WilliSquirrel Posted July 29, 2011 ID:459602 Share Posted July 29, 2011 Yes, a hot topic indeed. No matter which browser I use, it redirects me to unrelated ads. This has popped up just in the last couple of days. I used Malwarebytes plus the free trial of Malwarebytes Pro which does pick up the virus, quarantines it and then I delete it, only to have it pop right back up within minutes. I also have a file on my desktop that I can't seem to get rid of that must be related called "jwknownpkr.tmp." Please bear with me as I only have average computer smarts so if I miss posting something, my humblest of apologies. And many thanks for any help you can offer.Malwarebytes' Anti-Malware 1.51.1.1800www.malwarebytes.orgDatabase version: 7309Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187027/28/2011 10:41:13 AMmbam-log-2011-07-28 (10-41-13).txtScan type: Quick scanObjects scanned: 179815Time elapsed: 4 minute(s), 42 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected).DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Run by Administrator at 21:00:30 on 2011-07-28Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3064.2077 [GMT -5:00].AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}FW: ZoneAlarm Security Suite Firewall *Enabled* .============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\windows\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exeC:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\WINDOWS\system32\svchost.exe -k HPServiceC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\MedQuist\MQHostService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exe -k HPZ12C:\Program Files\PDF Complete\pdfsvc.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\eapsvc32.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\atikvmag32.exeC:\Program Files\MedQuist, Inc\DocQvoice Workstation\OEWOutboxService.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Citrix\ICA Client\concentr.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Citrix\ICA Client\wfcrun32.exeC:\Program Files\Common Files\MedQuist\AutoUpdateNotification.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exeC:\Program Files\CheckPoint\ZAForceField\ForceField.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\WinMsgBalloonServer.exeC:\WINDOWS\system32\WinMsgBalloonClient.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\sh10\sh10.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\SearchProtocolHost.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Waukesha&state=WI&site=MKX&textField1=43.0125&textField2=-88.2382uSearch Page = hxxp://www.bing.comuSearch Bar = hxxp://www.bing.com/sphome.aspx?mkt={SUB_RFC1766}mSearchAssistant = hxxp://www.bing.com/sphome.aspx?mkt={SUB_RFC1766}BHO: {01e5565d-5efd-4ac2-9765-11eefb17ae99} - c:\windows\system32\atikvmag32.dllBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No FileTB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exemRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [<NO NAME>] mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startupmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttrayStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\windows\installer\{6b3fdc5d-2fa5-44ad-9dec-5136a85cc524}\_1D0A817BB6B9657202E19A.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTrusted Zone: dynamicvoice.com\advancedwebTrusted Zone: tmtprn.com\wwwTrusted Zone: //about.htm/Trusted Zone: //Exclude.htm/Trusted Zone: //FWEvent.htm/Trusted Zone: //LanguageSelection.htm/Trusted Zone: //Message.htm/Trusted Zone: //MyAgttryCmd.htm/Trusted Zone: //MyAgttryNag.htm/Trusted Zone: //MyNotification.htm/Trusted Zone: //NOCLessUpdate.htm/Trusted Zone: //quarantine.htm/Trusted Zone: //ScanNow.htm/Trusted Zone: //strings.vbs/Trusted Zone: //Template.htm/Trusted Zone: //Update.htm/Trusted Zone: //VirFound.htm/Trusted Zone: mcafee.com\*Trusted Zone: mcafeeasap.com\betavscanTrusted Zone: mcafeeasap.com\vsTrusted Zone: mcafeeasap.com\wwwDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275532971921DPF: {707873C7-03BB-4F1A-95EC-4AAF1C3D463E} - hxxps://www.tmtprn.com/wspellam.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cabDPF: {B151B524-F451-4036-9663-B3944FA710DF} - hxxp://www.medquist.com/Portals/0/Remote%20Desktop/ENUclientPro.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabTCP: DhcpNameServer = 192.168.0.1TCP: Interfaces\{8EB6F265-82F4-4E18-A3D9-98EC570F2E04} : DhcpNameServer = 192.168.0.1TCP: Interfaces\{BBBA6926-9994-40FE-BCDA-2834D0AC130C} : DhcpNameServer = 192.168.0.1Notify: AtiExtEvent - Ati2evxx.dllSEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\wueq4cf6.default\FF - prefs.js: browser.startup.homepage - hxxp://forecast.weather.gov/MapClick.php?CityName=Waukesha&state=WI&site=MKX&textField1=43.0125&textField2=-88.2382FF - prefs.js: network.proxy.type - 1FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll.============= SERVICES / DRIVERS ===============.R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2009-8-31 184888]R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2011-7-27 128016]R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-7-27 317072]R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-27 214024]R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-2-20 528128]R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\amd\raidxpert\bin\RAIDXpertService.exe [2009-3-16 122880]R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2009-7-10 110592]R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 26352]R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 493032]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-27 366640]R2 MedQuist Client Platform Service;MedQuist Client Platform Service;c:\program files\common files\medquist\MQHostService.exe [2010-5-20 28672]R2 OEWOutboxService;OEW Outbox Service;c:\program files\medquist, inc\docqvoice workstation\OEWOutboxService.exe [2010-5-28 73728]R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-1-27 635416]R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]R2 W32Time32;Windows Time ;c:\windows\system32\eapsvc32.exe [2011-7-25 786432]R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-12-18 44800]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-27 22712]R3 wpkbdclassfiltr;Words+ Upper Class Keyboard Filter Driver;c:\windows\system32\drivers\wpkbdclassfiltr.sys [2010-5-21 5024]S2 0097991266720622mcinstcleanup;McAfee Application Installer Cleanup (0097991266720622);c:\docume~1\admini~1\locals~1\temp\009799~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\admini~1\locals~1\temp\009799~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2010-2-20 20160]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-4-27 41272]S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-1-27 79816]S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-1-27 35272]S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-1-27 34248].=============== Created Last 30 ================..==================== Find3M ====================.2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys2011-05-10 13:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll2011-05-10 13:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll.============= FINISH: 21:00:57.01 ===============ark.zipattach.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted July 30, 2011 Staff ID:460209 Share Posted July 30, 2011 Hi and welcome to Malwarebytes.Please update MBAM, run a Quick Scan, and post its log.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
WilliSquirrel Posted July 31, 2011 Author ID:460429 Share Posted July 31, 2011 Hi, Screen ... thanks so much for addressing my problem. Hopefully I can do as you requested (I'm not the most computer literate so please bear with me I have updated the MBAM and ran a scan. Here is the log:Malwarebytes' Anti-Malware 1.51.1.1800www.malwarebytes.orgDatabase version: 7339Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187027/31/2011 11:17:28 AMmbam-log-2011-07-31 (11-17-28).txtScan type: Quick scanObjects scanned: 180662Time elapsed: 5 minute(s), 23 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Here is the ComboFix log:ComboFix 11-07-31.03 - Administrator 07/31/2011 11:23:43.1.4 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3064.1858 [GMT -5:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exeAV: ZoneAlarm Security Suite Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}FW: ZoneAlarm Security Suite Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{0adfde38-1bc6-420b-8c3b-ad42ae35430d}c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{0adfde38-1bc6-420b-8c3b-ad42ae35430d}\chrome.manifestc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{0adfde38-1bc6-420b-8c3b-ad42ae35430d}\chrome\xulcache.jarc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{0adfde38-1bc6-420b-8c3b-ad42ae35430d}\defaults\preferences\xulcache.jsc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{0adfde38-1bc6-420b-8c3b-ad42ae35430d}\install.rdfc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{18b19a6d-96a2-4b6d-a3c4-ed4dbd61794e}c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{18b19a6d-96a2-4b6d-a3c4-ed4dbd61794e}\chrome.manifestc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{18b19a6d-96a2-4b6d-a3c4-ed4dbd61794e}\chrome\xulcache.jarc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{18b19a6d-96a2-4b6d-a3c4-ed4dbd61794e}\defaults\preferences\xulcache.jsc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{18b19a6d-96a2-4b6d-a3c4-ed4dbd61794e}\install.rdfc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{1d821910-8fd4-478c-9943-9570093f0618}c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{1d821910-8fd4-478c-9943-9570093f0618}\chrome.manifestc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{1d821910-8fd4-478c-9943-9570093f0618}\chrome\xulcache.jarc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{1d821910-8fd4-478c-9943-9570093f0618}\defaults\preferences\xulcache.jsc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{1d821910-8fd4-478c-9943-9570093f0618}\install.rdfc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{a78b310b-7606-4dae-9245-13aee5f8f91c}c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{a78b310b-7606-4dae-9245-13aee5f8f91c}\chrome.manifestc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{a78b310b-7606-4dae-9245-13aee5f8f91c}\chrome\xulcache.jarc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{a78b310b-7606-4dae-9245-13aee5f8f91c}\defaults\preferences\xulcache.jsc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{a78b310b-7606-4dae-9245-13aee5f8f91c}\install.rdfc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{bcd6c7d0-e937-45fa-8e5e-5dc11da04dc8}c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{bcd6c7d0-e937-45fa-8e5e-5dc11da04dc8}\chrome.manifestc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{bcd6c7d0-e937-45fa-8e5e-5dc11da04dc8}\chrome\xulcache.jarc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{bcd6c7d0-e937-45fa-8e5e-5dc11da04dc8}\defaults\preferences\xulcache.jsc:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{bcd6c7d0-e937-45fa-8e5e-5dc11da04dc8}\install.rdfc:\documents and settings\Administrator\jwknoxnpkr.tmpc:\documents and settings\Administrator\WINDOWS..