Jump to content

Chase Bank MFASA redirect


Recommended Posts

We need to use MBRCheck to fix your MBR ;):

1. Run MBRCheck.exe

2. Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:

3. Please push the 'Y' key and then press Enter

4. When program ask you Enter your choice: enter 2 and press the Enter key

5. Now the program will ask you "Enter the physical disk number to fix (00-99, --1 to cancel):

6. Enter 0 and press the Enter key.

7. The program will show Available MBR codes:, followed by a list of operating systems. Please enter the number for Windows 7, and then press Enter.

8. The program will prompt for confirmation. Type 'YES' and hit Enter.

9. Left click on the title bar (where program name and path is written).

10. From menu chose Edit => Select All

11. Hit the Enter key on your keyboard to copy selected text.

12. Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"

13. Restart your PC.

14. Post the text in "MBRCheck results.txt" here, please.

Link to post
Share on other sites

  • Replies 74
  • Created
  • Last Reply

Top Posters In This Topic

MBR Check results:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: Wistron

BIOS Manufacturer: Hewlett-Packard

System Manufacturer: Hewlett-Packard

System Product Name: HP G60 Notebook PC

Logical Drives Mask: 0x0000001c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`26800000 (NTFS)

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0

Available MBR codes:

[ 0] Default (Windows 7)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive: 5

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES

Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

Done!

Press ENTER to exit...

Link to post
Share on other sites

Do you think it would be safe for me to plug external drives, such as a thumb drive or camera memory card into my computer? I don't want to mess those up if there is a problem with my computer.

MBRCheck log:

- - - -

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: Wistron

BIOS Manufacturer: Hewlett-Packard

System Manufacturer: Hewlett-Packard

System Product Name: HP G60 Notebook PC

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 191):

0x0301E000 \SystemRoot\system32\ntoskrnl.exe

0x03607000 \SystemRoot\system32\hal.dll

0x00B9C000 \SystemRoot\system32\kdcom.dll

0x00C69000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CB8000 \SystemRoot\system32\PSHED.dll

0x00CCC000 \SystemRoot\system32\CLFS.SYS

0x00D2A000 \SystemRoot\system32\CI.dll

0x00EBE000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F62000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F71000 \SystemRoot\system32\drivers\ACPI.sys

0x00FC8000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00FD1000 \SystemRoot\system32\drivers\msisadrv.sys

0x00E00000 \SystemRoot\system32\drivers\pci.sys

0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00E40000 \SystemRoot\System32\drivers\partmgr.sys

0x00E55000 \SystemRoot\system32\drivers\volmgr.sys

0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys

0x00E6A000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00E73000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys

0x00E99000 \SystemRoot\system32\drivers\atapi.sys

0x01066000 \SystemRoot\system32\drivers\ataport.SYS

0x01090000 \SystemRoot\system32\drivers\msahci.sys

0x0109B000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x010AB000 \SystemRoot\system32\drivers\amdxata.sys

0x010B6000 \SystemRoot\system32\drivers\fltmgr.sys

0x01102000 \SystemRoot\system32\drivers\fileinfo.sys

0x01205000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01116000 \SystemRoot\System32\Drivers\msrpc.sys

0x013A8000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01174000 \SystemRoot\System32\Drivers\cng.sys

0x013C3000 \SystemRoot\System32\drivers\pcw.sys

0x013D4000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01421000 \SystemRoot\system32\drivers\ndis.sys

0x01514000 \SystemRoot\system32\drivers\NETIO.SYS

0x01574000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x016BE000 \SystemRoot\System32\drivers\tcpip.sys

0x018C2000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x0190C000 \SystemRoot\system32\drivers\volsnap.sys

0x01958000 \SystemRoot\System32\Drivers\spldr.sys

0x01960000 \SystemRoot\System32\drivers\rdyboost.sys

0x0199A000 \SystemRoot\System32\Drivers\mup.sys

0x019AC000 \SystemRoot\System32\drivers\hwpolicy.sys

0x019B5000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01600000 \SystemRoot\system32\DRIVERS\disk.sys

0x01616000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x01654000 \SystemRoot\system32\drivers\cdrom.sys

0x0167E000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0x016AF000 \SystemRoot\System32\Drivers\Null.SYS

0x019EF000 \SystemRoot\System32\Drivers\Beep.SYS

0x01646000 \SystemRoot\System32\drivers\vga.sys

0x0159F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x015C4000 \SystemRoot\System32\drivers\watchdog.sys

0x019F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x015D4000 \SystemRoot\system32\drivers\rdpencdd.sys

0x015DD000 \SystemRoot\system32\drivers\rdprefmp.sys

0x015E6000 \SystemRoot\System32\Drivers\Msfs.SYS

0x01400000 \SystemRoot\System32\Drivers\Npfs.SYS

0x013DE000 \SystemRoot\system32\DRIVERS\tdx.sys

0x01411000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x01000000 \SystemRoot\System32\DRIVERS\netbt.sys

0x03A3E000 \SystemRoot\system32\drivers\afd.sys

0x03AC7000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x03AD0000 \SystemRoot\system32\DRIVERS\pacer.sys

