Automatic pop up ad at IE start up, even with pop-up disabled

Inactive
By bahyi
May 9, 2011
Topic Status:
Not open for further replies.
  1. Recently, I have been experiencing pop up ads that come up after I open IE even though the Pop-up Blocker is enabled. As I browse, more and more of these pop up windows will come up with different type of ads. Just today, my computer refused to boot up and continues to circulate to the page where you choose to start up in Safe Mode, Safe Mode with Networking, etc...It would not start up normally, and it would not revert back to that last good start up, Safe Mode with Networking also did not work. I finally picked Safe Mode, and chose a restore point date before these pop up ads started. When I opened IE, the automatic pop up once again presented itself. The computer also wouldn't shutdown properly and had to force it off. I'm not sure if this computer will boot up next time. Please help!!!
  2. bahyi

    bahyi Newcomer, in training Topic Starter Posts: 30

    I also forgot to mention that the computer would restart itself without warning from time to time also after this ad started popping up by itself.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Not much I can do for you about the possibility of malware until you resolve the startup: Since the Safe Mode option are booting up, I'd like you to let it go into Safe Mode> you won't need the internet for this so don't choose Safe Mode with Networking:

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    I don't know your operating system so you may have to vary slightly for this:
    Right click on the TaskBar> Choose Explore> Right click on My Computer> Properties> Tools> Error Checking> Check now> Check both boxes on the screen that comes up> OK> Click on Yes on the message that displays> Reboot the computer.

    The Error Check will start in a few seconds. Let it run until finished. It may take a while and will reboot when through. Hopefully that will fix the improper shut down problems.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    You most likely have adware that is generating the popups. Hopefully we can identify and remove it.
  4. bahyi

    bahyi Newcomer, in training Topic Starter Posts: 30

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6541

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    5/9/2011 4:43:34 PM
    mbam-log-2011-05-09 (16-43-34).txt

    Scan type: Quick scan
    Objects scanned: 170237
    Time elapsed: 35 minute(s), 58 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Continue on with the rest of the Preliminary Virus and Malware Removal thread
  6. bahyi

    bahyi Newcomer, in training Topic Starter Posts: 30

    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-09 17:11:32
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD800JB-00JJC0 rev.05.01C05
    Running: 7wv9zeyi.exe; Driver: C:\DOCUME~1\camron\LOCALS~1\Temp\fwrdqpog.sys


    ---- System - GMER 1.0.15 ----

    SSDT E1A524C8 ZwConnectPort
    SSDT F7DE6736 ZwCreateKey
    SSDT F7DE672C ZwCreateThread
    SSDT F7DE673B ZwDeleteKey
    SSDT F7DE6745 ZwDeleteValueKey
    SSDT F7DE674A ZwLoadKey
    SSDT F7DE6718 ZwOpenProcess
    SSDT F7DE671D ZwOpenThread
    SSDT F7DE6754 ZwReplaceKey
    SSDT F7DE674F ZwRestoreKey
    SSDT F7DE6740 ZwSetValueKey

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[984] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D6000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[984] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D7000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[984] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A4000C
    .text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[984] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\windows\System32\svchost.exe[1156] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0071000A
    .text C:\windows\System32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A3000A
    .text C:\windows\System32\svchost.exe[1156] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0070000C
    .text C:\windows\System32\svchost.exe[1156] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0374000A
    .text C:\windows\System32\svchost.exe[1156] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00E5000A
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text D:\palmOne\Hotsync.exe[2060] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 D:\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\windows\Explorer.EXE[2908] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BE000A
    .text C:\windows\Explorer.EXE[2908] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BF000A
    .text C:\windows\Explorer.EXE[2908] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B8000C
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D7000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D8000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D6000C
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4064] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\iexplore.exe[4064] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 85F5531B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 85F5531B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 85F5531B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 85F5531B

    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG06.00.00.01WORKSTATION 7943B9AB16059654D529590369949FABBE58E1A074A820D415712D4F5573E4CC408D70D18D8ADAB68DAA926D6936B0891ED70B4474877B10E3BE5576854C75BB32F5F3A34EC648C1DDA883AB05BC638CE685DC4F9D52EB803A08C4100A36B2867F8BB4ED95A1C06F783026EECB9EF424EC8B79F86B2CA5282DB56975EEA3E6649C9208CF23F9C9CE5101D73B4EC8C0D446C8E949622F8020126011D54BF983A43F02A73EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6679DB7CE019D40AA5CC038D530D6EB34529DB7CE019D40AA5C9362E507D767A499A329D65C04F768C1BA767B949B4FC7A219EE2184EA43A6D5970586C1C021D24A6C2151B646C3C675019F9D7ED875FC5F5A1D959AF825D07A8E149A72CB6973CB49C6859F245AEB63E6FE6892A62DAA27951973817333AD65125ED429E813AEC466363B5E6FE8E8F8471EDD6B57226DC8F87995C6CB34816CC0A9860A4BA31131F281E04BB95535F3847BA3398035446A34C8F98DB7A97339BDACA94CE9D68BDE232D86D3DD37A7698308823C7A7B0F04FE85458F31C10F492F9459BE7E1A71EFAEB16178F5D70041AA2AE9CC633C96E211253E9578E3436E4080D5BE8A10FBDBCF7C4ACFE2395DB5E8BC6B539BF404A6A98C4F018DA8E3CE9E8401C2500F476D476F3E0

