Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Zero Access with no redirects

  • Please log in to reply




  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Yes it did go away. After the second to last scan I did a "fix" and the two icons showed up. I was not sure what made that happen, but I had an idea. With maleware I trust nothing to chance.
  • 0




    Malware Expert

  • Expert
  • 23,797 posts
  • MVP
I don't think we need to worry about what Rogue Killer found. I expect we will hear back from the developer that that is the case.

We could try to run a couple of other scans and see if they work with 2003.

Download aswMBR.exe to your desktop.
Double click aswMBR.exe
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Let's also try the bitdefender quickscan.


When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).
  • 0




  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Sorry got busy, I'll get back to work.
  • 0




  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
aswMBR version Copyright© 2011 AVAST Software
Run date: 2013-02-25 11:23:25
11:23:25.107 OS Version: Windows x64 5.2.3790 Service Pack 2
11:23:25.107 Number of processors: 4 586 0x203
11:23:25.107 ComputerName: MITCH UserName: Mitch
11:23:26.825 Initialize success
11:27:39.482 AVAST engine defs: 13022500
11:28:11.372 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
11:28:11.372 Disk 0 Vendor: WDC_WD5000AVDS-63U7B1 01.00A01 Size: 476940MB BusType: 3
11:28:11.372 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-e
11:28:11.372 Disk 1 Vendor: Hitachi_HDP725050GLA360 GM4OA50E Size: 476940MB BusType: 3
11:28:11.388 Disk 1 MBR read successfully
11:28:11.388 Disk 1 MBR scan
11:28:11.419 Disk 1 Windows XP default MBR code
11:28:11.419 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
11:28:11.466 Disk 1 scanning C:\WINDOWS\system32\drivers
11:28:16.560 Service scanning
11:28:29.279 Modules scanning
11:28:30.794 AVAST engine scan C:\WINDOWS
11:28:35.263 AVAST engine scan C:\WINDOWS\system32
11:30:14.497 AVAST engine scan C:\WINDOWS\system32\drivers
11:30:24.810 AVAST engine scan C:\Documents and Settings\Mitch
11:32:25.904 Disk 1 MBR fix error
11:32:56.419 Disk 1 MBR fix error
11:33:07.466 Disk 1 MBR has been saved successfully to "E:\Media\My Documets\MBR.dat"
11:33:07.466 The log file has been saved successfully to "E:\Media\My Documets\aswMBR.txt"
  • 0




  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
QuickScan 32-bit v0.9.9.118
Scan date: Mon Feb 25 12:34:54 2013
Machine ID: 346E69C5

No infection found.

AVG Internet Security 3208 C:\Program Files (x86)\AVG\AVG2013\avgui.exe
AVG Internet Security 1756 C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
mcci+McciCMService 1972 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
Messenger 1720 C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System 3076 C:\WINDOWS\SysWOW64\ctfmon.exe
Realtek HD Audio Sound Effect Manager 1384 C:\WINDOWS\RTHDCPL.EXE
(verified) Windows® Internet Explorer 524 C:\Program Files (x86)\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3040 C:\Program Files (x86)\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 4880 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Network activity
Process iexplore.exe (524) connected on port 80 (HTTP) -->
Process iexplore.exe (524) connected on port 80 (HTTP) -->
Process iexplore.exe (524) connected on port 80 (HTTP) -->
Process iexplore.exe (524) connected on port 80 (HTTP) -->
Process iexplore.exe (524) connected on port 80 (HTTP) -->
Process iexplore.exe (524) connected on port 80 (HTTP) -->
Process iexplore.exe (524) connected on port 80 (HTTP) -->

Autoruns and critical files
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
AVG Internet Security C:\Program Files (x86)\AVG\AVG2013\avgui.exe
Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\userinit.exe
Realtek AC97 Audio - Event Monitor C:\WINDOWS\ALCMTR.EXE
Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.EXE
Realtek HD Sound Manager C:\WINDOWS\SOUNDMAN.EXE
Watson Subscriber for SENS Network Noti c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE

Browser plugins
AcroIEHelperShim Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Java Deployment Toolkit 6.0.370.6 C:\WINDOWS\SysWOW64\npdeployJava1.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Motive Plugin C:\Program Files (x86)\Common Files\Motive\npMotive.dll
Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