((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))..2011-07-27 14:29 . 2009-10-12 23:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys2011-07-27 14:28 . 2010-08-29 07:53 69120 ----a-w- c:\windows\system32\zlcomm.dll2011-07-27 14:28 . 2010-08-29 07:53 103936 ----a-w- c:\windows\system32\zlcommdb.dll2011-07-27 14:28 . 2010-08-29 07:53 1238528 ----a-w- c:\windows\system32\zpeng25.dll2011-07-26 03:31 . 2011-07-26 03:31 786432 ----a-w- c:\windows\system32\atikvmag32.exe2011-07-26 03:31 . 2011-07-26 03:31 786432 ----a-w- c:\windows\system32\eapsvc32.exe2011-07-25 12:35 . 2011-07-25 12:36 -------- d-----w- c:\program files\Safari2011-07-25 12:28 . 2011-07-25 12:28 -------- d-----w- c:\program files\iPod2011-07-25 12:19 . 2011-07-25 12:19 -------- d-----w- c:\program files\Bonjour2011-07-14 12:35 . 2011-07-14 12:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-07-07 00:52 . 2010-04-27 14:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-07 00:52 . 2010-04-27 14:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-06-02 14:02 . 2008-04-14 09:00 1858944 ----a-w- c:\windows\system32\win32k.sys2011-05-10 13:06 . 2011-06-27 01:13 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll2011-05-10 13:06 . 2011-06-27 01:13 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys2009-09-13 05:05 . 2009-09-13 05:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll2009-09-13 05:06 . 2009-09-13 05:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll2009-09-13 05:06 . 2009-09-13 05:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll2009-09-13 05:06 . 2009-09-13 05:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll2009-09-13 05:06 . 2009-09-13 05:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll2009-09-13 05:07 . 2009-09-13 05:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll2009-09-13 05:06 . 2009-09-13 05:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll2009-09-13 05:06 . 2009-09-13 05:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll2009-08-14 19:33 . 2009-08-14 19:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll2009-09-13 05:06 . 2009-09-13 05:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll2011-06-26 14:22 . 2011-03-28 14:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2009-07-02 344064]"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]"RTHDCPL"="RTHDCPL.EXE" [2009-07-03 18665472]"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-08-29 1039360]"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-08-27 730600]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584].c:\documents and settings\All Users\Start Menu\Programs\Startup\Auto Update Notification.lnk - c:\windows\Installer\{6B3FDC5D-2FA5-44AD-9DEC-5136A85CC524}\_1D0A817BB6B9657202E19A.exe [2011-3-31 10134]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128].[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VoiceCOMPOSER Express.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VoiceCOMPOSER Express.lnkbackup=c:\windows\pss\VoiceCOMPOSER Express.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]2009-09-13 05:09 103768 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\windows\\system32\\usmt\\migwiz.exe"="c:\\Program Files\\HP\\Digital Imaging\\{FA0F0A01-4631-4161-A6C2-948BF694382E}\\setup\\hpznui01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"="c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"="c:\\windows\\system32\\ZoneLabs\\vsmon.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009.R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [8/31/2009 4:55 PM 184888]R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 7:13 PM 65584]R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\bin\RAIDXpertService.exe [3/16/2009 3:47 AM 122880]R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [7/10/2009 7:36 PM 110592]R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 8:30 AM 26352]R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 8:30 AM 493032]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/27/2010 9:31 AM 366640]R2 MedQuist Client Platform Service;MedQuist Client Platform Service;c:\program files\Common Files\MedQuist\MQHostService.exe [5/20/2010 11:33 AM 28672]R2 OEWOutboxService;OEW Outbox Service;c:\program files\MedQuist, Inc\DocQvoice Workstation\OEWOutboxService.exe [5/28/2010 10:52 AM 73728]R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [1/27/2010 12:06 AM 635416]R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 11:09 PM 11032]R2 W32Time32;Windows Time ;c:\windows\system32\eapsvc32.exe [7/25/2011 10:31 PM 786432]R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/18/2007 12:46 PM 44800]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/27/2010 9:31 AM 22712]R3 wpkbdclassfiltr;Words+ Upper Class Keyboard Filter Driver;c:\windows\system32\drivers\wpkbdclassfiltr.sys [5/21/2010 4:55 PM 5024]S2 0097991266720622mcinstcleanup;McAfee Application Installer Cleanup (0097991266720622);c:\docume~1\ADMINI~1\LOCALS~1\Temp\009799~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\009799~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2/20/2010 2:20 PM 20160]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/27/2010 9:31 AM 41272].