Jump to content

Recommended Posts

Hi,

I am running XP, I have a redirect virus on search engines, constant Internet Explorer script error messages and am getting random audio ads playing.

MBAM scans are clean. I have cleared my Java cache, ran ATF Cleaner, ASWmbr (log below)and GMER (log below)

Please help me on what to do next.

Thank you.

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-17 12:08:33

-----------------------------

12:08:33.859 OS Version: Windows 5.1.2600 Service Pack 3

12:08:33.859 Number of processors: 1 586 0xA

12:08:33.859 ComputerName: JOHNW UserName: John

12:08:49.203 Initialize success

12:09:22.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

12:09:22.390 Disk 0 Vendor: ST3120814A 2AAA Size: 114473MB BusType: 3

12:09:22.406 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c

12:09:22.406 Disk 1 Vendor: ST3120814A 2AAA Size: 114473MB BusType: 3

12:09:24.468 Disk 0 MBR read successfully

12:09:24.468 Disk 0 MBR scan

12:09:24.468 Disk 0 Windows XP default MBR code

12:09:26.468 Disk 0 scanning sectors +234420480

12:09:26.500 Disk 0 scanning C:\WINDOWS\system32\drivers

12:09:33.359 Service scanning

12:09:34.984 Disk 0 trace - called modules:

12:09:35.000 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x83b2d1ed]<<

12:09:35.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83b79ab8]

12:09:35.000 3 CLASSPNP.SYS[f762ffd7] -> nt!IofCallDriver -> \Device\00000063[0x83b8d320]

12:09:35.500 5 ACPI.sys[f75a6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x83bca940]

12:09:35.500 \Driver\atapi[0x83bdf1a0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x83b2d1ed

12:09:35.500 Scan finished successfully

12:11:54.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\John\Desktop\MBR.dat"

12:11:54.203 The log file has been saved successfully to "C:\Documents and Settings\John\Desktop\aswMBR.txt"

GMER 1.0.15.15627 - http://www.gmer.net

Rootkit scan 2011-05-17 14:22:11

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3120814A rev.2AAA

Running: 4yw3pszk.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\kxtdypog.sys

---- Kernel code sections - GMER 1.0.15 ----

INITc VolSnap.sys F761ABD0 4 Bytes [36, 9A, 4D, 80]

INITc VolSnap.sys F761ABF8 4 Bytes [94, 87, 4E, 80] {XCHG ESP, EAX; XCHG [ESI-0x80], ECX}

INITc VolSnap.sys F761AC20 4 Bytes [A0, C1, 4D, 80]

INITc VolSnap.sys F761AC48 4 Bytes [b0, C8, 4D, 80]

INITc VolSnap.sys F761AC70 4 Bytes [09, BF, 4D, 80]

INITc ...

? nwfilter.sys The system cannot find the file specified. !

LOCKcode

Link to post
Share on other sites

Hi and :welcome:

You have a nasty rootkit on your computer. Please read the following information first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Thanks for the help Elise. I will await your next instructions. Below is the ComboFix log:

ComboFix 11-05-17.03 - John 05/18/2011 14:49:48.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.350 [GMT -7:00]

Running from: c:\documents and settings\John\Desktop\ComboFix.exe

AV: Trend Micro AntiVirus *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\gotomon.log

.

---- Previous Run -------

.

c:\program files\Internet Explorer\SET134.tmp

c:\program files\Internet Explorer\SET135.tmp

c:\program files\Internet Explorer\SET137.tmp

c:\program files\Internet Explorer\SET1CF.tmp

c:\program files\Internet Explorer\SET1D0.tmp

c:\program files\Internet Explorer\SET1D2.tmp

c:\windows\system32\service

c:\windows\system32\service\03062010_TIS17_SfFniAU.log

c:\windows\system32\service\23102009_TIS17_SfFniAU.log

c:\windows\system32\service\27042011_TIS17_SfFniAU.log

.

Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected

Restored copy from - Kitty had a snack :P

.

((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))

.

.

