[kate4u2]

Ran the Security Check:

Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 26
Adobe Flash Player 10.3.183.7
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````


Thank you for all the time you are spending to help me!! I really could not have done this on my own!!

[Advertisements]

Hi kate4u2!

Thank you for all the time you are spending to help me!! I really could not have done this on my own!!

No problem! I'm glad to be of assistance!!

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Microsoft: ‘Unprecedented Wave of Java Exploitation’
• Drive-by Trojan preying on out-of-date Java installations
• Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
• Look for "Java Platform, Standard Edition".
• Click the "Download JRE" button to the right.
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
• From the list, select your OS and Platform:
  
  • 32-bit Select: Windows x86 Offline.
  • 64-bit Select: Windows x64.
• If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
• Close any programs you may have running - especially your web browser.

Go to > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
• If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
• When the Java Setup - Welcome window opens, click the Install > button.
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
• The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

• Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
• Click Ok and reboot your computer.

NEXT


No Anti-Virus Present

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors

• Avira AntiVir Personal
• avast! 6 Home Edition
• Microsoft Security Essentials

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.



NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  
  

  
  netsvcs
  drivers32
  hklm\software\clients\startmenuinternet|command /rs
  %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  

• Push the Quick Scan button.
• A report will open. Copy and Paste that report in your next reply.

NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

[SweetTech]

Hi kate4u2!

Thank you for all the time you are spending to help me!! I really could not have done this on my own!!

No problem! I'm glad to be of assistance!!

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Microsoft: ‘Unprecedented Wave of Java Exploitation’
• Drive-by Trojan preying on out-of-date Java installations
• Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
• Look for "Java Platform, Standard Edition".
• Click the "Download JRE" button to the right.
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
• From the list, select your OS and Platform:
  
  • 32-bit Select: Windows x86 Offline.
  • 64-bit Select: Windows x64.
• If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
• Close any programs you may have running - especially your web browser.

Go to > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
• If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
• When the Java Setup - Welcome window opens, click the Install > button.
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
• The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

• Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
• Click Ok and reboot your computer.

NEXT


No Anti-Virus Present

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors

• Avira AntiVir Personal
• avast! 6 Home Edition
• Microsoft Security Essentials

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.



NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  
  

  
  netsvcs
  drivers32
  hklm\software\clients\startmenuinternet|command /rs
  %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  

• Push the Quick Scan button.
• A report will open. Copy and Paste that report in your next reply.

NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

[kate4u2]

Good evening! I haven't had time to be on the last few days.
Here is the OTL log you asked for:

OTL logfile created on: 9/30/2011 8:39:30 PM - Run 6
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Kathy\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 612.30 Mb Available Physical Memory | 60.38% Memory free
2.38 Gb Paging File | 2.07 Gb Available in Paging File | 86.94% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 59.71 Gb Free Space | 80.12% Space Free | Partition Type: NTFS

Computer Name: KATHY-0E786244E | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/28 11:35:13 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/09/25 22:59:48 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kathy\My Documents\Downloads\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/06 19:10:52 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/02/21 13:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/02/21 13:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/02/21 13:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe


========== Modules (No Company Name) ==========

MOD - [2007/03/16 20:10:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/02/21 13:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/09/28 11:35:13 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2007/02/21 13:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2011/09/30 20:24:23 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DBDB793-1CAA-4767-81B6-809A0420CB38}\MpKsl063e101f.sys -- (MpKsl063e101f)
DRV - [2007/05/06 19:12:00 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/22 16:12:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/03/22 16:12:34 | 000,178,176 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/03/22 16:12:32 | 000,092,288 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwdelser.sys -- (NWDellPort)
DRV - [2007/03/22 16:12:32 | 000,092,288 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwdelmdm.sys -- (NWDellModem)
DRV - [2007/03/16 20:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/02/21 13:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/11/15 02:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 21:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 19:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 20:47:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 20:47:00 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/02 20:46:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/?_bc=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/?_bc=1"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 20:24:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/05 22:37:47 | 000,000,000 | ---D | M]