--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVChpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcgetPlusHelper REG_MULTI_SZ getPlusHelper.Contents of the 'Scheduled Tasks' folder.2011-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57].2011-07-31 c:\windows\Tasks\User_Feed_Synchronization-{68925FE1-37F6-4020-A07B-0D3B85EE61DA}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]..------- Supplementary Scan -------.uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Waukesha&state=WI&site=MKX&textField1=43.0125&textField2=-88.2382IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000Trusted Zone: dynamicvoice.com\advancedwebTrusted Zone: tmtprn.com\wwwTrusted Zone: //about.htm/Trusted Zone: //Exclude.htm/Trusted Zone: //FWEvent.htm/Trusted Zone: //LanguageSelection.htm/Trusted Zone: //Message.htm/Trusted Zone: //MyAgttryCmd.htm/Trusted Zone: //MyAgttryNag.htm/Trusted Zone: //MyNotification.htm/Trusted Zone: //NOCLessUpdate.htm/Trusted Zone: //quarantine.htm/Trusted Zone: //ScanNow.htm/Trusted Zone: //strings.vbs/Trusted Zone: //Template.htm/Trusted Zone: //Update.htm/Trusted Zone: //VirFound.htm/Trusted Zone: mcafee.com\*Trusted Zone: mcafeeasap.com\betavscanTrusted Zone: mcafeeasap.com\vsTrusted Zone: mcafeeasap.com\wwwTCP: DhcpNameServer = 192.168.0.1DPF: {707873C7-03BB-4F1A-95EC-4AAF1C3D463E} - hxxps://www.tmtprn.com/wspellam.cabDPF: {B151B524-F451-4036-9663-B3944FA710DF} - hxxp://www.medquist.com/Portals/0/Remote%20Desktop/ENUclientPro.cabFF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\FF - prefs.js: browser.startup.homepage - hxxp://forecast.weather.gov/MapClick.php?CityName=Waukesha&state=WI&site=MKX&textField1=43.0125&textField2=-88.2382FF - prefs.js: network.proxy.type - 1.- - - - ORPHANS REMOVED - - - -.BHO-{01E5565D-5EFD-4AC2-9765-11EEFB17AE99} - c:\windows\system32\atikvmag32.dll...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-07-31 11:30Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(756)c:\windows\system32\Ati2evxx.dll.Completion time: 2011-07-31 11:33:10ComboFix-quarantined-files.txt 2011-07-31 16:33.Pre-Run: 340,790,689,792 bytes freePost-Run: 342,324,260,864 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer.- - End Of File - - D04F811FEEFE2846807FF5B358949398And lastly the new DDS log. I'm not sure if you needed the attachment but included it just in case:.DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Run by Administrator at 11:39:14 on 2011-07-31Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3064.2016 [GMT -5:00].AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}FW: ZoneAlarm Security Suite Firewall *Enabled* .============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\WINDOWS\system32\svchost.exe -k HPServiceC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\MedQuist\MQHostService.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Citrix\ICA Client\concentr.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Citrix\ICA Client\wfcrun32.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\MedQuist\AutoUpdateNotification.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\Program Files\PDF Complete\pdfsvc.exeC:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\eapsvc32.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\atikvmag32.exeC:\Program Files\MedQuist, Inc\DocQvoice Workstation\OEWOutboxService.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\WINDOWS\system32\WinMsgBalloonServer.exeC:\WINDOWS\system32\WinMsgBalloonClient.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\notepad.exeC:\WINDOWS\explorer.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\windows\system32\ZoneLabs\vsmon.exeC:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exeC:\Program Files\CheckPoint\ZAForceField\ForceField.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\SearchProtocolHost.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Waukesha&state=WI&site=MKX&textField1=43.0125&textField2=-88.2382BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No FileTB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dllmRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exemRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startupmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttrayStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\windows\installer\{6b3fdc5d-2fa5-44ad-9dec-5136a85cc524}\_1D0A817BB6B9657202E19A.