2011-05-18 21:46 . 2011-05-18 21:47 -------- d-----w- C:\32788R22FWJFW

2011-05-17 19:41 . 2011-05-17 19:41 -------- d-----w- c:\windows\Sun

2011-04-27 22:08 . 2011-04-28 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2011-04-27 21:55 . 2011-04-27 21:55 -------- d-----w- c:\documents and settings\John\Application Data\Windows Search

2011-04-27 21:39 . 2011-04-28 16:09 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-04-27 21:39 . 2011-04-27 21:39 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-04-27 21:38 . 2011-04-27 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-04-27 20:53 . 2011-02-17 19:00 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll

2011-04-27 20:53 . 2011-02-17 19:00 63488 -c----w- c:\windows\system32\dllcache\icardie.dll

2011-04-27 20:53 . 2011-02-17 11:43 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe

2011-04-27 20:53 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat

2011-04-24 22:42 . 2011-04-24 22:42 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Temp

2011-04-21 20:22 . 2011-04-21 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-04-21 18:02 . 2011-04-21 18:02 -------- d-----w- c:\program files\Common Files\Adobe AIR

2011-04-21 17:57 . 2011-04-21 17:57 -------- d-----w- c:\program files\Common Files\Java

2011-04-21 17:55 . 2011-04-21 17:55 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-04-21 17:55 . 2011-04-21 17:55 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-21 17:55 . 2011-04-21 17:55 -------- d-----w- c:\program files\Java

2011-04-21 17:40 . 2011-04-21 17:40 -------- d-sh--w- c:\documents and settings\QBDataServiceUser18\IETldCache

2011-04-21 17:23 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-04-21 01:02 . 2011-04-21 01:02 -------- d-----w- c:\program files\Microsoft Silverlight

2011-04-21 00:58 . 2011-04-21 00:58 -------- d-----w- c:\windows\system32\winrm

2011-04-21 00:58 . 2011-04-21 00:58 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-04-21 00:48 . 2011-04-21 00:48 -------- d-----w- c:\documents and settings\John\Application Data\Windows Desktop Search

2011-04-21 00:47 . 2011-04-21 14:56 -------- d-----w- c:\program files\Windows Desktop Search

2011-04-21 00:47 . 2011-04-21 00:47 -------- d-----w- c:\windows\system32\GroupPolicy

2011-04-21 00:45 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

Link to post
Share on other sites

Oops, my bad. Entire log below. FYI, no more script errors, no audio ads, no more redirect. I also updated and ran Malwarebytes and scan was clean.

Thanks!

ComboFix 11-05-17.03 - John 05/18/2011 14:49:48.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.350 [GMT -7:00]

Running from: c:\documents and settings\John\Desktop\ComboFix.exe

AV: Trend Micro AntiVirus *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\gotomon.log

.

---- Previous Run -------

.

c:\program files\Internet Explorer\SET134.tmp

c:\program files\Internet Explorer\SET135.tmp

c:\program files\Internet Explorer\SET137.tmp

c:\program files\Internet Explorer\SET1CF.tmp

c:\program files\Internet Explorer\SET1D0.tmp

c:\program files\Internet Explorer\SET1D2.tmp

c:\windows\system32\service

c:\windows\system32\service\03062010_TIS17_SfFniAU.log

c:\windows\system32\service\23102009_TIS17_SfFniAU.log

c:\windows\system32\service\27042011_TIS17_SfFniAU.log

.

Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected

Restored copy from - Kitty had a snack :P

.

((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))

.

.

2011-05-18 21:46 . 2011-05-18 21:47 -------- d-----w- C:\32788R22FWJFW

2011-05-17 19:41 . 2011-05-17 19:41 -------- d-----w- c:\windows\Sun

2011-04-27 22:08 . 2011-04-28 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2011-04-27 21:55 . 2011-04-27 21:55 -------- d-----w- c:\documents and settings\John\Application Data\Windows Search

2011-04-27 21:39 . 2011-04-28 16:09 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-04-27 21:39 . 2011-04-27 21:39 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-04-27 21:38 . 2011-04-27 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-04-27 20:53 . 2011-02-17 19:00 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll

2011-04-27 20:53 . 2011-02-17 19:00 63488 -c----w- c:\windows\system32\dllcache\icardie.dll