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- EOF - GMER 1.0.15 ----
  7. bahyi

    bahyi Newcomer, in training Topic Starter Posts: 30

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by camron at 17:14:07.73 on Mon 05/09/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.480.106 [GMT -7:00]
    .
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\svchost -k DcomLaunch
    svchost.exe
    C:\windows\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\avmwlanstick\WlanNetService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\oodag.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\windows\System32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\Program Files\Wireless Desktop\LgWDskTp.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\RFA\rfagent.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\avmwlanstick\wlangui.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\windows\System32\svchost.exe -k HTTPFilter
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\belsta.exe
    C:\Program Files\LINKSYS\Configuration Utility\config.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\found.000\dir0023.chk\Plauto.exe
    D:\palmOne\Hotsync.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\camron\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
    uSearch Page =
    uSearch Bar =
    mLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant =
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
    BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    TB: Web assistant: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
    TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    TB: JunoBar: {5854fac4-5bf0-47dd-b5a9-a5ea8cff3cf4} -
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Google Update] "c:\documents and settings\camron\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [HKSERV.EXE] c:\program files\sony\hotkey utility\HKserv.exe
    mRun: [LgWDskTp] c:\program files\wireless desktop\LgWDskTp.exe
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
    mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [rfagent] "c:\program files\rfa\rfagent.exe"
    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AVMWlanClient] c:\program files\avmwlanstick\wlangui.exe
    mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
    mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
    mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    StartupFolder: c:\docume~1\camron\startm~1\programs\startup\hotsyn~1.lnk - d:\palmone\Hotsync.exe
    StartupFolder: c:\docume~1\camron\startm~1\programs\startup\palmon~1.lnk - d:\programfile\palmone\register.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\CalibAdobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\windows\system32\belsta.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\config~1.lnk - c:\program files\linksys\configuration utility\config.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - d:\palmone\Hotsync.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photol~1.lnk - c:\found.000\dir0023.chk\Plauto.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
    IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/cpbrkpie.cab
    DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 relog_ap
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-9 11608]
    R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\savrtpel.sys [2010-3-27 37000]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-9 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-9 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-9 61960]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-1-16 255648]
    R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2005-1-16 218736]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-1-16 235168]
    R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-2-28 44416]
    R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [2007-12-19 265088]
    R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [2003-11-21 175744]
    R3 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2010-3-27 158848]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050317.009\NAVENG.Sys [2005-3-17 73728]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050317.009\NavEx15.Sys [2005-3-17 631040]
    R3 ndcprtns;NDC Network Agent;c:\windows\system32\drivers\Ndcprtns.sys [2005-10-16 9328]
    R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2010-3-27 305288]
    R3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVSCAN.EXE [2010-3-27 194272]
    R3 SMSCMS;SMSC LPC Memory Stick Host Controller;c:\windows\system32\drivers\SMSCMS.SYS [2003-11-21 58624]
    S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-12-19 4352]
    S3 BEL;Belkin 11Mbps Wireless LAN Driver;c:\windows\system32\drivers\belnds.sys [2005-10-16 51712]
    S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2005-1-16 87712]
    S3 MD1900;GSL MD1900 Electronic Dictionary;c:\windows\system32\drivers\MD1900.sys [2008-3-17 33967]
    S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2005-12-11 8960]
    S3 WPC11;Instant Wireless Network PC Card V2.0 Driver;c:\windows\system32\drivers\LSWLNDS.sys [2002-5-16 54083]
    .
    =============== Created Last 30 ================
    .
    2011-05-09 23:49:34 -------- dc----w- c:\docume~1\camron\applic~1\Avira
    2011-05-09 22:38:59 61960 -c--a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-05-09 22:38:34 -------- dc----w- c:\program files\Avira
    2011-05-09 22:38:34 -------- dc----w- c:\docume~1\alluse~1\applic~1\Avira
    2011-05-09 21:07:19 -------- dc----w- c:\windows\system32\wbem\repository\FS
    2011-05-09 21:07:19 -------- dc----w- c:\windows\system32\wbem\Repository
    2011-04-23 01:51:38 -------- dc----w- c:\docume~1\alluse~1\applic~1\Skype Extras
    2011-04-12 19:37:36 398760 -c--a-r- c:\windows\system32\cpnprt2.cid
    2011-04-12 19:37:08 -------- dc----w- c:\program files\Coupons
    .
    ==================== Find3M ====================
    .
    2011-03-18 17:33:19 71072 -c--a-w- c:\windows\CouponPrinter.ocx
    2011-03-07 05:33:50 692736 -c--a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37:06 420864 -c--a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21:11 1857920 -c--a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06:29 916480 -c--a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06:29 43520 -c--a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06:29 1469440 -c----w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41:59 385024 -c--a-w- c:\windows\system32\html.iec
    2011-02-17 12:32:12 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56:39 290432 -c--a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:53:52 270848 -c--a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 -c--a-w- c:\windows\system32\encdec.dll
    2004-10-09 09:26:21 7269227 -c--a-w- c:\program files\NJCWP500.EXE
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD800JB-00JJC0 rev.05.01C05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85F554D0]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85f5b7f0]; MOV EAX, [0x85f5b86c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x85FA0840]
    3 CLASSPNP[0xF77A8FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000075[0x85FA1E98]
    5 ACPI[0xF76FF620] -> nt!IofCallDriver[0x804E37D5] -> [0x85F2ED98]
    \Driver\atapi[0x85F89F38] -> IRP_MJ_CREATE -> 0x85F554D0
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x85F5531B
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 17:15:40.43 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/3/2004 11:43:16 PM
    System Uptime: 5/9/2011 3:57:49 PM (2 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | PIZZA
