Jump to content

Rootkit file keeps coming back on restart


Recommended Posts

Hello All,

I am currently running Windows 7. I've run Malwarebytes several times in both normal and safe mode however whenever I restart my computer in normal mode the infected file C:\Windows\System32\drivers\zqjdovt.sys keeps coming back. Is there any way to get rid of this? Attached is my Malwarebyte Log and HiJackThis Log.

Thanks!

Malwarebytes log

Malwarebytes' Anti-Malware 1.44

Database version: 3582

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/17/2010 12:37:21 PM

mbam-log-2010-01-17 (12-37-21).txt

Scan type: Quick Scan

Objects scanned: 120262

Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\drivers\zqjdovt.sys (Rootkit.Agent) -> Delete on reboot.

HiJackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:41:38 PM, on 1/17/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Temper\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix:

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: lxba_device - - C:\Windows\system32\lxbacoms.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 7646 bytes

Link to post
Share on other sites

  • 2 weeks later...

Hello and welcome to Malwarebytes.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please take a read in this thread on instructions on running the tools and posting the logs for instructions: http://www.malwarebytes.org/forums/index.php?showtopic=9573

In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please note that the forum is very busy and if I don

Link to post
Share on other sites

Hello and welcome to Malwarebytes.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please take a read in this thread on instructions on running the tools and posting the logs for instructions: http://www.malwarebytes.org/forums/index.php?showtopic=9573

In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please note that the forum is very busy and if I don

Link to post
Share on other sites

Here is the results of Malwarebytes.

Malwarebytes' Anti-Malware 1.44

Database version: 3675

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2/1/2010 6:19:48 PM

mbam-log-2010-02-01 (18-19-48).txt

Scan type: Quick Scan

Objects scanned: 123484

Time elapsed: 1 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\drivers\zqjdovt.sys (Rootkit.Agent) -> Delete on reboot.

Link to post
Share on other sites

Here are the other logs.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Temper at 20:26:09.61 on Mon 02/01/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2081 [GMT -6:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskhost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Temper\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081007

uStart Page = hxxp://www.aol.com/

uWindow Title = Internet Explorer provided by Dell

mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081007

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [<NO NAME>]

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide

mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\users\temper\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://sppmeetings.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc1.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\temper\appdata\roaming\mozilla\firefox\profiles\wp53gzi6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll

FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll

FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\temper\appdata\roaming\move networks\plugins\npqmp071701000002.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-1-2 47640]

R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]

=============== Created Last 30 ================

2010-01-29 18:26:48 0 d-----w- c:\program files\MSECache

2010-01-29 16:37:55 0 d-----w- c:\users\temper\appdata\roaming\webex

2010-01-29 16:37:30 0 d-----w- c:\programdata\WebEx

2010-01-28 13:34:16 0 d-----w- c:\users\temper\appdata\roaming\LimeWire

2010-01-28 13:34:08 0 d-----w- c:\program files\LimeWire

2010-01-26 19:34:33 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-01-26 19:34:33 2614272 ----a-w- c:\windows\explorer.exe

2010-01-26 00:07:09 1078 ----a-w- c:\windows\system32\drivers\drivers - Shortcut.lnk

2010-01-23 14:21:57 0 ----a-w- c:\windows\system32\settings.dat

2010-01-23 03:22:10 0 d-----w- C:\tro

2010-01-23 02:17:10 0 d-----w- c:\programdata\F-Secure

2010-01-21 19:45:31 977920 ----a-w- c:\windows\system32\wininet.dll

2010-01-18 00:34:25 0 ----a-w- c:\users\temper\defogger_reenable

2010-01-17 15:49:42 0 d-----w- c:\program files\Sophos

2010-01-17 15:32:49 0 d-----w- c:\programdata\SUPERAntiSpyware.com

2010-01-17 15:32:43 0 d-----w- c:\program files\SUPERAntiSpyware

2010-01-17 15:23:22 0 d-----w- c:\programdata\RegCure

2010-01-17 08:40:00 56320 --sha-w- c:\users\temper\Thumbs.db

2010-01-14 00:51:00 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-14 00:47:45 0 d-----w- c:\programdata\Lavasoft

2010-01-14 00:47:45 0 d-----w- c:\program files\Lavasoft

2010-01-14 00:46:59 0 d-----w- c:\program files\Microsoft Security Essentials

2010-01-14 00:33:09 0 d-----w- c:\users\temper\appdata\roaming\Malwarebytes

2010-01-14 00:33:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-14 00:33:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-14 00:33:05 0 d-----w- c:\programdata\Malwarebytes

2010-01-14 00:33:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-12 23:56:51 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-01-12 23:56:51 108544 ----a-w- c:\windows\system32\t2embed.dll

2010-01-12 04:08:36 791552 ----a-w- c:\windows\system32\drivers\zqjdovt.sys

2010-01-11 23:40:32 65536 --sha-w- c:\users\temper\ntuser.dat{9b1fc567-ff0a-11de-8d0e-001ec958ba82}.TM.blf

