'HATA Region Upload'

Question

I have this 'HATA Region Upload' box that appears on my desktop from time to time. In doing some research it appears its a virus or some sort of trojan horse. Can someone help me get rid of this threat. Appreciate the help Jim Connors

kevinf80_1d0ac6 · Answer

Hiya Jim

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Step 1

Download user posted image

TFC to your desktop, from either of the following links
Link 1
Link 2

Make sure any open work is saved. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Step 2

We need to see some additional information about what is happening in your machine.
Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool.
When done, DDS will open two (2) logs 1. DDS.txt
2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.
Instead of attaching, please copy/past both logs into your next reply.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

Step 3

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

What i`d like in your reply :-

Log from Malwarebytes
Both logs from DDS
Log from Security Checks

Kevin

jimbo1941 · Answer

HIYa Kevinf80,

Well I downloaded TFC (step 1) to my desktop and ran the program, Im a little confused with step 2, I downloaded DDS and ran the program. Copy/past both programs to your next reply ??, Attached.txt, this must be zipped before attaching ?? and how do post to forum.

I downloaded Security Check to my desktop and ran program. TFC and Security Check icons are on my desktop

Thanks for Your Help

Hope we can fix this problem

jimbo41/jimc

kevinf80_1d0ac6 · Answer

Hiya Jimc,If you have another look at the instructions it does ask for both DDS logs to be pasted to your reply. When you run the program two logs are produced:1. DDS.txt2. Attach.txtDid you save the logs to your Desktop as per the instructions? If you did open each in turn, place the cursor at the beginning of the text > select > Ctrl and A keys together, that will select and highlight all of the text, next select > Ctrl and C keys together, that will copy all of the text to the clipboard. next go back to your open reply to this forum, place the cursor where you like in the reply, select > Ctrl and V keys together, that will paste the text from the log you copied into your reply.Another way is to place the cursor at the start of the text, hold down the left button on your mouse, drag the cursor all the way to the end of the text, this will highlight all of the text, next press the Right button on your mouse, this opens the context menu, select copy, that copies all of the highlighted text to the clipboard. Next go to your reply in this forum, put the cursor where you want, select the Right mouse button to open the context menu, select paste, that will paste the copied text to your reply.Do the same for the log from Malwarebytes and the log from Security ChecksCopy and paste the following logs to next reply please:DDS.txtAttach.textMalwarebytes logSecurity Checks logKevin.

jimbo1941 · Answer

Kevin, As directed see attached :Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.org Database version: 5484 Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.18702 1/14/2011 3:01:50 PMmbam-log-2011-01-14 (15-01-50).txt Scan type: Full scan (C:\|)Objects scanned: 219154Time elapsed: 46 minute(s), 35 second(s) Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0 Memory Processes Infected:(No malicious items detected) Memory Modules Infected:(No malicious items detected) Registry Keys Infected:(No malicious items detected) Registry Values Infected:(No malicious items detected) Registry Data Items Infected:(No malicious items detected) Folders Infected:(No malicious items detected) Files Infected:(No malicious items detected)DDS (Ver_10-12-12.02) - NTFSx86  Run by owner at  1:28:51.64 on Fri 01/14/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2021 [GMT -5:00] AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\Ati2evxx.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\system32\hphmon06.exeC:\WINDOWS\SM1BG.EXEC:\Program Files\Logitech\LWS\Webcam Software\LWS.exeC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\system\CMGxMon.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exesvchost.exeC:\Program Files\ASUS Xonar DX Audio\Customapp\Program\ASUSAUDIOCENTER.EXEC:\jetsuite\DLLCMD32.EXEC:\jetsuite\JETSTAT.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exeC:\Program Files\Common Files\Sonic Shared\CineTray.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\Microsoft Office\Office14\ONENOTEM.EXEC:\WINDOWS\eHome\ehRecvr.exeC:\Program Files\ASUS Xonar DX Audio\Customapp\Program\MXMon.exeC:\WINDOWS\eHome\ehSched.exec:\jetsuite\jsdaemon.exeC:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\TomTom HOME 2\TomTomHOMEService.exeC:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\ENLTV\TVTray.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\UICAUKXT\dds[1].scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.att.net/uInternet Settings,ProxyOverride = *.localBHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files
orton 360\engine\4.3.0.5\coIEPlg.dllBHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files
orton 360\engine\4.3.0.5\IPSBHO.DLLBHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboformoboform.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype	oolbars\internet explorer\skypeieplugin.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLLBHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files
orton 360\engine\4.3.0.5\coIEPlg.dllTB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboformoboform.dllTB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllc:\documents and settings\owner\local settings	emp\e.tmp	emp00c:\documents and settings\owner\local settings	emp\e.tmp	emp00c:\documents and settings\owner\local settings	emp\e.tmp	emp00c:\documents and settings\owner\local settings	emp\e.tmp	emp00c:\documents and settings\owner\local settings	emp\e.tmp	emp00c:\documents and settings\owner\local settings	emp\e.tmp	emp00c:\documents and settings\owner\local settings	emp\e.tmp	emp00c:\documents and settings\owner\local settings	emp\e.tmp	emp00c:\documents and settings\owner\local settings	emp\e.tmp	emp00c:\documents and settings\owner\local settings	emp\e.tmp	emp00c:\documents and settings\owner\local settings	emp\e.tmp	emp00c:\documents and settings\owner\local settings	emp\e.tmp	emp00StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dllcmd32.lnk - c:\jetsuite\DLLCMD32.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hplase~1.lnk - c:\jetsuite\JETSTAT.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exeIE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.htmlIE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.htmlIE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.htmlIE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.htmlIE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.htmlIE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.htmlIE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype	oolbars\internet explorer\skypeieplugin.dllDPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabFilter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLHandler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype	oolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: AtiExtEvent - Ati2evxx.dllNotify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll ============= SERVICES / DRIVERS =============== R0 SymDS;Symantec Data Store;c:\windows\system32\drivers
360\0403000.005\symds.sys [2010-9-24 328752]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers
360\0403000.005\symefa.sys [2010-9-24 173104]R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data
orton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}
360_4.0.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-22 691248]R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers
360\0403000.005\cchpx86.sys [2010-9-24 501888]R1 js1284;js1284;c:\windows\system32\drivers\JS1284.SYS [2010-7-2 76848]R1 jsmux;jsmux;c:\windows\system32\drivers\JSMUX.SYS [2010-7-2 64336]R1 jsscan;jsscan;c:\windows\system32\drivers\JSSCAN.SYS [2010-7-2 69088]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers
360\0403000.005\ironx86.sys [2010-9-24 116784]R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-7-11 20968]R2 jsfax;jsfax;c:\windows\system32\drivers\JSFAX.SYS [2010-7-2 64640]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-2 363344]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R2 N360;Norton 360;c:\program files
orton 360\engine\4.3.0.5\ccsvchst.exe [2010-9-24 126392]R2 TomTomHOMEService;TomTomHOMEService;c:\program files	omtom home 2\TomTomHOMEService.exe [2009-11-13 92008]R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]R3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2006-12-22 1867840]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-12 102448]R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data
orton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}
360_4.0.0.127\definitions\ipsdefs\20110113.001\IDSXpx86.sys [2011-1-14 341944]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-2 20952]R3 NAVENG;NAVENG;c:\documents and settings\all users\application data
orton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}
360_4.0.0.127\definitions\virusdefs\20110113.018\NAVENG.SYS [2011-1-14 86008]R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data
orton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}
360_4.0.0.127\definitions\virusdefs\20110113.018\NAVEX15.SYS [2011-1-14 1360760]R3 PhTVTune;ENCORE TV Tuner Pro PCI Adapter;c:\windows\system32\drivers\PhTVTune.sys [2010-7-2 28480]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-9 136176]S2 jspclcap;jspclcap;c:\windows\system32\drivers\JSPCLCAP.SYS [2010-7-2 55200]S3 cpuz132;cpuz132;\??\c:\docume~1\owner\locals~1	emp\cpuz132\cpuz132_x32.sys --> c:\docume~1\owner\locals~1	emp\cpuz132\cpuz132_x32.sys [?]S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-12-17 23456]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\system32\drivers\olcamudp.sys [2010-7-6 10379]S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]S4 jsdbg;jsdbg;c:\windows\system32\drivers\JSDBG.SYS [2010-7-2 37168] =============== Created Last 30 ================ 2011-01-11 22:41:45 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{296ba50d-1ff8-4271-9877-c1b3aad410d7}\mpengine.dll2011-01-11 21:59:48 -------- d-----w- c:\program files\Anti Trojan Elite2011-01-09 17:49:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan2011-01-09 17:49:55 -------- d-----w- c:\program files\McAfee Security Scan2011-01-06 19:30:12 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx2011-01-06 19:30:12 209192 ----a-w- c:\windows\system32\TABCTL32.OCX2011-01-06 19:30:12 140288 ----a-w- c:\windows\system32\comdlg32.ocx2011-01-06 19:29:59 -------- d-----w- c:\docume~1\owner\applic~1\PCHC2010-12-30 22:28:12 -------- d-----w- c:\program files\KODAK Gallery Upload Software2010-12-29 19:58:00 -------- d-----w- c:\program files\iPod2010-12-29 19:57:58 -------- d-----w- c:\program files\iTunes2010-12-29 19:43:35 159744 ----a-w- c:\program files\internet explorer\plugins
pqtplugin7.dll2010-12-29 19:43:35 159744 ----a-w- c:\program files\internet explorer\plugins
pqtplugin6.dll2010-12-29 19:43:35 159744 ----a-w- c:\program files\internet explorer\plugins
pqtplugin5.dll2010-12-29 19:43:35 159744 ----a-w- c:\program files\internet explorer\plugins
pqtplugin4.dll2010-12-29 19:43:35 159744 ----a-w- c:\program files\internet explorer\plugins
pqtplugin3.dll2010-12-29 19:43:35 159744 ----a-w- c:\program files\internet explorer\plugins
pqtplugin2.dll2010-12-29 19:43:35 159744 ----a-w- c:\program files\internet explorer\plugins
pqtplugin.dll2010-12-17 15:46:51 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys2010-12-17 15:46:51 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\eSupport.com ==================== Find3M  ==================== 2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe2003-08-27 18:19:18 36963 ------w- c:\program files\common files\SM1updtr.dll ============= FINISH:  1:30:50.45 ===============UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 7/2/2010 2:01:24 PMSystem Uptime: 1/14/2011 1:09:42 AM (0 hours ago) Motherboard: Dell Inc.           |  | 0J3492Processor:               Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 466 GiB total, 408.689 GiB free.D: is CDROM ()E: is CDROM ()F: is CDROM ()G: is RemovableH: is RemovableI: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP137: 10/10/2010 11:09:05 PM - Installed Remote Control USB DriverRP138: 10/10/2010 11:09:12 PM - Installed Logitech Harmony Remote Software 7RP139: 10/10/2010 11:13:31 PM - Removed Logitech Harmony Remote Software 7RP140: 10/10/2010 11:16:51 PM - Installed Remote Control USB DriverRP141: 10/10/2010 11:16:57 PM - Installed Logitech Harmony Remote Software 7RP142: 10/12/2010 12:26:06 PM - Software Distribution Service 3.0RP143: 10/13/2010 12:35:40 PM - System CheckpointRP144: 10/13/2010 6:28:14 PM - Software Distribution Service 3.0RP145: 10/14/2010 11:42:31 PM - System CheckpointRP146: 10/15/2010 4:43:48 PM - Software Distribution Service 3.0RP147: 10/17/2010 10:08:04 AM - Norton 360 Registry CleanRP148: 10/20/2010 5:27:15 PM - Software Distribution Service 3.0RP149: 10/22/2010 11:07:55 AM - Software Distribution Service 3.0RP150: 10/26/2010 11:45:51 AM - Software Distribution Service 3.0RP151: 10/29/2010 1:32:21 AM - System CheckpointRP152: 10/29/2010 4:37:53 PM - Software Distribution Service 3.0RP153: 11/2/2010 12:49:25 PM - Software Distribution Service 3.0RP154: 11/2/2010 5:48:35 PM - Norton 360 Registry CleanRP155: 11/4/2010 4:48:34 PM - Software Distribution Service 3.0RP156: 11/5/2010 1:57:47 PM - Software Distribution Service 3.0RP157: 11/9/2010 12:07:11 PM - Software Distribution Service 3.0RP158: 11/10/2010 11:44:09 AM - Software Distribution Service 3.0RP159: 11/12/2010 9:17:21 AM - Software Distribution Service 3.0RP160: 11/15/2010 12:39:00 PM - System CheckpointRP161: 11/17/2010 11:32:56 AM - Software Distribution Service 3.0RP162: 11/19/2010 1:37:18 PM - Software Distribution Service 3.0RP163: 11/23/2010 11:43:53 AM - Software Distribution Service 3.0RP164: 11/25/2010 6:17:56 PM - System CheckpointRP165: 11/26/2010 1:54:55 PM - Software Distribution Service 3.0RP166: 11/28/2010 7:10:41 PM - System CheckpointRP167: 11/30/2010 1:30:01 PM - Software Distribution Service 3.0RP168: 12/3/2010 9:30:09 AM - Software Distribution Service 3.0RP169: 12/6/2010 1:06:36 AM - Norton 360 Registry CleanRP170: 12/7/2010 1:04:00 PM - Software Distribution Service 3.0RP171: 12/10/2010 5:22:24 PM - Software Distribution Service 3.0RP172: 12/11/2010 5:22:49 PM - System CheckpointRP173: 12/12/2010 10:26:58 PM - System CheckpointRP174: 12/14/2010 9:12:59 AM - Software Distribution Service 3.0RP175: 12/14/2010 12:24:45 PM - Norton 360 Registry CleanRP176: 12/14/2010 2:02:44 PM - Software Distribution Service 3.0RP177: 12/17/2010 11:04:51 AM - Software Distribution Service 3.0RP178: 12/21/2010 11:08:14 AM - Software Distribution Service 3.0RP179: 12/22/2010 11:38:07 AM - System CheckpointRP180: 12/23/2010 12:30:11 PM - System CheckpointRP181: 12/23/2010 1:00:13 PM - Software Distribution Service 3.0RP182: 12/24/2010 10:15:53 AM - Software Distribution Service 3.0RP183: 12/28/2010 11:22:16 AM - Software Distribution Service 3.0RP184: 12/29/2010 3:19:29 PM - System CheckpointRP185: 12/30/2010 1:19:26 PM - Software Distribution Service 3.0RP186: 12/31/2010 12:01:09 PM - Software Distribution Service 3.0RP187: 1/2/2011 9:38:53 AM - System CheckpointRP188: 1/4/2011 10:46:27 AM - Software Distribution Service 3.0RP189: 1/6/2011 1:28:25 AM - Software Distribution Service 3.0RP190: 1/7/2011 11:16:46 AM - Software Distribution Service 3.0RP191: 1/8/2011 11:33:30 AM - System CheckpointRP192: 1/10/2011 7:48:42 PM - System CheckpointRP193: 1/11/2011 5:41:41 PM - Software Distribution Service 3.0RP194: 1/11/2011 6:24:50 PM - Software Distribution Service 3.0 ==== Installed Programs ====================== Acrobat.comAdobe AIRAdobe Flash Player 10 ActiveXAdobe Reader 7.0Adobe Reader 9AI RoboForm (All Users)AnswerWorks 5.0 English RuntimeApple Application SupportApple Mobile Device SupportApple Software UpdateAsk ToolbarASUS PMP LiteASUS Xonar DX AudioATI AVIVO CodecsATI Catalyst Install ManagerATI Display DriverATI Parental Control & EncoderATI Problem Report WizardBonjourBroadcom Gigabit Integrated ControllerBufferChmCameraHelperMsiCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews CommonCatalyst Control Center HydraVision FullCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-preinstallccc-core-staticccc-utilityCCC Help Chinese StandardCCC Help EnglishCCC Help FrenchCCC Help GermanCCC Help SpanishCoupon Printer for WindowsCPUID CPU-Z 1.54CreativeProjectsCreativeProjectsTemplatesCueTourCypress USB Mass Storage Driver InstallationDefinition update for Microsoft Office 2010 (KB982726)DestinationsDirectorDriverAgent by eSupport.comENLTVEPSON ScanerLTESPNMotionGemMaster MysticGoogle Toolbar for Internet ExplorerGoogle Update HelperGoToAssist 8.0.0.514Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Player 10 (KB903157)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB981793)HP Diagnostic AssistantHP Image Zone 4.0HP Photosmart EssentialHP Software UpdateHP Unload DLL PatchHPSystemDiagnosticsInstantShareiTunesJetSuite Pro for the HP LaserJet 3100KODAK Gallery Upload SoftwareLayer III Audio EncoderLogitech Harmony Remote Software 7Logitech Webcam SoftwareLogitech Webcam Software Driver PackageLWS FacebookLWS GalleryLWS Help_mainLWS LauncherLWS Motion DetectionLWS Pictures And VideoLWS Video Mask MakerLWS VideoEffectsLWS Webcam SoftwareLWS WLM PluginLWS YouTube PluginMalwarebytes' Anti-MalwareMcAfee Security Scan PlusMGI PhotoSuite 4 (Remove Only)Microsoft .NET Framework 1.0 Hotfix (KB953295)Microsoft .NET Framework 1.0 Hotfix (KB979904)Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2416447)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Business 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft Software Update for Web Folders  (English) 14Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMobileMe Control PanelMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Norton 360OLYMPUS CAMEDIA Master 4.0OpenALOttoOverlandPalm DesktopPhotoGalleryPhotosmart 320,370,7400,8100,8400 SeriesPrintScreenPS8400PSPrinters06QFolderQuick Startup 2.8.0.718Quicken 2010QuickProjectsQuickTimeRemote Control USB DriverRoxio Easy Media Creator 7SafariSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)Security Update for Microsoft Office 2010 (KB2289078)Security Update for Microsoft Office 2010 (KB2289161)Security Update for Microsoft Publisher 2010 (KB2409055)Security Update for Microsoft Word 2010 (KB2345000)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982381)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)SkinsSkinsHP1Skype ToolbarsSkype™ 4.2Sonic CinePlayer DVD PackSonic EncodersSoundMAXStamps.comTeleTextTomTom HOME 2.7.3.1894TomTom HOME Visual Studio Merge ModulesTrayAppUnloadUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2010 (KB2202188)Update for Microsoft Office 2010 (KB2413186)Update for Microsoft OneNote 2010 (KB2433299)Update for Microsoft Outlook Social Connector (KB2289116)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB982632)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB898461)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Update Rollup 2 for Windows XP Media Center Edition 2005USB Storage Adapter FX (SM1)W Photo StudioWebFldrs XPWebRegWindows DefenderWindows Internet Explorer 8Windows Media Format 11 runtimeWindows Media Player 11Windows XP Media Center Edition 2005 KB925766Windows XP Media Center Edition 2005 KB973768Windows XP Service Pack 3WinRAR archiver ==== Event Viewer Messages From Past Week ======== 1/9/2011 9:57:42 PM, error: Service Control Manager [7000]  - The jspclcap service failed to start due to the following error:  The system cannot find the device specified.1/9/2011 12:46:32 PM, error: MRxSmb [8003]  - The master browser has received a server announcement from the computer MAGGAN41-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0F437BAB-918A-49. The master browser is stopping or an election is being forced.1/13/2011 1:06:30 AM, error: Service Control Manager [7034]  - The TomTomHOMEService service terminated unexpectedly.  It has done this 1 time(s).1/13/2011 1:06:30 AM, error: Service Control Manager [7034]  - The Process Monitor service terminated unexpectedly.  It has done this 1 time(s).1/13/2011 1:06:30 AM, error: Service Control Manager [7034]  - The Pml Driver HPZ12 service terminated unexpectedly.  It has done this 1 time(s).1/13/2011 1:06:30 AM, error: Service Control Manager [7034]  - The iPod Service service terminated unexpectedly.  It has done this 1 time(s).1/13/2011 1:06:30 AM, error: Service Control Manager [7034]  - The HP Status Server service terminated unexpectedly.  It has done this 1 time(s).1/13/2011 1:06:30 AM, error: Service Control Manager [7034]  - The HP Port Resolver service terminated unexpectedly.  It has done this 1 time(s).1/13/2011 1:06:29 AM, error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).1/13/2011 1:06:29 AM, error: Service Control Manager [7034]  - The jsdaemon service terminated unexpectedly.  It has done this 1 time(s).1/13/2011 1:06:29 AM, error: Service Control Manager [7034]  - The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).1/13/2011 1:06:29 AM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.1/13/2011 1:06:26 AM, error: Service Control Manager [7034]  - The Ati HotKey Poller service terminated unexpectedly.  It has done this 1 time(s).1/13/2011 1:06:26 AM, error: Service Control Manager [7031]  - The Windows Defender service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service. ==== End Of File =========================== Results of screen317's Security Check version 0.99.8   Windows XP Service Pack 3   Internet Explorer 8  `````````````````````````````` Antivirus/Firewall Check:  Windows Firewall Disabled!   Norton 360      McAfee Security Scan Plus    Antivirus up to date!  ``````````````````````````````` Anti-malware/Other Utilities Check:  Malwarebytes' Anti-Malware     Adobe Flash Player   Adobe Reader 7.0 Adobe Reader 9 Out of date Adobe Reader installed! ```````````````````````````````` Process Check:  objlist.exe by Laurent  Norton ccSvcHst.exe  Windows Defender MSMpEng.exe  Windows Defender MSASCui.exe  Malwarebytes' Anti-Malware mbamservice.exe   Malwarebytes' Anti-Malware mbamgui.exe   Windows Defender MsMpEng.exe    Windows Defender MSASCui.exe   ``````````End of Log````````````

kevinf80_1d0ac6 · Answer

Hiya Jim,Proceed as follows :-We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: CombofixDon`t forget Combofix must be saved to your desktop. <--Very important Before saving to your Desktop rename Combofix to Gotcha.exe as below:Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very importantPlease include the C:\ComboFix.txt in your next reply for further review. Examples of how to disable realtime protection available at the following link :- Disable realtime protectionNote: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.*EXTRA NOTES* If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so. If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted) Post the log in next reply...Kevin

jimbo1941 · Answer

As RequesteComboFix 11-01-14.01 - owner 01/15/2011   1:16.1.1 - x86Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2440 [GMT -5:00]Running from: c:\documents and settings\owner\Desktop\Gotcha.exeAV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!. (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))). c:\documents and settings\All Users\Microsoftc:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.datc:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform	okens.datc:\program files\Search Toolbarc:\program files\Search Toolbar\icon.icoc:\program files\Search Toolbar\SearchToolbar.dllc:\program files\Search Toolbar\SearchToolbarUninstall.exec:\program files\Search Toolbar\SearchToolbarUpdater.exe .(((((((((((((((((((((((((   Files Created from 2010-12-15 to 2011-01-15  ))))))))))))))))))))))))))))))). 2011-01-14 21:58 . 2011-01-14 21:58 -------- d-----w- c:\program files\7-Zip2011-01-11 23:24 . 2011-01-11 23:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee2011-01-11 22:41 . 2010-11-16 17:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{296BA50D-1FF8-4271-9877-C1B3AAD410D7}\mpengine.dll2011-01-11 21:59 . 2011-01-11 22:38 -------- d-----w- c:\program files\Anti Trojan Elite2011-01-10 03:10 . 2011-01-10 03:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee2011-01-09 17:49 . 2011-01-09 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee2011-01-09 17:49 . 2011-01-09 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan2011-01-09 17:49 . 2011-01-09 17:49 -------- d-----w- c:\program files\McAfee Security Scan2011-01-06 19:30 . 2000-05-22 06:00 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx2011-01-06 19:30 . 1999-05-07 06:00 140288 ----a-w- c:\windows\system32\comdlg32.ocx2011-01-06 19:30 . 1998-06-24 05:00 209192 ----a-w- c:\windows\system32\TABCTL32.OCX2011-01-06 19:29 . 2011-01-06 19:32 -------- d-----w- c:\documents and settings\owner\Application Data\PCHC2010-12-30 22:28 . 2010-12-30 22:28 -------- d-----w- c:\program files\KODAK Gallery Upload Software2010-12-29 19:58 . 2010-12-29 19:58 -------- d-----w- c:\program files\iPod2010-12-29 19:57 . 2010-12-29 19:58 -------- d-----w- c:\program files\iTunes2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin7.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin6.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin5.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin4.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin3.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin2.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin.dll2010-12-29 19:42 . 2010-12-29 19:43 -------- d-----w- c:\program files\QuickTime2010-12-17 15:46 . 2010-12-17 15:46 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\eSupport.com2010-12-17 15:46 . 2010-12-17 15:46 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-12-20 23:09 . 2010-07-02 19:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-12-20 23:08 . 2010-07-02 19:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts2010-11-18 18:12 . 2010-07-02 17:55 81920 ----a-w- c:\windows\system32\isign32.dll2010-11-16 17:01 . 2010-07-10 16:03 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2010-11-09 14:52 . 2004-08-10 11:00 249856 ----a-w- c:\windows\system32\odbc32.dll2010-11-06 00:26 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll2010-11-06 00:26 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll2010-11-06 00:26 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2010-11-03 12:25 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec2010-11-02 15:17 . 2004-08-10 11:00 40960 ----a-w- c:\windows\system32\drivers
dproxy.sys2010-10-28 13:13 . 2004-08-10 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll2010-10-26 13:25 . 2004-08-10 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys2010-10-19 15:41 . 2010-07-10 16:02 222080 ------w- c:\windows\system32\MpSigStub.exe2003-08-27 18:19 . 2010-07-03 21:59 36963 ------w- c:\program files\Common Files\SM1updtr.dll. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]2010-09-29 02:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]'{D4027C7F-154A-4066-A1AD-4243D8127440}'= 'c:\program files\Ask.com\GenericAskToolbar.dll' [2010-09-29 1400712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]'{D4027C7F-154A-4066-A1AD-4243D8127440}'= 'c:\program files\Ask.com\GenericAskToolbar.dll' [2010-09-29 1400712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'RoboForm'='c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe' [2010-10-02 160328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ehTray'='c:\windows\ehome\ehtray.exe' [2005-08-05 64512]'HPDJ Taskbar Utility'='c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe' [2004-04-06 172032]'HPHUPD06'='c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe' [2004-06-07 49152]'HP Software Update'='c:\program files\HP\HP Software Update\HPWuSchd2.exe' [2004-02-12 49152]'HP Component Manager'='c:\program files\HP\hpcoretech\hpcmpmgr.exe' [2004-05-12 241664]'HPHmon06'='c:\windows\system32\hphmon06.exe' [2004-06-07 659456]'SM1BG'='c:\windows\SM1BG.EXE' [2003-08-27 94208]'LWS'='c:\program files\Logitech\LWS\Webcam Software\LWS.exe' [2010-05-07 165208]'Cmaudio8788GX'='c:\windows\system\CMGxMon.exe' [2007-12-19 20480]'Malwarebytes' Anti-Malware'='c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe' [2010-12-20 443728]'QuickTime Task'='c:\program files\QuickTime\qttask.exe' [2010-11-29 421888]'iTunesHelper'='c:\program files\iTunes\iTunesHelper.exe' [2010-12-13 421160] c:\documents and settings\owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712] c:\documents and settings\All Users\Start Menu\Programs\Startup\DllCmd32.lnk - c:\jetsuite\DLLCMD32.EXE [2010-7-2 8192]HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]HP LaserJet 3100 Status.lnk - c:\jetsuite\JETSTAT.EXE [2010-7-2 104960]McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\GoToAssist]2010-07-04 03:30 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]@='Service' [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-disabled]'RoxioDragToDisc'='c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe''Malwarebytes' Anti-Malware'='c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe' /starttray'AppleSyncNotifier'=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]'EnableFirewall'= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]'%windir%\system32\sessmgr.exe'='%windir%\Network Diagnostic\xpnetdiag.exe'='c:\Program Files\Skype\Plugin Manager\skypePM.exe'='c:\Program Files\Microsoft Office\Office14\ONENOTE.EXE'='c:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE'='c:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe'='c:\Program Files\Bonjour\mDNSResponder.exe'='c:\Program Files\Messenger\msmsgs.exe'='c:\Program Files\Skype\Phone\Skype.exe'='c:\Program Files\iTunes\iTunes.exe'= R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [9/24/2010 12:07 AM 328752]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [9/24/2010 12:07 AM 173104]R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/22/2010 9:20 PM 691248]R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [9/24/2010 12:07 AM 501888]R1 js1284;js1284;c:\windows\system32\drivers\JS1284.SYS [7/2/2010 11:40 PM 76848]R1 jsmux;jsmux;c:\windows\system32\drivers\JSMUX.SYS [7/2/2010 11:40 PM 64336]R1 jsscan;jsscan;c:\windows\system32\drivers\JSSCAN.SYS [7/2/2010 11:40 PM 69088]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [9/24/2010 12:07 AM 116784]R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [7/11/2010 10:46 AM 20968]R2 jsfax;jsfax;c:\windows\system32\drivers\JSFAX.SYS [7/2/2010 11:40 PM 64640]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/2/2010 2:57 PM 363344]R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [9/24/2010 12:07 AM 126392]R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]R3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [12/22/2006 1:10 PM 1867840]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/12/2010 11:18 PM 102448]R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110114.002\IDSXpx86.sys [1/15/2011 12:45 AM 341944]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/2/2010 2:57 PM 20952]R3 PhTVTune;ENCORE TV Tuner Pro PCI Adapter;c:\windows\system32\drivers\PhTVTune.sys [7/2/2010 2:25 PM 28480]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 9:51 PM 136176]S2 jspclcap;jspclcap;c:\windows\system32\drivers\JSPCLCAP.SYS [7/2/2010 11:40 PM 55200]S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [12/17/2010 10:46 AM 23456]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\system32\drivers\olcamudp.sys [7/6/2010 1:51 PM 10379]S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]S4 jsdbg;jsdbg;c:\windows\system32\drivers\JSDBG.SYS [7/2/2010 11:40 PM 37168].Contents of the 'Scheduled Tasks' folder 2010-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] 2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 02:51] 2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 02:51] 2011-01-14 c:\windows\Tasks\HP Usg Daily FY04.job- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-07 04:53] 2011-01-15 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 02:44] 2011-01-15 c:\windows\Tasks\User_Feed_Synchronization-{8E1ECDDB-A85A-40F9-9054-ECC53823ECEA}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.att.net/uInternet Settings,ProxyOverride = *.localIE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.htmlIE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.- - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio8788 - cmicnfgp.cplAddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe   ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-01-15 01:23Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ...  scanning hidden autostart entries ... scanning hidden files ...  scan completed successfullyhidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]'ImagePath'='\'c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\' /s \'N360\' /m \'c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\' /prefetch:1'.--------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@='FlashBroker''LocalizedString'='@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe,-101' [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]'Enabled'=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@='c:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe' [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@='{FAB3E735-69C7-453B-A446-B6823C6DF1C9}' [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@='IFlashBroker4' [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@='{00020424-0000-0000-C000-000000000046}' [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@='{FAB3E735-69C7-453B-A446-B6823C6DF1C9}''Version'='1.0'.--------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(816)c:\windows\system32\Ati2evxx.dllc:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll.Completion time: 2011-01-15  01:26:36ComboFix-quarantined-files.txt  2011-01-15 06:26 Pre-Run: 438,707,752,960 bytes freePost-Run: 438,690,107,392 bytes free - - End Of File - - 8AAF48774C58EAE63BBD5E1ECFBB7172d

kevinf80_1d0ac6 · Answer

Hiya Jim,

You never let CF install the recovery console, we need this function available in case of major failure of your system, as follows please

We need to install the Recovery Console. This will help us restore your system in the event of a serious crash. It's very simple to complete and will only take a few moments. It may also be useful in the future.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP2 or SP3, use the SP2 package.

Transfer all files you just downloaded, to the desktop of the infected computer.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

user posted image

Drag the setup package onto ComboFix.exe and drop it.
Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console

at the next prompt, click 'Yes' to run the full ComboFix scan.
When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt in your next reply.

Next,

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

Check
Click the button.
Accept any security warnings from your browser.
Check
Leave the tick out of remove found threats
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your
system.

Post the new log from Combofix (Gotcha) and the log from ESET in next reply. Also does the original issue still remain?

Kevin

jimbo1941 · Answer

HiYa Kevin80,

First of all, I haven't seen the "HATA Region Upload" for several days now. Mabey we got this pest. Have you seen anything in the post's sent ?

Also you should know I have on my system (1) Norton 360 , (2) Malwarebytes Anti-Malware, (3) Windows Defender, (4) Windows Malicious Software Removal Tool. I have run this software several times to remove this problem, with no success. However, as mentioned, I haven't seen this "HATA Region Upload" pop up on my desktop for several days now.

I am running Windows XP Media Center Edition, Version 2005 with service pack 3.

I see Windows XP Home Edition, SP2, Windows XP Professional SP2 on the Microsoft support site. Which of these should I run and post to my desktop ? Im assuming it's Windows Xp Professional SP 2 based on your response.

kevinf80_1d0ac6 · Answer

Hiya Jim,

Try the Home Edition SP2 version first, Your OS is sort of in between, so i assume the Professional version will be incompatible.

Good news that the alert has gone, your CF log looks OK. There are some issues still to resolve but i`d like the Recovery Console installed first.

Run the ESET scan after the CF runs and post both of the logs for me...

Kevin

jimbo1941 · Answer

Hi Kevinf80, Windows XP Home Addition SP2 worked out fine. Installed Recovery Console OK Ran Combofix (Gotcha ) OK See attached Post. Ran ESET online scanner. Did not see anyware 'list found threats' or ' Export to text' The final page showed (1) Scanned files- 72,870, (2) Infected Files - 0, (3)Cleaned Files - 0,  (4) Total Scan Time- 01:0018, (5) Scan Status- Finished. See Combofix (Gotcha).txt below ComboFix 11-01-15.01 - owner 01/16/2011  14:44:42.2.1 - x86Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2303 [GMT -5:00]Running from: c:\documents and settings\owner\Desktop\Gotcha.exeCommand switches used :: c:\documents and settings\owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exeAV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}. (((((((((((((((((((((((((   Files Created from 2010-12-16 to 2011-01-16  ))))))))))))))))))))))))))))))). 2011-01-15 07:32 . 2011-01-15 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip2011-01-15 06:49 . 2010-11-16 17:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{FBF8F944-1D74-45F4-B4A5-527FF8A67B63}\mpengine.dll2011-01-14 21:58 . 2011-01-14 21:58 -------- d-----w- c:\program files\7-Zip2011-01-11 23:24 . 2011-01-11 23:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee2011-01-11 21:59 . 2011-01-11 22:38 -------- d-----w- c:\program files\Anti Trojan Elite2011-01-10 03:10 . 2011-01-10 03:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee2011-01-09 17:49 . 2011-01-09 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee2011-01-09 17:49 . 2011-01-09 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan2011-01-09 17:49 . 2011-01-09 17:49 -------- d-----w- c:\program files\McAfee Security Scan2011-01-06 19:30 . 2000-05-22 06:00 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx2011-01-06 19:30 . 1999-05-07 06:00 140288 ----a-w- c:\windows\system32\comdlg32.ocx2011-01-06 19:30 . 1998-06-24 05:00 209192 ----a-w- c:\windows\system32\TABCTL32.OCX2011-01-06 19:29 . 2011-01-06 19:32 -------- d-----w- c:\documents and settings\owner\Application Data\PCHC2010-12-30 22:28 . 2010-12-30 22:28 -------- d-----w- c:\program files\KODAK Gallery Upload Software2010-12-29 19:58 . 2010-12-29 19:58 -------- d-----w- c:\program files\iPod2010-12-29 19:57 . 2010-12-29 19:58 -------- d-----w- c:\program files\iTunes2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin7.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin6.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin5.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin4.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin3.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin2.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin.dll2010-12-29 19:42 . 2010-12-29 19:43 -------- d-----w- c:\program files\QuickTime .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-12-20 23:09 . 2010-07-02 19:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-12-20 23:08 . 2010-07-02 19:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-12-17 15:46 . 2010-12-17 15:46 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts2010-11-18 18:12 . 2010-07-02 17:55 81920 ----a-w- c:\windows\system32\isign32.dll2010-11-16 17:01 . 2010-07-10 16:03 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2010-11-09 14:52 . 2004-08-10 11:00 249856 ----a-w- c:\windows\system32\odbc32.dll2010-11-06 00:26 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll2010-11-06 00:26 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll2010-11-06 00:26 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2010-11-03 12:25 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec2010-11-02 15:17 . 2004-08-10 11:00 40960 ----a-w- c:\windows\system32\drivers
dproxy.sys2010-10-28 13:13 . 2004-08-10 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll2010-10-26 13:25 . 2004-08-10 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys2010-10-19 15:41 . 2010-07-10 16:02 222080 ------w- c:\windows\system32\MpSigStub.exe2003-08-27 18:19 . 2010-07-03 21:59 36963 ------w- c:\program files\Common Files\SM1updtr.dll. (((((((((((((((((((((((((((((   SnapShot@2011-01-15_06.23.54   ))))))))))))))))))))))))))))))))))))))))).+ 2011-01-16 19:30 . 2011-01-16 19:30 16384              c:\windows\Temp\Perflib_Perfdata_ad4.dat+ 2011-01-15 07:33 . 2011-01-15 07:33 29184              c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}\IconCD95F6617.exe+ 2011-01-15 07:33 . 2011-01-15 07:33 632320              c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}\IconCD95F66110.exe+ 2011-01-15 07:33 . 2011-01-15 07:33 1543168              c:\windows\Installer\a0726.msi.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]2010-09-29 02:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]'{D4027C7F-154A-4066-A1AD-4243D8127440}'= 'c:\program files\Ask.com\GenericAskToolbar.dll' [2010-09-29 1400712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]'{D4027C7F-154A-4066-A1AD-4243D8127440}'= 'c:\program files\Ask.com\GenericAskToolbar.dll' [2010-09-29 1400712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'RoboForm'='c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe' [2010-10-02 160328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ehTray'='c:\windows\ehome\ehtray.exe' [2005-08-05 64512]'HPDJ Taskbar Utility'='c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe' [2004-04-06 172032]'HPHUPD06'='c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe' [2004-06-07 49152]'HP Software Update'='c:\program files\HP\HP Software Update\HPWuSchd2.exe' [2004-02-12 49152]'HP Component Manager'='c:\program files\HP\hpcoretech\hpcmpmgr.exe' [2004-05-12 241664]'HPHmon06'='c:\windows\system32\hphmon06.exe' [2004-06-07 659456]'SM1BG'='c:\windows\SM1BG.EXE' [2003-08-27 94208]'LWS'='c:\program files\Logitech\LWS\Webcam Software\LWS.exe' [2010-05-07 165208]'Cmaudio8788GX'='c:\windows\system\CMGxMon.exe' [2007-12-19 20480]'Malwarebytes' Anti-Malware'='c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe' [2010-12-20 443728]'QuickTime Task'='c:\program files\QuickTime\qttask.exe' [2010-11-29 421888]'iTunesHelper'='c:\program files\iTunes\iTunesHelper.exe' [2010-12-13 421160] c:\documents and settings\owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712] c:\documents and settings\All Users\Start Menu\Programs\Startup\DllCmd32.lnk - c:\jetsuite\DLLCMD32.EXE [2010-7-2 8192]HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]HP LaserJet 3100 Status.lnk - c:\jetsuite\JETSTAT.EXE [2010-7-2 104960]Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\GoToAssist]2010-07-04 03:30 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]@='Service' [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-disabled]'RoxioDragToDisc'='c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe''AppleSyncNotifier'=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]'EnableFirewall'= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]'%windir%\system32\sessmgr.exe'='%windir%\Network Diagnostic\xpnetdiag.exe'='c:\Program Files\Skype\Plugin Manager\skypePM.exe'='c:\Program Files\Microsoft Office\Office14\ONENOTE.EXE'='c:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE'='c:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe'='c:\Program Files\Bonjour\mDNSResponder.exe'='c:\Program Files\Messenger\msmsgs.exe'='c:\Program Files\Skype\Phone\Skype.exe'='c:\Program Files\iTunes\iTunes.exe'= R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [9/24/2010 12:07 AM 328752]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [9/24/2010 12:07 AM 173104]R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/22/2010 9:20 PM 691248]R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [9/24/2010 12:07 AM 501888]R1 js1284;js1284;c:\windows\system32\drivers\JS1284.SYS [7/2/2010 11:40 PM 76848]R1 jsmux;jsmux;c:\windows\system32\drivers\JSMUX.SYS [7/2/2010 11:40 PM 64336]R1 jsscan;jsscan;c:\windows\system32\drivers\JSSCAN.SYS [7/2/2010 11:40 PM 69088]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [9/24/2010 12:07 AM 116784]R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [7/11/2010 10:46 AM 20968]R2 jsfax;jsfax;c:\windows\system32\drivers\JSFAX.SYS [7/2/2010 11:40 PM 64640]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/2/2010 2:57 PM 363344]R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [9/24/2010 12:07 AM 126392]R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]R3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [12/22/2006 1:10 PM 1867840]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/12/2010 11:18 PM 102448]R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110114.002\IDSXpx86.sys [1/15/2011 12:45 AM 341944]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/2/2010 2:57 PM 20952]R3 PhTVTune;ENCORE TV Tuner Pro PCI Adapter;c:\windows\system32\drivers\PhTVTune.sys [7/2/2010 2:25 PM 28480]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 9:51 PM 136176]S2 jspclcap;jspclcap;c:\windows\system32\drivers\JSPCLCAP.SYS [7/2/2010 11:40 PM 55200]S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [12/17/2010 10:46 AM 23456]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\system32\drivers\olcamudp.sys [7/6/2010 1:51 PM 10379]S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]S4 jsdbg;jsdbg;c:\windows\system32\drivers\JSDBG.SYS [7/2/2010 11:40 PM 37168].Contents of the 'Scheduled Tasks' folder 2010-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] 2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 02:51] 2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 02:51] 2011-01-16 c:\windows\Tasks\HP Usg Daily FY04.job- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-07 04:53] 2011-01-16 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] 2011-01-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 02:44] 2011-01-16 c:\windows\Tasks\User_Feed_Synchronization-{8E1ECDDB-A85A-40F9-9054-ECC53823ECEA}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.att.net/uInternet Settings,ProxyOverride = *.localIE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.htmlIE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-01-16 14:50Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ...  scanning hidden autostart entries ... scanning hidden files ...  scan completed successfullyhidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]'ImagePath'='\'c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\' /s \'N360\' /m \'c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\' /prefetch:1'.--------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@='FlashBroker''LocalizedString'='@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe,-101' [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]'Enabled'=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@='c:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe' [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@='{FAB3E735-69C7-453B-A446-B6823C6DF1C9}' [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@='IFlashBroker4' [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@='{00020424-0000-0000-C000-000000000046}' [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@='{FAB3E735-69C7-453B-A446-B6823C6DF1C9}''Version'='1.0'.--------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(828)c:\windows\system32\Ati2evxx.dllc:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll - - - - - - - > 'explorer.exe'(2224)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2011-01-16  14:53:30ComboFix-quarantined-files.txt  2011-01-16 19:53ComboFix2.txt  2011-01-15 06:26 Pre-Run: 441,590,296,576 bytes freePost-Run: 441,589,227,520 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT='Microsoft Windows Recovery Console' /cmdconsUnsupportedDebug='do not select this' /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS='Windows XP Media Center Edition' /noexecute=optin /fastdetect - - End Of File - - 6278E03A3F570896702FB3D10A8A8376

kevinf80_1d0ac6 · Answer

Hiya Jim,ESET normally produces a log, it can also be found here - C:\Program Files\ESET\EsetOnlineScanner\log.txt as no threats were found it is not necessary to show the log.Next,1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in between the dotted lines below into it:------------------------------------------------------------------------------------------------------------------KillAll::Folder::c:\program files\Ask.comRegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}][-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]'{D4027C7F-154A-4066-A1AD-4243D8127440}'=-[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]'{D4027C7F-154A-4066-A1AD-4243D8127440}'=-RegLock::[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@='FlashBroker''LocalizedString'='@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe,-101'[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]'Enabled'=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@='c:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe'[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@='{FAB3E735-69C7-453B-A446-B6823C6DF1C9}'[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@='IFlashBroker4'[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@='{00020424-0000-0000-C000-000000000046}'[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@='{FAB3E735-69C7-453B-A446-B6823C6DF1C9}''Version'='1.0'------------------------------------------------------------------------------------------------------------------Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Kevin..

jimbo1941 · Answer

Kevin, As Directed, PS:  Are we about done scanning my machine??, Again I haven't seen the 'HATA Region Update' again,  last four days. ComboFix 11-01-16.04 - owner 01/17/2011  10:09:26.3.1 - x86Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2278 [GMT -5:00]Running from: c:\documents and settings\owner\Desktop\Gotcha.exeCommand switches used :: c:\documents and settings\owner\Desktop\CFScript.txtAV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Created a new restore point. (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))). c:\program files\Ask.comc:\program files\Ask.com\cobrand.icoc:\program files\Ask.com\config.xmlc:\program files\Ask.com\favicon.icoc:\program files\Ask.com\fv_21.icoc:\program files\Ask.com\GenericAskToolbar.dllc:\program files\Ask.com\mupcfg.xmlc:\program files\Ask.com\SaUpdate.exec:\program files\Ask.com\UpdateTask.exe .(((((((((((((((((((((((((   Files Created from 2010-12-17 to 2011-01-17  ))))))))))))))))))))))))))))))). 2011-01-16 19:58 . 2011-01-16 19:58 -------- d-----w- c:\program files\ESET2011-01-15 07:32 . 2011-01-15 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip2011-01-15 06:49 . 2010-11-16 17:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{FBF8F944-1D74-45F4-B4A5-527FF8A67B63}\mpengine.dll2011-01-14 21:58 . 2011-01-14 21:58 -------- d-----w- c:\program files\7-Zip2011-01-11 23:24 . 2011-01-11 23:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee2011-01-11 21:59 . 2011-01-11 22:38 -------- d-----w- c:\program files\Anti Trojan Elite2011-01-10 03:10 . 2011-01-10 03:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee2011-01-09 17:49 . 2011-01-09 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee2011-01-09 17:49 . 2011-01-09 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan2011-01-09 17:49 . 2011-01-09 17:49 -------- d-----w- c:\program files\McAfee Security Scan2011-01-06 19:30 . 2000-05-22 06:00 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx2011-01-06 19:30 . 1999-05-07 06:00 140288 ----a-w- c:\windows\system32\comdlg32.ocx2011-01-06 19:30 . 1998-06-24 05:00 209192 ----a-w- c:\windows\system32\TABCTL32.OCX2011-01-06 19:29 . 2011-01-06 19:32 -------- d-----w- c:\documents and settings\owner\Application Data\PCHC2010-12-30 22:28 . 2010-12-30 22:28 -------- d-----w- c:\program files\KODAK Gallery Upload Software2010-12-29 19:58 . 2010-12-29 19:58 -------- d-----w- c:\program files\iPod2010-12-29 19:57 . 2010-12-29 19:58 -------- d-----w- c:\program files\iTunes2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin7.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin6.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin5.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin4.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin3.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin2.dll2010-12-29 19:43 . 2010-12-29 19:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS
pqtplugin.dll2010-12-29 19:42 . 2010-12-29 19:43 -------- d-----w- c:\program files\QuickTime .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-12-20 23:09 . 2010-07-02 19:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-12-20 23:08 . 2010-07-02 19:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-12-17 15:46 . 2010-12-17 15:46 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts2010-11-18 18:12 . 2010-07-02 17:55 81920 ----a-w- c:\windows\system32\isign32.dll2010-11-16 17:01 . 2010-07-10 16:03 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2010-11-09 14:52 . 2004-08-10 11:00 249856 ----a-w- c:\windows\system32\odbc32.dll2010-11-06 00:26 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll2010-11-06 00:26 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll2010-11-06 00:26 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2010-11-03 12:25 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec2010-11-02 15:17 . 2004-08-10 11:00 40960 ----a-w- c:\windows\system32\drivers
dproxy.sys2010-10-28 13:13 . 2004-08-10 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll2010-10-26 13:25 . 2004-08-10 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys2010-10-19 15:41 . 2010-07-10 16:02 222080 ------w- c:\windows\system32\MpSigStub.exe2003-08-27 18:19 . 2010-07-03 21:59 36963 ------w- c:\program files\Common Files\SM1updtr.dll. (((((((((((((((((((((((((((((   SnapShot@2011-01-15_06.23.54   ))))))))))))))))))))))))))))))))))))))))).+ 2011-01-15 07:33 . 2011-01-15 07:33 29184              c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}\IconCD95F6617.exe+ 2011-01-15 07:33 . 2011-01-15 07:33 632320              c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}\IconCD95F66110.exe+ 2011-01-15 07:33 . 2011-01-15 07:33 1543168              c:\windows\Installer\a0726.msi.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'RoboForm'='c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe' [2010-10-02 160328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ehTray'='c:\windows\ehome\ehtray.exe' [2005-08-05 64512]'HPDJ Taskbar Utility'='c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe' [2004-04-06 172032]'HPHUPD06'='c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe' [2004-06-07 49152]'HP Software Update'='c:\program files\HP\HP Software Update\HPWuSchd2.exe' [2004-02-12 49152]'HP Component Manager'='c:\program files\HP\hpcoretech\hpcmpmgr.exe' [2004-05-12 241664]'HPHmon06'='c:\windows\system32\hphmon06.exe' [2004-06-07 659456]'SM1BG'='c:\windows\SM1BG.EXE' [2003-08-27 94208]'LWS'='c:\program files\Logitech\LWS\Webcam Software\LWS.exe' [2010-05-07 165208]'Cmaudio8788GX'='c:\windows\system\CMGxMon.exe' [2007-12-19 20480]'Malwarebytes' Anti-Malware'='c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe' [2010-12-20 443728]'QuickTime Task'='c:\program files\QuickTime\qttask.exe' [2010-11-29 421888]'iTunesHelper'='c:\program files\iTunes\iTunesHelper.exe' [2010-12-13 421160] c:\documents and settings\owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712] c:\documents and settings\All Users\Start Menu\Programs\Startup\DllCmd32.lnk - c:\jetsuite\DLLCMD32.EXE [2010-7-2 8192]HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]HP LaserJet 3100 Status.lnk - c:\jetsuite\JETSTAT.EXE [2010-7-2 104960]Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\GoToAssist]2010-07-04 03:30 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]@='Service' [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-disabled]'RoxioDragToDisc'='c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe''AppleSyncNotifier'=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]'EnableFirewall'= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]'%windir%\system32\sessmgr.exe'='%windir%\Network Diagnostic\xpnetdiag.exe'='c:\Program Files\Skype\Plugin Manager\skypePM.exe'='c:\Program Files\Microsoft Office\Office14\ONENOTE.EXE'='c:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE'='c:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe'='c:\Program Files\Bonjour\mDNSResponder.exe'='c:\Program Files\Messenger\msmsgs.exe'='c:\Program Files\Skype\Phone\Skype.exe'='c:\Program Files\iTunes\iTunes.exe'= R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [9/24/2010 12:07 AM 328752]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [9/24/2010 12:07 AM 173104]R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/22/2010 9:20 PM 691248]R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [9/24/2010 12:07 AM 501888]R1 js1284;js1284;c:\windows\system32\drivers\JS1284.SYS [7/2/2010 11:40 PM 76848]R1 jsmux;jsmux;c:\windows\system32\drivers\JSMUX.SYS [7/2/2010 11:40 PM 64336]R1 jsscan;jsscan;c:\windows\system32\drivers\JSSCAN.SYS [7/2/2010 11:40 PM 69088]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [9/24/2010 12:07 AM 116784]R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [7/11/2010 10:46 AM 20968]R2 jsfax;jsfax;c:\windows\system32\drivers\JSFAX.SYS [7/2/2010 11:40 PM 64640]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/2/2010 2:57 PM 363344]R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [9/24/2010 12:07 AM 126392]R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]R3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [12/22/2006 1:10 PM 1867840]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/12/2010 11:18 PM 102448]R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110114.002\IDSXpx86.sys [1/15/2011 12:45 AM 341944]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/2/2010 2:57 PM 20952]R3 PhTVTune;ENCORE TV Tuner Pro PCI Adapter;c:\windows\system32\drivers\PhTVTune.sys [7/2/2010 2:25 PM 28480]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2010 9:51 PM 136176]S2 jspclcap;jspclcap;c:\windows\system32\drivers\JSPCLCAP.SYS [7/2/2010 11:40 PM 55200]S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [12/17/2010 10:46 AM 23456]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\system32\drivers\olcamudp.sys [7/6/2010 1:51 PM 10379]S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]S4 jsdbg;jsdbg;c:\windows\system32\drivers\JSDBG.SYS [7/2/2010 11:40 PM 37168].Contents of the 'Scheduled Tasks' folder 2010-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] 2011-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 02:51] 2011-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 02:51] 2011-01-16 c:\windows\Tasks\HP Usg Daily FY04.job- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-07 04:53] 2011-01-17 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] 2011-01-17 c:\windows\Tasks\User_Feed_Synchronization-{8E1ECDDB-A85A-40F9-9054-ECC53823ECEA}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.att.net/uInternet Settings,ProxyOverride = *.localIE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.htmlIE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-01-17 10:14Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ...  scanning hidden autostart entries ... scanning hidden files ...  scan completed successfullyhidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]'ImagePath'='\'c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\' /s \'N360\' /m \'c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\' /prefetch:1'.--------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(816)c:\windows\system32\Ati2evxx.dllc:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll - - - - - - - > 'explorer.exe'(2204)c:\windows\system32\WININET.dllc:\windows\system32\logishrd\LVPrcInj01.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\windows\system32\Ati2evxx.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\windows\eHome\ehRecvr.exec:\windows\eHome\ehSched.exec:\jetsuite\jsdaemon.exec:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exec:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exec:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exec:\windows\ehome\mcrdsvc.exec:\windows\system32\dllhost.exec:\jetsuite\JSFMAN.EXEc:\windows\system32\wscntfy.exec:\program files\iPod\bin\iPodService.exec:\windows\eHome\ehmsas.exe.**************************************************************************.Completion time: 2011-01-17  10:18:15 - machine was rebootedComboFix-quarantined-files.txt  2011-01-17 15:18ComboFix2.txt  2011-01-16 19:53ComboFix3.txt  2011-01-15 06:26 Pre-Run: 441,419,444,224 bytes freePost-Run: 441,417,904,128 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT='Microsoft Windows Recovery Console' /cmdconsUnsupportedDebug='do not select this' /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS='Windows XP Media Center Edition' /noexecute=optin /fastdetect - - End Of File - - 6DAFA64B4C7B13E76BAD5E9260D20F60

kevinf80_1d0ac6 · Answer

Hiya Jim,

Do you want me to be thorough? you can stop anytime you want, just dont follow the instructions!

Step 1

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

ComboFix and its associated files and folders.
VundoFix backups, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

Step 2

Download OTC by OldTimer and save it to your desktop. Alternative mirror
Double click icon to start the program. If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big button.
You will get a prompt saying "Begining Cleanup Process". Please select Yes.
Restart your computer when prompted.

Step 3

Remove the ESET Online Scanner components from your computer, start the Add or Remove Programs applet via Start > Control Panel, select the ESET Online Scanner entry and click Remove. This will happen very quickly, only re-boot if requested.

Whilst in Add/Remove programs also remove the following:

Adobe Reader 7.0

Any tools/logs left on the Desktop can be deleted or dragged to the Recycle Bin.

Step 4

Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack and exploitation.

Please go to the link below to update.

Adobe Reader Untick the Free McAfee® Security Scan Plus (optional)

Step 5

Download and scan with CCleaner

1. Use either one of the two free links below the Premium version.
2. Before first use, select Options > Advanced and UNCHECK " Only delete files in Windows Temp folder older than 24 hours"
3. Then select the items you wish to clean up.

In the Windows Tab:

Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:

Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the " Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click " OK" and it will scan and clean your system.
7. Click " exit" when done.

Let me know if the above steps completed OK, especially the Combofix /Uninstall command <--- Very important because other functions complete at the same time.

Kevin

jimbo1941 · Answer

Kevin,

Completed steps 1, 2 ,3, & 4. Im a little concerned with step #5. In both the Windows Tab and Applications Tab I don't which entries to remove. Are all these related to the malware software we have been running these last several days. Can you give me some direction on which entries to remove.

Thanks

JimC

kevinf80_1d0ac6 · Answer

These are screen shots of my settings, click on the screen shot and you`ll get an increase in size. In the Windows tab under "Advanced" make sure that "wipe free space" is not ticked or it will increase the run time dramatically.

When you open CCleaner look to the bottom left hand corner of the screen, you`ll see this "Online help" select that and it will take you to the Piriform website where everything is explained in detail.

Virus & Spyware

"HATA Region Upload"

Was this post helpful?