[2010/08/01 13:27:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kathy\Application Data\Mozilla\Extensions
[2011/08/06 17:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\7amsz3ly.default\extensions
[2011/09/28 11:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/28 11:35:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2010/09/18 01:26:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/30 20:24:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 11:35:15 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/26 13:27:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [systray] C:\Program Files\Dell\Dell Mobile Broadband\systray.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A90B6D4F-6FE7-4D4D-BADC-3829A41A31B3}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kathy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kathy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/31 11:36:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/09/29 12:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Local Settings\Application Data\Sun
[2011/09/28 11:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/28 10:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/09/28 01:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Local Settings\Application Data\Google
[2011/09/28 01:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/09/27 18:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/26 23:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/26 23:09:59 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/26 23:09:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/26 13:20:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/26 13:18:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/26 13:18:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/26 13:18:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/26 13:18:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/26 13:18:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/25 19:49:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/24 21:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/22 12:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Application Data\Uniblue
[2011/09/22 12:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/09/22 12:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Local Settings\Application Data\PackageAware
[2011/09/20 13:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/10 11:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/05 22:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/05 22:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/09/05 22:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

========== Files - Modified Within 30 Days ==========

[2011/09/30 20:39:40 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/09/30 20:29:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/30 20:24:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/30 10:59:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/29 12:41:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/28 10:48:06 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/09/26 23:10:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/26 13:27:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/26 13:20:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/22 12:32:13 | 002,883,584 | ---- | M] () -- C:\Documents and Settings\Kathy\NTUSER.bak
[2011/09/16 13:04:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/05 22:29:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2011/09/28 10:52:43 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/28 10:52:43 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/09/28 10:47:31 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/09/26 23:10:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/26 15:04:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/26 13:20:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/26 13:20:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/26 13:18:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/26 13:18:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/26 13:18:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/26 13:18:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/26 13:18:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/17 07:51:26 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/29 13:47:36 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/02 12:18:04 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/01 14:56:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/08/01 14:56:46 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/08/01 14:56:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/08/01 13:27:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/01 10:08:58 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/08/01 09:58:02 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010/07/31 11:39:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/31 11:33:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/31 03:25:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/31 03:24:10 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,433,346 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,068,136 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/08/01 10:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cingular
[2010/08/01 10:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2011/09/24 21:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/01/31 20:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/06 12:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy\Application Data\MsgCnf
[2010/09/06 13:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy\Application Data\MyShoppingGenie
[2011/09/22 12:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy\Application Data\Uniblue
[2011/09/30 20:29:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/09/30 20:39:40 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/30 20:24:55 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/30 20:24:55 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/30 20:24:55 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/30 20:24:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/30 20:24:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/30 20:24:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-28 08:11:28

< >

< End of report >

[kate4u2]

I still get these balloon pop ups when I start my computer:

"Welcome to the Found New Hardware Wizard... The wizard helps you install for 'unknown' If your hardware came with an installation cd or floppy disk, insert it now. What do you want the wizard to do?"
It then asks me to check one of two options and press "next."
The balloon says " a problem occurred while installing new hardware. Your hardware may not work properly."
Another balloon says "adapter problem.... driver is not installed"
A third balloon says "found new hardware... searching for drivers"

[SweetTech]

Hello,

From a malware stand point your logs appear to be clean. I am going to suggest that you post in the Windows XP forum and see what the techs have to say about the remaining issue.

I'd be sure to include a link to this thread, so that they can see what we've done so far.

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  

  :Commands
  [ClearAllRestorePoints]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.

NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

• Reopen on your desktop.
• Click on
• You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Extra Goodies

• It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
  Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
  
• Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
• You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:
  
  
  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates

• Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.
  
  
• FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an addon available for Chrome and Opera.
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
• In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
  Think Prevention.
  PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

[kate4u2]

Good morning SweetTech!

========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.29.1 log created on 10012011_092605

Where would I find these?
"If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now."

Do I have any of these?
"Avoid P2P Programs"

I downloaded google crome...

Thank you so much!!! I have no idea what you did, but my computer works great! I will follow up with the "Windows" techs to see if they can help me with my "driver" pop ups.
Blessings to you!
Kate4u2

Edited by kate4u2, 01 October 2011 - 09:14 AM.

[SweetTech]

Good Evening kate4u2!!

Where would I find these?
"If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now."

If you had any tools leftover on your computer they would most likely be on your desktop. I was referring to things like the installation files for some of the programs we updated like Java.

Do I have any of these?
"Avoid P2P Programs"

No you don't.

Thank you so much!!! I have no idea what you did, but my computer works great! I will follow up with the "Windows" techs to see if they can help me with my "driver" pop ups.

You're more than welcome! I'm glad we were able to work together to solve the issues you were experiencing with your computer!

Kindest Regards,
ST

[SweetTech]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.