MD5: 89ac2634b447b7917cc8cf99127cf50d C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
MD5: 7e869d0d289358b3dd17fce30e502d3a C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
MD5: a1334a881da3f8d83160a3d2949110b5 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MD5: acd37eac978cba17d19117ae5a3b0bc1 C:\Program Files (x86)\AVG\AVG2013\avgadvisorx.dll
MD5: f7e915fa38c119101873ae5e0e7c8b66 C:\Program Files (x86)\AVG\AVG2013\avgapps.dll
MD5: b40f5dcd59ed2a46eed8ae340cc167fb C:\Program Files (x86)\AVG\AVG2013\avgcfgx.dll
MD5: 76ffa2433feb42e78fb5421a50c8fbe3 C:\Program Files (x86)\AVG\AVG2013\avgclitx.dll
MD5: a6251155b7017d4b4a77a3531a8da6d8 C:\Program Files (x86)\AVG\AVG2013\avgcommx.dll
MD5: 3977e4863fba44b07b278a115074544a C:\Program Files (x86)\AVG\AVG2013\avgcslx.dll
MD5: d4cd238fd4155d5b71c061643ab4717c C:\Program Files (x86)\AVG\AVG2013\avgdecider.dll
MD5: ff9afbd2864bbea6a9e7f90f8c94f6b7 C:\Program Files (x86)\AVG\AVG2013\avgidpsdkx.dll
MD5: 4afc14afa58878faa1d249e7e90ea54b C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
MD5: e9296800685ed622132c0e1fa9241f92 C:\Program Files (x86)\AVG\AVG2013\avgkrnlapix.dll
MD5: 751eedb874fd17a6f26b9e2cc5e19170 C:\Program Files (x86)\AVG\AVG2013\avglngx.dll
MD5: 1c2e1fc9f8ed794cc191e92f27d1391c C:\Program Files (x86)\AVG\AVG2013\avglogx.dll
MD5: a02a4e7f74c3d9fdb63a6801e9b90eff C:\Program Files (x86)\AVG\AVG2013\avgmvflx.dll
MD5: 42836d10270b1940f9a2ff77ae679537 C:\Program Files (x86)\AVG\AVG2013\avgntopensslx.dll
MD5: f820b93e4abccabd698a175fd5fc83fe C:\Program Files (x86)\AVG\AVG2013\avgntsqlitex.dll
MD5: f036db9cf05b3c21405403ff074a78d9 C:\Program Files (x86)\AVG\AVG2013\avgopensslx.dll
MD5: 4dc81b32dcd8d981c9d4a7b556bba782 C:\Program Files (x86)\AVG\AVG2013\avgscanx.dll
MD5: 8622ae563e2ac2f8bf9fafee726fc7b8 C:\Program Files (x86)\AVG\AVG2013\avgsched.dll
MD5: 9e30b21b14fb24c383ac255bdfa47e0e C:\Program Files (x86)\AVG\AVG2013\avgsecapix.dll
MD5: 484987420bc8ded2cb26c6f4ec9ba7f2 C:\Program Files (x86)\AVG\AVG2013\avgsysx.dll
MD5: 9dadf1a809ecec86f04bde35190d59fe C:\Program Files (x86)\AVG\AVG2013\avgui.exe
MD5: eb74c861075ecfa1b51b396615387657 C:\Program Files (x86)\AVG\AVG2013\avguires.dll
MD5: 1e8817866f2e5fe9d9bace6bf1b540d1 C:\Program Files (x86)\AVG\AVG2013\avgvvx.dll
MD5: 57616a5583e6406f88bc71a5a5e0c165 C:\Program Files (x86)\AVG\AVG2013\avgwd.dll
MD5: 6b72e1e329c4e98c6b6fdd2d265e3ba3 C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
MD5: f67480ee1ac3cb32c63af86b0ae57ac9 C:\Program Files (x86)\AVG\AVG2013\avgwdwsc.dll
MD5: 491918e4c46ed4ceb6e7a90f7b73924d C:\Program Files (x86)\AVG\AVG2013\avgxpl.dll
MD5: 041cda6766da9c388e91af41b2114e4a C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: f9616d202b0124d373d2d82a4aa66b1d C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MD5: 3cb07566302bceeb898de270a0bec175 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: f8b823414a22dbf3bec10dcaa5f93cd8 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
