Trying to clean computer!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

harkley

Thread Starter
Joined
Nov 9, 2011
Messages
43
I have enclosed a hijack this log, dds logs, and GMER log. I am not 100 percent sure I posted these logs correctly as I just copied and pasted them. I have been having some troubles with getting rid of some problems on this computer. Everytime I run a superantispyware scan, about 32 tracking cookies come up and every so often a trojan comes up. I think the trojans are coming from my brothers facebooking and online gaming. The trojans are not always there but the adware tracking cookies are. Also, we had a family friend come and help us and he must have put 10 different free registry cleaner programs on the computer and 4 or 5 antivirus programs. Everytime I turn on the computer about 4 different windows pop up claiming that there has been registry errors or malware detected and that I should purchase the program to fix the problem. I am looking for help in getting rid of these programs and cleaning the computer up.


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/10/2008 2:04:00 PM
System Uptime: 11/14/2011 7:47:32 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0RY206
Processor: AMD Sempron(tm) Processor LE-1300 | Socket AM2 | 2310/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 101.247 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP482: 8/16/2011 12:04:33 PM - System Checkpoint
RP483: 8/16/2011 9:51:57 PM - Software Distribution Service 3.0
RP484: 8/17/2011 10:32:04 PM - System Checkpoint
RP485: 8/18/2011 10:43:10 PM - Software Distribution Service 3.0
RP486: 8/20/2011 11:57:39 AM - Software Distribution Service 3.0
RP487: 8/21/2011 2:28:54 AM - Software Distribution Service 3.0
RP488: 8/21/2011 11:53:27 AM - Software Distribution Service 3.0
RP489: 8/22/2011 12:59:11 PM - System Checkpoint
RP490: 8/22/2011 6:25:27 PM - Software Distribution Service 3.0
RP491: 8/23/2011 7:23:09 PM - System Checkpoint
RP492: 8/24/2011 9:48:20 AM - Software Distribution Service 3.0
RP493: 8/24/2011 4:00:40 PM - Software Distribution Service 3.0
RP494: 8/25/2011 7:58:35 PM - Software Distribution Service 3.0
RP495: 8/27/2011 8:45:47 AM - Software Distribution Service 3.0
RP496: 8/28/2011 1:56:29 AM - Software Distribution Service 3.0
RP497: 8/29/2011 2:54:06 AM - System Checkpoint
RP498: 8/29/2011 10:56:04 AM - Software Distribution Service 3.0
RP499: 8/30/2011 1:42:10 PM - Software Distribution Service 3.0
RP500: 8/31/2011 2:02:38 PM - Software Distribution Service 3.0
RP501: 9/1/2011 2:44:39 PM - System Checkpoint
RP502: 9/2/2011 10:18:04 AM - Software Distribution Service 3.0
RP503: 9/3/2011 10:40:22 AM - System Checkpoint
RP504: 9/4/2011 10:10:08 PM - Software Distribution Service 3.0
RP505: 9/5/2011 10:45:24 PM - System Checkpoint
RP506: 9/7/2011 7:06:54 AM - Software Distribution Service 3.0
RP507: 9/7/2011 4:00:14 PM - Software Distribution Service 3.0
RP508: 9/8/2011 2:12:29 PM - Software Distribution Service 3.0
RP509: 9/9/2011 8:35:20 PM - Software Distribution Service 3.0
RP510: 9/14/2011 9:28:24 AM - Software Distribution Service 3.0
RP511: 9/15/2011 10:37:33 AM - Software Distribution Service 3.0
RP512: 9/15/2011 4:00:16 PM - Software Distribution Service 3.0
RP513: 9/16/2011 11:32:58 AM - Software Distribution Service 3.0
RP514: 9/17/2011 12:34:46 PM - Software Distribution Service 3.0
RP515: 9/19/2011 8:33:12 AM - Software Distribution Service 3.0
RP516: 9/20/2011 11:44:58 AM - Software Distribution Service 3.0
RP517: 9/21/2011 11:51:48 AM - System Checkpoint
RP518: 9/21/2011 10:03:03 PM - Software Distribution Service 3.0
RP519: 9/23/2011 11:14:33 AM - Software Distribution Service 3.0
RP520: 9/24/2011 3:39:43 PM - Software Distribution Service 3.0
RP521: 9/26/2011 12:02:21 PM - Software Distribution Service 3.0
RP522: 9/27/2011 12:18:47 PM - System Checkpoint
RP523: 9/28/2011 10:39:10 AM - Software Distribution Service 3.0
RP524: 9/28/2011 4:00:28 PM - Software Distribution Service 3.0
RP525: 9/29/2011 5:29:44 PM - Software Distribution Service 3.0
RP526: 9/30/2011 7:09:31 PM - Software Distribution Service 3.0
RP527: 10/1/2011 10:50:14 PM - Software Distribution Service 3.0
RP528: 10/3/2011 9:42:39 AM - Software Distribution Service 3.0
RP529: 10/4/2011 11:34:23 AM - Software Distribution Service 3.0
RP530: 10/5/2011 11:49:13 AM - System Checkpoint
RP531: 10/6/2011 10:33:20 AM - Software Distribution Service 3.0
RP532: 10/7/2011 12:18:27 PM - Software Distribution Service 3.0
RP533: 10/8/2011 1:32:10 PM - System Checkpoint
RP534: 10/8/2011 7:10:34 PM - Software Distribution Service 3.0
RP535: 10/20/2011 2:07:45 PM - Software Distribution Service 3.0
RP536: 10/20/2011 3:23:48 PM - Software Distribution Service 3.0
RP537: 10/21/2011 4:50:12 PM - Software Distribution Service 3.0
RP538: 10/22/2011 5:54:23 PM - System Checkpoint
RP539: 10/24/2011 11:05:48 AM - Software Distribution Service 3.0
RP540: 10/25/2011 10:25:25 PM - Software Distribution Service 3.0
RP541: 10/28/2011 6:12:07 PM - Software Distribution Service 3.0
RP542: 10/29/2011 10:27:49 PM - Software Distribution Service 3.0
RP543: 10/31/2011 9:08:40 PM - Software Distribution Service 3.0
RP544: 11/3/2011 9:35:48 PM - Software Distribution Service 3.0
RP545: 11/5/2011 1:14:49 PM - Software Distribution Service 3.0
RP546: 11/6/2011 9:38:03 PM - Software Distribution Service 3.0
RP547: 11/8/2011 8:08:05 PM - Software Distribution Service 3.0
RP548: 11/9/2011 4:00:13 PM - Software Distribution Service 3.0
RP549: 11/10/2011 4:00:13 PM - Software Distribution Service 3.0
RP550: 11/10/2011 6:20:28 PM - Software Distribution Service 3.0
RP551: 11/10/2011 6:36:29 PM - Installed HiJackThis
RP552: 11/11/2011 7:24:21 PM - Software Distribution Service 3.0
RP553: 11/12/2011 7:19:06 PM - Software Distribution Service 3.0
RP554: 11/13/2011 1:52:00 AM - Software Distribution Service 3.0
RP555: 11/13/2011 7:18:47 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Browser Address Error Redirector
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Costco Photo Organizer
Dell Support Center
Documentation & Support Launcher
EarthLink Setup Files
Eusing Free Registry Cleaner
Free Registry Defrag
Free Window Registry Repair
Games, Music, & Photos Launcher
Google Desktop
Google Update Helper
High Definition Audio Driver Package - KB835221
HiJackThis
honestech VHS to DVD 3.0 Deluxe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
Info Center 1.0.0.5
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Master of Orion II
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
Modem Diagnostic Tool
Morrowind
Mozilla Firefox 8.0 (x86 en-US)
Need for Speed(TM) Hot Pursuit
Need for Speed™ Most Wanted
NetWaiting
Norton Internet Security
Norton Security Scan
NVIDIA Drivers
PowerDVD
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Registry Mechanic 10.0
RegZooka v2.7
Security Task Manager 1.8c
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SpeedingUpMyPC v2.2
SUPERAntiSpyware
System Requirements Lab CYRI
TES Construction Set
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 VIDBOX NW03
Viewpoint Media Player
WebFldrs XP
Windows Driver Package - eMPIA Technology (USB28xxBGA) Media (06/22/2007 6.22.0116.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
Wise PC Engineer 6.3.6
Yahoo! Internet Mail
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/8/2011 7:57:50 PM, error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the path specified.
11/10/2011 4:02:13 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/10/2011 3:57:12 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Lori at 19:55:57 on 2011-11-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1387 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpeedingUpMyPC\SPMTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
uSearch Bar =
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.startsearcher.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SPMTray] c:\program files\speedingupmypc\SPMTray.exe
uRun: [pxswo] c:\program files\bvmrfgwrfeypui\kjduznoe.exe kj
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [pxswo] c:\program files\bvmrfgwrfeypui\kjduznoe.exe kj
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Info Center] c:\program files\pcpitstop\info center\InfoCenter.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C0ED9003-CD25-43F5-B3E2-5BB804A76EF9} : DhcpNameServer = 192.168.1.1 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lori\application data\mozilla\firefox\profiles\mj0ythcw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-2 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20111014.001\BHDrvx86.sys [2011-10-14 818808]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl04123d34;MpKsl04123d34;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d73adac-88e3-458b-bdf4-badee417a9a7}\MpKsl04123d34.sys [2011-11-14 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-2 136312]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-3-24 632792]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]
S1 MpKsl0f0c3e1c;MpKsl0f0c3e1c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{07eb4650-5f22-4e63-bc55-7a2a92e24f23}\mpksl0f0c3e1c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{07eb4650-5f22-4e63-bc55-7a2a92e24f23}\MpKsl0f0c3e1c.sys [?]
S1 MpKsl30d8cb02;MpKsl30d8cb02;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{232f7192-3def-4499-801f-7ebb8b0b6405}\mpksl30d8cb02.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{232f7192-3def-4499-801f-7ebb8b0b6405}\MpKsl30d8cb02.sys [?]
S1 MpKsl48b9934e;MpKsl48b9934e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eb93fd3-242f-482e-b0fd-7078350786e3}\mpksl48b9934e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eb93fd3-242f-482e-b0fd-7078350786e3}\MpKsl48b9934e.sys [?]
S1 MpKsl672bbe59;MpKsl672bbe59;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3b523723-8764-46f1-9dcb-93729018f814}\mpksl672bbe59.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3b523723-8764-46f1-9dcb-93729018f814}\MpKsl672bbe59.sys [?]
S1 MpKsl86ddbffd;MpKsl86ddbffd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{82445786-5392-4623-9e9f-516030f5bb2b}\mpksl86ddbffd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{82445786-5392-4623-9e9f-516030f5bb2b}\MpKsl86ddbffd.sys [?]
S1 MpKsl8e7fd320;MpKsl8e7fd320;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b974220-eaea-4f1e-8285-dbdd4ac176cb}\mpksl8e7fd320.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b974220-eaea-4f1e-8285-dbdd4ac176cb}\MpKsl8e7fd320.sys [?]
S1 MpKslb07c79e2;MpKslb07c79e2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f7a9094-aa07-4bbc-83f0-0d0f0b450137}\mpkslb07c79e2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f7a9094-aa07-4bbc-83f0-0d0f0b450137}\MpKslb07c79e2.sys [?]
S1 MpKslbaa5ee26;MpKslbaa5ee26;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc4f6741-d26f-4199-bad0-c46b77adfe9a}\mpkslbaa5ee26.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc4f6741-d26f-4199-bad0-c46b77adfe9a}\MpKslbaa5ee26.sys [?]
S1 MpKslc71cf596;MpKslc71cf596;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{26c16028-a7c5-4931-9c5e-600e81434195}\mpkslc71cf596.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{26c16028-a7c5-4931-9c5e-600e81434195}\MpKslc71cf596.sys [?]
S1 MpKsld5e08379;MpKsld5e08379;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{464fba59-2470-466b-a6e8-947eabf8e3b8}\mpksld5e08379.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{464fba59-2470-466b-a6e8-947eabf8e3b8}\MpKsld5e08379.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [2011-3-24 23552]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-23 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20111021.030\IDSXpx86.sys [2011-10-21 356280]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20111021.034\NAVENG.SYS [2011-10-22 86136]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20111021.034\NAVEX15.SYS [2011-10-22 1576312]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\wpro_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
.
=============== Created Last 30 ================
.
2011-11-15 02:48:06 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d73adac-88e3-458b-bdf4-badee417a9a7}\MpKsl04123d34.sys
2011-11-15 02:48:03 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d73adac-88e3-458b-bdf4-badee417a9a7}\offreg.dll
2011-11-14 02:18:49 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d73adac-88e3-458b-bdf4-badee417a9a7}\mpengine.dll
2011-11-11 01:36:31 388096 ----a-r- c:\documents and settings\lori\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-11 01:36:30 -------- d-----w- c:\program files\Trend Micro
.
==================== Find3M ====================
.
2011-11-11 01:22:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 19:56:41.08 ===============


