalled, download and install the new one and try running the ESET scan.

hazel312001a · « **Reply #27 on:** January 23, 2011, 09:58:07 PM »

Hi Superdave,

I think by now we can assume that JAVA HATES ME! I uninstalled the old version completely with the Revo tool. But when I tried to reinstall the online version I got the same "internet options" error. So I downloaded the offline version and installed successfully. But when it ran the verify check I failed!It doesn't give me a specific reason but I did all the checks (all with IE)and everything is set correctly. I even uninstalled and reinstalled it and got the same thing. Java is enabled under everything I could find in my internet options and I verified the add ons are in there too.

Grrrrr...
gina

PS. I might have to buy you lunch when this is all overwith! Thanx so much for your help!

SuperDave · « **Reply #28 on:** January 25, 2011, 12:39:43 PM »

Could you please run Security Check again as outlined in Reply # 5 and post the log?

hazel312001a · « **Reply #29 on:** January 25, 2011, 04:27:43 PM »

Hi SuperDave! Am I getting on your nerves yet? This thing sure is getting on mine! Thank you again for being so patient and kind in helping me with my computer issues. Here is my security check log:

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Online Armor 4.5
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Adobe Flash Player
Adobe Reader 9.4.1 MUI
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Tall Emu Online Armor OAcat.exe
``````````End of Log````````````

Computer Hope Forum

News:

Author Topic: Help with System Tools virus (Read 36618 times)

hazel312001a

Re: Help with System Tools virus

SuperDave

Re: Help with System Tools virus

hazel312001a

Re: Help with System Tools virus

SuperDave

Re: Help with System Tools virus

hazel312001a

Re: Help with System Tools virus

SuperDave

Re: Help with System Tools virus

hazel312001a

Re: Help with System Tools virus

SuperDave

Re: Help with System Tools virus

hazel312001a

Re: Help with System Tools virus

SuperDave

Re: Help with System Tools virus

hazel312001a

Re: Help with System Tools virus

SuperDave

Re: Help with System Tools virus

hazel312001a

Re: Help with System Tools virus

SuperDave

Re: Help with System Tools virus

hazel312001a

Re: Help with System Tools virus