MD5: eb260e1beb8f174d8bb77436bae53bde C:\Program Files (x86)\Common Files\Motive\npMotive.dll
MD5: c78e7fc8acceb9b886facf72aea50b45 C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: 47dd9c9f44a4bb05af23b216aebdc188 C:\Program Files (x86)\Internet Explorer\xpshims.dll
MD5: 711a2e6a55ec7bfd59b5f649d58b704b C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
MD5: 5cbbd5fe807984019fe727fd272ab9b4 c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE
MD5: c25cd91025db0df2375ead089cba4b56 C:\Program Files\Messenger\msgsc.dll
MD5: 4c2f0cbcb62f7c601c350e9b3228eb22 C:\Program Files\Messenger\msmsgs.exe
MD5: 08edd7c6e85fc2b8f4910c5a942cb84c C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe
MD5: 5efbbfcc6adac121c8e2fe76641ed329 C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x64\Sandra.sys
MD5: 9bd4dcb5412921864a7aacdedfbd1923 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
MD5: 07c02c892e8e1a72d6bf35004f0e9c5e C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
MD5: eeb2e393b7eb8ebc1e9e56ed005806ec C:\WINDOWS\ALCMTR.EXE
MD5: 39c913873b3ab8593116bd4a7b9bb82b C:\WINDOWS\ALCWZRD.EXE
MD5: d92f04530d57892642ff433bbe3ac876 C:\WINDOWS\AppPatch\AcLayers.DLL
MD5: 56940b50ab0e5923822f47b0e4463885 C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: ae7a08c05f72a9242734c03230a5cd7f C:\WINDOWS\Explorer.exe
MD5: f9f0f095586009e5da0c32e648aa99fa C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
MD5: fa58b51ed71c9133e141164eaa7c54eb C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
MD5: 501cf65702d7f64c38db360f7eb07adc C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: 8bc776595238ab62072aa6beb17ddf59 C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
MD5: 8a4dcd28d2be12946f6d5d308b0942a6 c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 40e274b64843813a81c42687592339d7 C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
MD5: 589b158adfbad142ae6eddc31b632d1d C:\WINDOWS\RTHDCPL.EXE
MD5: 798c0c1ff4e0fce646ca82ae0379ccb0 C:\WINDOWS\SOUNDMAN.EXE
MD5: fa8fff7d70ab15cbcc70b557f3bad6e5 C:\WINDOWS\system32\ACTIVEDS.dll
MD5: 4c572b73ba8c76331b6ee463bac0b1d3 C:\WINDOWS\system32\adsldpc.dll
MD5: 5f1120d0ca0ed6b1ceae21555e06333d C:\WINDOWS\System32\advapi32.dll
MD5: 3798687e7f55855e3dd706b4d1bab076 C:\WINDOWS\System32\aelupsvc.dll
MD5: fd79afa46b60d32557cb62f6050c2b69 C:\WINDOWS\System32\alg.exe
MD5: 090e3b6c7e32edb0390cdeef24ccbf56 C:\WINDOWS\system32\apphelp.dll
MD5: 8a5ad4cfe2d84371abadfcf9e21954f6 C:\WINDOWS\System32\appmgmts.dll
MD5: a95f0828fe3ecc7b4e1bf8d65bd60ad2 C:\WINDOWS\system32\ati2saag.exe
MD5: 62c86ff0cecaae3ee4c4cf43d4223842 C:\WINDOWS\system32\ATL.DLL
MD5: 52cdaca8975f2e9a7acd6b25c4b87f52 C:\WINDOWS\System32\audiosrv.dll
MD5: 5251a868fb1c6c8b774da42f3c107c82 C:\WINDOWS\System32\browser.dll
MD5: 0f28ea02f74a0d960e04abbd7acb0c60 C:\WINDOWS\system32\Cabinet.dll
MD5: ebc34382d0b069aeba6e9168a9826baa C:\WINDOWS\system32\cisvc.exe
MD5: 3ff89b57af2ced2dd4e6049da16a5157 C:\WINDOWS\system32\CLBCatQ.DLL
MD5: e53196ba56081f154e2d7a9e50a1d33f C:\WINDOWS\system32\clipsrv.exe