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:54:35 PM, on 11/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpeedingUpMyPC\SPMTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: BHO Project - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SPMTray] C:\Program Files\SpeedingUpMyPC\SPMTray.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google Inc. - (no file)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8940 bytes




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-15 13:23:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 SAMSUNG_HD161HJ rev.JF100-22
Running: i6v8lwfy.exe; Driver: C:\DOCUME~1\Lori\LOCALS~1\Temp\uwldypob.sys


---- System - GMER 1.0.15 ----

SSDT 8A27FAA8 ZwAlertResumeThread
SSDT 8A280E10 ZwAlertThread
SSDT 8A091220 ZwAllocateVirtualMemory
SSDT 8A1E7F80 ZwAssignProcessToJobObject
SSDT 89AC96F0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB5E4D710]
SSDT 8A2552F8 ZwCreateMutant
SSDT 8A1736A0 ZwCreateSymbolicLinkObject
SSDT 8A1195B8 ZwCreateThread
SSDT 8A22F5F8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB5E4D990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB5E4DEF0]
SSDT 88F1D4A8 ZwDuplicateObject
SSDT 8A1919A0 ZwFreeVirtualMemory
SSDT 8A295840 ZwImpersonateAnonymousToken
SSDT 8A288E90 ZwImpersonateThread
SSDT 8A125AC0 ZwLoadDriver
SSDT 8A118F10 ZwMapViewOfSection
SSDT 8A26D550 ZwOpenEvent
SSDT 8A17A2B8 ZwOpenProcess
SSDT 8A4F8548 ZwOpenProcessToken
SSDT 8A2493E8 ZwOpenSection
SSDT 8A17AFC0 ZwOpenThread
SSDT 8A080758 ZwProtectVirtualMemory
SSDT 8A272438 ZwResumeThread
SSDT 8A507CE8 ZwSetContextThread
SSDT 8A1D4AB8 ZwSetInformationProcess
SSDT 8A241800 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB5E4E140]
SSDT 8A2768E8 ZwSuspendProcess
SSDT 8A395240 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB5DB1640]
SSDT 8A4A5E20 ZwTerminateThread
SSDT 8A417788 ZwUnmapViewOfSection
SSDT 8A136C50 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2578 80501DB0 4 Bytes [E8, 93, 24, 8A]
.text ntkrnlpa.exe!ZwCallbackReturn + 26D8 80501F10 4 Bytes [E8, 7C, 50, 8A]
.text ntkrnlpa.exe!ZwCallbackReturn + 2778 80501FB0 8 Bytes CALL C0DA471D
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9318380, 0x300577, 0xE8000020]
? C:\DOCUME~1\Lori\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[156] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01A90350 C:\WINDOWS\system32\msnunperp.dll
.text C:\WINDOWS\Explorer.EXE[156] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01A90A30 C:\WINDOWS\system32\msnunperp.dll
.text C:\WINDOWS\Explorer.EXE[156] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 01A90490 C:\WINDOWS\system32\msnunperp.dll
.text C:\WINDOWS\Explorer.EXE[156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01A82B70 C:\WINDOWS\system32\msnunperp.dll
.text C:\WINDOWS\Explorer.EXE[156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01A82E50 C:\WINDOWS\system32\msnunperp.dll
.text C:\WINDOWS\Explorer.EXE[156] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 01A902D0 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2164] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 10010350 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2164] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10010A30 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2164] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 10010490 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2164] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10002B70 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2164] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10002E50 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2164] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 100102D0 C:\WINDOWS\system32\msnunperp.dll
.text C:\WINDOWS\system32\ctfmon.exe[2188] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 10010350 C:\WINDOWS\system32\msnunperp.dll
.text C:\WINDOWS\system32\ctfmon.exe[2188] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10010A30 C:\WINDOWS\system32\msnunperp.dll
.text C:\WINDOWS\system32\ctfmon.exe[2188] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 10010490 C:\WINDOWS\system32\msnunperp.dll
.text C:\WINDOWS\system32\ctfmon.exe[2188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10002B70 C:\WINDOWS\system32\msnunperp.dll
.text C:\WINDOWS\system32\ctfmon.exe[2188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10002E50 C:\WINDOWS\system32\msnunperp.dll
.text C:\WINDOWS\system32\ctfmon.exe[2188] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 100102D0 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe[2260] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 10010350 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe[2260] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10010A30 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe[2260] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 10010490 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe[2260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10002B70 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe[2260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10002E50 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe[2260] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 100102D0 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2688] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 04A50350 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2688] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 04A50A30 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2688] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 04A50490 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 04A42B70 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 04A42E50 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2688] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 04A502D0 C:\WINDOWS\system32\msnunperp.dll
.text C:\Documents and Settings\Lori\Desktop\i6v8lwfy.exe[3472] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 10010350 C:\WINDOWS\system32\msnunperp.dll
.text C:\Documents and Settings\Lori\Desktop\i6v8lwfy.exe[3472] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10010A30 C:\WINDOWS\system32\msnunperp.dll
.text C:\Documents and Settings\Lori\Desktop\i6v8lwfy.exe[3472] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 10010490 C:\WINDOWS\system32\msnunperp.dll
.text C:\Documents and Settings\Lori\Desktop\i6v8lwfy.exe[3472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10002B70 C:\WINDOWS\system32\msnunperp.dll
.text C:\Documents and Settings\Lori\Desktop\i6v8lwfy.exe[3472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10002E50 C:\WINDOWS\system32\msnunperp.dll
.text C:\Documents and Settings\Lori\Desktop\i6v8lwfy.exe[3472] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 100102D0 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3688] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AF0350 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3688] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00AF0A30 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3688] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00AF0490 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AE2B70 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AE2E50 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3688] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 00AF02D0 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3856] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 10010350 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3856] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 10010A30 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3856] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 10010490 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10002B70 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10002E50 C:\WINDOWS\system32\msnunperp.dll
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3856] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 100102D0 C:\WINDOWS\system32\msnunperp.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device B37F3D20
Device B3803428

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [156] 0x01A80000

Process C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe (*** hidden *** ) 1692
Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe [1692] 0x10000000

Process C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe (*** hidden *** ) 1864
Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe [1864] 0x10000000
Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2164] 0x10000000
Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [2188] 0x10000000
Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2260] 0x10000000
Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2688] 0x04A40000
Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\Documents and Settings\Lori\Desktop\i6v8lwfy.exe [3472] 0x10000000
Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\Program Files\Microsoft Security Client\msseces.exe [3688] 0x00AE0000
Library C:\WINDOWS\system32\msnunperp.dll (*** hidden *** ) @ C:\Program Files\Common Files\Java\Java Update\jucheck.exe [3856] 0x10000000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe kj
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\[email protected] C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe kj

---- Files - GMER 1.0.15 ----

File C:\Program Files\Bvmrfgwrfeypui 0 bytes
File C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe 2289172 bytes executable
File C:\Program Files\Bvmrfgwrfeypui\Log 0 bytes
File C:\Program Files\Bvmrfgwrfeypui\Log\Audio 0 bytes
File C:\Program Files\Bvmrfgwrfeypui\Log\Text 0 bytes
File C:\Program Files\Bvmrfgwrfeypui\Log\Text\aiotxt.dat 228731 bytes
File C:\Program Files\Bvmrfgwrfeypui\Log\Visual 0 bytes
File C:\Program Files\Bvmrfgwrfeypui\Log\Visual\05112011.dat 53390547 bytes
File C:\Program Files\Bvmrfgwrfeypui\Log\Visual\05122011.dat 9797675 bytes
File C:\Program Files\Bvmrfgwrfeypui\Log\Visual\05132011.dat 27950246 bytes
File C:\Program Files\Bvmrfgwrfeypui\Log\Visual\05142011.dat 504169770 bytes
File C:\Program Files\Bvmrfgwrfeypui\Log\Visual\05152011.dat 775478026 bytes
File C:\Program Files\Bvmrfgwrfeypui\Log\Visual\05162011.dat 6818439 bytes
File C:\Program Files\Bvmrfgwrfeypui\Log\Visual\05172011.dat 319412736 bytes
File C:\Program Files\Bvmrfgwrfeypui\unins000.dat 18194 bytes
File C:\Program Files\Bvmrfgwrfeypui\unins000.exe 708211 bytes
File C:\WINDOWS\system32\msnunperp.dll 155648 bytes executable

---- EOF - GMER 1.0.15 ----
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Hi and welcome to TSG!

All those installed registry cleaners and multiple antivirus programs was a bad idea.
You will only need one antivirus program. And registry "cleaners" are pretty useless and dangerous to a system.

We will need to uninstall those.

For the antivirus, do you want to keep Microsoft Security Essentials or Norton? Personally I would keep the Microsoft one.

Please do this next...

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
 

harkley

Thread Starter
Joined
Nov 9, 2011
Messages
43
OK, I think we will keep MS Security Essentials as that one appears to be free. Norton has ran out and it costs money to renew. I got a bit confused on how to save to the desktop but I got a Combofix shortcut icon and installed the recovery console and ran the scan. I copied and pasted from the notepad. Is that sufficient?


ComboFix 11-11-16.02 - Lori 11/16/2011 19:16:09.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1402 [GMT -7:00]
Running from: c:\documents and settings\Lori\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\8927A071.TMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\documents and settings\Guest\Application Data\PCFix
c:\documents and settings\Guest\Application Data\PCFix\log.dat
c:\documents and settings\Guest\Application Data\PCFix\unresolvederrors.dat
c:\documents and settings\Lori\Application Data\EurekaLog
c:\documents and settings\Lori\Application Data\PCFix
c:\documents and settings\Lori\Application Data\PCFix\log.dat
c:\documents and settings\Lori\Application Data\PCFix\unresolvederrors.dat
c:\program files\Object
c:\program files\Object\config.ini
c:\windows\system32\drivers\dfg.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_dfg
.
.
((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-17 02:22 . 2011-11-17 02:22 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-11-17 02:22 . 2011-11-17 02:22 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-11-17 02:22 . 2011-11-17 02:22 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-11-17 02:22 . 2011-11-17 02:22 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-11-17 02:22 . 2011-11-17 02:22 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-11-17 02:22 . 2011-11-17 02:22 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-11-17 02:22 . 2011-11-17 02:22 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-11-17 02:22 . 2011-11-17 02:22 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-11-17 02:22 . 2011-11-17 02:22 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-11-17 02:22 . 2011-11-17 02:22 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-11-17 02:22 . 2011-11-17 02:22 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-11-17 02:22 . 2011-11-17 02:22 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-11-17 02:21 . 2011-11-17 02:21 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-11-17 02:21 . 2011-11-17 02:21 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-11-17 02:21 . 2011-11-17 02:21 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-11-17 02:21 . 2011-11-17 02:21 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-11-17 02:21 . 2011-11-17 02:21 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-11-17 02:21 . 2011-11-17 02:21 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F2B0EA-75BC-498C-B5F4-3D447AB3664C}\offreg.dll
2011-11-15 02:59 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F2B0EA-75BC-498C-B5F4-3D447AB3664C}\mpengine.dll
2011-11-11 01:36 . 2011-11-11 01:36 388096 ----a-r- c:\documents and settings\Lori\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-11 01:36 . 2011-11-11 01:36 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 01:22 . 2011-05-27 01:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2011-09-05 04:10 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41 . 2004-08-10 17:51 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41 . 2004-08-10 17:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-16 17:22 . 2011-05-03 18:52 664 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\d3d9caps.tmp
2011-09-06 13:20 . 2004-08-10 17:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2011-11-11 01:22 . 2011-05-07 06:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-10 4615552]
"SPMTray"="c:\program files\SpeedingUpMyPC\SPMTray.exe" [2010-12-09 539408]
"pxswo"="c:\program files\Bvmrfgwrfeypui\kjduznoe.exe" [2006-09-05 2289172]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16859648]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"pxswo"="c:\program files\Bvmrfgwrfeypui\kjduznoe.exe" [2006-09-05 2289172]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2011-04-22 24216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2004-6-16 147456]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-09 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\symds.sys [5/2/2011 4:15 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [5/2/2011 4:15 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx86.sys [10/14/2011 4:10 PM 818808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 11:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [5/2/2011 4:15 PM 136312]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 10:48 AM 116608]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 4:12 PM 130008]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3/24/2011 10:04 AM 632792]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/27/2011 4:25 PM 105592]
S1 MpKsl0f0c3e1c;MpKsl0f0c3e1c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07EB4650-5F22-4E63-BC55-7A2A92E24F23}\MpKsl0f0c3e1c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07EB4650-5F22-4E63-BC55-7A2A92E24F23}\MpKsl0f0c3e1c.sys [?]
S1 MpKsl30d8cb02;MpKsl30d8cb02;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{232F7192-3DEF-4499-801F-7EBB8B0B6405}\MpKsl30d8cb02.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{232F7192-3DEF-4499-801F-7EBB8B0B6405}\MpKsl30d8cb02.sys [?]
S1 MpKsl48b9934e;MpKsl48b9934e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EB93FD3-242F-482E-B0FD-7078350786E3}\MpKsl48b9934e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EB93FD3-242F-482E-B0FD-7078350786E3}\MpKsl48b9934e.sys [?]
S1 MpKsl635c5017;MpKsl635c5017;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F2B0EA-75BC-498C-B5F4-3D447AB3664C}\MpKsl635c5017.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F2B0EA-75BC-498C-B5F4-3D447AB3664C}\MpKsl635c5017.sys [?]
S1 MpKsl672bbe59;MpKsl672bbe59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B523723-8764-46F1-9DCB-93729018F814}\MpKsl672bbe59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B523723-8764-46F1-9DCB-93729018F814}\MpKsl672bbe59.sys [?]
S1 MpKsl86ddbffd;MpKsl86ddbffd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82445786-5392-4623-9E9F-516030F5BB2B}\MpKsl86ddbffd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82445786-5392-4623-9E9F-516030F5BB2B}\MpKsl86ddbffd.sys [?]
S1 MpKsl8e7fd320;MpKsl8e7fd320;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B974220-EAEA-4F1E-8285-DBDD4AC176CB}\MpKsl8e7fd320.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B974220-EAEA-4F1E-8285-DBDD4AC176CB}\MpKsl8e7fd320.sys [?]
S1 MpKslb07c79e2;MpKslb07c79e2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F7A9094-AA07-4BBC-83F0-0D0F0B450137}\MpKslb07c79e2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F7A9094-AA07-4BBC-83F0-0D0F0B450137}\MpKslb07c79e2.sys [?]
S1 MpKslbaa5ee26;MpKslbaa5ee26;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC4F6741-D26F-4199-BAD0-C46B77ADFE9A}\MpKslbaa5ee26.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC4F6741-D26F-4199-BAD0-C46B77ADFE9A}\MpKslbaa5ee26.sys [?]
S1 MpKslc71cf596;MpKslc71cf596;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{26C16028-A7C5-4931-9C5E-600E81434195}\MpKslc71cf596.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{26C16028-A7C5-4931-9C5E-600E81434195}\MpKslc71cf596.sys [?]
S1 MpKsld5e08379;MpKsld5e08379;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{464FBA59-2470-466B-A6E8-947EABF8E3B8}\MpKsld5e08379.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{464FBA59-2470-466B-A6E8-947EABF8E3B8}\MpKsld5e08379.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 4:17 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/23/2008 9:20 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 4:17 PM 135664]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111021.030\IDSXpx86.sys [10/21/2011 5:06 PM 356280]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 23:17]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 23:17]
.
2011-11-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
.
2011-10-20 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-11-16 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-11-13 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-11-16 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-03-24 19:11]
.
2011-11-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
2011-11-17 c:\windows\Tasks\User_Feed_Synchronization-{4F00B7CA-663E-4860-8CD1-EA2CC7565F86}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
2011-11-17 c:\windows\Tasks\User_Feed_Synchronization-{56102F00-5FC7-4B76-A4A5-9FAADFD73A8E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.startsearcher.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
FF - ProfilePath - c:\documents and settings\Lori\Application Data\Mozilla\Firefox\Profiles\mj0ythcw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-16 19:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2500)
c:\windows\system32\WININET.dll
c:\windows\system32\msnunperp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\HPZipm12.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2011-11-16 19:26:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-17 02:26
.
Pre-Run: 108,596,752,384 bytes free
Post-Run: 109,686,722,560 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6DFB802DA8143180A0DE0A0E43676143
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Yes, that's good.

The following programs should be uninstalled then. This can be done via Control Panel > Add or Remove Programs:

Eusing Free Registry Cleaner
Free Registry Defrag
Free Window Registry Repair
Norton Internet Security
Norton Security Scan
Registry Mechanic 10.0
RegZooka v2.7
SpeedingUpMyPC v2.2



Then proceed to the next step:

Please run the following:

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Then proceed to this step:

Please download Malwarebytes' Anti-Malware from Here or Here

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
 

harkley

Thread Starter
Joined
Nov 9, 2011
Messages
43
I just ran tdss killer and I was able to get a report and I highlighted the report but I can not get to copy by right click. Is there another way to copy?
 

harkley

Thread Starter
Joined
Nov 9, 2011
Messages
43
Oh! I just realized how late it is, and it is obviously much later in NY, so I will quit for tonight and check tomorrow for your response. I am not sure why I can't copy that report. I am able to highlight it from top to bottom but when I right click nothing happens.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Good morning!

Are you able to copy it by pressing Ctrl+C?

Then paste with Ctrl+V
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,308
It's unknown how much file and registry damage may have been done to Windows XP and to some of your programs by using all these registry cleaner/booster/optimizer/tuneup utilities.

I'm going to wait until Cheeseball81 is finished with you.

Your best option may be to do a hard drive format and clean reinstall of Windows XP and get a fresh start.

CCleaner

Eusing Free Registry Cleaner

Free Registry Defrag

Free Windows Registry Repair

Registry Mechanic

RegZooka

SpeedingUpMyPC

Wise PC Engineer

---------------------------------------------------
 

harkley

Thread Starter
Joined
Nov 9, 2011
Messages
43
I cannot copy that tdss report. I tried ctrl+c and nothing happens. I noticed that gmer, dds, and hijack this automatically provided notepad pages with the log report on that so it was easy to copy and paste. I have spent a considerable amount of time today looking for that report elsewhere. My computer skills are limited. The dds, attach, hijack this, ark, logs are all in my documents, but I am not seeing the tdss report anywhere. I have closed the report window now. What do you recommend?
 

harkley

Thread Starter
Joined
Nov 9, 2011
Messages
43
Ok I found that tdss text document and I will copy and paste it in just a moment. I am going to go check your directions and see if I need to run MBAM now. Sorry that took so long.
 

harkley

Thread Starter
Joined
Nov 9, 2011
Messages
43
22:41:21.0383 0932 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
22:41:21.0834 0932 ============================================================
22:41:21.0834 0932 Current date / time: 2011/11/16 22:41:21.0834
22:41:21.0834 0932 SystemInfo:
22:41:21.0834 0932
22:41:21.0834 0932 OS Version: 5.1.2600 ServicePack: 3.0
22:41:21.0834 0932 Product type: Workstation
22:41:21.0834 0932 ComputerName: WINDOWSXP
22:41:21.0834 0932 UserName: Lori
22:41:21.0834 0932 Windows directory: C:\WINDOWS
22:41:21.0834 0932 System windows directory: C:\WINDOWS
22:41:21.0834 0932 Processor architecture: Intel x86
22:41:21.0834 0932 Number of processors: 1
22:41:21.0834 0932 Page size: 0x1000
22:41:21.0834 0932 Boot type: Normal boot
22:41:21.0834 0932 ============================================================
22:41:22.0795 0932 Initialize success
22:44:36.0614 2132 ============================================================
22:44:36.0614 2132 Scan started
22:44:36.0614 2132 Mode: Manual;
22:44:36.0614 2132 ============================================================
22:44:37.0285 2132 Abiosdsk - ok
22:44:37.0335 2132 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:44:37.0335 2132 abp480n5 - ok
22:44:37.0385 2132 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:44:37.0385 2132 ACPI - ok
22:44:37.0435 2132 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:44:37.0435 2132 ACPIEC - ok
22:44:37.0455 2132 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:44:37.0465 2132 adpu160m - ok
22:44:37.0495 2132 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:44:37.0495 2132 aec - ok
22:44:37.0545 2132 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:44:37.0545 2132 AFD - ok
22:44:37.0575 2132 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:44:37.0585 2132 agp440 - ok
22:44:37.0605 2132 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:44:37.0605 2132 agpCPQ - ok
22:44:37.0615 2132 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:44:37.0615 2132 Aha154x - ok
22:44:37.0665 2132 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:44:37.0675 2132 aic78u2 - ok
22:44:37.0695 2132 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:44:37.0695 2132 aic78xx - ok
22:44:37.0725 2132 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:44:37.0725 2132 AliIde - ok
22:44:37.0746 2132 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:44:37.0746 2132 alim1541 - ok
22:44:37.0766 2132 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:44:37.0766 2132 amdagp - ok
22:44:37.0786 2132 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:44:37.0786 2132 amsint - ok
22:44:37.0816 2132 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:44:37.0816 2132 asc - ok
22:44:37.0836 2132 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:44:37.0836 2132 asc3350p - ok
22:44:37.0856 2132 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:44:37.0856 2132 asc3550 - ok
22:44:37.0896 2132 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
22:44:37.0896 2132 ASCTRM - ok
22:44:37.0956 2132 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:44:37.0956 2132 AsyncMac - ok
22:44:37.0996 2132 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:44:37.0996 2132 atapi - ok
22:44:38.0006 2132 Atdisk - ok
22:44:38.0036 2132 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:44:38.0056 2132 Atmarpc - ok
22:44:38.0126 2132 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:44:38.0126 2132 audstub - ok
22:44:38.0146 2132 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:44:38.0146 2132 Beep - ok
22:44:38.0166 2132 catchme - ok
22:44:38.0206 2132 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:44:38.0206 2132 cbidf - ok
22:44:38.0216 2132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:44:38.0216 2132 cbidf2k - ok
22:44:38.0266 2132 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:44:38.0266 2132 CCDECODE - ok
22:44:38.0286 2132 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:44:38.0286 2132 cd20xrnt - ok
22:44:38.0306 2132 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:44:38.0306 2132 Cdaudio - ok
22:44:38.0316 2132 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:44:38.0316 2132 Cdfs - ok
22:44:38.0346 2132 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:44:38.0346 2132 Cdrom - ok
22:44:38.0356 2132 Changer - ok
22:44:38.0386 2132 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:44:38.0386 2132 CmdIde - ok
22:44:38.0437 2132 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:44:38.0437 2132 Cpqarray - ok
22:44:38.0477 2132 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:44:38.0477 2132 dac2w2k - ok
22:44:38.0507 2132 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:44:38.0507 2132 dac960nt - ok
22:44:38.0517 2132 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:44:38.0527 2132 Disk - ok
22:44:38.0567 2132 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:44:38.0577 2132 dmboot - ok
22:44:38.0597 2132 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:44:38.0597 2132 dmio - ok
22:44:38.0617 2132 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:44:38.0617 2132 dmload - ok
22:44:38.0657 2132 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:44:38.0657 2132 DMusic - ok
22:44:38.0697 2132 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:44:38.0697 2132 dpti2o - ok
22:44:38.0707 2132 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:44:38.0707 2132 drmkaud - ok
22:44:38.0727 2132 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:44:38.0727 2132 E100B - ok
22:44:38.0737 2132 EagleNT - ok
22:44:38.0787 2132 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:44:38.0787 2132 Fastfat - ok
22:44:38.0817 2132 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:44:38.0817 2132 Fdc - ok
22:44:38.0857 2132 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:44:38.0857 2132 Fips - ok
22:44:38.0887 2132 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:44:38.0887 2132 Flpydisk - ok
22:44:38.0917 2132 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:44:38.0927 2132 FltMgr - ok
22:44:38.0947 2132 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:44:38.0947 2132 Fs_Rec - ok
22:44:38.0957 2132 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:44:38.0967 2132 Ftdisk - ok
22:44:39.0007 2132 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:44:39.0007 2132 GEARAspiWDM - ok
22:44:39.0057 2132 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:44:39.0057 2132 Gpc - ok
22:44:39.0087 2132 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:44:39.0087 2132 HDAudBus - ok
22:44:39.0107 2132 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:44:39.0107 2132 HidUsb - ok
22:44:39.0148 2132 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:44:39.0148 2132 hpn - ok