2011-04-27 20:53 . 2011-02-17 11:43 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe

2011-04-27 20:53 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat

2011-04-24 22:42 . 2011-04-24 22:42 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Temp

2011-04-21 20:22 . 2011-04-21 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-04-21 18:02 . 2011-04-21 18:02 -------- d-----w- c:\program files\Common Files\Adobe AIR

2011-04-21 17:57 . 2011-04-21 17:57 -------- d-----w- c:\program files\Common Files\Java

2011-04-21 17:55 . 2011-04-21 17:55 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-04-21 17:55 . 2011-04-21 17:55 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-21 17:55 . 2011-04-21 17:55 -------- d-----w- c:\program files\Java

2011-04-21 17:40 . 2011-04-21 17:40 -------- d-sh--w- c:\documents and settings\QBDataServiceUser18\IETldCache

2011-04-21 17:23 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-04-21 01:02 . 2011-04-21 01:02 -------- d-----w- c:\program files\Microsoft Silverlight

2011-04-21 00:58 . 2011-04-21 00:58 -------- d-----w- c:\windows\system32\winrm

2011-04-21 00:58 . 2011-04-21 00:58 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-04-21 00:48 . 2011-04-21 00:48 -------- d-----w- c:\documents and settings\John\Application Data\Windows Desktop Search

2011-04-21 00:47 . 2011-04-21 14:56 -------- d-----w- c:\program files\Windows Desktop Search

2011-04-21 00:47 . 2011-04-21 00:47 -------- d-----w- c:\windows\system32\GroupPolicy

2011-04-21 00:45 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2011-04-21 00:45 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2011-04-21 00:45 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2011-04-21 00:39 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2011-04-21 00:36 . 2011-04-21 00:37 -------- d-----w- c:\windows\system32\drivers\UMDF

2011-04-21 00:33 . 2011-04-21 00:33 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2006-01-10 17:21 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45 . 2004-08-04 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]

"LiveState Recovery Desktop 6.0"="c:\program files\Symantec\LiveState Recovery\Desktop 6.0\Agent\VProTray.exe" [2005-09-03 1537640]

"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-20 995528]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-11 98304]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"CompatibleRUPSecurity"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]

2010-07-26 20:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3c1807pd]

c:\windows\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

2002-12-17 20:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-09 18:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-03-12 20:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2009-01-07 19:46 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2006-01-11 00:29 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2006-01-11 00:28 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=2 (0x2)

"ATI Smart"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"AOL ACS"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Intuit\\QuickBooks Pro\\QBDBMgrN.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [10/3/2008 4:38 PM 50256]

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [7/30/2008 10:59 AM 36432]

R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [10/3/2008 4:38 PM 677128]

S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]

S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]

S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

WINRM REG_MULTI_SZ WINRM

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Notify-TPSvc - TPSvc.dll

MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-18 15:01

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NWDNS]

"ImagePath"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NWHOST]

"ImagePath"=""

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NWSLP]

"ImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(756)

c:\windows\system32\Ati2evxx.dll

c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

.

- - - - - - - > 'lsass.exe'(812)

c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL

c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL

.

Completion time: 2011-05-18 15:05:08

ComboFix-quarantined-files.txt 2011-05-18 22:05

.

Pre-Run: 97,585,659,904 bytes free

Post-Run: 97,530,437,632 bytes free

.

- - End Of File - - D13F603AC682522894951B4A4B4D88A9

Link to post
Share on other sites

Hi, I'm glad to hear things are fine now. :)

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Log Below:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by John at 12:04:08.18 on Thu 05/19/2011

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.340 [GMT -7:00]

.

AV: Trend Micro AntiVirus *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Citrix\GoToMyPC\g2svc.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Citrix\GoToMyPC\g2comm.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Citrix\GoToMyPC\g2pre.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Citrix\GoToMyPC\g2tray.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec\LiveState Recovery\Desktop 6.0\Agent\VProSvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\NWTRAY.EXE

C:\Program Files\Symantec\LiveState Recovery\Desktop 6.0\Agent\VProTray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\John\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll

TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NWTRAY] NWTRAY.EXE

mRun: [LiveState Recovery Desktop 6.0] "c:\program files\symantec\livestate recovery\desktop 6.0\agent\VProTray.exe"

mRun: [ufSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mPolicies-system: CompatibleRUPSecurity = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1303344745859

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks pro\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-10-3 50256]

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-7-30 36432]

R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-10-3 677128]

S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]

S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]

S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-05-18 21:14:36 -------- d-sha-r- C:\cmdcons

2011-05-18 21:12:27 98816 ----a-w- c:\windows\sed.exe

2011-05-18 21:12:27 89088 ----a-w- c:\windows\MBR.exe

2011-05-18 21:12:27 256512 ----a-w- c:\windows\PEV.exe

2011-05-18 21:12:27 161792 ----a-w- c:\windows\SWREG.exe

2011-04-27 22:08:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!

2011-04-27 21:55:30 -------- d-----w- c:\docume~1\john\applic~1\Windows Search

2011-04-27 21:39:17 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-04-27 21:39:06 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-04-27 21:38:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2011-04-27 20:53:33 63488 -c----w- c:\windows\system32\dllcache\icardie.dll

2011-04-27 20:53:33 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll

2011-04-27 20:53:33 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe

2011-04-27 20:53:31 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat

2011-04-24 22:42:30 -------- d-----w- c:\docume~1\john\locals~1\applic~1\Temp

2011-04-21 20:22:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2011-04-21 17:55:53 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-04-21 17:55:53 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-21 17:23:17 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-04-21 17:23:17 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2011-04-21 17:22:04 -------- d-----w- c:\windows\pss

2011-04-21 00:58:38 -------- d-----w- c:\windows\system32\winrm

2011-04-21 00:58:28 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-04-21 00:48:27 -------- d-----w- c:\docume~1\john\applic~1\Windows Desktop Search

2011-04-21 00:47:10 -------- d-----w- c:\windows\system32\GroupPolicy

2011-04-21 00:47:10 -------- d-----w- c:\program files\Windows Desktop Search

2011-04-21 00:45:08 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2011-04-21 00:45:08 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2011-04-21 00:45:08 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2011-04-21 00:33:15 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 12:05:18.93 ===============

Link to post
Share on other sites

Sorry, I thought they were the same, just 2 different styles. I have closed attach.txt without saving it. I saved only the one I attached. Is there a way to reteive it? If not should I run the program again so I can send you the attach.txt file? Please advise. Thanks...

Link to post
Share on other sites

Elise,

The instructions say to zip and attach this log but I don't think that is what you want so I am just copying and pasting as usual. If you need it zipped and attched let me know. Hopefully not as I don't think I even have a zip program on this computer.

Thanks.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-05-19.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/10/2006 9:29:14 AM

System Uptime: 5/18/2011 2:27:17 PM (23 hours ago)

.

Motherboard: Intel Corporation | | D850GB

Processor: Intel® Pentium® 4 CPU 1700MHz | J4K2 | 1694/100mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 112 GiB total, 90.839 GiB free.

D: is CDROM ()

E: is Removable

F: is NetworkDisk (NWFS) - 6 GiB total, 5.017 GiB free.

I: is FIXED (NTFS) - 112 GiB total, 30.148 GiB free.

Z: is NetworkDisk (NWFS) - 6 GiB total, 5.017 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: Microsoft PS/2 Port Mouse (IntelliPoint)

Device ID: ACPI\PNP0F03\4&3A2C8C4B&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Port Mouse (IntelliPoint)

PNP Device ID: ACPI\PNP0F03\4&3A2C8C4B&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP1673: 2/18/2011 9:57:04 AM - System Checkpoint

RP1674: 2/19/2011 10:57:04 AM - System Checkpoint

RP1675: 2/20/2011 11:56:53 AM - System Checkpoint

RP1676: 2/21/2011 12:57:58 PM - System Checkpoint

RP1677: 2/22/2011 1:56:53 PM - System Checkpoint

RP1678: 2/23/2011 1:57:57 PM - System Checkpoint

RP1679: 2/24/2011 2:11:24 PM - System Checkpoint

RP1680: 2/25/2011 2:57:57 PM - System Checkpoint

RP1681: 2/26/2011 3:56:53 PM - System Checkpoint

RP1682: 2/27/2011 4:56:45 PM - System Checkpoint

RP1683: 2/28/2011 5:18:18 PM - System Checkpoint

RP1684: 3/1/2011 6:28:31 PM - System Checkpoint

RP1685: 3/2/2011 6:29:36 PM - System Checkpoint

RP1686: 3/3/2011 7:29:35 PM - System Checkpoint

RP1687: 3/4/2011 8:29:36 PM - System Checkpoint

RP1688: 3/5/2011 9:29:35 PM - System Checkpoint

RP1689: 3/6/2011 10:29:35 PM - System Checkpoint

RP1690: 3/7/2011 11:29:37 PM - System Checkpoint

RP1691: 3/9/2011 12:29:36 AM - System Checkpoint

RP1692: 3/9/2011 3:00:17 AM - Software Distribution Service 3.0

RP1693: 3/10/2011 3:29:24 AM - System Checkpoint

RP1694: 3/11/2011 4:29:24 AM - System Checkpoint

RP1695: 3/12/2011 5:29:25 AM - System Checkpoint

RP1696: 3/13/2011 7:29:25 AM - System Checkpoint

RP1697: 3/14/2011 7:44:40 AM - System Checkpoint

RP1698: 3/15/2011 3:00:21 AM - Software Distribution Service 3.0

RP1699: 3/15/2011 2:49:21 AM - System Checkpoint

RP1700: 3/16/2011 3:37:59 AM - System Checkpoint

RP1701: 3/17/2011 4:37:59 AM - System Checkpoint

RP1702: 3/18/2011 5:03:03 AM - System Checkpoint

RP1703: 3/19/2011 6:03:03 AM - System Checkpoint

RP1704: 3/20/2011 7:03:01 AM - System Checkpoint

RP1705: 3/21/2011 8:03:01 AM - System Checkpoint

RP1706: 3/22/2011 11:10:07 AM - System Checkpoint

RP1707: 3/23/2011 11:21:25 AM - System Checkpoint

RP1708: 3/24/2011 3:00:18 AM - Software Distribution Service 3.0

RP1709: 3/25/2011 3:18:29 AM - System Checkpoint

RP1710: 3/26/2011 4:18:29 AM - System Checkpoint

RP1711: 3/27/2011 5:18:29 AM - System Checkpoint

RP1712: 3/28/2011 6:18:30 AM - System Checkpoint

RP1713: 3/29/2011 6:22:15 AM - System Checkpoint

RP1714: 3/30/2011 7:22:16 AM - System Checkpoint

RP1715: 3/31/2011 8:22:17 AM - System Checkpoint

RP1716: 4/1/2011 9:23:32 AM - System Checkpoint

RP1717: 4/2/2011 10:22:16 AM - System Checkpoint

RP1718: 4/3/2011 11:22:17 AM - System Checkpoint

RP1719: 4/4/2011 11:23:19 AM - System Checkpoint

RP1720: 4/5/2011 11:35:25 AM - System Checkpoint

RP1721: 4/6/2011 12:35:25 PM - System Checkpoint

RP1722: 4/7/2011 1:35:22 PM - System Checkpoint

RP1723: 4/8/2011 4:10:38 PM - System Checkpoint

RP1724: 4/9/2011 4:35:21 PM - System Checkpoint

RP1725: 4/10/2011 5:35:21 PM - System Checkpoint

RP1726: 4/11/2011 6:35:22 PM - System Checkpoint

RP1727: 4/12/2011 7:35:24 PM - System Checkpoint

RP1728: 4/13/2011 8:19:49 PM - System Checkpoint

RP1729: 4/14/2011 9:19:47 PM - System Checkpoint

RP1730: 4/15/2011 3:00:18 AM - Software Distribution Service 3.0

RP1731: 4/16/2011 3:36:34 AM - System Checkpoint

RP1732: 4/17/2011 4:36:31 AM - System Checkpoint

RP1733: 4/18/2011 5:36:31 AM - System Checkpoint

RP1734: 4/19/2011 6:06:49 AM - System Checkpoint

RP1735: 4/20/2011 2:38:44 PM - System Checkpoint

RP1736: 4/20/2011 5:32:24 PM - Software Distribution Service 3.0

RP1737: 4/21/2011 3:00:22 AM - Software Distribution Service 3.0

RP1738: 4/21/2011 7:53:30 AM - Software Distribution Service 3.0

RP1739: 4/21/2011 8:46:07 AM - Software Distribution Service 3.0

RP1740: 4/21/2011 9:03:49 AM - Software Distribution Service 3.0

RP1741: 4/21/2011 10:55:04 AM - Installed Java 6 Update 24

RP1742: 4/21/2011 11:04:11 AM - Removed Adobe Reader 7.0.5

RP1743: 4/21/2011 11:05:16 AM - Installed Adobe Reader X (10.0.1).

RP1744: 4/21/2011 12:03:18 PM - Software Distribution Service 3.0

RP1745: 4/22/2011 12:41:14 PM - System Checkpoint

RP1746: 4/23/2011 12:56:27 PM - System Checkpoint

RP1747: 4/24/2011 1:56:26 PM - System Checkpoint

RP1748: 4/25/2011 2:51:22 PM - System Checkpoint

RP1749: 4/26/2011 3:51:23 PM - System Checkpoint

RP1750: 4/27/2011 3:00:18 AM - Software Distribution Service 3.0

RP1751: 4/27/2011 1:55:23 PM - Software Distribution Service 3.0

RP1752: 4/27/2011 2:05:00 PM - Installed Windows XP KB915865.

RP1753: 4/27/2011 2:06:05 PM - Installed Windows NLSDownlevelMapping.

RP1754: 4/27/2011 2:06:49 PM - Installed Windows IDNMitigationAPIs.

RP1755: 4/27/2011 2:08:19 PM - Installed Windows Internet Explorer 7.

RP1756: 4/27/2011 2:10:45 PM - Software Distribution Service 3.0

RP1757: 4/27/2011 3:07:57 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.

RP1758: 4/28/2011 3:00:20 AM - Software Distribution Service 3.0

RP1759: 4/28/2011 2:23:52 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.

RP1760: 4/29/2011 3:00:25 AM - Software Distribution Service 3.0

RP1761: 4/30/2011 3:52:40 AM - System Checkpoint

RP1762: 5/1/2011 4:52:36 AM - System Checkpoint

RP1763: 5/2/2011 5:52:36 AM - System Checkpoint

RP1764: 5/3/2011 6:52:38 AM - System Checkpoint

RP1765: 5/4/2011 7:52:38 AM - System Checkpoint

RP1766: 5/5/2011 8:38:31 AM - System Checkpoint

RP1767: 5/6/2011 9:38:31 AM - System Checkpoint

RP1768: 5/7/2011 9:52:54 AM - System Checkpoint

RP1769: 5/8/2011 10:52:53 AM - System Checkpoint

RP1770: 5/9/2011 12:07:39 PM - System Checkpoint

RP1771: 5/10/2011 12:53:58 PM - System Checkpoint

RP1772: 5/11/2011 1:30:16 PM - System Checkpoint

RP1773: 5/12/2011 3:01:21 AM - Software Distribution Service 3.0

RP1774: 5/13/2011 3:30:16 AM - System Checkpoint

RP1775: 5/14/2011 4:00:11 AM - System Checkpoint

RP1776: 5/15/2011 4:16:50 AM - System Checkpoint

RP1777: 5/16/2011 5:16:49 AM - System Checkpoint

RP1778: 5/17/2011 5:25:12 AM - System Checkpoint

RP1779: 5/18/2011 6:32:01 AM - System Checkpoint

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

6500_E709_eDocs

6500_E709_Help

6500_E709n

Adobe AIR

Adobe Download Manager 2.0 (Remove Only)

Adobe Flash Player 10 ActiveX

Adobe Reader X (10.0.1)

Adobe

Link to post
Share on other sites

Yes, copy/pasting is just fine. :)

Everything looks okay, so lets do one last scan for leftovers.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.