MD5: 4108062fd06f2b835d4e7a184c5318d1 C:\WINDOWS\system32\CLUSAPI.dll
MD5: 49a5f0a9a539780ba5a1a202416915a0 C:\WINDOWS\system32\cmd.exe
MD5: 4e7911db570813c1aaf64a9f0d92a94b C:\WINDOWS\system32\COMRes.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: 84be46947a039241dcbf3363e0bf6ee5 C:\WINDOWS\system32\credui.dll
MD5: 9d9ebd65972d47b9ed45f03c03076d8f C:\WINDOWS\system32\CRYPT32.dll
MD5: 1bc7938a46b1133678401edbc35c7548 C:\WINDOWS\system32\cryptdll.dll
MD5: ba76e4878ddd1fd3802949177028e18d C:\WINDOWS\system32\cryptnet.dll
MD5: feb85da744dd3f41a427cf6d2bc04fe4 C:\WINDOWS\System32\cryptsvc.dll
MD5: 07c627121e84c7ebf7e38e3a1dbcdec3 C:\WINDOWS\system32\ctfmon.exe
MD5: b6a5071171fe147b9942e1683a7ca134 C:\WINDOWS\system32\D3DIM700.DLL
MD5: 1201df9a11fbb0f69ebd22e503d3bc87 C:\WINDOWS\system32\DHCPCSVC.DLL
MD5: 5437813752863e1201e353fcad8cae37 C:\WINDOWS\system32\dllhost.exe
MD5: 91d67b7ea55438518aaca99b89da8d78 C:\WINDOWS\system32\DNSAPI.dll
MD5: e927f3b46f85d934c8f420fe08593d1b C:\WINDOWS\System32\dnsrslvr.dll
MD5: 749b7691d0b53f40460161c93cfe39cd C:\WINDOWS\system32\DSOUND.dll
MD5: 1cdba31d079d39e0bc3c7203d0097918 C:\WINDOWS\system32\dssenh.dll
MD5: c17c56e91045e14df45d62dd89aed50c C:\WINDOWS\system32\es.dll
MD5: c6510c0a8f561c1e33e7deebb7ee9330 C:\WINDOWS\system32\ESENT.dll
MD5: a26c39540f8be3729846e360e2c57344 C:\WINDOWS\system32\Explorer.exe
MD5: 3e6cfdb025fdd061a63de4fa809f4dbe C:\WINDOWS\system32\HHCTRL.OCX
MD5: ca233ecfadd51241acace76003a88649 C:\WINDOWS\system32\hnetcfg.dll
MD5: e8e78bee0c97dc4dab9b7c25302cd71c C:\WINDOWS\system32\ieframe.dll
MD5: 631dc140443782dea0c98ae5604c95e9 C:\WINDOWS\system32\iepeers.dll
MD5: 27046c93a8dae93a784989c2c283af67 C:\WINDOWS\system32\IMM32.DLL
MD5: 697982224feec30a85844b0048ae80a8 C:\WINDOWS\system32\iphlpapi.dll
MD5: 27c6b8c2afed21c10429a56db95735f6 C:\WINDOWS\system32\ipnathlp.dll
MD5: d855ee3571fb396bac14c8ec2c52131c C:\WINDOWS\system32\KsUser.dll
MD5: 1916d44188853a53db93aecc6e6197d0 C:\WINDOWS\System32\lmhsvc.dll
MD5: a83414d7a45555274e99793aa22d54ab C:\WINDOWS\system32\locator.exe
MD5: 49796a6f553f5d9873d28e2751d73902 C:\WINDOWS\system32\logonui.exe
MD5: 2a2c442f00b45e01d4c882eea69a01bc C:\WINDOWS\system32\MFC100ENU.DLL
MD5: f3de10aabd5c7a1a186c9966f037d0c0 C:\WINDOWS\system32\mfc100u.dll
MD5: abd53b03bca169734823dfd2b08a506c C:\WINDOWS\system32\midimap.dll
MD5: 0f7d55845789ca25066b1e6c1b36287e C:\WINDOWS\system32\MLANG.dll
MD5: 890af1349b12f73aa0a7a6e14e04d661 C:\WINDOWS\system32\MPRAPI.dll
MD5: d8f172c1ca72666d8193e226da7225f4 C:\WINDOWS\System32\mprdim.dll
MD5: b85db25323eb9b99fe1f4fe6a5263fe6 C:\WINDOWS\system32\MSACM32.dll
MD5: 0c05b038be32dffefdbefbab0ae3048f C:\WINDOWS\system32\msacm32.drv
MD5: 220703a02446760973c0c96cc250edca C:\WINDOWS\system32\msapsspc.dll
MD5: 4a893d3af4eb07fc10ef93495fe3027b C:\WINDOWS\system32\MSASN1.dll
MD5: cf9fd4d848945951a2468bd85ebfbe23 C:\WINDOWS\system32\msctfime.ime
MD5: fc7e1ebd0d38e62c924e89ea1c534d4d C:\WINDOWS\system32\msfeeds.dll