22:44:39.0188 2132 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:44:39.0188 2132 HPZid412 - ok
22:44:39.0208 2132 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:44:39.0208 2132 HPZipr12 - ok
22:44:39.0238 2132 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:44:39.0238 2132 HPZius12 - ok
22:44:39.0288 2132 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:44:39.0288 2132 HSFHWBS2 - ok
22:44:39.0328 2132 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:44:39.0338 2132 HSF_DP - ok
22:44:39.0388 2132 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:44:39.0398 2132 HTTP - ok
22:44:39.0408 2132 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:44:39.0418 2132 i2omgmt - ok
22:44:39.0428 2132 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:44:39.0438 2132 i2omp - ok
22:44:39.0438 2132 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:44:39.0448 2132 i8042prt - ok
22:44:39.0488 2132 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:44:39.0488 2132 Imapi - ok
22:44:39.0528 2132 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:44:39.0528 2132 ini910u - ok
22:44:39.0698 2132 IntcAzAudAddService (dbc702fbc70dc58d9122ce56eadbd659) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:44:39.0728 2132 IntcAzAudAddService - ok
22:44:39.0788 2132 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:44:39.0788 2132 IntelIde - ok
22:44:39.0808 2132 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:44:39.0818 2132 intelppm - ok
22:44:39.0829 2132 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:44:39.0829 2132 Ip6Fw - ok
22:44:39.0839 2132 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:44:39.0839 2132 IpFilterDriver - ok
22:44:39.0859 2132 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:44:39.0859 2132 IpInIp - ok
22:44:39.0899 2132 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:44:39.0899 2132 IpNat - ok
22:44:39.0919 2132 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:44:39.0919 2132 IPSec - ok
22:44:39.0949 2132 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:44:39.0949 2132 IRENUM - ok
22:44:39.0989 2132 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:44:39.0989 2132 isapnp - ok
22:44:40.0009 2132 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:44:40.0009 2132 Kbdclass - ok
22:44:40.0029 2132 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:44:40.0029 2132 kbdhid - ok
22:44:40.0059 2132 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:44:40.0059 2132 kmixer - ok
22:44:40.0089 2132 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:44:40.0089 2132 KSecDD - ok
22:44:40.0099 2132 lbrtfdc - ok
22:44:40.0159 2132 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:44:40.0159 2132 mdmxsdk - ok
22:44:40.0179 2132 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:44:40.0179 2132 mnmdd - ok
22:44:40.0209 2132 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:44:40.0209 2132 Modem - ok
22:44:40.0239 2132 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:44:40.0239 2132 MODEMCSA - ok
22:44:40.0249 2132 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:44:40.0249 2132 Mouclass - ok
22:44:40.0279 2132 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:44:40.0279 2132 mouhid - ok
22:44:40.0289 2132 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:44:40.0299 2132 MountMgr - ok
22:44:40.0319 2132 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
22:44:40.0329 2132 MPE - ok
22:44:40.0379 2132 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:44:40.0379 2132 MpFilter - ok
22:44:40.0489 2132 MpKsl0f0c3e1c - ok
22:44:40.0499 2132 MpKsl30d8cb02 - ok
22:44:40.0509 2132 MpKsl48b9934e - ok
22:44:40.0509 2132 MpKsl635c5017 - ok
22:44:40.0519 2132 MpKsl672bbe59 - ok
22:44:40.0530 2132 MpKsl86ddbffd - ok
22:44:40.0540 2132 MpKsl8e7fd320 - ok
22:44:40.0590 2132 MpKslab499619 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C678AFEB-6A8E-4A51-9999-BA26EA8336DF}\MpKslab499619.sys
22:44:40.0590 2132 MpKslab499619 - ok
22:44:40.0600 2132 MpKslb07c79e2 - ok
22:44:40.0600 2132 MpKslbaa5ee26 - ok
22:44:40.0610 2132 MpKslc71cf596 - ok
22:44:40.0620 2132 MpKsld5e08379 - ok
22:44:40.0680 2132 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:44:40.0680 2132 mraid35x - ok
22:44:40.0700 2132 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:44:40.0700 2132 MRxDAV - ok
22:44:40.0760 2132 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:44:40.0760 2132 MRxSmb - ok
22:44:40.0780 2132 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:44:40.0780 2132 Msfs - ok
22:44:40.0820 2132 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:44:40.0820 2132 MSKSSRV - ok
22:44:40.0840 2132 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:44:40.0840 2132 MSPCLOCK - ok
22:44:40.0850 2132 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:44:40.0850 2132 MSPQM - ok
22:44:40.0880 2132 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:44:40.0880 2132 mssmbios - ok
22:44:40.0920 2132 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:44:40.0920 2132 MSTEE - ok
22:44:40.0950 2132 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:44:40.0950 2132 Mup - ok
22:44:40.0980 2132 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:44:40.0990 2132 NABTSFEC - ok
22:44:41.0020 2132 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:44:41.0020 2132 NDIS - ok
22:44:41.0060 2132 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:44:41.0060 2132 NdisIP - ok
22:44:41.0100 2132 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:44:41.0100 2132 NdisTapi - ok
22:44:41.0130 2132 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:44:41.0130 2132 Ndisuio - ok
22:44:41.0140 2132 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:44:41.0140 2132 NdisWan - ok
22:44:41.0170 2132 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:44:41.0170 2132 NDProxy - ok
22:44:41.0180 2132 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:44:41.0180 2132 NetBIOS - ok
22:44:41.0221 2132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:44:41.0221 2132 NetBT - ok
22:44:41.0271 2132 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:44:41.0281 2132 Npfs - ok
22:44:41.0321 2132 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:44:41.0331 2132 Ntfs - ok
22:44:41.0371 2132 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:44:41.0371 2132 Null - ok
22:44:41.0591 2132 nv (cce4877e45f5300fffbb4a6bc5e7fda7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:44:41.0741 2132 nv - ok
22:44:41.0891 2132 NVENETFD (1492c7738f68625805f5f53c8bad24c6) C:\WINDOWS\system32\drivers\NVENETFD.sys
22:44:41.0891 2132 NVENETFD - ok
22:44:41.0911 2132 nvnetbus (ae73e61f07ddc84255bece6b02f18390) C:\WINDOWS\system32\drivers\nvnetbus.sys
22:44:41.0911 2132 nvnetbus - ok
22:44:41.0962 2132 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:44:41.0962 2132 NwlnkFlt - ok
22:44:41.0982 2132 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:44:41.0982 2132 NwlnkFwd - ok
22:44:42.0022 2132 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:44:42.0022 2132 Parport - ok
22:44:42.0062 2132 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:44:42.0062 2132 PartMgr - ok
22:44:42.0092 2132 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:44:42.0092 2132 ParVdm - ok
22:44:42.0112 2132 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:44:42.0112 2132 PCI - ok
22:44:42.0122 2132 PCIDump - ok
22:44:42.0132 2132 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:44:42.0132 2132 PCIIde - ok
22:44:42.0162 2132 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:44:42.0162 2132 Pcmcia - ok
22:44:42.0172 2132 PDCOMP - ok
22:44:42.0182 2132 PDFRAME - ok
22:44:42.0202 2132 PDRELI - ok
22:44:42.0212 2132 PDRFRAME - ok
22:44:42.0242 2132 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:44:42.0242 2132 perc2 - ok
22:44:42.0262 2132 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:44:42.0262 2132 perc2hib - ok
22:44:42.0322 2132 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:44:42.0322 2132 PptpMiniport - ok
22:44:42.0342 2132 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:44:42.0342 2132 Processor - ok
22:44:42.0362 2132 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:44:42.0362 2132 PSched - ok
22:44:42.0372 2132 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:44:42.0372 2132 Ptilink - ok
22:44:42.0402 2132 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:44:42.0402 2132 ql1080 - ok
22:44:42.0422 2132 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:44:42.0422 2132 Ql10wnt - ok
22:44:42.0442 2132 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:44:42.0452 2132 ql12160 - ok
22:44:42.0472 2132 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:44:42.0472 2132 ql1240 - ok
22:44:42.0492 2132 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:44:42.0492 2132 ql1280 - ok
22:44:42.0522 2132 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:44:42.0522 2132 RasAcd - ok
22:44:42.0552 2132 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:44:42.0552 2132 Rasl2tp - ok
22:44:42.0562 2132 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:44:42.0562 2132 RasPppoe - ok
22:44:42.0582 2132 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:44:42.0582 2132 Raspti - ok
22:44:42.0602 2132 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:44:42.0613 2132 Rdbss - ok
22:44:42.0623 2132 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:44:42.0623 2132 RDPCDD - ok
22:44:42.0653 2132 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:44:42.0663 2132 rdpdr - ok
22:44:42.0713 2132 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:44:42.0723 2132 RDPWD - ok
22:44:42.0753 2132 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:44:42.0753 2132 redbook - ok
22:44:42.0903 2132 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:44:42.0903 2132 SASDIFSV - ok
22:44:42.0913 2132 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:44:42.0913 2132 SASKUTIL - ok
22:44:42.0973 2132 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:44:42.0973 2132 Secdrv - ok
22:44:43.0003 2132 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:44:43.0003 2132 serenum - ok
22:44:43.0043 2132 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:44:43.0043 2132 Serial - ok
22:44:43.0073 2132 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:44:43.0073 2132 Sfloppy - ok
22:44:43.0093 2132 Simbad - ok
22:44:43.0123 2132 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:44:43.0123 2132 sisagp - ok
22:44:43.0143 2132 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:44:43.0143 2132 SLIP - ok
22:44:43.0163 2132 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:44:43.0163 2132 Sparrow - ok
22:44:43.0203 2132 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:44:43.0203 2132 splitter - ok
22:44:43.0233 2132 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:44:43.0243 2132 sr - ok
22:44:43.0293 2132 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:44:43.0303 2132 Srv - ok
22:44:43.0344 2132 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:44:43.0344 2132 streamip - ok
22:44:43.0374 2132 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:44:43.0384 2132 swenum - ok
22:44:43.0394 2132 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:44:43.0394 2132 swmidi - ok
22:44:43.0434 2132 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:44:43.0434 2132 symc810 - ok
22:44:43.0454 2132 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:44:43.0464 2132 symc8xx - ok
22:44:43.0484 2132 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:44:43.0484 2132 sym_hi - ok
22:44:43.0494 2132 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:44:43.0494 2132 sym_u3 - ok
22:44:43.0524 2132 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:44:43.0524 2132 sysaudio - ok
22:44:43.0594 2132 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:44:43.0594 2132 Tcpip - ok
22:44:43.0624 2132 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:44:43.0634 2132 TDPIPE - ok
22:44:43.0654 2132 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:44:43.0654 2132 TDTCP - ok
22:44:43.0664 2132 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:44:43.0664 2132 TermDD - ok
22:44:43.0694 2132 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:44:43.0694 2132 TosIde - ok
22:44:43.0734 2132 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:44:43.0734 2132 Udfs - ok
22:44:43.0754 2132 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:44:43.0754 2132 ultra - ok
22:44:43.0794 2132 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:44:43.0804 2132 Update - ok
22:44:43.0864 2132 USB28xxBGA (01f43ddc94653cd68d2794ec4500debc) C:\WINDOWS\system32\DRIVERS\emBDA.sys
22:44:43.0864 2132 USB28xxBGA - ok
22:44:43.0894 2132 USB28xxOEM (f887c3eee7abacd594b5f73b862c45fc) C:\WINDOWS\system32\DRIVERS\emOEM.sys
22:44:43.0894 2132 USB28xxOEM - ok
22:44:43.0934 2132 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:44:43.0954 2132 USBAAPL - ok
22:44:43.0974 2132 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:44:43.0974 2132 usbaudio - ok
22:44:43.0994 2132 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:44:44.0005 2132 usbccgp - ok
22:44:44.0035 2132 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:44:44.0035 2132 usbehci - ok
22:44:44.0045 2132 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:44:44.0045 2132 usbhub - ok
22:44:44.0055 2132 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:44:44.0065 2132 usbohci - ok
22:44:44.0095 2132 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:44:44.0095 2132 usbprint - ok
22:44:44.0125 2132 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:44:44.0125 2132 usbscan - ok
22:44:44.0145 2132 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:44:44.0145 2132 USBSTOR - ok
22:44:44.0175 2132 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:44:44.0175 2132 usbuhci - ok
22:44:44.0215 2132 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:44:44.0215 2132 VgaSave - ok
22:44:44.0245 2132 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:44:44.0245 2132 viaagp - ok
22:44:44.0265 2132 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:44:44.0265 2132 ViaIde - ok
22:44:44.0295 2132 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:44:44.0305 2132 VolSnap - ok
22:44:44.0335 2132 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:44:44.0335 2132 Wanarp - ok
22:44:44.0375 2132 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
22:44:44.0375 2132 wanatw - ok
22:44:44.0385 2132 WDICA - ok
22:44:44.0425 2132 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:44:44.0425 2132 wdmaud - ok
22:44:44.0465 2132 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:44:44.0475 2132 winachsf - ok
22:44:44.0515 2132 WPRO_40_1340 - ok
22:44:44.0555 2132 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:44:44.0555 2132 WSTCODEC - ok
22:44:44.0605 2132 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:44:44.0605 2132 WudfPf - ok
22:44:44.0645 2132 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:44:44.0786 2132 \Device\Harddisk0\DR0 - ok
22:44:44.0786 2132 Boot (0x1200) (8ee0cea72446d42a76d0b7ce026b0954) \Device\Harddisk0\DR0\Partition0
22:44:44.0786 2132 \Device\Harddisk0\DR0\Partition0 - ok
22:44:44.0796 2132 ============================================================
22:44:44.0796 2132 Scan finished
22:44:44.0796 2132 ============================================================
22:44:44.0806 2360 Detected object count: 0
22:44:44.0806 2360 Actual detected object count: 0
18:07:40.0045 3156 Deinitialize success
 

harkley

Thread Starter
Joined
Nov 9, 2011
Messages
43
Here is the MBAM log.



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8184

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/17/2011 7:02:02 PM
mbam-log-2011-11-17 (19-02-02).txt

Scan type: Quick scan
Objects scanned: 240873
Time elapsed: 21 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Open Notepad and copy and paste the text in the quote box below into it:



Folder::
c:\program files\Bvmrfgwrfeypui


Save the file to you desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 

harkley

Thread Starter
Joined
Nov 9, 2011
Messages
43
Here is new combofix log


ComboFix 11-11-17.03 - Lori 11/17/2011 21:36:03.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1361 [GMT -7:00]
Running from: c:\documents and settings\Lori\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lori\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Bvmrfgwrfeypui
c:\program files\Bvmrfgwrfeypui\kjduznoe.exe
c:\program files\Bvmrfgwrfeypui\Log\Text\aiotxt.dat
c:\program files\Bvmrfgwrfeypui\Log\Visual\05112011.dat
c:\program files\Bvmrfgwrfeypui\Log\Visual\05122011.dat
c:\program files\Bvmrfgwrfeypui\Log\Visual\05132011.dat
c:\program files\Bvmrfgwrfeypui\Log\Visual\05142011.dat
c:\program files\Bvmrfgwrfeypui\Log\Visual\05152011.dat
c:\program files\Bvmrfgwrfeypui\Log\Visual\05162011.dat
c:\program files\Bvmrfgwrfeypui\Log\Visual\05172011.dat
c:\program files\Bvmrfgwrfeypui\unins000.dat
c:\program files\Bvmrfgwrfeypui\unins000.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-18 01:32 . 2011-11-18 01:32 -------- d-----w- c:\documents and settings\Lori\Application Data\Malwarebytes
2011-11-18 01:32 . 2011-11-18 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-18 01:32 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-18 01:32 . 2011-11-18 01:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-17 05:20 . 2011-11-17 05:20 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-11-17 05:20 . 2011-11-17 05:20 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-11-17 05:20 . 2011-11-17 05:20 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-11-17 05:20 . 2011-11-17 05:20 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-11-17 05:20 . 2011-11-17 05:20 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-11-17 05:20 . 2011-11-17 05:20 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-11-17 05:20 . 2011-11-17 05:20 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-11-17 05:20 . 2011-11-17 05:20 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-11-17 05:20 . 2011-11-17 05:20 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-11-17 05:20 . 2011-11-17 05:20 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-11-17 05:20 . 2011-11-17 05:20 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-11-17 05:20 . 2011-11-17 05:20 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-11-17 05:19 . 2011-11-17 05:19 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-11-17 05:19 . 2011-11-17 05:19 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-11-17 05:19 . 2011-11-17 05:19 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-11-17 05:19 . 2011-11-17 05:19 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-11-17 05:19 . 2011-11-17 05:19 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-11-17 05:19 . 2011-11-17 05:19 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C678AFEB-6A8E-4A51-9999-BA26EA8336DF}\MpKslab499619.sys
2011-11-17 05:19 . 2011-11-17 05:19 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C678AFEB-6A8E-4A51-9999-BA26EA8336DF}\offreg.dll
2011-11-17 02:33 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C678AFEB-6A8E-4A51-9999-BA26EA8336DF}\mpengine.dll
2011-11-11 01:36 . 2011-11-11 01:36 388096 ----a-r- c:\documents and settings\Lori\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-11 01:36 . 2011-11-11 01:36 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 01:22 . 2011-05-27 01:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2011-09-05 04:10 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41 . 2004-08-10 17:51 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41 . 2004-08-10 17:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-16 17:22 . 2011-05-03 18:52 664 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\d3d9caps.tmp
2011-09-06 13:20 . 2004-08-10 17:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2011-11-11 01:22 . 2011-05-07 06:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_02.22.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-17 05:19 . 2011-11-17 05:19 16384 c:\windows\Temp\Perflib_Perfdata_218.dat
+ 2010-01-22 05:18 . 2010-01-22 05:18 9847 c:\windows\system32\mswdnwoxe.dll
- 2011-03-15 02:20 . 2011-03-15 02:20 9847 c:\windows\system32\mswdnwoxe.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-10 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16859648]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2011-04-22 24216]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2004-6-16 147456]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-09 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 MpKslab499619;MpKslab499619;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C678AFEB-6A8E-4A51-9999-BA26EA8336DF}\MpKslab499619.sys [11/16/2011 10:19 PM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 11:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 10:48 AM 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/17/2011 6:32 PM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/17/2011 6:32 PM 22216]
S1 MpKsl0f0c3e1c;MpKsl0f0c3e1c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07EB4650-5F22-4E63-BC55-7A2A92E24F23}\MpKsl0f0c3e1c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07EB4650-5F22-4E63-BC55-7A2A92E24F23}\MpKsl0f0c3e1c.sys [?]
S1 MpKsl30d8cb02;MpKsl30d8cb02;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{232F7192-3DEF-4499-801F-7EBB8B0B6405}\MpKsl30d8cb02.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{232F7192-3DEF-4499-801F-7EBB8B0B6405}\MpKsl30d8cb02.sys [?]
S1 MpKsl48b9934e;MpKsl48b9934e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EB93FD3-242F-482E-B0FD-7078350786E3}\MpKsl48b9934e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EB93FD3-242F-482E-B0FD-7078350786E3}\MpKsl48b9934e.sys [?]
S1 MpKsl635c5017;MpKsl635c5017;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F2B0EA-75BC-498C-B5F4-3D447AB3664C}\MpKsl635c5017.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F2B0EA-75BC-498C-B5F4-3D447AB3664C}\MpKsl635c5017.sys [?]
S1 MpKsl672bbe59;MpKsl672bbe59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B523723-8764-46F1-9DCB-93729018F814}\MpKsl672bbe59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B523723-8764-46F1-9DCB-93729018F814}\MpKsl672bbe59.sys [?]
S1 MpKsl86ddbffd;MpKsl86ddbffd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82445786-5392-4623-9E9F-516030F5BB2B}\MpKsl86ddbffd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82445786-5392-4623-9E9F-516030F5BB2B}\MpKsl86ddbffd.sys [?]
S1 MpKsl8e7fd320;MpKsl8e7fd320;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B974220-EAEA-4F1E-8285-DBDD4AC176CB}\MpKsl8e7fd320.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B974220-EAEA-4F1E-8285-DBDD4AC176CB}\MpKsl8e7fd320.sys [?]
S1 MpKslb07c79e2;MpKslb07c79e2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F7A9094-AA07-4BBC-83F0-0D0F0B450137}\MpKslb07c79e2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F7A9094-AA07-4BBC-83F0-0D0F0B450137}\MpKslb07c79e2.sys [?]
S1 MpKslbaa5ee26;MpKslbaa5ee26;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC4F6741-D26F-4199-BAD0-C46B77ADFE9A}\MpKslbaa5ee26.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC4F6741-D26F-4199-BAD0-C46B77ADFE9A}\MpKslbaa5ee26.sys [?]
S1 MpKslc71cf596;MpKslc71cf596;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{26C16028-A7C5-4931-9C5E-600E81434195}\MpKslc71cf596.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{26C16028-A7C5-4931-9C5E-600E81434195}\MpKslc71cf596.sys [?]
S1 MpKsld5e08379;MpKsld5e08379;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{464FBA59-2470-466B-A6E8-947EABF8E3B8}\MpKsld5e08379.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{464FBA59-2470-466B-A6E8-947EABF8E3B8}\MpKsld5e08379.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 4:17 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/23/2008 9:20 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 4:17 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 16181778
*NewlyCreated* - IPFILTERDRIVER
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSERVICE
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MPKSLAB499619
*Deregistered* - 16181778
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 23:17]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 23:17]
.
2011-11-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
.
2011-10-20 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-11-16 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-11-13 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-11-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
2011-11-18 c:\windows\Tasks\User_Feed_Synchronization-{4F00B7CA-663E-4860-8CD1-EA2CC7565F86}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
2011-11-18 c:\windows\Tasks\User_Feed_Synchronization-{56102F00-5FC7-4B76-A4A5-9FAADFD73A8E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.startsearcher.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
FF - ProfilePath - c:\documents and settings\Lori\Application Data\Mozilla\Firefox\Profiles\mj0ythcw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-pxswo - c:\program files\Bvmrfgwrfeypui\kjduznoe.exe
HKLM-Run-pxswo - c:\program files\Bvmrfgwrfeypui\kjduznoe.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-17 21:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'winlogon.exe'(228)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'winlogon.exe'(1080)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-11-17 21:42:19
ComboFix-quarantined-files.txt 2011-11-18 04:42
ComboFix2.txt 2011-11-17 02:26
.
Pre-Run: 110,557,417,472 bytes free
Post-Run: 110,542,905,344 bytes free
.
- - End Of File - - D3E782BA619A8A7178436E7BB8B1C5B5



Here is new Hijack This log




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:43:49 PM, on 11/17/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-2538872288-1507887129-2878820428-1007\..\Run: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 (User 'Jacob')
O4 - HKUS\S-1-5-21-2538872288-1507887129-2878820428-1007\..\Run: [pxswo] C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe kj (User 'Jacob')
O4 - HKUS\S-1-5-21-2538872288-1507887129-2878820428-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google Inc. - (no file)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8524 bytes
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Rescan with HijackThis.
Close all browser windows except HijackThis.
Put a check mark beside these entries and click "Fix Checked".

O4 - HKUS\S-1-5-21-2538872288-1507887129-2878820428-1007\..\Run: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 (User 'Jacob')

O4 - HKUS\S-1-5-21-2538872288-1507887129-2878820428-1007\..\Run: [pxswo] C:\Program Files\Bvmrfgwrfeypui\kjduznoe.exe kj (User 'Jacob')



Close HijackThis and restart the computer.





Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) - JRE 6 Update 29 -"
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u29 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u29-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml
When all is well, you should see Java Version: 1.6.0_29 from Sun Microsystems Inc.



Please post a new HIjackThis log and also another Uninstall Manager log.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top