2010-01-11 23:40:32 524288 --sha-w- c:\users\temper\ntuser.dat{9b1fc567-ff0a-11de-8d0e-001ec958ba82}.TMContainer00000000000000000002.regtrans-ms

2010-01-11 23:40:32 524288 --sha-w- c:\users\temper\ntuser.dat{9b1fc567-ff0a-11de-8d0e-001ec958ba82}.TMContainer00000000000000000001.regtrans-ms

==================== Find3M ====================

2009-12-25 17:17:01 196094 ----a-w- c:\windows\hpoins41.dat

2009-12-25 15:07:40 23114 ----a-w- c:\windows\hpqins15.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:26:32.51 ===============

Thanks,

Tuzzie T

Attach.zip

Link to post
Share on other sites

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the kaspersky_scan_now.gif button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Kasaccept.png button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the KasperskySettings.png ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Kassave.png button, if you made any changes.

    [*]Now under the Scan section on the left:

    Select My Computer

    [*]The program will now start and scan your system. This will run for a while, be patient and let it finish.

    [*]Once the scan is complete, click on View scan report

    [*]Now, click on the Save Report as button.

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

You can refer to this animation by sundavis if needed.

Link to post
Share on other sites

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the kaspersky_scan_now.gif button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Kasaccept.png button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the KasperskySettings.png ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Kassave.png button, if you made any changes.

    [*]Now under the Scan section on the left:

    Select My Computer

    [*]The program will now start and scan your system. This will run for a while, be patient and let it finish.

    [*]Once the scan is complete, click on View scan report

    [*]Now, click on the Save Report as button.

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

You can refer to this animation by sundavis if needed.

The Scan came back with No Threats Found.

'

Thanks,

Tuzzie T

Link to post
Share on other sites

Here are my new logs. The computer is still running ok. However the zqjdovt.sys file keeps reappearing even once I uninstall it.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Temper at 19:26:02.14 on Tue 02/09/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2210 [GMT -6:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\Userinit.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Temper\Desktop\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081007

uStart Page = hxxp://www.aol.com/

uWindow Title = Internet Explorer provided by Dell

mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081007

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [<NO NAME>]

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide

mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\users\temper\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://sppmeetings.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc1.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\temper\appdata\roaming\mozilla\firefox\profiles\wp53gzi6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll

FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll

FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\temper\appdata\roaming\move networks\plugins\npqmp071701000002.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-1-2 47640]

R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]

=============== Created Last 30 ================

2010-01-29 18:26:48 0 d-----w- c:\program files\MSECache

2010-01-29 16:37:55 0 d-----w- c:\users\temper\appdata\roaming\webex

2010-01-29 16:37:30 0 d-----w- c:\programdata\WebEx

2010-01-28 13:34:16 0 d-----w- c:\users\temper\appdata\roaming\LimeWire

2010-01-28 13:34:08 0 d-----w- c:\program files\LimeWire

2010-01-26 19:34:33 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-01-26 19:34:33 2614272 ----a-w- c:\windows\explorer.exe

2010-01-26 00:07:09 1078 ----a-w- c:\windows\system32\drivers\drivers - Shortcut.lnk

2010-01-23 14:21:57 0 ----a-w- c:\windows\system32\settings.dat

2010-01-23 03:22:10 0 d-----w- C:\tro

2010-01-23 02:17:10 0 d-----w- c:\programdata\F-Secure

2010-01-21 19:45:31 977920 ----a-w- c:\windows\system32\wininet.dll

2010-01-18 00:34:25 0 ----a-w- c:\users\temper\defogger_reenable

2010-01-17 15:49:42 0 d-----w- c:\program files\Sophos

2010-01-17 15:32:49 0 d-----w- c:\programdata\SUPERAntiSpyware.com

2010-01-17 15:32:43 0 d-----w- c:\program files\SUPERAntiSpyware

2010-01-17 15:23:22 0 d-----w- c:\programdata\RegCure

2010-01-17 08:40:00 56320 --sha-w- c:\users\temper\Thumbs.db

2010-01-14 00:51:00 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-14 00:47:45 0 d-----w- c:\programdata\Lavasoft

2010-01-14 00:47:45 0 d-----w- c:\program files\Lavasoft

2010-01-14 00:46:59 0 d-----w- c:\program files\Microsoft Security Essentials

2010-01-14 00:33:09 0 d-----w- c:\users\temper\appdata\roaming\Malwarebytes

2010-01-14 00:33:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-14 00:33:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-14 00:33:05 0 d-----w- c:\programdata\Malwarebytes

2010-01-14 00:33:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-12 23:56:51 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-01-12 23:56:51 108544 ----a-w- c:\windows\system32\t2embed.dll

2010-01-12 04:08:36 791552 ----a-w- c:\windows\system32\drivers\zqjdovt.sys

2010-01-11 23:40:32 65536 --sha-w- c:\users\temper\ntuser.dat{9b1fc567-ff0a-11de-8d0e-001ec958ba82}.TM.blf