MD5: 6e0f4b898cffb42a4c917d2b7a34b2d7 C:\WINDOWS\system32\mshtml.dll
MD5: ec72e009bd1fa3e5e6d237638561797a C:\WINDOWS\system32\msiexec.exe
MD5: 48e734a088cba995dced4557e2dd3111 C:\WINDOWS\system32\MSIMG32.dll
MD5: e55dbe91ec018297b4998965cbdf1f6b C:\WINDOWS\system32\msnsspc.dll
MD5: bc83108b18756547013ed443b8cdb31b C:\WINDOWS\system32\MSVCP100.dll
MD5: de7b4cfdc2028f09225b653d0d4e6513 C:\WINDOWS\system32\msvcp60.dll
MD5: 0e37fbfa79d349d672456923ec5fbbe3 C:\WINDOWS\system32\MSVCR100.dll
MD5: 3ee7a96cc9d56c54e85e772b3e40c562 C:\WINDOWS\system32\MSVCRT40.dll
MD5: 8cfb662b5eecfabbfbc7f554b55ce82c C:\WINDOWS\system32\mswsock.dll
MD5: 770e7b1d6374c727d5aa74676e349854 C:\WINDOWS\system32\netapi32.dll
MD5: 13d9a8b63a2a99a88339c0e00b702c92 C:\WINDOWS\system32\netdde.exe
MD5: 12bcfb57162ad17cea545e362cd886a8 C:\WINDOWS\system32\netman.dll
MD5: 03fed5f5bca1605f76517e8a485cf360 C:\WINDOWS\system32\netshell.dll
MD5: 43943e705f55e78d096c141ad22506a4 C:\WINDOWS\system32\ntdll.dll
MD5: a831d21416f830db8541b55dbd3d628b C:\WINDOWS\system32\NTDSAPI.dll
MD5: 77c6ef161d8b1868372b39a35599f3e4 C:\WINDOWS\system32\ole32.dll
MD5: 7f08936d9a18baaa5aa41fb8e9754d3e C:\WINDOWS\system32\oleacc.dll
MD5: cdc5d1e1631183ed34a273a713446325 C:\WINDOWS\system32\PSAPI.DLL
MD5: 3043ea582498db11fba475b511917902 C:\WINDOWS\system32\rasadhlp.dll
MD5: 296d342fc053114958ec0147a210e4a0 C:\WINDOWS\system32\RASAPI32.dll
MD5: ed67fa5dc9ce0bfc5ccce4296c684a57 C:\WINDOWS\System32\rasauto.dll
MD5: a37808260417c047fc6c64f7939550c3 C:\WINDOWS\system32\rasman.dll
MD5: 02bc610cc90ca5415eb2c9409e77d583 C:\WINDOWS\System32\rasmans.dll
MD5: 55efa91d1c0de44c22d2d83413b06510 C:\WINDOWS\system32\regsvc.dll
MD5: c0a3b93f68cc359d783c35c674958b92 C:\WINDOWS\system32\rsaenh.dll
MD5: 8fd89ea6714afa9d03a71d9ce0265350 C:\WINDOWS\system32\rtutils.dll
MD5: c67f484c82858d9dfe6d9ef471706289 C:\WINDOWS\system32\SAMLIB.dll
MD5: edf6b1852a55581ecc6ba18b4e2c6e8e C:\WINDOWS\System32\SCardSvr.exe
MD5: 78b996f329625860736f4c2d8a021ed4 C:\WINDOWS\system32\schannel.dll
MD5: 7e60f04ae424401a14d153ca6e851a85 C:\WINDOWS\system32\schedsvc.dll
MD5: 406e893e56faabf07a212cc8634d7236 C:\WINDOWS\system32\sclgntfy.dll
MD5: 03911d9a5d15a80301e767f787c0b015 C:\WINDOWS\System32\seclogon.dll
MD5: 97b6172283112af7451e4abe83dd6f24 C:\WINDOWS\system32\sens.dll
MD5: cfae18c5c50b53aa63f0434d27efe0ec C:\WINDOWS\system32\sensapi.dll
MD5: 41f85badf2d6ae56c380efc9eab609b4 C:\WINDOWS\system32\SETUPAPI.dll
MD5: 4d99c6fadf8107388f1c987ce3608a35 C:\WINDOWS\system32\sfc_os.dll
MD5: 5af5e1ba8593e9c7a0b0a84c499bbfd7 C:\WINDOWS\system32\ShimEng.dll
MD5: 0af6401bdbd41a8b7aed5c923b8fdf4d C:\WINDOWS\System32\shsvcs.dll
MD5: cc8610d2ffaff19d5c9cf8ce9ffad71a C:\WINDOWS\system32\smlogsvc.exe
MD5: 206fd327b4aad3aeaa8e0d7d03f2044a C:\WINDOWS\system32\spoolsv.exe
MD5: 6bfd829c7f42c1525e6eb00f9fe0d985 C:\WINDOWS\System32\ssdpsrv.dll
MD5: a123192c4f65b9b1846f502255244916 C:\WINDOWS\system32\SXS.DLL
MD5: d2fd21334cecd8d98566643fbd9e8dda C:\WINDOWS\system32\TAPI32.dll
MD5: ce1fcaf92f06bb8549c9e1b8605b90cc C:\WINDOWS\System32\tapisrv.dll