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTrusted Zone: dynamicvoice.com\advancedwebTrusted Zone: tmtprn.com\wwwTrusted Zone: //about.htm/Trusted Zone: //Exclude.htm/Trusted Zone: //FWEvent.htm/Trusted Zone: //LanguageSelection.htm/Trusted Zone: //Message.htm/Trusted Zone: //MyAgttryCmd.htm/Trusted Zone: //MyAgttryNag.htm/Trusted Zone: //MyNotification.htm/Trusted Zone: //NOCLessUpdate.htm/Trusted Zone: //quarantine.htm/Trusted Zone: //ScanNow.htm/Trusted Zone: //strings.vbs/Trusted Zone: //Template.htm/Trusted Zone: //Update.htm/Trusted Zone: //VirFound.htm/Trusted Zone: mcafee.com\*Trusted Zone: mcafeeasap.com\betavscanTrusted Zone: mcafeeasap.com\vsTrusted Zone: mcafeeasap.com\wwwDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275532971921DPF: {707873C7-03BB-4F1A-95EC-4AAF1C3D463E} - hxxps://www.tmtprn.com/wspellam.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cabDPF: {B151B524-F451-4036-9663-B3944FA710DF} - hxxp://www.medquist.com/Portals/0/Remote%20Desktop/ENUclientPro.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabTCP: DhcpNameServer = 192.168.0.1TCP: Interfaces\{8EB6F265-82F4-4E18-A3D9-98EC570F2E04} : DhcpNameServer = 192.168.0.1TCP: Interfaces\{BBBA6926-9994-40FE-BCDA-2834D0AC130C} : DhcpNameServer = 192.168.0.1Notify: AtiExtEvent - Ati2evxx.dllSEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\wueq4cf6.default\FF - prefs.js: browser.startup.homepage - hxxp://forecast.weather.gov/MapClick.php?CityName=Waukesha&state=WI&site=MKX&textField1=43.0125&textField2=-88.2382FF - prefs.js: network.proxy.type - 1FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll.============= SERVICES / DRIVERS ===============.R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2009-8-31 184888]R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2011-7-27 128016]R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-7-27 317072]R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-27 214024]R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-2-20 528128]R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\amd\raidxpert\bin\RAIDXpertService.exe [2009-3-16 122880]R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2009-7-10 110592]R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 26352]R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 493032]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-27 366640]R2 MedQuist Client Platform Service;MedQuist Client Platform Service;c:\program files\common files\medquist\MQHostService.exe [2010-5-20 28672]R2 OEWOutboxService;OEW Outbox Service;c:\program files\medquist, inc\docqvoice workstation\OEWOutboxService.exe [2010-5-28 73728]R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-1-27 635416]R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]R2 W32Time32;Windows Time ;c:\windows\system32\eapsvc32.exe [2011-7-25 786432]R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-12-18 44800]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-27 22712]R3 wpkbdclassfiltr;Words+ Upper Class Keyboard Filter Driver;c:\windows\system32\drivers\wpkbdclassfiltr.sys [2010-5-21 5024]S2 0097991266720622mcinstcleanup;McAfee Application Installer Cleanup (0097991266720622);c:\docume~1\admini~1\locals~1\temp\009799~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\admini~1\locals~1\temp\009799~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2010-2-20 20160]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-4-27 41272]S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-1-27 79816]S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-1-27 35272]S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-1-27 34248].=============== Created Last 30 ================.2011-07-31 16:23:01 -------- d-sha-r- C:\cmdcons2011-07-31 16:21:51 98816 ----a-w- c:\windows\sed.exe2011-07-31 16:21:51 518144 ----a-w- c:\windows\SWREG.exe2011-07-31 16:21:51 256000 ----a-w- c:\windows\PEV.exe2011-07-31 16:21:51 208896 ----a-w- c:\windows\MBR.exe2011-07-27 14:29:40 128016 ----a-w- c:\windows\system32\drivers\kl1.sys2011-07-27 14:28:15 1238528 ----a-w- c:\windows\system32\zpeng25.dll2011-07-26 03:31:43 786432 ----a-w- c:\windows\system32\atikvmag32.exe2011-07-26 03:31:40 786432 ----a-w- c:\windows\system32\eapsvc32.exe2011-07-25 12:28:14 -------- d-----w- c:\program files\iPod2011-07-25 12:19:51 -------- d-----w- c:\program files\Bonjour2011-07-14 12:35:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll.==================== Find3M ====================.2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys2011-05-10 13:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll2011-05-10 13:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys.============= FINISH: 11:39:51.87 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted August 3, 2011 Staff ID:461424 Share Posted August 3, 2011 Hi,Please go to VirusTotal, and upload the following file for analysis:c:\windows\system32\eapsvc32.exePost the results in your reply.Also zip up that file and attach it to your reply. Link to post Share on other sites More sharing options...
WilliSquirrel Posted August 4, 2011 Author ID:461577 Share Posted August 4, 2011 Hi Chris,Thanks for the help ... can you tell me where I go to "VirusTotal"? I didn't see any links to click on in your post. It's been a long day so maybe I'm just missing it?Thanks, Link to post Share on other sites More sharing options...