2010-01-11 23:40:32 524288 --sha-w- c:\users\temper\ntuser.dat{9b1fc567-ff0a-11de-8d0e-001ec958ba82}.TMContainer00000000000000000002.regtrans-ms

2010-01-11 23:40:32 524288 --sha-w- c:\users\temper\ntuser.dat{9b1fc567-ff0a-11de-8d0e-001ec958ba82}.TMContainer00000000000000000001.regtrans-ms

==================== Find3M ====================

2009-12-25 17:17:01 196094 ----a-w- c:\windows\hpoins41.dat

2009-12-25 15:07:40 23114 ----a-w- c:\windows\hpqins15.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:26:35.50 ===============

Attach.txt

Link to post
Share on other sites

Hello.

Can you please upload that file to me. If you can't upload it let me know.

Submit file sample

  • Open to the Submission Channel.
  • Under Link to topic where this file was requested, input:
    http://forums.malwarebytes.org/index.php?showtopic=36735


  • Click Browse and select the zqjdovt.sys file in your C:\Windows\syste32 directory
  • Under the comments section, say that Extremeboy asked for the submission.
  • Then select Send File to send it
  • After that you should get a confirmation if it was uploaded successfully.

Link to post
Share on other sites

Download and Run Combofix

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

i think i may have removed the virus. can you tell me if my computer is clean or not. can i now reenable everything through the defrogger program? thanks.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Temper at 6:41:18.93 on Fri 02/19/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2246 [GMT -6:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Temper\Desktop\dds(2).scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081007

uStart Page = hxxp://www.aol.com/

uWindow Title = Internet Explorer provided by Dell

mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081007

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [<NO NAME>]

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide

mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\users\temper\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://sppmeetings.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc1.cab

IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect

================= FIREFOX ===================

FF - ProfilePath - c:\users\temper\appdata\roaming\mozilla\firefox\profiles\wp53gzi6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll

FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll

FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\temper\appdata\roaming\move networks\plugins\npqmp071701000002.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-1-2 47640]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]

R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]

=============== Created Last 30 ================

2010-02-15 15:23:59 0 ----a-w- c:\users\temper\defogger_reenable

2010-01-29 18:26:48 0 d-----w- c:\program files\MSECache

2010-01-29 16:37:55 0 d-----w- c:\users\temper\appdata\roaming\webex

2010-01-29 16:37:30 0 d-----w- c:\programdata\WebEx

2010-01-28 13:34:16 0 d-----w- c:\users\temper\appdata\roaming\LimeWire

2010-01-28 13:34:08 0 d-----w- c:\program files\LimeWire

2010-01-26 19:34:33 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-01-26 19:34:33 2614272 ----a-w- c:\windows\explorer.exe

2010-01-26 00:07:09 1078 ----a-w- c:\windows\system32\drivers\drivers - Shortcut.lnk

2010-01-23 14:21:57 0 ----a-w- c:\windows\system32\settings.dat

2010-01-23 03:22:10 0 d-----w- C:\tro

2010-01-23 02:17:10 0 d-----w- c:\programdata\F-Secure

2010-01-21 19:45:31 977920 ----a-w- c:\windows\system32\wininet.dll

==================== Find3M ====================

2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll

2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-14 17:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-08 03:18:02 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-01-08 03:17:36 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-25 17:17:01 196094 ----a-w- c:\windows\hpoins41.dat

2009-12-25 15:07:40 23114 ----a-w- c:\windows\hpqins15.dat

2009-12-19 09:02:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll

2009-12-19 09:02:48 1328640 ----a-w- c:\windows\system32\quartz.dll

2009-12-19 09:02:46 22016 ----a-w- c:\windows\system32\msyuv.dll

2009-12-19 09:02:45 31744 ----a-w- c:\windows\system32\msvidc32.dll

2009-12-19 09:02:45 13312 ----a-w- c:\windows\system32\msrle32.dll

2009-12-19 09:02:40 84480 ----a-w- c:\windows\system32\mciavi32.dll

2009-12-19 09:02:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2009-12-19 09:02:01 91648 ----a-w- c:\windows\system32\avifil32.dll

2009-12-08 11:40:12 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-08 11:40:12 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-08 11:32:02 292864 ----a-w- c:\windows\system32\apphelp.dll

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 6:41:40.54 ===============

Attach.txt

Link to post
Share on other sites

The logs look good. I would update your Java and install an anti-virus software.

Update Java to Version 6 Update 18

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 Update 18 and save it to your desktop.
  • Look for JDK 6 Update 18 (JDK or JRE).
  • Click the Download JRE button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version.

-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.

-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.

-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Install Antivirus

An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a (ONE) free anti-virus program from one of the links below:

Update It after the installation is complete please.

Link to post
Share on other sites

  • 3 weeks later...

Hello.

Since the problem appears to be resolved, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic.

With Regards,

Extremeboy

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.