0x03AF6000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x03B0C000 \SystemRoot\system32\DRIVERS\netbios.sys

0x03B1B000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x03B36000 \SystemRoot\system32\drivers\termdd.sys

0x03B4A000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x03B9B000 \SystemRoot\system32\drivers\nsiproxy.sys

0x03BA7000 \SystemRoot\system32\drivers\mssmbios.sys

0x03BB2000 \SystemRoot\System32\drivers\discache.sys

0x03BC1000 \SystemRoot\System32\Drivers\dfsc.sys

0x03BDF000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x03A00000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x03A26000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x03BF0000 \SystemRoot\system32\drivers\wmiacpi.sys

0x04809000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x05228000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x0531C000 \SystemRoot\System32\drivers\dxgmms1.sys

0x05362000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x0536F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x053C5000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x053D6000 \SystemRoot\system32\drivers\HDAudBus.sys

0x03EB9000 \SystemRoot\system32\DRIVERS\Rtlh64.sys

0x04093000 \SystemRoot\system32\DRIVERS\athrx.sys

0x042DD000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x042EA000 \SystemRoot\system32\drivers\i8042prt.sys

0x04308000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

0x04314000 \SystemRoot\system32\drivers\kbdclass.sys

0x04323000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x0436C000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x0436E000 \SystemRoot\system32\drivers\mouclass.sys

0x0437D000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x04382000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x0438F000 \SystemRoot\system32\drivers\CompositeBus.sys

0x0439F000 \SystemRoot\system32\DRIVERS\dne64x.sys

0x043CB000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x04000000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x04024000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x04030000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x0405F000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x03EEF000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x043E1000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x043FB000 \SystemRoot\system32\drivers\swenum.sys

0x03F10000 \SystemRoot\system32\drivers\ks.sys

0x0407A000 \SystemRoot\system32\drivers\umbus.sys

0x03F53000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x03FAD000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x03E00000 \SystemRoot\system32\drivers\CHDRT64.sys

0x03E46000 \SystemRoot\system32\drivers\portcls.sys

0x03E83000 \SystemRoot\system32\drivers\drmk.sys

0x0408C000 \SystemRoot\system32\drivers\ksthunk.sys

0x064B9000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys

0x06602000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys

0x0650B000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys

0x06776000 \SystemRoot\system32\drivers\modem.sys

0x06785000 \SystemRoot\system32\drivers\IntcHdmi.sys

0x067AC000 \SystemRoot\System32\Drivers\RtsUStor.sys

0x065D6000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x06400000 \SystemRoot\System32\Drivers\usbvideo.sys

0x00090000 \SystemRoot\System32\win32k.sys

0x067E6000 \SystemRoot\System32\drivers\Dxapi.sys

0x067F2000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00510000 \SystemRoot\System32\TSDDD.dll

0x00760000 \SystemRoot\System32\cdd.dll

0x00970000 \SystemRoot\System32\ATMFD.DLL

0x0642E000 \SystemRoot\system32\drivers\luafv.sys

0x06451000 \SystemRoot\system32\drivers\WudfPf.sys

0x06472000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x02656000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x026A9000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x026BC000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x026D4000 \SystemRoot\system32\drivers\HTTP.sys

0x0279D000 \SystemRoot\system32\DRIVERS\bowser.sys

0x027BB000 \SystemRoot\System32\drivers\mpsdrv.sys

0x027D3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x02600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x06487000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x064AB000 \SystemRoot\system32\DRIVERS\vwifimp.sys

0x0264E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0x04639000 \SystemRoot\system32\drivers\peauth.sys

0x046DF000 \SystemRoot\System32\Drivers\secdrv.SYS

0x046EA000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x0471B000 \SystemRoot\System32\drivers\tcpipreg.sys

0x0472D000 \SystemRoot\system32\DRIVERS\xaudio64.sys

0x04735000 \SystemRoot\System32\DRIVERS\srv2.sys

0x06C56000 \SystemRoot\System32\DRIVERS\srv.sys

0x06CEE000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys

0x06D7B000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys

0x0884A000 \SystemRoot\system32\drivers\spsys.sys

0x088BB000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x76ED0000 \Windows\System32\ntdll.dll