Staff screen317 Posted August 5, 2011 Staff ID:462403 Share Posted August 5, 2011 Hi,Here is the link; not sure why it didn't show up before:www.virustotal.comBefore you upload it, update MBAM, run a Quick Scan, and see if it detects it. If not, proceed with the upload. Link to post Share on other sites More sharing options...
WilliSquirrel Posted August 8, 2011 Author ID:463500 Share Posted August 8, 2011 Hi,Here is the link; not sure why it didn't show up before:www.virustotal.comBefore you upload it, update MBAM, run a Quick Scan, and see if it detects it. If not, proceed with the upload.Sorry it took so long to get back ... I was out of town for a couple of days. I went to the virus total website and tried to have the c:/windows/system32/eapsvc32.exe file analyzed, but I don't know what I'm doing wrong. For a split second a screen comes up indicating it is checking and then just goes back to the main screen. Does it take quite a while to do this? As an aside, besides this file you mention, my Zone Alarm is also picking up a c:/windows/system32/atikvmag32.exe as a trojan. I'm sorry to be such a pain, but I am not having any luck with the VirusTotal. Time lapsed has been 15 minutes, and I'm not seeing a result.I did run the updated MBAM which didn't detect it, but as I say, my Zone Alarm is detecting it.Thanks, Willi Link to post Share on other sites More sharing options...
WilliSquirrel Posted August 8, 2011 Author ID:463507 Share Posted August 8, 2011 Chris,Okay, I just found the Virus Total Uploader and downloaded that. But it tells me that VirusTotal Uploader couldn't load the file?Thanks again ... Link to post Share on other sites More sharing options...
Staff screen317 Posted August 9, 2011 Staff ID:463523 Share Posted August 9, 2011 Hi,Instead, zip up the file and attach it to your reply.Before you do though, update MBAM, run a Quick Scan, and post its log. Link to post Share on other sites More sharing options...
WilliSquirrel Posted August 9, 2011 Author ID:463552 Share Posted August 9, 2011 Hi,Instead, zip up the file and attach it to your reply.Before you do though, update MBAM, run a Quick Scan, and post its log.Ok, here is the latest log after running MBAM:Malwarebytes' Anti-Malware 1.51.1.1800www.malwarebytes.orgDatabase version: 7413Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187028/8/2011 8:36:21 PMmbam-log-2011-08-08 (20-36-21).txtScan type: Quick scanObjects scanned: 164551Time elapsed: 2 minute(s), 31 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)I also tried to access c:/windows/system32/eapsvc32.exe to zip the file as you requested, and I get an error message that reads: "File not found or no read permission." Link to post Share on other sites More sharing options...
Staff screen317 Posted August 10, 2011 Staff ID:464490 Share Posted August 10, 2011 Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).Try zipping it again. Link to post Share on other sites More sharing options...
WilliSquirrel Posted August 11, 2011 Author ID:464610 Share Posted August 11, 2011 Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).Try zipping it again.Hi Chris,Okay, here's the deal. I hope I can explain this well enough. As I mentioned above, I had trouble copying or zipping up the file last night. Throughout the last couple of days, my Zone Alarm kept scanning and picked up two trojan files - c:\windows\system32\eapsvc32.exe and c:\windows\system32\atikvmag32.exe. Each time my Zone Alarm indicated they could not be quarantined and gave me the option to delete them, which I did not do. Later on last evening, ZA picked them up again except this time it recommended "delete on reboot." I applied those actions and this took the files out of my directory. However, it does appear that I have a zipped file (I don't know how that happened - it wasn't working for me last night). Not sure if it zipped correctly but I'll attach it below.Now, I have noticed for the past four or five days, I am not being redirected anymore when I use any search engine. I don't know if this indicates that the trojan is gone or not. As you usually suggest, I ran another MBAM update and quick scan. Here is the log:Malwarebytes' Anti-Malware 1.51.1.1800www.malwarebytes.orgDatabase version: 7431Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187028/10/2011 10:01:58 PMmbam-log-2011-08-10 (22-01-58).txtScan type: Quick scanObjects scanned: 164682Time elapsed: 2 minute(s), 25 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)My apologies to you for my not being all that savvy when it comes to this stuff ... I do the best I can, and I hope you can help me eradicate whatever it is I'm dealing with! Thanks,Willieapsvc32.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted August 11, 2011 Staff ID:464858 Share Posted August 11, 2011 Hi,Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:http://forums.malwarebytes.org/index.php?showtopic=91016Collect::c:\windows\system32\eapsvc32.exec:\windows\system32\atikvmag32.exeSave this as CFScript.txtRefering to the picture above, drag CFScript.txt into ComboFix.exeWhen finished, it shall produce a log for you. Post that log in your next reply.**Note** When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.Ensure you are connected to the internet and click OK on the message box. Link to post Share on other sites More sharing options...