MD5: 671fc35e995ffdbced00202771c6d169 C:\WINDOWS\system32\trkwks.dll
MD5: 78647961105905009a972f5f6c6fd34d C:\WINDOWS\System32\upnphost.dll
MD5: 92c3a632e963a8224fe62aa37c9508f6 C:\WINDOWS\System32\ups.exe
MD5: 13c5f34c2dbecea629afd37169c32e90 C:\WINDOWS\system32\USERENV.dll
MD5: b5feb3b971a8b8c81ce9de65031a87e5 C:\WINDOWS\system32\userinit.exe
MD5: 6724a57151379514e99643bca8e38dcb C:\WINDOWS\system32\USP10.dll
MD5: 8d8b949c77d28702cc2aa1fcc26a942b C:\WINDOWS\system32\uxtheme.dll
MD5: 42cdae64da5beabb51c0c0f613658545 C:\WINDOWS\system32\w32time.dll
MD5: 17759080bf2e35ece530d9aa9a6bf818 C:\WINDOWS\System32\w3ssl.dll
MD5: b6efe177b162127f3404cf56c27e9338 C:\WINDOWS\system32\wdmaud.drv
MD5: 6f66e66ab1c25c0bd363f2252db04360 C:\WINDOWS\System32\webclnt.dll
MD5: 0df3c24094f68a5e5fa77a681e438a46 C:\WINDOWS\system32\wiaservc.dll
MD5: ec5b86dbef51c42e73598df2031b25f4 C:\WINDOWS\system32\WINMM.dll
MD5: 372097347142b42a6dd0db68e20c37b2 C:\WINDOWS\System32\winrnr.dll
MD5: 9cf0558b41cab02e7d6f81bc59cd21a7 C:\WINDOWS\system32\WINSPOOL.DRV
MD5: c26f09825053405920fe2852e47be3ec C:\WINDOWS\system32\WINSTA.dll
MD5: 6476c431ef0ba2d4c6f8b0364764fc41 C:\WINDOWS\system32\wintrust.dll
MD5: 2263977648895c2e8c7010ca75d9d697 C:\WINDOWS\system32\WMI.dll
MD5: 5c34f97d87b2a8c9cb4422e67f2dab61 C:\WINDOWS\system32\ws2_32.dll
MD5: db98252452c69c675ed53cd25f590f4b C:\WINDOWS\system32\WS2HELP.dll
MD5: 6ca76a0dfc08819f617e312f32411a4f C:\WINDOWS\System32\wshtcpip.dll
MD5: b4c9644244a88b82a5466e5d11851b20 C:\WINDOWS\system32\WSOCK32.dll
MD5: d93593b1df820339f0fbd291d533169d C:\WINDOWS\system32\WTSAPI32.dll
MD5: 04d17d6159df4582e292961b1e8e51d6 C:\WINDOWS\system32\WZCSAPI.DLL
MD5: e21b2d0a0d4ab1d2441fe9fcc961c392 C:\WINDOWS\system32\WZCSvc.DLL
MD5: 7d20dffec039579e36d630dd61dcd6cc C:\WINDOWS\system32\xmllite.dll
MD5: c5b83f9a09a3ebfe8a931472f6da4e38 C:\WINDOWS\System32\xmlprov.dll
MD5: 6d59f4dabc2eaee5814f7f28d052539d C:\WINDOWS\system32\XPOB2RES.DLL
MD5: b73cf0297b596a4e4fed2014f8799e0a C:\WINDOWS\system32\xpsp2res.dll
MD5: 1561781fc841cf2ee42d9756068f587b C:\WINDOWS\SysWOW64\actxprxy.dll
MD5: 5f1120d0ca0ed6b1ceae21555e06333d C:\WINDOWS\syswow64\ADVAPI32.dll
MD5: 090e3b6c7e32edb0390cdeef24ccbf56 C:\WINDOWS\SysWOW64\apphelp.dll
MD5: 0dd9dee0121096ca239285d49c71207d C:\WINDOWS\syswow64\comdlg32.dll
MD5: 07c627121e84c7ebf7e38e3a1dbcdec3 C:\WINDOWS\SysWOW64\ctfmon.exe
MD5: 0c62f549b5ad3e32c1d777a3d39ccc65 C:\WINDOWS\SysWOW64\DCIMAN32.dll
MD5: 00d577a90ccca2d3c1b0669435f51119 C:\WINDOWS\SysWOW64\DDRAW.dll
MD5: 3513ac1ad0f37b13227cd518f7a97a0e C:\WINDOWS\SysWOW64\ddrawex.dll
MD5: c17c56e91045e14df45d62dd89aed50c C:\WINDOWS\SysWOW64\es.dll
MD5: ef18922631c46945eb0d958473e1f4d9 C:\WINDOWS\syswow64\GDI32.dll
MD5: 6c658f6b87dcdc374b4e47f53f2144af C:\WINDOWS\SysWOW64\iasrecst.dll
MD5: e8e78bee0c97dc4dab9b7c25302cd71c C:\WINDOWS\syswow64\IEFRAME.dll
MD5: 1566f16431d66b7b9bafd5a0a8418cf6 C:\WINDOWS\syswow64\iertutil.dll
MD5: 5d31655ac46cc82952568fefba3d8bfc C:\WINDOWS\syswow64\imagehlp.dll
MD5: 697982224feec30a85844b0048ae80a8 C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
MD5: f3f4e08ecca327224b40b8e2e4272761 C:\WINDOWS\SysWOW64\jscript.dll
MD5: e20cf4254e4466b57534e7b58d6262a0 C:\WINDOWS\syswow64\kernel32.dll
MD5: 135d539beff49d25574436a822f2820f C:\WINDOWS\SysWOW64\mnmsrvc.exe
MD5: 835fdd56050347a0ea39ca3627d51afc C:\WINDOWS\syswow64\MPR.DLL
MD5: 449cee6ed95b047c5e115e3594fe0c61 C:\WINDOWS\SysWOW64\MSCTF.dll
MD5: 96976a57ca09defd08d6f3aac4688b31 C:\WINDOWS\SysWOW64\msimtf.dll
MD5: 4d32f7bdbf325792ae28d5380ddf6bcf C:\WINDOWS\SysWOW64\mspmsnsv.dll
MD5: e5b9005532437ba6ab73de1642d3ca4d C:\WINDOWS\SysWOW64\MSUTB.dll
MD5: 082f75ca00c67549ca7b51967d1ef3dd C:\WINDOWS\SysWOW64\msv1_0.DLL
MD5: bc83108b18756547013ed443b8cdb31b C:\WINDOWS\SysWOW64\MSVCP100.dll
MD5: 1511446a6a7cd453299815575c92e5c6 C:\WINDOWS\syswow64\msvcrt.dll
MD5: b75e277b1a49a5358bf08cd2a78fe18e C:\WINDOWS\SysWOW64\msxml3.dll
MD5: 3e21e80d10e1033d9c137440554ff724 C:\WINDOWS\SysWOW64\npdeployJava1.dll
MD5: 77c6ef161d8b1868372b39a35599f3e4 C:\WINDOWS\syswow64\ole32.dll
MD5: 05bf13c2c924d9dc9f6c7cda7daa5bd6 C:\WINDOWS\syswow64\OLEAUT32.dll
MD5: cdc5d1e1631183ed34a273a713446325 C:\WINDOWS\SysWOW64\PSAPI.DLL
MD5: c8d23ede4964a08fe60a52e21be38d8d C:\WINDOWS\syswow64\RPCRT4.dll
MD5: 8fb236c7fd1197b26418124c79198f4c C:\WINDOWS\syswow64\Secur32.dll
MD5: cfae18c5c50b53aa63f0434d27efe0ec C:\WINDOWS\SysWOW64\SensAPI.DLL
MD5: 4529fa58a8d34cd40ce82413e2cf638a C:\WINDOWS\syswow64\SHELL32.dll
MD5: b92b131426401e68c4d060f35a1d0961 C:\WINDOWS\syswow64\SHLWAPI.dll
MD5: 91a427f976c9c88c9b4f769487e50bcf C:\WINDOWS\SysWOW64\snmpapi.dll
MD5: 5f9785e7535f8f602cb294a54962c9e7 C:\WINDOWS\SysWOW64\speedfan.sys
MD5: 7d1dcefbd098adfa64167ce6f6a502f7 C:\WINDOWS\syswow64\urlmon.dll
MD5: 8be4e29da25073bf7894e2a61c9525de C:\WINDOWS\syswow64\USER32.dll
MD5: 8d8b949c77d28702cc2aa1fcc26a942b C:\WINDOWS\SysWOW64\uxtheme.dll
MD5: 17b98b8880e684514328a6a8ee72aa5c C:\WINDOWS\SysWOW64\vbscript.dll
MD5: 2ef50d05479882a65ad198c8a0512024 C:\WINDOWS\syswow64\VERSION.dll
MD5: 865c99fb847c136edda6dba1ac6842b3 C:\WINDOWS\SysWOW64\wbem\fastprox.dll
MD5: 59cc44ab97c3992e228faef4e2ce06a7 C:\WINDOWS\SysWOW64\wbem\wbemcomn.dll
MD5: 3b3e5d9ec505acbd2553367ebee7fa16 C:\WINDOWS\SysWOW64\wbem\wbemprox.dll
MD5: aed3c8448a6c4f12981dcccc1f818285 C:\WINDOWS\SysWOW64\wbem\wbemsvc.dll
MD5: 24cc573e75b7cefba040d8148b19057e C:\WINDOWS\syswow64\WININET.dll
MD5: 384c93bebaca1336e930ef713ede2511 C:\WINDOWS\syswow64\WLDAP32.dll
MD5: 5c34f97d87b2a8c9cb4422e67f2dab61 C:\WINDOWS\SysWOW64\WS2_32.dll
MD5: db98252452c69c675ed53cd25f590f4b C:\WINDOWS\SysWOW64\WS2HELP.dll
MD5: cd6561630800d9113e8138f24322631e C:\WINDOWS\WinSxS\WOW64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_8D2E3180\comctl32.dll
MD5: 3a90979648e2414136b40884be824e91 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.4770_x-ww_A689AB02\Comctl32.dll
MD5: 39a592f9ceee34da955ffa7694a2df5b C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_C8DFF154\gdiplus.dll