0x480D0000 \Windows\System32\smss.exe

0xFF1F0000 \Windows\System32\apisetschema.dll

0xFF170000 \Windows\System32\gdi32.dll

0xFF160000 \Windows\System32\nsi.dll

0xFE3D0000 \Windows\System32\shell32.dll

0xFE250000 \Windows\System32\urlmon.dll

0xFE070000 \Windows\System32\setupapi.dll

0xFDFA0000 \Windows\System32\usp10.dll

0xFDF80000 \Windows\System32\sechost.dll

0xFDE50000 \Windows\System32\rpcrt4.dll

0xFDDB0000 \Windows\System32\msvcrt.dll

0x770A0000 \Windows\System32\normaliz.dll

0xFDD30000 \Windows\System32\shlwapi.dll

0xFDC90000 \Windows\System32\clbcatq.dll

0xFDC60000 \Windows\System32\imm32.dll

0x76DD0000 \Windows\System32\user32.dll

0xFDA00000 \Windows\System32\iertutil.dll

0xFD920000 \Windows\System32\oleaut32.dll

0xFD8D0000 \Windows\System32\ws2_32.dll

0xFD7F0000 \Windows\System32\advapi32.dll

0xFD770000 \Windows\System32\difxapi.dll

0xFD750000 \Windows\System32\imagehlp.dll

0xFD740000 \Windows\System32\lpk.dll

0xFD610000 \Windows\System32\wininet.dll

0x76CB0000 \Windows\System32\kernel32.dll

0xFD500000 \Windows\System32\msctf.dll

0xFD4A0000 \Windows\System32\Wldap32.dll

0xFD400000 \Windows\System32\comdlg32.dll

0x77090000 \Windows\System32\psapi.dll

0xFD1F0000 \Windows\System32\ole32.dll

0xFD1B0000 \Windows\System32\cfgmgr32.dll

0xFD190000 \Windows\System32\devobj.dll

0xFD120000 \Windows\System32\KernelBase.dll

0xFD080000 \Windows\System32\comctl32.dll

0xFCF10000 \Windows\System32\crypt32.dll

0xFCED0000 \Windows\System32\wintrust.dll

0xFCEC0000 \Windows\System32\msasn1.dll

0x757E0000 \Windows\SysWOW64\normaliz.dll

Processes (total 75):

0 System Idle Process

4 System

276 C:\Windows\System32\smss.exe

384 csrss.exe

436 C:\Windows\System32\wininit.exe

452 csrss.exe

484 C:\Windows\System32\services.exe

508 C:\Windows\System32\lsass.exe

516 C:\Windows\System32\lsm.exe

624 C:\Windows\System32\svchost.exe

692 C:\Windows\System32\winlogon.exe

744 C:\Windows\System32\svchost.exe

840 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

912 C:\Windows\System32\svchost.exe

952 C:\Windows\System32\svchost.exe

996 C:\Windows\System32\svchost.exe

864 C:\Windows\System32\svchost.exe

1124 C:\Windows\System32\svchost.exe

1296 C:\Windows\System32\wlanext.exe

1340 C:\Windows\System32\conhost.exe

1472 C:\Windows\System32\spoolsv.exe

1500 C:\Windows\System32\svchost.exe

1624 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1696 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

1728 C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

1776 C:\Windows\System32\svchost.exe

1804 C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

1900 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

1932 C:\Windows\SysWOW64\svchost.exe

1972 C:\Windows\System32\svchost.exe

2028 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

1112 C:\Windows\System32\svchost.exe

1416 C:\Windows\System32\svchost.exe

1612 C:\Program Files (x86)\SMINST\BLService.exe

1040 C:\Windows\System32\taskhost.exe

456 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2116 C:\Windows\System32\svchost.exe

2184 C:\Windows\System32\dwm.exe

2208 C:\Windows\System32\Wacom_Tablet.exe

2224 C:\Windows\explorer.exe

2460 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2500 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

2536 C:\Windows\System32\WTablet\Wacom_TabletUser.exe

2592 C:\Windows\System32\Wacom_Tablet.exe

2704 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2976 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

3008 C:\Program Files\Microsoft Security Client\msseces.exe

3052 C:\Windows\System32\hkcmd.exe

2100 C:\Windows\System32\igfxpers.exe

2348 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

1316 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

3088 C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe

3136 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

3164 C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

3204 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

3540 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

3812 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

3984 C:\Windows\System32\SearchIndexer.exe

4048 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

852 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

3096 WmiPrvSE.exe

1520 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

564 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe

3788 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe

3884 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe

3832 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

3724 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe

3176 C:\Windows\System32\svchost.exe

1356 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

4060 C:\Windows\System32\sppsvc.exe

3276 C:\Windows\servicing\TrustedInstaller.exe

512 C:\Windows\System32\audiodg.exe

1712 C:\Users\Kitty\Desktop\MBRCheck.exe

4092 C:\Windows\System32\conhost.exe

1880 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`26800000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2555GSX, Rev: FG002C

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Link to post
Share on other sites

Feel free to plug in your other drives :)

I forgot to close this window when I ran that check. Should I do it again or does it not matter?

Nope, doesn't matter ;)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Okay, I didn't find anything in that location, but I found a log here: C:\Program Files (x86)\ESET\ESET Online Scanner

Only thing is, the log is from yesterday, when I first tried to run the scan but wasn't able to complete it. Here is the text from that:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

I can't seem to find anything from the full scan that just finished now, but I attached a screenshot of what the final scan said. Do you think the log simply didn't save?

Link to post
Share on other sites

If ESET scan doesn't produce a log, try this scan instead ;):

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Link to post
Share on other sites

It did a quick scan. Was there a button to do a full scan?

- - -

QuickScan Beta 64-bit v0.9.9.99

-------------------------------

Scan date: Thu Aug 04 21:15:54 2011

Machine ID: 4CD25B84

No infection found.

-------------------

Processes

---------

(unsigned) hpwuSchd Application 3272

C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe

(unsigned) GPCore COM object 3432

C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe

(unsigned) hp digital imaging - hp all-in-one seri 3108

C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe

(unsigned) hp digital imaging - hp all-in-one seri 4048

C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe

(unsigned) LightScribe 2788

C:\Program Files (x86)\Common Files\LightScribe

\LightScribeControlPanel.exe

(unsigned) LightScribe 1088

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(unsigned) RichVideo Module 2256

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(verified) WinPatrol Monitor 3300

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

(verified) AAM Updates Notifier Application 3224

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM

Updates Notifier.exe

(verified) Application STServices 2108

C:\Program Files (x86)\SMINST\BLService.exe

(verified) Bonjour 1744

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(verified) Cisco Systems VPN Client 1780

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

(verified) Firefox 308

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(verified) hp digital imaging - hp all-in-one seri 3096

C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

(verified) HP Quick Launch Buttons 1108

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch

Buttons\Com4QLBEx.exe

(verified) HP Quick Launch Buttons 3288

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch

Buttons\QLBCTRL.exe

(verified) HP Quick Synchronization Service 1992

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(verified) HP Support Assistant 3588

C:\Program Files (x86)\Hewlett-Packard\HP Health Check

\HPHC_Service.exe

(verified) HP Wireless Assistant 3320

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant

\HPWAMain.exe

(verified) hpCaslNotification 2928

C:\Program Files (x86)\Hewlett-Packard\Shared

\hpCaslNotification.exe

(verified) HpqToaster Module 3188

C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe

(verified) hpqwmiex Module 3808

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(verified) Intel® Common User Interface 2336

C:\Windows\System32\hkcmd.exe

(verified) Intel® Common User Interface 2304

C:\Windows\System32\igfxpers.exe

(verified) Microsoft Malware Protection 784

C:\Program Files\Microsoft Security Client\Antimalware

\MsMpEng.exe

(verified) Microsoft Network Inspection System 4064

C:\Program Files\Microsoft Security Client\Antimalware

\NisSrv.exe

(verified) Microsoft Security Client 980

C:\Program Files\Microsoft Security Client\msseces.exe

(verified) Microsoft® .NET Framework 2128

C:\Windows\Microsoft.NET\Framework64\v3.0\WPF

\PresentationFontCache.exe

(verified) Microsoft® CoReXT 2604

C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WLIDSVC.EXE

(verified) Microsoft® CoReXT 2940

C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WLIDSVCM.EXE

(verified) Microsoft® Windows® Operating System 2004

C:\Windows\explorer.exe

(verified) Microsoft® Windows® Operating System 1280

C:\Windows\System32\conhost.exe

(verified) Microsoft® Windows® Operating System 380

C:\Windows\System32\csrss.exe

(verified) Microsoft® Windows® Operating System 432

C:\Windows\System32\csrss.exe

(verified) Microsoft® Windows® Operating System 1576

C:\Windows\System32\dwm.exe

(verified) Microsoft® Windows® Operating System 492

C:\Windows\System32\lsass.exe

(verified) Microsoft® Windows® Operating System 500

C:\Windows\System32\lsm.exe

(verified) Microsoft® Windows® Operating System 156

C:\Windows\System32\rundll32.exe

(verified) Microsoft® Windows® Operating System 476

C:\Windows\System32\services.exe

(verified) Microsoft® Windows® Operating System 276

C:\Windows\System32\smss.exe

(verified) Microsoft® Windows® Operating System 1332

C:\Windows\System32\spoolsv.exe

(verified) Microsoft® Windows® Operating System 924

C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 892

C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 2044

C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 676

C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1836

C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 660

C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 2324

C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1448

C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 2576

C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1564

C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 736

C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1360

C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1188

C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1164

C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 948

C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1700

C:\Windows\System32\taskhost.exe

(verified) Microsoft® Windows® Operating System 3920

C:\Windows\System32\wbem\WmiPrvSE.exe

(verified) Microsoft® Windows® Operating System 420

C:\Windows\System32\wininit.exe

(verified) Microsoft® Windows® Operating System 560

C:\Windows\System32\winlogon.exe

(verified) Microsoft® Windows® Operating System 1256

C:\Windows\System32\wlanext.exe

(verified) Microsoft® Windows® Operating System 2024

C:\Windows\SysWOW64\svchost.exe

(verified) MobileDeviceService 1500

C:\Program Files (x86)\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe

(verified) Synaptics Pointing Device Driver 3056

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(verified) Synaptics Pointing Device Driver 3568