WilliSquirrel Posted August 11, 2011 Author ID:464920 Share Posted August 11, 2011 Ok, the ComboFix log is added as an attachment (said it was too long to post here):Thanks,Combo Fix Log.txt Link to post Share on other sites More sharing options...
Staff screen317 Posted August 15, 2011 Staff ID:465997 Share Posted August 15, 2011 Hmmm something isn't right here.Click Start --> Run, enter cmd.exe, and press EnterIn the black box that appears, enter this command exactly as shown:chkdsk>"%userprofile%\desktop\chkdsk.txt"Press Enter. When it finishes, open chkdsk.txt on your Desktop and post its contents here.-screen317 Link to post Share on other sites More sharing options...
WilliSquirrel Posted August 16, 2011 Author ID:466046 Share Posted August 16, 2011 As requested, here is chkdsk.txt log:The type of the file system is NTFS.WARNING! F parameter not specified.Running CHKDSK in read-only mode.CHKDSK is verifying files (stage 1 of 3)...0 percent completed. 1 percent completed. 2 percent completed. 3 percent completed. 4 percent completed. 5 percent completed. 6 percent completed. 7 percent completed. 8 percent completed. 9 percent completed. 10 percent completed. 11 percent completed. 12 percent completed. 13 percent completed. 14 percent completed. 15 percent completed. 16 percent completed. 17 percent completed. 18 percent completed. 19 percent completed. 20 percent completed. 21 percent completed. 22 percent completed. 23 percent completed. 24 percent completed. 25 percent completed. 26 percent completed. 27 percent completed. 28 percent completed. 29 percent completed. 30 percent completed. 31 percent completed. 32 percent completed. 33 percent completed. 34 percent completed. 35 percent completed. 36 percent completed. 37 percent completed. 38 percent completed. 39 percent completed. 40 percent completed. 41 percent completed. 42 percent completed. 43 percent completed. 44 percent completed. 45 percent completed. 46 percent completed. 47 percent completed. 48 percent completed. 49 percent completed. 50 percent completed. 51 percent completed. 52 percent completed. 53 percent completed. 54 percent completed. 55 percent completed. 56 percent completed. 57 percent completed. 58 percent completed. 59 percent completed. 60 percent completed. 61 percent completed. 62 percent completed. 63 percent completed. 64 percent completed. 65 percent completed. 66 percent completed. 67 percent completed. 68 percent completed. 69 percent completed. 70 percent completed. 71 percent completed. 72 percent completed. 73 percent completed. 74 percent completed. 75 percent completed. 76 percent completed. 77 percent completed. 78 percent completed. 79 percent completed. 80 percent completed. 81 percent completed. 82 percent completed. 83 percent completed. 84 percent completed. 85 percent completed. 86 percent completed. 87 percent completed. 88 percent completed. 89 percent completed. 90 percent completed. 91 percent completed. 92 percent completed. 93 percent completed. 94 percent completed. 95 percent completed. 96 percent completed. 97 percent completed. 98 percent completed. 99 percent completed. 100 percent completed. File verification completed.CHKDSK is verifying indexes (stage 2 of 3)...0 percent completed. 1 percent completed. 2 percent completed. 3 percent completed. 4 percent completed. 5 percent completed. 6 percent completed. 7 percent completed. 8 percent completed. 9 percent completed. 10 percent completed. 11 percent completed. 12 percent completed. 13 percent completed. 14 percent completed. 15 percent completed. 16 percent completed. 17 percent completed. 18 percent completed. 19 percent completed. 20 percent completed. 21 percent completed. 22 percent completed. 23 percent completed. 24 percent completed. 25 percent completed. 26 percent completed. 27 percent completed. 28 percent completed. 29 percent completed. 30 percent completed. 31 percent completed. 32 percent completed. 33 percent completed. 34 percent completed. 35 percent completed. 36 percent completed. 37 percent completed. 38 percent completed. 39 percent completed. 40 percent completed. 41 percent completed. 42 percent completed. 43 percent completed. 44 percent completed. 45 percent completed. 46 percent completed. 47 percent completed. 48 percent completed. 49 percent completed. 50 percent completed. 51 percent completed. 52 percent completed. 53 percent completed. 54 percent completed. 55 percent completed. 56 percent completed. 57 percent completed. 58 percent completed. 59 percent completed. 60 percent completed. 61 percent completed. 62 percent completed. 63 percent completed. 64 percent completed. 65 percent completed. 66 percent completed. 67 percent completed. 68 percent completed. 69 percent completed. 70 percent completed. 71 percent completed. 72 percent completed. 73 percent completed. 74 percent completed. 75 percent completed. 76 percent completed. 77 percent completed. 78 percent completed. 79 percent completed. 80 percent completed. 81 percent completed. 82 percent completed. 83 percent completed. 84 percent completed. 85 percent completed. 86 percent completed. 