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | PGA 478 | 2800/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 30 GiB total, 12.223 GiB free.
    D: is FIXED (NTFS) - 45 GiB total, 10.966 GiB free.
    E: is Removable
    F: is CDROM ()
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP888: 4/18/2011 10:18:57 PM - System Checkpoint
    RP889: 4/20/2011 11:02:01 AM - System Checkpoint
    RP890: 4/21/2011 11:24:25 AM - System Checkpoint
    RP891: 4/22/2011 1:50:52 AM - Software Distribution Service 3.0
    RP892: 4/23/2011 6:23:34 PM - System Checkpoint
    RP893: 4/24/2011 7:35:11 PM - System Checkpoint
    RP894: 4/25/2011 10:14:59 PM - System Checkpoint
    RP895: 4/26/2011 10:15:55 PM - System Checkpoint
    RP896: 4/28/2011 12:18:17 AM - Software Distribution Service 3.0
    RP897: 4/29/2011 10:36:42 AM - System Checkpoint
    RP898: 4/30/2011 12:45:21 PM - System Checkpoint
    RP899: 5/1/2011 1:06:46 PM - System Checkpoint
    RP900: 5/2/2011 1:24:34 PM - System Checkpoint
    RP901: 5/3/2011 2:26:08 PM - System Checkpoint
    RP902: 5/4/2011 4:17:49 PM - System Checkpoint
    RP903: 5/5/2011 4:30:00 PM - System Checkpoint
    RP904: 5/7/2011 1:41:24 AM - System Checkpoint
    RP905: 5/8/2011 11:12:31 AM - System Checkpoint
    RP906: 5/9/2011 2:02:55 PM - Restore Operation
    RP907: 5/9/2011 3:38:33 PM - Avira AntiVir Personal - 5/9/2011 15:36
    .
    ==== Installed Programs ======================
    .
    .
    1310
    1310_Help
    1310Tour
    1310Trb
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 9 ActiveX
    Adobe Photoshop Elements 2.0
    Adobe Reader 7.0.9
    Adobe Reader Chinese Traditional Fonts
    AiO_Scan
    AiOSoftware
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    AVM FRITZ!WLAN
    Belkin 11Mbps Wireless Desktop Card Installer
    Bonjour
    BufferChm
    Canon MX330 series MP Drivers
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    CC_ccProxyMSI
    CC_ccStart
    ccCommon
    Configuration Utility
    Copy
    Coupon Printer for Windows
    CreativeProjects
    CreativeProjectsTemplates
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    Destinations
    Director
    DocProc
    DocumentViewer
    Epocrates Essentials
    Fax
    Giga Pocket 5.5
    Giga Pocket Demo Movie
    Giga Pocket Hardware Library 5.5
    Google Chrome
    Google Talk (remove only)
    Google Talk Plugin
    HijackThis 1.99.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HotKey Utility
    HP Diagnostic Assistant
    HP Image Zone 4.2
    HP Memories Disc
    HP PSC & OfficeJet 4.2
    HP Software Update
    HPSystemDiagnostics
    InstantShare
    InterActual Player
    InternetCalls
    InterVideo WinDVD 5 for VAIO
    iPod for Windows 2006-03-23
    iTunes
    Java 2 Runtime Environment, SE v1.4.2_01
    LiveReg (Symantec Corporation)
    Logitech® Camera Driver
    Malwarebytes' Anti-Malware
    Memory Stick Formatter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 8.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Miranda IM 0.4.0.1
    MMDX
    MoodLogic
    MSRedist
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Visualizer Library 1.4.00
    NJStar Chinese Word Processor
    Norton AntiSpam
    Norton AntiVirus
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    O&O Defrag Server Edition
    OpenMG Secure Module 3.3.01
    Overland
    Palm Desktop
    PCLinq2 High-Speed USB Bridge Cable
    Persona Windows 32-bit Client - 4.4a
    Photo Loader 2.3E
    Photodex Presenter
    PhotoGallery
    Photosynth 2.0.1519.16
    Picasa 3
    PrintScreen
    ProductContext
    QFolder
    Quicken 2004
    QuickProjects
    QuickTime
    Readme
    RealPlayer
    Registry First Aid
    Scan
    Seagate*DiscWizard
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    SiS Compatible VGA V2.21a
    SkinsHP1
    Skype™ 5.3
    SoftK56 Data Fax
    SonicStage 1.6.00
    SonicStage Mastering Studio 1.1
    SonicStage Mastering Studio Plugins 1.0
    SonicStage MP3 Add-on program
    Sony Certificate PCH
    Sony Download Taxi 1.5.0.0
    Sony USB Driver
    Sony Utilities DLL
    Sony Video Shared Library
    The Da Vinci Code (remove only)
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    URGE
    VAIO Action Setup
    VAIO BrightColor Wallpaper
    VAIO Help and Support
    VAIO Media 2.6
    VAIO Media Integrated Server 2.6
    VAIO Media Redistribution 2.6
    VAIO Registration
    VAIO Remote Commander Utility 6.2
    VAIO Support
    VAIO Survey Standalone
    VAIO System Information
    Viewpoint Media Player
    WebFldrs XP
    WebReg
    Welcome to VAIO life
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows XP Service Pack 3
    Wireless Desktop
    WOT for Internet Explorer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/9/2011 3:06:51 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .
    5/9/2011 3:06:51 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\camron\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
    5/9/2011 3:06:50 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
    5/9/2011 2:13:55 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    5/9/2011 2:13:53 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s).
    5/9/2011 2:13:53 PM, error: Service Control Manager [7034] - The Symantec Network Proxy service terminated unexpectedly. It has done this 1 time(s).
    5/9/2011 2:13:53 PM, error: Service Control Manager [7034] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s).
    5/9/2011 2:13:53 PM, error: Service Control Manager [7034] - The Seagate Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
    5/9/2011 2:13:53 PM, error: Service Control Manager [7034] - The O&O Defrag service terminated unexpectedly. It has done this 1 time(s).
    5/9/2011 2:13:53 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    5/9/2011 2:13:53 PM, error: Service Control Manager [7034] - The AVM WLAN Connection Service service terminated unexpectedly. It has done this 1 time(s).
    5/9/2011 2:13:53 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    5/9/2011 2:13:53 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/9/2011 2:01:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    5/9/2011 2:01:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/9/2011 2:00:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRTPEL SYMTDI Tcpip
    5/9/2011 2:00:59 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
    5/9/2011 2:00:59 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/9/2011 2:00:59 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/9/2011 2:00:59 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    5/9/2011 2:00:59 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/9/2011 2:00:59 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/6/2011 6:09:13 PM, error: Service Control Manager [7024] - The Symantec Network Proxy service terminated with service-specific error 4294967295 (0xFFFFFFFF).
    5/6/2011 6:07:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Settings Manager service to connect.
    5/5/2011 8:00:49 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
    5/5/2011 8:00:49 AM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/4/2011 10:19:40 PM, error: System Error [1003] - Error code 1000000a, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 804ede8e.
    5/2/2011 9:13:14 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Norton AntiVirus Auto Protect Service service to connect.
    5/2/2011 9:13:14 AM, error: Service Control Manager [7000] - The Norton AntiVirus Auto Protect Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/2/2011 9:13:06 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service navapsvc with arguments "-Service" in order to run the server: {142FB276-7C38-4BB4-B475-3F9233B3EFF8}
    .
    ==== End Of File ===========================
  8. bahyi

    bahyi Newcomer, in training Topic Starter Posts: 30

    on a side note the instructions for error checking did not work. it says unable to check for errors.
  9. bahyi

    bahyi Newcomer, in training Topic Starter Posts: 30

    but the computer is booting up in normal mode now.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You have a full Norton Internet Security Suite Why did you put Avira on the system?
    RP907: 5/9/2011 3:38:33 PM - Avira AntiVir Personal - 5/9/2011 15:36

    The section of the thread related to this clearly says:
    Please remove one of these, then reboot the system:
    Norton Removal Tool

    To uninstall Avira:
    • Start> Settings> Control Panel> Add or Remove Programs (Windows 2000/ XP) or Start - Control Panel - Uninstall a program (Windows Vista / 7)
    • Wait for the list of installed programs to load, then click the name of the Avira program.
    • Click Remove next to the program's name (Windows 2000 / XP) or in the menu above the list (Windows Vista / 7).
    • Press Yes, to confirm the removal and then OK.
    • . Click Next until Finish. The software is removed.
    ================================================
    Bootkit Remover:

    Download bootkitremover.rar and save to your desktop.
    1. Extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. (Use 7-Zip if you don't have an extraction program, )
    2. Double-click on the remover.exe file to run the program.
      NOTE: The tool should be run from a command line with Administrator privileges.
    3. Scanning should be completed quickly
    4. Paste the output in your next reply.
    ===============================================
    Follow with Combofix, below: Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan: Uninstall directions, if needed:
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    -----------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===========================================
    You have several out of date programs. The following should be updated immediately:
    Java Updates
    Adobe Reader site

    After updates, go to Add/Remove Programs in the Control Panel and uninstall any earlier versions of both Java and the Adobe Reader When you are in Add/Remove Program, please uninstall HijackThis as it is out dated also.

    Question: Are you intentionally loading 2 printers> Canon and HP?



    .
  11. bahyi

    bahyi Newcomer, in training Topic Starter Posts: 30

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  12. bahyi

    bahyi Newcomer, in training Topic Starter Posts: 30

    ComboFix 11-05-10.01 - camron 05/11/2011 0:03.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.480.190 [GMT -7:00]
    Running from: c:\documents and settings\camron\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\All Users\Application Data\defender.exe
    c:\documents and settings\camron\Application Data\shb.dat
    c:\documents and settings\camron\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\program files\Common Files\WinSoftware
    c:\program files\Common Files\WinSoftware\PrCheck.dll
    c:\windows\Down_Temp
    c:\windows\Downloaded Program Files\Temp
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\midas.dll
    .
    Infected copy of c:\windows\system32\imm32.dll was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\imm32.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-11 07:19 . 2011-05-11 07:19 8782 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
    2011-05-11 07:19 . 2011-05-11 07:19 7271 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
    2011-05-11 07:19 . 2011-05-11 07:19 23327 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
    2011-05-11 07:19 . 2011-05-11 07:19 20719 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
    2011-05-11 06:43 . 2011-05-11 06:43 -------- dc----w- c:\documents and settings\bootkit_remover
    2011-05-11 06:33 . 2011-05-11 06:33 -------- dc----w- c:\program files\7-Zip
    2011-05-10 01:59 . 2011-05-10 01:59 -------- dcsh--w- c:\documents and settings\Administrator\PrivacIE
    2011-05-09 21:07 . 2011-05-09 21:07 -------- dc----w- c:\windows\system32\wbem\Repository
    2011-05-09 21:01 . 2011-05-09 21:01 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
    2011-05-06 16:42 . 2011-05-10 01:01 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-04-23 01:51 . 2011-05-07 03:49 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype Extras
    2011-04-23 01:50 . 2011-04-23 01:50 -------- dc----w- c:\program files\Common Files\Skype
    2011-04-12 19:37 . 2011-04-12 19:37 398760 -c--a-r- c:\windows\system32\cpnprt2.cid
    2011-04-12 19:37 . 2011-04-12 19:37 -------- dc----w- c:\program files\Coupons
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-18 17:33 . 2011-02-14 22:05 71072 -c--a-w- c:\windows\CouponPrinter.ocx
    2011-03-07 05:33 . 2003-03-03 23:57 692736 -c--a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2003-11-21 22:07 420864 -c--a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2003-11-21 22:07 1857920 -c--a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06 . 2003-11-21 22:07 916480 -c--a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06 . 2003-11-21 22:07 43520 -c--a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06 . 2003-11-21 22:07 1469440 -c----w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41 . 2005-10-16 17:28 385024 -c--a-w- c:\windows\system32\html.iec
    2011-02-17 13:18 . 2003-11-21 22:07 455936 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2003-11-21 22:07 357888 -c--a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2009-04-16 14:33 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56 . 2003-11-21 22:07 290432 -c--a-w- c:\windows\system32\atmfd.dll
    2004-10-09 09:26 . 2004-10-09 09:26 7269227 -c--a-w- c:\program files\NJCWP500.EXE
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2004-07-01 95344]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-08-14 90112]
    "LgWDskTp"="c:\program files\Wireless Desktop\LgWDskTp.exe" [2003-08-04 65536]
    "Logitech Utility"="Logi_MwX.Exe" [2003-07-29 19968]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
    "URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2003-12-12 70800]
    "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 59392]
    "PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
    "PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
    "rfagent"="c:\program files\RFA\rfagent.exe" [2005-04-23 330240]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2007-12-20 1748992]
    "DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
    "AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
    "Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    .
    c:\documents and settings\camron\Start Menu\Programs\Startup\
    HotSync Manager.lnk - d:\palmone\Hotsync.exe [2004-6-9 471040]
    palmOne Registration.lnk - d:\programfile\palmOne\register.exe [2005-9-19 2367488]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\CalibAdobe Gamma Loader.exe [2004-1-22 113664]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    Belkin Wireless LAN Utility.lnk - c:\windows\system32\belsta.exe [2005-10-16 172146]
    Configuration Utility.lnk - c:\program files\LINKSYS\Configuration Utility\config.exe [2005-10-16 290816]
    HOTSYNCSHORTCUTNAME.lnk - d:\palmone\Hotsync.exe [2004-6-9 471040]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
    Photo Loader supervisory.lnk - c:\found.000\dir0023.chk\Plauto.exe [2006-1-2 229376]
    Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-10-2 57344]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 9:39 AM 431456]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2/28/2011 11:17 PM 44416]
    R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [12/19/2007 5:04 PM 265088]
    R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [11/21/2003 3:07 PM 175744]
    R3 ndcprtns;NDC Network Agent;c:\windows\system32\drivers\Ndcprtns.sys [10/16/2005 12:36 PM 9328]
    R3 SMSCMS;SMSC LPC Memory Stick Host Controller;c:\windows\system32\drivers\SMSCMS.SYS [11/21/2003 3:07 PM 58624]
    S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [12/19/2007 5:04 PM 4352]
    S3 BEL;Belkin 11Mbps Wireless LAN Driver;c:\windows\system32\drivers\belnds.sys [10/16/2005 6:03 PM 51712]
    S3 MD1900;GSL MD1900 Electronic Dictionary;c:\windows\system32\drivers\MD1900.sys [3/17/2008 4:10 AM 33967]
    S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [12/11/2005 8:47 PM 8960]
    S3 WPC11;Instant Wireless Network PC Card V2.0 Driver;c:\windows\system32\drivers\LSWLNDS.sys [5/16/2002 2:42 PM 54083]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
    .
    2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1201819217-2088249844-2145301736-1005Core.job
    - c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 20:34]
    .
    2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1201819217-2088249844-2145301736-1005UA.job
    - c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 20:34]
    .
    2011-03-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    - c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-01-07 23:56]
    .
    2011-05-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
    - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2010-03-28 04:22]
    .
    2004-10-04 c:\windows\Tasks\Registration reminder 3.job
    - c:\windows\System32\OOBE\oobebaln.exe [2003-11-21 00:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
    mLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-WgaLogon - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-11 00:22
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD800JB-00JJC0 rev.05.01C05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x85F3331B
    user & kernel MBR OK
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG06.00.00.01WORKSTATION"="7943B9AB16059654D529590369949FABBE58E1A074A820D415712D4F5573E4CC408D70D18D8ADAB68DAA926D6936B0891ED70B4474877B10E3BE5576854C75BB32F5F3A34EC648C1DDA883AB05BC638CE685DC4F9D52EB803A08C4100A36B2867F8BB4ED95A1C06F783026EECB9EF424EC8B79F86B2CA5282DB56975EEA3E6649C9208CF23F9C9CE5101D73B4EC8C0D446C8E949622F8020126011D54BF983A43F02A73EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6679DB7CE019D40AA5CC038D530D6EB34529DB7CE019D40AA5C9362E507D767A499A329D65C04F768C1BA767B949B4FC7A219EE2184EA43A6D5970586C1C021D24A6C2151B646C3C675019F9D7ED875FC5F5A1D959AF825D07A8E149A72CB6973CB49C6859F245AEB63E6FE6892A62DAA27951973817333AD65125ED429E813AEC466363B5E6FE8E8F8471EDD6B57226DC8F87995C6CB34816CC0A9860A4BA31131F281E04BB95535F3847BA3398035446A34C8F98DB7A97339BDACA94CE9D68BDE232D86D3DD37A7698308823C7A7B0F04FE85458F31C10F492F9459BE7E1A71EFAEB16178F5D70041AA2AE9CC633C96E211253E9578E3436E4080D5BE8A10FBDBCF7C4ACFE2395DB5E8BC6B539BF404A6A98C4F018DA8E3CE9E8401C2500F476D476F3E02C80E47D82D0DBCCDC7D5E446891807C2B6DDA864FD29655156A2D344D85EDECD903C260C6D5CB750D2C32E88F6951864FE852CFC15692E88688806D04C93EE83E4E1470921E15A80E756348ABAC8D97EB3546F399D37AA179534275DEC4AD888374C5CDA46C74697F9DB323EA3E7C6C36735539057744F42314A61018AB42955BA817A61DB2B41E4BC52C667031F7FF47143A14B837AB4625227C72DF778127868B61B4F681FB5CAAAF0739EAD0DC4E9E9D104086A151563D3594C230EAD66927C589B2FF329B13F7F1E1FD07EC3FE8E30E50B37D404D0465421C9FAA861A059F585BDD98AC267CB3D7714BFD14CB761E53A292113FBEC1DB877FA9DA6945D9519132680BDD92B8FA84D80FE8A201FF5F1BA375DF6248F132606004B6BBBDBA4EE075FA5A0D1783E4CA378780D2E08747D096F5AD798856289AB5E97DEC10378441ED5234D00EB9BF2B4EF6744DA689677FB71DA106A405C117A7E666C035B95A7465C23DFAD49022FEA42DE9DFADA2C121CC0737D9C51E3AFB82C7505CE91156EA42626791AF36156E72F410ADC9F1942A6C48E0427F0731DE197529BEB76243090CE00BEF5783B0100D64800BB99D3440DC86909F67C95D423D5DEA6927E06C814D1D8576903A68C3CC101F7CDCEE814F5FB95786BF26B15DFDE5323F0430D587092ABEF8BE54C1AD758CBF0386AF5F43AF1F94158F7A860AF8F3A112681A4"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(792)
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'lsass.exe'(856)
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(2720)
    c:\windows\system32\WININET.dll
    c:\progra~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll
    c:\program files\Wireless Desktop\LgWndHk.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\avmwlanstick\WlanNetService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Symantec Shared\ccProxy.exe
    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\System32\oodag.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Sony\HotKey Utility\HKWnd.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
    c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    c:\program files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    c:\program files\Messenger\msmsgs.exe
    .
    **************************************************************************
    .
    Completion time: 2011-05-11 00:32:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-05-11 07:32
    .
    Pre-Run: 12,836,868,096 bytes free
    Post-Run: 13,309,530,112 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\windows
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\windows="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 1DF0C33E0F4D5C5F26C3B63344E3C246
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Run this first please:
    • Open Notepad
    • Copy and paste the text in the codebox into Notepad:

    Code:
    
    @ECHO OFF
    START 
    remover.exe fix   \\.\PhysicalDrive0  
    EXIT
    
    
    • Go FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
    • Then in the FILE NAME box type fix.bat.
    • Save fix.bat to your Desktop.
    • Double clicking.Run fix.bat to run.
      You may see a black box appear; this is normal.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    When done, run remover.exe again and post its output.

    Do NOT reboot computer!
  14. bahyi

    bahyi Newcomer, in training Topic Starter Posts: 30

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\camron\Desktop>
  15. bahyi

    bahyi Newcomer, in training Topic Starter Posts: 30

    is the fix.bat supposed to do something? the black box only showed what the previous post said. it didn't do anything after that. is that normal?
  16. bahyi

    bahyi Newcomer, in training Topic Starter Posts: 30

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You mean like this?
    [​IMG]

    It means we haven't found the source of the rootkit yet:

    Please download MBRCheck and save to your desktop
    • Double click on MBRCheck.exeto run.(Vista and Windows 7 users will have to confirm the UAC prompt)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      [o] Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      [o] Found non-standard or infected MBR.
      [o] Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Paste this log to your next message.

    By the way, please stay away from the coupon printing site/programs while I'm trying to clean the system. That type of program is known to bring malware.
  18. bahyi

    bahyi Newcomer, in training Topic Starter Posts: 30

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000007c

    Kernel Drivers (total 143):
    0x804D7000 \windows\system32\ntoskrnl.exe
    0x806EF000 \windows\system32\hal.dll
    0x85EE8000 \windows\system32\KDCOM.DLL
    0xF7B5C000 \windows\system32\BOOTVID.dll
    0xF76F9000 ACPI.sys
    0xF7C48000 \windows\System32\DRIVERS\WMILIB.SYS
    0xF76E8000 pci.sys
    0xF7748000 isapnp.sys
    0xF7758000 ohci1394.sys
    0xF7768000 \windows\System32\DRIVERS\1394BUS.SYS
    0xF7D10000 pciide.sys
    0xF79C8000 \windows\System32\DRIVERS\PCIIDEX.SYS
    0xF76CA000 pcmcia.sys
    0xF7778000 MountMgr.sys
    0xF76AB000 ftdisk.sys
    0xF79D0000 PartMgr.sys
    0xF7788000 VolSnap.sys
    0xF7693000 atapi.sys
    0xF7798000 disk.sys
    0xF77A8000 \windows\System32\DRIVERS\CLASSPNP.SYS
    0xF7673000 fltmgr.sys
    0xF7661000 sr.sys
    0xF79D8000 PxHelp20.sys
    0xF764A000 KSecDD.sys
    0xF75BD000 Ntfs.sys
    0xF7590000 NDIS.sys
    0xF7525000 timntr.sys
    0xF74CC000 tdrpman.sys
    0xF74AD000 snapman.sys
    0xF79E0000 SISAGPX.sys
    0xF7493000 Mup.sys
    0xF7898000 \SystemRoot\System32\DRIVERS\intelppm.sys
    0xF7392000 \SystemRoot\System32\DRIVERS\sisgrp.sys
    0xF737E000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    0xF78A8000 \SystemRoot\System32\DRIVERS\SMSCMS.sys
    0xF7366000 \SystemRoot\System32\DRIVERS\SCSIPORT.SYS
    0xF79F8000 \SystemRoot\System32\Drivers\SonyNC.sys
    0xF78B8000 \SystemRoot\System32\DRIVERS\imapi.sys
    0xF78C8000 \SystemRoot\System32\Drivers\AFS2K.SYS
    0xF78D8000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xF78E8000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xF7343000 \SystemRoot\System32\DRIVERS\ks.sys
    0xF7A60000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xF7318000 \SystemRoot\System32\DRIVERS\HSFHWSIS.sys
    0xF7214000 \SystemRoot\System32\DRIVERS\HSF_DP.sys
    0xF7179000 \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
    0xF7AE8000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF70E7000 \SystemRoot\system32\drivers\smwdm.sys
    0xF70C3000 \SystemRoot\system32\drivers\portcls.sys
    0xF7908000 \SystemRoot\system32\drivers\drmk.sys
    0xF7C58000 \SystemRoot\system32\drivers\aeaudio.sys
    0xF7A70000 \SystemRoot\System32\DRIVERS\usbohci.sys
    0xF709F000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
    0xF7AA0000 \SystemRoot\System32\DRIVERS\usbehci.sys
    0xF6FE3000 \SystemRoot\System32\DRIVERS\smrt.sys
    0xF7928000 \SystemRoot\System32\DRIVERS\STREAM.SYS
    0xF7938000 \SystemRoot\System32\DRIVERS\R8139n51.SYS
    0xF7948000 \SystemRoot\System32\DRIVERS\nic1394.sys
    0xF7D4B000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xF79A8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xF7447000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xF6FCC000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xF79B8000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xF77D8000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xF7A88000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xF6F1B000 \SystemRoot\System32\DRIVERS\psched.sys
    0xF77E8000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xF7AB8000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xF7AC8000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xF77F8000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xF7AE0000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xF7AF8000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xF7C76000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xF6EBD000 \SystemRoot\System32\DRIVERS\update.sys
    0xF742F000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xF7808000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF7858000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xF7C84000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xF7C88000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7DAD000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7C8C000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7A68000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
    0xF7A80000 \SystemRoot\System32\drivers\vga.sys
    0xF7C90000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7C94000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7A98000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7AB0000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF745B000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xF023A000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xF01E1000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xF01A1000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0xF017B000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xF78F8000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xF00C8000 \??\d:\found.000\dir0008.chk\SYMEVENT.SYS
    0xF7968000 \SystemRoot\System32\DRIVERS\arp1394.sys
    0xF00A0000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xF007E000 \SystemRoot\System32\drivers\afd.sys
    0xF7978000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xF6EB9000 \SystemRoot\system32\drivers\srvkp.sys
    0xF7998000 \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
    0xF002B000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xF7AF0000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
    0xEFFBB000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xF6FBC000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF7DAF000 \SystemRoot\System32\DRIVERS\DMICall.sys
    0xF7A48000 \SystemRoot\System32\DRIVERS\usbccgp.sys
    0xF6F7C000 \SystemRoot\system32\DRIVERS\dc3d.sys
    0xF6F6C000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xEFF4A000 \SystemRoot\System32\Drivers\wdf01000.sys
    0xF6F5C000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF7463000 \SystemRoot\System32\DRIVERS\hidusb.sys
    0xF6F4C000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    0xEFF09000 \SystemRoot\system32\DRIVERS\fwlanusb.sys
    0xEFEF1000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7CBC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF005A000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7A28000 \SystemRoot\System32\watchdog.sys
    0xF010B000 \SystemRoot\System32\Drivers\LHidUsb.Sys
    0xF743B000 \SystemRoot\System32\Drivers\LCcFltr.Sys
    0xF6EA1000 \SystemRoot\System32\DRIVERS\kbdhid.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7D65000 \SystemRoot\System32\drivers\dxgthk.sys
    0xF7A78000 \SystemRoot\System32\DRIVERS\LHidFlt2.Sys
    0xF4281000 \SystemRoot\System32\DRIVERS\mouhid.sys
    0xEFDF2000 \SystemRoot\System32\DRIVERS\LMouFlt2.Sys
    0xF6FAC000 \SystemRoot\system32\DRIVERS\point32.sys
    0xBF012000 \SystemRoot\System32\SiSGRV.dll
    0xBF11A000 \SystemRoot\System32\ATMFD.DLL
    0xEFE13000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
    0xEFAD5000 \SystemRoot\System32\DRIVERS\mrxdav.sys
    0xEF875000 \SystemRoot\System32\DRIVERS\srv.sys
    0xEFAB9000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
    0xEF3B0000 \SystemRoot\system32\drivers\wdmaud.sys
    0xEF65D000 \SystemRoot\system32\drivers\sysaudio.sys
    0xEF579000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
    0xEEFA9000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF7CDC000 \SystemRoot\system32\drivers\ndcprtns.sys
    0xEE48E000 \SystemRoot\system32\drivers\kmixer.sys
    0xEE1DA000 \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
    0xEDDE1000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050317.009\NavEx15.Sys
    0xEDDD0000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050317.009\NAVENG.Sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 64):
    0 System Idle Process
    4 System
    504 C:\WINDOWS\system32\smss.exe
    572 csrss.exe
    784 C:\WINDOWS\system32\winlogon.exe
    832 C:\WINDOWS\system32\services.exe
    844 C:\WINDOWS\system32\lsass.exe
    996 C:\WINDOWS\system32\svchost.exe
    1076 svchost.exe
    1144 C:\WINDOWS\system32\svchost.exe
    1232 svchost.exe
    1292 svchost.exe
    1348 C:\WINDOWS\system32\spoolsv.exe
    1432 svchost.exe
    1464 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1496 C:\Program Files\avmwlanstick\WLanNetService.exe
    1528 C:\Program Files\Bonjour\mDNSResponder.exe
    1560 C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
    1592 C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
    1632 C:\Program Files\Java\jre6\bin\jqs.exe
    1708 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1756 C:\WINDOWS\system32\oodag.exe
    1812 C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    1880 C:\WINDOWS\system32\svchost.exe
    1912 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    1992 C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
    2400 C:\WINDOWS\explorer.exe
    2480 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2776 alg.exe
    3188 C:\Program Files\Sony\HotKey Utility\HKServ.exe
    3244 C:\Program Files\Wireless Desktop\LgWDskTp.exe
    3484 C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
    3540 C:\Program Files\RFA\rfagent.exe
    3552 C:\WINDOWS\system32\LVCOMSX.EXE
    3568 C:\Program Files\avmwlanstick\WLanGUI.exe
    3576 C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    3592 C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    3600 C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    3616 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    3644 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3656 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    3664 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    3672 C:\Program Files\iTunes\iTunesHelper.exe
    3680 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3712 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    3720 C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    3740 C:\WINDOWS\system32\svchost.exe
    3804 C:\WINDOWS\system32\ctfmon.exe
    588 C:\WINDOWS\system32\belsta.exe
    628 C:\Program Files\LINKSYS\Configuration Utility\Config.exe
    648 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    696 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    728 C:\found.000\dir0023.chk\Plauto.exe
    1488 D:\palmOne\Hotsync.exe
    2224 C:\Program Files\iPod\bin\iPodService.exe
    2984 wmiprvse.exe
    3200 C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    3752 C:\Program Files\Internet Explorer\iexplore.exe
    4060 C:\Program Files\Internet Explorer\iexplore.exe
    1196 C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
    2560 C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE
    848 C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    1276 C:\Program Files\Messenger\msmsgs.exe
    3408 C:\Documents and Settings\camron\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`805e9800 (NTFS)

    PhysicalDrive0 Model Number: WDCWD800JB-00JJC0, Rev: 05.01C05

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Well; that shows 2 clean drives!

    Question about:
    Did you close the message that came up "can't do error check- did you want to schedule it after next reboot" [when you clicked on Apply>>> Then reboot>>> That's what you have to do.

    Do that please. Then let me know how the system is doing. The error check may take a while- don't interrupt it- let it finish- it will reboot when done> hopefully into Normal Mode,
  20. bahyi

    bahyi Newcomer, in training Topic Starter Posts: 30

    the 'Tools' option is no longer available under 'Properties' for 'My Computer'....what does that mean?

    Also, the ads are still popping up, and worse than before, one after another. I end up with a bunch of windows stacked up, all ads. That's only from opening IE. HELP!!!
  21. bahyi

    bahyi Newcomer, in training Topic Starter Posts: 30

    I can boot up in Normal Mode, if that helps at all.
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You have a program installed and running named Registry First Aid. Please either uninstall it or disable it.
    ===================================
    If you already downloaded the following and it's on the desktop, okay to use it- but be sure to update before scan. If not, follow download and scan instructions below:
    [​IMG]
    Malwarebytes' Anti-Malware
    • Please download Malwarebytes' Anti-Malware from from HERE
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      [o] Update Malwarebytes' Anti-Malware
      [o] and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
      * When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Click on Format> Uncheck 'Word Wrap'. Please paste this log with your reply
      [o] If you accidentally close it, the log file is saved here and will be named like this:
      [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ========================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    Don't know why we've gotten this far without either of these scans!
  23. bahyi

    bahyi Newcomer, in training Topic Starter Posts: 30

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6613

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    5/18/2011 10:21:26 PM
    mbam-log-2011-05-18 (22-21-26).txt

    Scan type: Quick scan
    Objects scanned: 182437
    Time elapsed: 39 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  24. bahyi

    bahyi Newcomer, in training Topic Starter Posts: 30

    ESET blanked out about a third into the scan. It had detected 1 infection by then, but the window when all white later on and didn't come back....redo?
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Yes, please repeat the Eset scan. You can also try to find the log in your system
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.