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(verified) Sync 1868

C:\Program Files (x86)\Seagate\SeagateManager\Sync

\FreeAgentService.exe

(verified) Wacom Technology, Corp. Tablet Service 2528

C:\Windows\System32\Wacom_Tablet.exe

(verified) Wacom Technology, Corp. Tablet Service 2900

C:\Windows\System32\Wacom_Tablet.exe

(verified) Wacom Technology, Corp. User Module 2836

C:\Windows\System32\WTablet\Wacom_TabletUser.exe

(verified) Windows® Internet Explorer 1304

C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 4468

C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Search 3896

C:\Windows\System32\SearchIndexer.exe

(verified) Yahoo! AutoUpdater 2636

C:\Program Files (x86)\Yahoo!\SoftwareUpdate

\YahooAUService.exe

Network activity

----------------

Process iexplore.exe (4468) connected on port 80 (HTTP) -->

198.189.255.201

Process iexplore.exe (4468) connected on port 80 (HTTP) -->

198.189.255.201

Process iexplore.exe (4468) connected on port 80 (HTTP) -->

198.189.255.199

Process iexplore.exe (4468) connected on port 80 (HTTP) -->

198.189.255.199

Process iexplore.exe (4468) connected on port 80 (HTTP) -->

74.125.224.138

Process iexplore.exe (4468) connected on port 80 (HTTP) -->

74.125.224.138

Process iexplore.exe (4468) connected on port 80 (HTTP) -->

69.171.228.12

Process iexplore.exe (4468) connected on port 80 (HTTP) -->

69.171.228.12

Process iexplore.exe (4468) connected on port 80 (HTTP) -->

198.189.255.225

Process wininit.exe (420) listens on ports: 49152 (RPC)

Process services.exe (476) listens on ports: 49157 (RPC)

Process lsass.exe (492) listens on ports: 49155 (RPC)

Process svchost.exe (736) listens on ports: 135 (RPC)

Process svchost.exe (892) listens on ports: 49153 (RPC)

Process svchost.exe (948) listens on ports: 49154 (RPC)

Autoruns and critical files

---------------------------

(unsigned) hpwuSchd Application C:

\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe

(unsigned) Adobe Updater C:

\Program Files (x86)\Common Files\Adobe\Updater

\AdobeUpdater.exe

(unsigned) HpqSRmon Application C:

\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

(unsigned) LightScribe C:

\Program Files (x86)\Common Files\LightScribe

\LightScribeControlPanel.exe

(unsigned) SBSV 2010/02/19-11:02:07 C:

\Program Files (x86)\Common Files\Adobe\SwitchBoard

\SwitchBoard.exe

(verified) WinPatrol Monitor C:

\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

(verified) Adobe CS5 Service Manager C:

\Program Files (x86)\Common Files\Adobe\CS5ServiceManager

\CS5ServiceManager.exe

(verified) Adobe Updater Startup Utility C:

\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA

\UpdaterStartupUtility.exe

(verified) Google Update C:

\Program Files (x86)\Google\Update\GoogleUpdate.exe

(verified) Google Update C:\Users

\Kitty\AppData\Local\Google\Update\GoogleUpdate.exe

(verified) GrooveShellExtensions Module C:

\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll

(verified) HP Ceement C:

\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

(verified) hp digital imaging - hp all-in-one seri C:

\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

(verified) HP Quick Launch Buttons C:

\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons

\QLBCTRL.exe

(verified) HP Wireless Assistant C:

\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant

\HPWAMain.exe

(verified) Intel® Common User Interface C:

\Windows\System32\hkcmd.exe

(verified) Intel® Common User Interface C:

\Windows\system32\igfxdev.dll

(verified) Intel® Common User Interface C:

\Windows\System32\igfxpers.exe

(verified) Intel® Common User Interface C:

\Windows\system32\igfxtray.exe

(verified) Microsoft Security Client C:

\Program Files\Microsoft Security Client\msseces.exe

(verified) Microsoft® Windows® Operating System c:

\windows\system32\userinit.exe

(verified) Synaptics Pointing Device Driver C:

\Program Files\Synaptics\SynTP\SynTPEnh.exe

(verified) Windows® Internet Explorer c:

\windows\system32\webcheck.dll

(verified) Windows® Internet Explorer c:

\windows\syswow64\webcheck.dll

Browser plugins

---------------

(unsigned) QuickTime Plug-in 7.6.9 C:

\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

(unsigned) QuickTime Plug-in 7.6.9 C:

\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

(unsigned) QuickTime Plug-in 7.6.9 C:

\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

(unsigned) QuickTime Plug-in 7.6.9 C:

\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

(unsigned) QuickTime Plug-in 7.6.9 C:

\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

(unsigned) QuickTime Plug-in 7.6.9 C:

\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

(unsigned) QuickTime Plug-in 7.6.9 C:

\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

(unsigned) QuickTime Plug-in 7.6.9 C:

\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

(unsigned) QuickTime Plug-in 7.6.9 C:

\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

(unsigned) QuickTime Plug-in 7.6.9 C:

\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

(unsigned) QuickTime Plug-in 7.6.9 C:

\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

(unsigned) QuickTime Plug-in 7.6.9 C:

\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

(unsigned) QuickTime Plug-in 7.6.9 C:

\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

(unsigned) QuickTime Plug-in 7.6.9 C:

\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

(verified) Adobe Acrobat C:

\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

(verified) Adobe Acrobat C:

\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

(verified) BitDefender QuickScan C:

\Windows\Downloaded Program Files\qsax64.dll

(verified) Bonjour C:

\Program Files (x86)\Bonjour\mdnsNSP.dll

(verified) Bonjour C:

\Program Files\Bonjour\mdnsNSP.dll

(verified) Google Talk Plugin C:\Users

\Kitty\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

(verified) Google Talk Plugin Video Accelerator C:\Users

\Kitty\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

(verified) Google Update C:\Users

\Kitty\AppData\Local\Google\Update

\1.3.21.57\npGoogleUpdate3.dll

(verified) Microsoft® CoReXT C:

\Program Files (x86)\Common Files\microsoft shared\Windows

Live\WLIDNSP.DLL

(verified) Microsoft® CoReXT C:

\Program Files\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll

(verified) Microsoft® CoReXT C:

\Program Files\Common Files\Microsoft Shared\Windows Live

\WLIDNSP.DLL

(verified) Microsoft® Windows® Operating System C:

\Windows\System32\mswsock.dll

(verified) Microsoft® Windows® Operating System C:

\Windows\System32\NapiNSP.dll

(verified) Microsoft® Windows® Operating System C:

\Windows\System32\nlaapi.dll

(verified) Microsoft® Windows® Operating System C:

\Windows\System32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:

\Windows\System32\winrnr.dll

(verified) RealJukebox NS Plugin C:

\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

(verified) RealPlayer Version Plugin C:

\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

(verified) RealPlayer G2 LiveConnect-Enabled P C:

\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

(verified) Windows® Internet Explorer C:

\Windows\System32\ieframe.dll

Scan

----

MD5: 8b46d5a1d3ef08232c04d0eafb871fb2 C:\Program Files

(x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

MD5: f577910a133a592234ebaad3f3afa258 C:\Program Files

(x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

MD5: 5c757b7e52d5c158a6dd59f9545d2613 C:\Program Files

(x86)\Common Files\Adobe\Updater\AdobeUpdater.exe

MD5: bdf37b36ac60a7d97161a103b14cee65 C:\Program Files

(x86)\Common Files\LightScribe\LightScribeControlPanel.exe

MD5: bf5d90612080dbaa1af7b7469a5c5370 C:\Program Files

(x86)\Common Files\LightScribe\LSLog.dll

MD5: 9bc00d41c75b82502fcde87c661f9e6e C:\Program Files

(x86)\Common Files\LightScribe\LSSProxy.dll

MD5: 3503f257b3203f824b1567238ebe17e2 C:\Program Files

(x86)\Common Files\LightScribe\LSSrvc.exe

MD5: d02f845ef350910b3424ad15bbb68e83 C:\Program Files

(x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MD5: 9ab3620c0a97366e1565967bd78bf64c C:\Program Files

(x86)\Common Files\LightScribe\QtCore4.dll

MD5: 7da4f72284d2c927927dfc0e12afab85 C:\Program Files

(x86)\Common Files\LightScribe\QtGui4.dll

MD5: 84b93a9f22b0acb09fe3c9f5d2f26a7e C:\Program Files

(x86)\Common Files\Macromedia Shared\Service\Macromedia

Licensing.exe

MD5: 805ae1f90c64758d19aaa001cf8cba12 C:\Program Files

(x86)\CyberLink\Shared files\RichVideo.exe

MD5: 67e249f5224faed6637dc68c6faef567 C:\Program Files

(x86)\Hewlett-Packard\HP Health Check\interop.Scheduler.dll

MD5: 08d212da1451cfc959ed79fe7972006b C:\Program Files

(x86)\Hewlett-Packard\HP Wireless Assistant\EN

\HPWAMain.resources.dll

MD5: 99fa2080e5a8f9dfeb17f315aaa2b287 C:\Program Files

(x86)\Hewlett-Packard\HP Wireless Assistant

\Interop.HPQTOASTERLib.dll

MD5: ee7ef4acb853904d3240440406a38287 C:\Program Files

(x86)\Hewlett-Packard\HP Wireless Assistant

\Interop.HPQWMIEXLib.dll

MD5: 8fdbda553bb3e1af3f7c9e5644703229 C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpocxi08.dll

MD5: 90b51ac4c4a44a0db587462fabc1a99a C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpodio08.dll

MD5: 200c3e529a9a71595f408ca83c696eec C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpotra08.dll

MD5: 10305be5e4e1654d70d1d059da96310d C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpotra08.rsc

MD5: 942c865e1b24deecd47b46859178c2dc C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpotradd.dll

MD5: f0898e9bd7c914fb7389f393d189b32f C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqbam08.exe

MD5: 0b55d07c6348e045d18e071a42f6a50f C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqcob08.dll

MD5: c293a12e8246e4c306e8b67451a9d307 C:\Program Files

(x86)\Hp\Digital Imaging\bin\HpqCPTA.dll

MD5: 0a3c6aa4a9fc38c20ba4eac2c3351c05 C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqcxs08.dll

MD5: cfb58c9a53b56892817c3519e32c4502 C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqddcmn.dll

MD5: ee4c7a4cf2316701ffde90f404520265 C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqddsvc.dll

MD5: 15eed25cd325f6209bb109c1ce88576e C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqddusr.dll

MD5: 347a39b69ac03b8f56d8807b989f5ca8 C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqgpb01.dll

MD5: 883008a9b5bff94a153d99dba54cb5c1 C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqgpc01.exe