87 percent completed. 88 percent completed. 89 percent completed. 90 percent completed. 91 percent completed. 92 percent completed. 93 percent completed. 94 percent completed. 95 percent completed. 96 percent completed. 97 percent completed. 98 percent completed. 99 percent completed. 100 percent completed. Index verification completed.CHKDSK is verifying security descriptors (stage 3 of 3)...0 percent completed. 1 percent completed. 2 percent completed. 3 percent completed. 4 percent completed. 5 percent completed. 6 percent completed. 7 percent completed. 8 percent completed. 9 percent completed. 10 percent completed. 11 percent completed. 12 percent completed. 13 percent completed. 14 percent completed. 15 percent completed. 16 percent completed. 17 percent completed. 18 percent completed. 19 percent completed. 20 percent completed. 21 percent completed. 22 percent completed. 23 percent completed. 24 percent completed. 25 percent completed. 26 percent completed. 27 percent completed. 28 percent completed. 29 percent completed. 30 percent completed. 31 percent completed. 32 percent completed. 33 percent completed. 34 percent completed. 35 percent completed. 36 percent completed. 37 percent completed. 38 percent completed. 39 percent completed. 40 percent completed. 41 percent completed. 42 percent completed. 43 percent completed. 44 percent completed. 45 percent completed. 46 percent completed. 47 percent completed. 48 percent completed. 49 percent completed. 50 percent completed. 51 percent completed. 52 percent completed. 53 percent completed. 54 percent completed. 55 percent completed. 56 percent completed. 57 percent completed. 58 percent completed. 59 percent completed. 60 percent completed. 61 percent completed. 62 percent completed. 63 percent completed. 64 percent completed. 65 percent completed. 66 percent completed. 67 percent completed. 68 percent completed. 69 percent completed. 70 percent completed. 71 percent completed. 72 percent completed. 73 percent completed. 74 percent completed. 75 percent completed. 76 percent completed. 77 percent completed. 78 percent completed. 79 percent completed. 80 percent completed. 81 percent completed. 82 percent completed. 83 percent completed. 84 percent completed. 85 percent completed. 86 percent completed. 87 percent completed. 88 percent completed. 89 percent completed. 90 percent completed. 91 percent completed. 92 percent completed. 93 percent completed. 94 percent completed. 95 percent completed. 96 percent completed. 97 percent completed. 98 percent completed. 99 percent completed. 100 percent completed. Security descriptor verification completed.CHKDSK is verifying Usn Journal...Usn Journal verification completed.CHKDSK discovered free space marked as allocated in the volume bitmap.Windows found problems with the file system.Run CHKDSK with the /F (fix) option to correct these. 374948043 KB total disk space. 24696252 KB in 78594 files. 28372 KB in 10261 indexes. 0 KB in bad sectors. 369711 KB in use by the system. 65536 KB occupied by the log file. 349853708 KB available on disk. 4096 bytes in each allocation unit. 93737010 total allocation units on disk. 87463427 allocation units available on disk. Link to post Share on other sites More sharing options...
Staff screen317 Posted August 18, 2011 Staff ID:466816 Share Posted August 18, 2011 Hi,Looks like there are issues with your hard drive.Go back to cmd.exeIn the black box that appears, enter this command exactly as shown:chkdsk /rPress Enter. When prompted, type Y and press Enter. Upon restart, a disk check will commence. Allow it to finish and note any messages it gives.-screen317 Link to post Share on other sites More sharing options...
WilliSquirrel Posted August 18, 2011 Author ID:467083 Share Posted August 18, 2011 Hi,I did as directed in your last post. Chkdsk ran for about 45 minutes and verified files, indexes, security descriptors, USN Journal, file data and free space. Unfortunately I missed all the info that was flashed after the last verification took place (free space) so I don't know if there were any messages.I really appreciate your timely responses in helping me try to eradicate the trojan. I must say you guys are all TREMENDOUS! That said, I just am not computer savvy enough (for example, in pausing the screen to take down any messages it gave me), so I'm probably going to have to find some time to take my computer in somewhere. Again, I appreciate all your help each and every step of the way. I think the problem probably is just too big for me to handle. Thanks, Chris! Willi Link to post Share on other sites More sharing options...
Staff screen317 Posted August 22, 2011 Staff ID:468352 Share Posted August 22, 2011 Okay thanks for letting me know.Don't hesitate to ask if there's anything else I can do for you. Link to post Share on other sites More sharing options...
Staff screen317 Posted September 3, 2011 Staff ID:472245 Share Posted September 3, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted September 18, 2011 Staff ID:477053 Share Posted September 18, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts