Jump to content

Adware/WindowsXpRecovery


Recommended Posts

I ran my Malwarebytes and it said it found nothing so I thought I was clean.

I was getting multiple messages from my antivirus saying it was deleting viruses but only adware was showing in the reports.

The antivirus company had me run activescan2.0 and that said I had Adware/WindowsXpRecovery infection but couldn't disinfect. I did a google search and found one site about it which said it was a fake out program much like Windows recovery that had re-emerged in May of 2011.

I used the search feature here but didn't get any results for it. So I was wondering if it is something I need to have removed or is a fake out okay to ignore?

Since I will have to manually locate and delete the files containing it plus all the restore points according to that site I want to be sure I'm not falling for a fakeout fake out on that site.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

thanks do you want them attatched as files or copy and pasted in the reply?

Link to post
Share on other sites

Post all logs directly into your reply unless otherwise specified.

okay here is the DDS.txt file

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 16:09:53 on 2011-06-07

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.228 [GMT -4:00]

.

AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hphmon05.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Common Files\AOL\1102182384\ee\AOLSoftware.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\LTMSG.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://srch-us9.hpwis.com/

mSearch Bar = hxxp://srch-us9.hpwis.com/

uInternet Settings,ProxyOverride = localhost

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll

TB: Joyce Meyer Ministries BenefitBar: {e19e589b-749f-4641-9ed3-032deb7a8d92} - c:\program files\benefitbarie\benefitbar.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H

uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

uRun: [backupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run

mRun: [nwiz] nwiz.exe /install

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe

mRun: [HPHmon05] c:\windows\system32\hphmon05.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [HostManager] c:\program files\common files\aol\1102182384\ee\AOLSoftware.exe

mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [LTMSG] LTMSG.exe 7

mRun: [AlcxMonitor] ALCXMNTR.EXE

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: americangreetings.com\veepers

Trusted Zone: AmericanGreetings.com \veepers

DPF: cpcScanner - hxxp://www.crucial.com/controls/cpcScanner.cab

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab

DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128056425706

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - hxxp://moneycentral.msn.com/cabs/pmupdate2.exe

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37973.8009490741

DPF: {A7EA8AD2-287F-11D3-B120-006008C39542}

DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.87.68.166 68.87.74.166

TCP: Interfaces\{207F597D-54A1-4598-B131-0749C9328FED} : DhcpNameServer = 68.87.68.166 68.87.74.166

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-2-28 28552]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 130376]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2009-10-28 632792]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141768]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 97352]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111944]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113096]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-19 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-19 136176]

S3 YORKYDRV;YORKYDRV;c:\windows\system32\drivers\YORKYDRV.sys [2011-1-2 22408]

.

=============== Created Last 30 ================

.

2011-06-04 13:39:43 -------- d-----w- c:\program files\ESET

2011-06-04 03:05:01 98816 ----a-w- c:\windows\sed.exe

2011-06-04 03:05:01 518144 ----a-w- c:\windows\SWREG.exe

2011-06-04 03:05:01 256512 ----a-w- c:\windows\PEV.exe

2011-06-04 03:05:01 208896 ----a-w- c:\windows\MBR.exe

2011-06-03 02:22:24 204809 ----a-w- C:\PandaTempInt.exe

2011-06-03 02:13:32 -------- d-----w- C:\PandaTemp

2011-05-20 16:52:43 -------- d-----w- c:\windows\system32\WinFast

2011-05-20 16:52:11 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe

2011-05-20 16:23:00 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll

2011-05-20 16:22:59 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll

2011-05-20 16:22:59 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll

2011-05-20 16:22:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe

2011-05-20 16:22:59 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll

2011-05-20 16:22:55 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll

2011-05-20 16:22:54 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll

2011-05-20 15:23:10 65024 ------w- c:\windows\ltremove.exe

2011-05-20 15:23:00 40960 ------w- c:\windows\ltmsg.exe

2011-05-20 15:22:13 -------- d-----w- c:\windows\Options

2011-05-20 12:52:22 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll

2011-05-20 12:52:22 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll

2011-05-20 12:52:21 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll

2011-05-20 12:52:21 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe

2011-05-20 12:52:20 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll

2011-05-20 12:52:19 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll

2011-05-20 12:52:18 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll

2011-05-20 12:14:52 -------- d-----w- C:\Swsetup

2011-05-20 12:11:10 20496 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys

2011-05-20 12:11:08 56080 ----a-w- c:\windows\KHALMNPR.Exe

2011-05-20 12:11:08 36112 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys

2011-05-20 12:11:08 34832 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys

2011-05-20 12:11:03 28688 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys

2011-05-20 12:11:02 1419024 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll

2011-05-20 12:07:36 53248 ----a-r- c:\windows\system32\CSVer.dll

2011-05-20 12:06:05 -------- d-----w- C:\Intel

2011-05-20 11:23:41 -------- d-----w- c:\documents and settings\all users\application data\PC Drivers HeadQuarters

2011-05-20 11:21:35 -------- d-----w- c:\program files\PC Drivers HeadQuarters

2011-05-19 20:16:57 7935792 ----a-w- C:\dj5100.exe

2011-05-18 21:30:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-09 14:46:53 351232 ----a-w- c:\program files\common files\microsoft shared\microsoft plus!\mpa\MPA.dll

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2004-12-02 20:42:18 18448384 ----a-w- c:\program files\common files\InterviewPLUS Workstation Setup.msi

2004-12-02 20:32:48 18448384 ----a-w- c:\program files\common files\TaxWise Workstation Setup.msi

.

============= FINISH: 16:11:11.56 ===============

and here is the MBAM log

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6799

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/7/2011 2:46:35 PM

mbam-log-2011-06-07 (14-46-35).txt

Scan type: Quick scan

Objects scanned: 179472

Time elapsed: 13 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

here is the combofix log

ComboFix 11-06-14.01 - Owner 06/14/2011 18:55:16.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.276 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\userinit.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 )))))))))))))))))))))))))))))))

.

.

2011-06-04 13:39 . 2011-06-04 13:39 -------- d-----w- c:\program files\ESET

2011-06-03 02:13 . 2011-06-03 02:31 -------- d-----w- C:\PandaTemp

2011-05-20 16:52 . 2011-05-20 16:52 -------- d-----w- c:\windows\system32\WinFast

2011-05-20 16:52 . 2004-04-19 03:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe

2011-05-20 16:23 . 2006-02-07 19:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2011-05-20 16:22 . 2006-02-07 19:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2011-05-20 16:22 . 2006-02-07 19:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2011-05-20 16:22 . 2006-02-07 19:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2011-05-20 16:22 . 2005-11-14 03:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2011-05-20 16:22 . 2011-05-20 16:22 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2011-05-20 16:22 . 2011-05-20 16:22 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2011-05-20 15:23 . 2005-05-05 13:31 65024 ------w- c:\windows\ltremove.exe

2011-05-20 15:23 . 2011-05-20 15:22 40960 ------w- c:\windows\ltmsg.exe

2011-05-20 15:22 . 2011-05-20 15:22 -------- d-----w- c:\windows\Options

2011-05-20 12:52 . 2005-04-04 03:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2011-05-20 12:52 . 2005-04-04 03:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2011-05-20 12:52 . 2005-04-04 03:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2011-05-20 12:52 . 2005-04-04 02:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2011-05-20 12:52 . 2005-04-04 03:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2011-05-20 12:52 . 2011-05-20 12:52 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2011-05-20 12:52 . 2011-05-20 12:52 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2011-05-20 12:20 . 2011-05-20 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd

2011-05-20 12:14 . 2011-05-20 12:14 -------- d-----w- C:\Swsetup

2011-05-20 12:11 . 2007-04-11 19:32 20496 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys

2011-05-20 12:11 . 2007-04-11 19:32 36112 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys

2011-05-20 12:11 . 2007-04-11 19:32 34832 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys

2011-05-20 12:11 . 2007-04-11 19:32 56080 ----a-w- c:\windows\KHALMNPR.Exe

2011-05-20 12:11 . 2007-04-11 19:33 28688 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys

2011-05-20 12:11 . 2007-04-11 19:33 1419024 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll

2011-05-20 12:07 . 2010-12-23 15:09 53248 ----a-r- c:\windows\system32\CSVer.dll

2011-05-20 12:07 . 2011-05-20 12:07 -------- d-----w- c:\program files\Intel

2011-05-20 12:06 . 2011-05-20 12:06 -------- d-----w- C:\Intel

2011-05-20 11:23 . 2011-05-20 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2011-05-20 11:21 . 2011-05-20 11:21 -------- d-----w- c:\program files\PC Drivers HeadQuarters

2011-05-19 20:16 . 2011-05-19 20:43 7935792 ----a-w- C:\dj5100.exe

2011-05-18 21:30 . 2011-06-09 11:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2011-01-02 19:47 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2011-01-02 19:47 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2004-12-02 20:42 . 2005-01-06 21:27 18448384 ----a-w- c:\program files\Common Files\InterviewPLUS Workstation Setup.msi

2004-12-02 20:32 . 2005-01-06 21:17 18448384 ----a-w- c:\program files\Common Files\TaxWise Workstation Setup.msi

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]

@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"

[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]

2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]

@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"

[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]

2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2010-11-15 4364248]

"NVIEW"="nview.dll" [2003-07-28 852038]

"BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-22 24576]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LTMSG"="LTMSG.exe 7" [X]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-06-18 98304]

"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]

"nwiz"="nwiz.exe" [2003-07-28 323584]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]

"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]

"HostManager"="c:\program files\Common Files\AOL\1102182384\ee\AOLSoftware.exe" [2008-06-24 41824]

"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]

"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-01-26 274608]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-7-11 24651]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

AutoTBar.exe [2003-6-18 53248]

mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-6-13 233472]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ 'autocheck autochk *'

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]

backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]

backup=c:\windows\pss\Updates from HP.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^DING!.lnk]

backup=c:\windows\pss\DING!.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HP Organize.lnk]

backup=c:\windows\pss\HP Organize.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"UPS"=3 (0x3)

"TapiSrv"=3 (0x3)

"SCardSvr"=3 (0x3)

"mnmsrvc"=3 (0x3)

"FastUserSwitchingCompatibility"=3 (0x3)

"CiSvc"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1102182384\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\1102182384\\EE\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Microsoft Money 2007\\MNYCoreFiles\\msmoney.exe"=

.

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2/28/2010 2:29 PM 28552]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 7:12 PM 130376]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [12/16/2010 7:19 PM 140608]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/28/2009 12:47 PM 632792]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 7:12 PM 141768]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 7:12 PM 97352]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 7:12 PM 111944]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 7:12 PM 113096]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/19/2011 12:42 AM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/19/2011 12:42 AM 136176]

S3 YORKYDRV;YORKYDRV;c:\windows\system32\drivers\YORKYDRV.sys [1/2/2011 10:28 PM 22408]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 04:41]

.

2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 04:41]

.

2011-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3253495548-2482664847-1483983684-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

.

2011-06-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3253495548-2482664847-1483983684-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

.

2011-06-14 c:\windows\Tasks\User_Feed_Synchronization-{CF790363-1F32-4F7E-888F-131EB231DD23}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://srch-us9.hpwis.com/

mSearch Bar = hxxp://srch-us9.hpwis.com/

uInternet Settings,ProxyOverride = localhost

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: americangreetings.com\veepers

Trusted Zone: AmericanGreetings.com \veepers

TCP: DhcpNameServer = 68.87.68.166 68.87.74.166

DPF: cpcScanner - hxxp://www.crucial.com/controls/cpcScanner.cab

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

DPF: {A7EA8AD2-287F-11D3-B120-006008C39542}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-14 19:12

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3253495548-2482664847-1483983684-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1612)

c:\windows\system32\WININET.dll

c:\windows\system32\nView.dll

c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL

c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Common Files\aolshare\aolshcpy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\System32\nvsvc32.exe

c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

c:\windows\LTMSG.exe

c:\windows\ALCXMNTR.EXE

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2011-06-14 19:33:43 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-14 23:33

ComboFix2.txt 2011-06-05 08:31

ComboFix3.txt 2011-06-04 03:28

.

Pre-Run: 50,114,899,968 bytes free

Post-Run: 50,239,242,240 bytes free

.

- - End Of File - - BA3F34A7B7C20AFA751C38F37163EC8A

and the DDD.Txt

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 20:31:25 on 2011-06-14

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.252 [GMT -4:00]

.

AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\QuickTime\qttask.exe

svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hphmon05.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Common Files\AOL\1102182384\ee\AOLSoftware.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\LTMSG.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://srch-us9.hpwis.com/

mSearch Bar = hxxp://srch-us9.hpwis.com/

uInternet Settings,ProxyOverride = localhost

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll

TB: Joyce Meyer Ministries BenefitBar: {e19e589b-749f-4641-9ed3-032deb7a8d92} - c:\program files\benefitbarie\benefitbar.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H

uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

uRun: [backupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run

mRun: [nwiz] nwiz.exe /install

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe

mRun: [HPHmon05] c:\windows\system32\hphmon05.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [HostManager] c:\program files\common files\aol\1102182384\ee\AOLSoftware.exe

mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [LTMSG] LTMSG.exe 7

mRun: [AlcxMonitor] ALCXMNTR.EXE

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: americangreetings.com\veepers

Trusted Zone: AmericanGreetings.com \veepers

DPF: cpcScanner - hxxp://www.crucial.com/controls/cpcScanner.cab

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab

DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128056425706

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - hxxp://moneycentral.msn.com/cabs/pmupdate2.exe

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37973.8009490741

DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.87.68.166 68.87.74.166

TCP: Interfaces\{207F597D-54A1-4598-B131-0749C9328FED} : DhcpNameServer = 68.87.68.166 68.87.74.166

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-2-28 28552]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 130376]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2009-10-28 632792]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141768]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 97352]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111944]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113096]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-19 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-19 136176]

S3 YORKYDRV;YORKYDRV;c:\windows\system32\drivers\YORKYDRV.sys [2011-1-2 22408]

.

=============== Created Last 30 ================

.

2011-06-04 13:39:43 -------- d-----w- c:\program files\ESET

2011-06-04 03:05:01 98816 ----a-w- c:\windows\sed.exe

2011-06-04 03:05:01 518144 ----a-w- c:\windows\SWREG.exe

2011-06-04 03:05:01 256512 ----a-w- c:\windows\PEV.exe

2011-06-04 03:05:01 208896 ----a-w- c:\windows\MBR.exe

2011-06-03 02:22:24 204809 ----a-w- C:\PandaTempInt.exe

2011-06-03 02:13:32 -------- d-----w- C:\PandaTemp

2011-05-20 16:52:43 -------- d-----w- c:\windows\system32\WinFast

2011-05-20 16:52:11 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe

2011-05-20 16:23:00 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll

2011-05-20 16:22:59 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll

2011-05-20 16:22:59 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll

2011-05-20 16:22:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe

2011-05-20 16:22:59 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll

2011-05-20 16:22:55 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll

2011-05-20 16:22:54 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll

2011-05-20 15:23:10 65024 ------w- c:\windows\ltremove.exe

2011-05-20 15:23:00 40960 ------w- c:\windows\ltmsg.exe

2011-05-20 15:22:13 -------- d-----w- c:\windows\Options

2011-05-20 12:52:22 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll

2011-05-20 12:52:22 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll

2011-05-20 12:52:21 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll

2011-05-20 12:52:21 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe

2011-05-20 12:52:20 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll

2011-05-20 12:52:19 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll

2011-05-20 12:52:18 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll

2011-05-20 12:14:52 -------- d-----w- C:\Swsetup

2011-05-20 12:11:10 20496 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys

2011-05-20 12:11:08 56080 ----a-w- c:\windows\KHALMNPR.Exe

2011-05-20 12:11:08 36112 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys

2011-05-20 12:11:08 34832 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys

2011-05-20 12:11:03 28688 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys

2011-05-20 12:11:02 1419024 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll

2011-05-20 12:07:36 53248 ----a-r- c:\windows\system32\CSVer.dll

2011-05-20 12:06:05 -------- d-----w- C:\Intel

2011-05-20 11:23:41 -------- d-----w- c:\documents and settings\all users\application data\PC Drivers HeadQuarters

2011-05-20 11:21:35 -------- d-----w- c:\program files\PC Drivers HeadQuarters

2011-05-19 20:16:57 7935792 ----a-w- C:\dj5100.exe

2011-05-18 21:30:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2004-12-02 20:42:18 18448384 ----a-w- c:\program files\common files\InterviewPLUS Workstation Setup.msi

2004-12-02 20:32:48 18448384 ----a-w- c:\program files\common files\TaxWise Workstation Setup.msi

.

============= FINISH: 20:33:22.96 ===============

Link to post
Share on other sites

  • Staff

Hi,

Are you familiar with this file:

c:\windows\system32\drivers\YORKYDRV.sys

Please go to VirusTotal, and upload the following file for analysis:

c:\windows\system32\drivers\YORKYDRV.sys

Post the results in your reply.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

c:\windows\system32\drivers\YORKYDRV.sys

no I am not familar with that file. But based on the results of the virus total it looks like it is part of my Antivirus program Panda Cloud.

here is what virustotal said about it. Oh and they said it had been seen before and offered me the previous results but I went for a new one just in case it was slightly different.

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: YORKYDRV.sys

Submission date: 2011-06-17 19:43:22 (UTC)

Current status: queued queued (#40) analysing finished

Result: 0/ 41 (0.0%)

VT Community

not reviewed

Safety score: -

Compact Print results Antivirus Version Last Update Result

AhnLab-V3 2011.06.18.00 2011.06.17 -

AntiVir 7.11.10.12 2011.06.17 -

Antiy-AVL 2.0.3.7 2011.06.17 -

Avast 4.8.1351.0 2011.06.17 -

Avast5 5.0.677.0 2011.06.17 -

AVG 10.0.0.1190 2011.06.17 -

BitDefender 7.2 2011.06.17 -

CAT-QuickHeal 11.00 2011.06.17 -

ClamAV 0.97.0.0 2011.06.17 -

Commtouch 5.3.2.6 2011.06.17 -

Comodo 9093 2011.06.17 -

eSafe 7.0.17.0 2011.06.15 -

eTrust-Vet 36.1.8393 2011.06.17 -

F-Prot 4.6.2.117 2011.06.17 -

F-Secure 9.0.16440.0 2011.06.17 -

Fortinet 4.2.257.0 2011.06.17 -

GData 22 2011.06.17 -

Ikarus T3.1.1.104.0 2011.06.17 -

Jiangmin 13.0.900 2011.06.17 -

K7AntiVirus 9.106.4822 2011.06.17 -

Kaspersky 9.0.0.837 2011.06.17 -

McAfee 5.400.0.1158 2011.06.17 -

McAfee-GW-Edition 2010.1D 2011.06.17 -

Microsoft 1.6903 2011.06.13 -

NOD32 6218 2011.06.17 -

Norman 6.07.10 2011.06.17 -

nProtect 2011-06-17.01 2011.06.17 -

Panda 10.0.3.5 2011.06.17 -

PCTools 7.0.3.5 2011.06.17 -

Prevx 3.0 2011.06.17 -

Rising 23.62.03.03 2011.06.17 -

Sophos 4.66.0 2011.06.17 -

SUPERAntiSpyware 4.40.0.1006 2011.06.17 -

Symantec 20111.1.0.186 2011.06.17 -

TheHacker 6.7.0.1.230 2011.06.14 -

TrendMicro 9.200.0.1012 2011.06.17 -

TrendMicro-HouseCall 9.200.0.1012 2011.06.17 -

VBA32 3.12.16.2 2011.06.17 -

VIPRE 9610 2011.06.17 -

ViRobot 2011.6.17.4519 2011.06.17 -

VirusBuster 14.0.84.1 2011.06.17 -

Additional informationShow all

MD5 : 71fee7565735d3b9edd3af167d07776c

SHA1 : b864fd926eb13e36c3f2db672efd86d6894db3d4

SHA256: 8e2b04fe68a38fb987d485ce0cffcdfcf72fd6e1b1f9211398e5c9ce266ed566

ssdeep: 384:Jm/CPen13uHGxHakHsN0kgTPIYSvFg5I2IFoZVF4YJLWCSbx76j:JIoefxNHdkgTPVSvF6F

I+LFNL+bVm

File size : 22408 bytes

First seen: 2010-06-25 04:24:04

Last seen : 2011-06-17 19:43:22

TrID:

Clipper DOS Executable (33.3%)

Generic Win/DOS Executable (33.0%)

DOS Executable Generic (33.0%)

VXD Driver (0.5%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

sigcheck:

publisher....: Panda Security

copyright....: © Panda Security 2008-2009

product......: YORKYDRV

description..: Panda Yorky Beagle Companion Driver

original name: YORKYDRV

internal name: YORKYDRV

file version.: 1.1.0,00.0 (INAKI.CASTILLO.16021963)

comments.....: n/a

signers......: Panda Security S.L

VeriSign Class 3 Code Signing 2004 CA

Class 3 Public Primary Certification Authority

signing date.: 11:57 23/02/2010

verified.....: -

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x3105

timedatestamp....: 0x4B58782C (Thu Jan 21 15:52:12 2010)

machinetype......: 0x14c (I386)

[[ 7 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x480, 0x11A5, 0x1200, 6.20, de69a9397c22082971816410088208f2

.rdata, 0x1680, 0x444, 0x480, 3.60, 68e5e1a6e573ac3e061e21e3b93d706e

.data, 0x1B00, 0x1F4, 0x200, 1.90, a085f857c3b9e14ad27a1bccdbe1531a

PAGE, 0x1D00, 0x13D3, 0x1400, 6.23, 2eb07ce42c9b18c1545463f67fcd27b7

INIT, 0x3100, 0x5A0, 0x600, 5.26, 46f2d9053f850e225befec3c821ae423

.rsrc, 0x3700, 0x398, 0x400, 3.06, f8c20070d532322aeb4f4fe45db40c6d

.reloc, 0x3B00, 0x230, 0x280, 5.15, 078e44fec0d433c44b6ab358d20a43d1

[[ 1 import(s) ]]

ntoskrnl.exe: IoGetCurrentProcess, IoCreateSymbolicLink, RtlInitUnicodeString, IofCompleteRequest, ZwClose, wcscspn, RtlCharToInteger, sprintf, ZwQueryValueKey, ZwCreateKey, memcpy, RtlGetVersion, IoDeleteDevice, RtlFreeUnicodeString, MmGetSystemRoutineAddress, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ObfDereferenceObject, ExFreePoolWithTag, KeWaitForSingleObject, IofCallDriver, IoBuildDeviceIoControlRequest, ExAllocatePoolWithTag, KeInitializeEvent, IoGetDeviceObjectPointer, ObOpenObjectByPointer, PsLookupProcessByProcessId, KeTickCount, KeBugCheckEx, RtlUnwind, ZwSetSecurityObject, IoDeviceObjectType, IoCreateDevice, RtlGetDaclSecurityDescriptor, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, _snwprintf, RtlLengthSecurityDescriptor, SeCaptureSecurityDescriptor, SeExports, IoIsWdmVersionAvailable, _wcsnicmp, RtlAddAccessAllowedAce, RtlLengthSid, memset, wcschr, RtlAbsoluteToSelfRelativeSD, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, ZwOpenKey, ZwSetValueKey

Hi,

Are you familiar with this file:

c:\windows\system32\drivers\YORKYDRV.sys

Please go to VirusTotal, and upload the following file for analysis:

c:\windows\system32\drivers\YORKYDRV.sys

Post the results in your reply.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6526

# api_version=3.0.2

# EOSSerial=bfa886651be44645aa782587c0f68dee

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-17 09:53:53

# local_time=2011-06-17 05:53:53 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1538 16774118 20 3 7730140 135947460 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=3584 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 224787 224787 0 0

# scanned=107764

# found=0

# cleaned=0

# scan_time=6465

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.13

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Panda Cloud Antivirus

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Registry Cleaner Version 4.0

Java 6 Update 23

Out of date Java installed!

Adobe Flash Player

Adobe Reader X (10.1.0)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Panda Security Panda Cloud Antivirus PSANHost.exe

Panda Security Panda Cloud Antivirus PSUNMain.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.