MD5: cc190b07e357bcd40c2afb57b9a67b7f C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqgpreh.dll

MD5: 3c69ce161c7007e9ad53a325492d446a C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqrif08.dll

MD5: 67dc3019494b74e5206428714ab91dc0 C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqsem08.rsc

MD5: 481cb5a929a5185db6b48d20a8343ff4 C:\Program Files

(x86)\Hp\Digital Imaging\bin\HpqSplh08.dll

MD5: 0d9f0763b213df519012df96f02e9633 C:\Program Files

(x86)\HP\Digital Imaging\bin\hpqSRMon.exe

MD5: f04edb673b143e3bc148fc005f213278 C:\Program Files

(x86)\Hp\Digital Imaging\bin\HpqSRTA.dll

MD5: 1f09d071890666b851f1817ee1e12b7f C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqssm08.dll

MD5: 80b8ae8e18ff57be13ff4a5959db0ec1 C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqste08.exe

MD5: ff2f8e5eec852fd760f167cbdb592d5f C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqsti08.dll

MD5: 5e7c07b4249c6bef8e0b397d75f9b203 C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqstp08.dll

MD5: b92d661eaa51bfee6d8d71ac31a8325b C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqstp08.rsc

MD5: 048ee50bb0bfefaae690fa3abc82e9c7 C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqtao08.dll

MD5: ab47343af4e28bee50bacac93cc2e74a C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqtap08.dll

MD5: 2f72347a477a4a2f783a6aff58aad750 C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqtra08.rsc

MD5: f0be01dc3881c402b0de6b9c918347da C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpquio08.dll

MD5: f0842cf3c0b33c07b2ca1692900f21b4 C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqwso08.dll

MD5: 1d0adfdb1d2ae32c8a158cda3bb9c7a8 C:\Program Files

(x86)\Hp\Digital Imaging\bin\hpqxml2.dll

MD5: cbbaf06c2ac8882d239c8dc5bfa197fd C:\Program Files

(x86)\Hp\Digital Imaging\Product Assistant\bin\hprbevst.dll

MD5: 062f3db9afa9c3ce0da52f28595c0c6d C:\Program Files

(x86)\Hp\HP Software Update\hpwuSchd2.exe

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files

(x86)\Internet Explorer\plugins\npqtplugin.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files

(x86)\Internet Explorer\plugins\npqtplugin2.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files

(x86)\Internet Explorer\plugins\npqtplugin3.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files

(x86)\Internet Explorer\plugins\npqtplugin4.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files

(x86)\Internet Explorer\plugins\npqtplugin5.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files

(x86)\Internet Explorer\plugins\npqtplugin6.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files

(x86)\Internet Explorer\plugins\npqtplugin7.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files

(x86)\Mozilla Firefox\plugins\npqtplugin.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files

(x86)\Mozilla Firefox\plugins\npqtplugin2.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files

(x86)\Mozilla Firefox\plugins\npqtplugin3.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files

(x86)\Mozilla Firefox\plugins\npqtplugin4.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files

(x86)\Mozilla Firefox\plugins\npqtplugin5.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files

(x86)\Mozilla Firefox\plugins\npqtplugin6.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files

(x86)\Mozilla Firefox\plugins\npqtplugin7.dll

MD5: d7cebd8fc276e5f3ede863a5ce052bcd C:\Program Files

(x86)\WinSCP\DragExt64.dll

MD5: a07d253f0e622a35cb007178c73b24ed C:\Windows\assembly

\NativeImages_v2.0.50727_64\mscorlib

\8f7abb6f7384aad8fc43659820726eab\mscorlib.ni.dll

MD5: 58525979710c704af0efa218e93924e4 C:\Windows\assembly

\NativeImages_v2.0.50727_64\PresentationCore

\1607124764f1e5b9863eafc7015f6514\PresentationCore.ni.dll

MD5: 1b08b8c241c50c12391cf25108d3da49 C:\Windows\assembly

\NativeImages_v2.0.50727_64\System.Configuration

\9d5244b5f143731480f9ff2aecc47f22\System.Configuration.ni.dll

MD5: 633fdc3f63ff1e3ba077b4da5b5a27a4 C:\Windows\assembly

\NativeImages_v2.0.50727_64\System.Drawing

\2060ac01c39917d8d05af502f0a849ab\System.Drawing.ni.dll

MD5: de223df7b75f2d98d7f0803f988428dc C:\Windows\assembly

\NativeImages_v2.0.50727_64\System.Management

\b56f77e663f818d38e0fe698db8b0a6f\System.Management.ni.dll

MD5: 284e3de05d210ae3916e5fe732ee4334 C:\Windows\assembly

\NativeImages_v2.0.50727_64\System.Runtime.Remo#

\b1346a375e5314546ec6fa497aff686f

\System.Runtime.Remoting.ni.dll

MD5: 284809c6c2812376bffec6b470c0d048 C:\Windows\assembly

\NativeImages_v2.0.50727_64\System.Runtime.Seri#

\e769eb6c7d25c790a5216b29d3390882\System.Runtime.Serialization

.Formatters.Soap.ni.dll

MD5: 6cbdd72632aed91859fda43658dc88c6 C:\Windows\assembly

\NativeImages_v2.0.50727_64\System.ServiceProce#

\c359672c47e06dd96a3f2c03bc949b32\System.ServiceProcess.ni.dll

MD5: 4f74bef7f4ff173d9346d3dbf8056062 C:\Windows\assembly

\NativeImages_v2.0.50727_64\System.Web

\41e4619a86f9e97ddc47bdbd2c9308cb\System.Web.ni.dll

MD5: b41cb094cb81012ef7fc648d3387a0b1 C:\Windows\assembly

\NativeImages_v2.0.50727_64\System.Windows.Forms

\7e26f8cdc96e89e412ebaa2763573a6d\System.Windows.Forms.ni.dll

MD5: c2f5c59d6da1a9d6d382dce0f66cd813 C:\Windows\assembly

\NativeImages_v2.0.50727_64\System.Xml

\d4603249dcfcbf67be6ce7ce58aa6b0a\System.Xml.ni.dll

MD5: 85000b6893b216037eef7b94d45af56d C:\Windows\assembly

\NativeImages_v2.0.50727_64\System

\9acc9e2726b783f5c96a5913d7ed52be\System.ni.dll

MD5: bebdcb196ea12aa1128b9b9aafcad2f8 C:\Windows\assembly

\NativeImages_v2.0.50727_64\WindowsBase

\702e190b551f102fabe21f1e846b34fc\WindowsBase.ni.dll

MD5: fcc07af2b89a9e40bce8e57fae6e52ce C:\Windows

\System32\CNBLM3_2.DLL

MD5: 3353b667e1ef7898b1b936ee631d9fe0 C:\Windows

\System32\CNMLM9Y.DLL

MD5: d5ac41ae382738483faffbd7e373d49a C:\Windows

\System32\HPZinw12.dll

MD5: 37f6046cdc630442d7dc087501ff6fc6 C:\Windows

\System32\HPZipm12.dll

MD5: 9d6e05fc1637fd44a89e78631e2e86b2 C:\Windows

\System32\spool\prtprocs\x64\CNBPP3.DLL

MD5: 345709e87e47a9f028e8973aec9d3bc2 C:\Windows

\System32\spool\prtprocs\x64\CNMPD9Y.DLL

MD5: b1c979c02fe013b2b9c0717c26ae1485 C:\Windows

\SysWOW64\HPZipr12.dll

MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\Windows\winsxs

\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d

1cb102c435421de\ATL80.dll

MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\Windows\winsxs

\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_c

bf5e994470a1a8f\mfc80u.dll

MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\winsxs

\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_non

e_03ce2c72205943d3\mfc80ENU.dll

No file uploaded.

Scan finished - communication took 4 sec

Total traffic - 0.13 MB sent, 3.80 KB recvd

Scanned 1944 files and modules - 103 seconds

==============================================================

================

Link to post
Share on other sites

Your logs appear to be clean :)

Before we move on, please take the time to install the following updates, as using outdated applications leaves you extremely vulnerable to getting infected again ;):

-----------

You are using Internet Explorer version 8. Since you are using Windows 7, you qualify forthe latest version, which is 9. Using an outdated version of a web browser leaves you extremley vulnerable to malware!

Please see this link to download the latest version: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home

-----------

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them: javaicon.gif

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

-----------

Your WinPatrol is outdated- I suggest you download the latest version from here http://www.winpatrol.com/download.html

-----------

Please let me know how the updates went, as failed updates may indicate additional malware ;)

Link to post
Share on other sites

I'd recommend that you keep Internet Explorer as a backup browser, since some infections target ONLY Firefox, so having a second browser would enable you to seek help when the first one is unusable ;).

Unless there are any further issues, I will now provide you with some suggestions for security software, but first, ComboFix must be uninstalled ;):

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

I did the updates, but Internet Explorer said it could not instal version 9 because a newer version is already installed on my computer. Strange?

The link to the Java updates said it was for developing, so I downloaded from here: http://www.java.com/en/download/ That okay?

Also, I don't know whether or not this may be related to the programs I had to install these past few days, but my Adobe Photoshop 64-bit version won't work, saying that it has been moved.

Link to post
Share on other sites

did the updates, but Internet Explorer said it could not instal version 9 because a newer version is already installed on my computer. Strange?

Don't worry about it- it means you're using the most recent version, so you should be fine ;)

The link to the Java updates said it was for developing, so I downloaded from here: http://www.java.com/en/download/ That okay?

Yep, that works :)

Also, I don't know whether or not this may be related to the programs I had to install these past few days, but my Adobe Photoshop 64-bit version won't work, saying that it has been moved.

Try reinstalling it- let me know if that helps ;)

Link to post
Share on other sites

Sorry I haven't got to the steps in your second message yet. I'll do it as soon as I have time, been really busy.

No worries, take all the time you need :)

I'll look into reinstalling it, but I'm not sure Adobe allows that? I know the software is restricted to install on one computer.

You should be able to reinstall it using the license key provided to you by Adobe ;) Let me know how it goes.

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.