No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.01 MB sent, 0.91 KB recvd
Scanned 268 files and modules - 29 seconds

  • 0




  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Eset found nothing. Not sure where the log is on that.
  • 0



    Malware Expert

  • Expert
  • 23,797 posts
  • MVP
I don't see anything other than an out of date java plugin:

Java Deployment Toolkit 6.0.370.6 C:\WINDOWS\SysWOW64\npdeployJava1.dll

OTL says it is in Firefox so open Firefox then click on the Firefox box in the upper left then on Add-Ons then on Plug-ins. (If you don't see it there then look under Extensions. ) Click on Uninstall or Disable.

Get Speedyfox http://www.crystalidea.com/speedyfox Save it then run it by right click and Run As Admin. (Close Firefox) Speed up my Firefox. When it finishes hit exit.

OTL is also complaining about the hosts file being missing.

Download HostsXpert from http://www.funkytoad...HostsXpert.zip. Save the file then right click and Extract All. It will create a new folder in the same place. In the folder find HostsXpert.exe and right click on it and Run As Administrator.

It will take a few seconds to appear. If the top line in the left column says Make Writeable, click on it and it should change to Make Read Only? If it already says Make Read Only? that's OK just go on to the next step.
Now click on the left column entry that says: Restore MSHosts file. Click on the Make Read Only? entry then close HostXpert. Run OTL, Quickscan again and let's see if the hosts file is happy now.

  • 0




  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
That is very strange....I don't have Firefox and I only checked it out once.
  • 0



    Malware Expert

  • Expert
  • 23,797 posts
  • MVP
OK. When you uninstalled Firefox it left your default profile in place and that's what we are seeing. You can just delete the file:
C:\WINDOWS\SysWOW64\npdeployJava1.dll if it is still there.
  • 0




  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Can't seem to find it. What is the best way to do so? My windows search is not working.

Sorry I've been out cleaning up snow.

Edited by M2mouse, 26 February 2013 - 03:29 PM.

  • 0




    Malware Expert

  • Expert
  • 23,797 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will probably not need to reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\02262013-some number.log so look there if you don't see it.
  • 0




  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37\ deleted successfully.
C:\WINDOWS\SysWOW64\npdeployJava1.dll moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\SysWOW64\npdeployJava1.dll not found.

OTL by OldTimer - Version log created on 02272013_102210
  • 0



    Malware Expert

  • Expert
  • 23,797 posts
  • MVP
OK that cleared it. Anything else we need to worry about?

if not:

We need to clean up System Restore.

Copy the following:


Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.

OTL has a cleanup tab but I don't trust it. Best to just delete otl.exe and the folder c:\_OTL

To hide hidden files again (If you do not run OTL cleanup):


# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 9 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then you should install No-Script (Firefox) or Script-No add-ons (Chrome) and only use Firefox or Chrome to visit the site. You will need to tell No-Script/Script-No that the site is allowed to run Java.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Make sure you have Windows update working and preferably on Automatic download and install. There was a September 21 update to Internet Explorer which is very important as it fixes a big security hole. KB2744842. See: http://www.microsoft...201209_oob.aspx
  • 0




  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Ok I have cleared the restore points in OTL,unchecked Display the contents of system folders(Hide protected operating system files was checked already) and disabled Javascript in Adobe.
I think I got rid of all my Java when I heard about the problem. I'm not sure if it is all gone.

Is there anything I need to do with my RK Quarantine file?
I can't seem to get the add blocker(IE tends block those searches).
I still have OTL,TDSKiller,aswMBR,an MBR DAT file and Rouge Killer. Do I need to get rid of all of them?

Edited by M2mouse, 27 February 2013 - 12:23 PM.

  • 0



    Malware Expert

  • Expert
  • 23,797 posts
  • MVP
There was a typo in my post. It should be http://simple-adblock.com/ which should take you right there.

You can delete the MBR.DAT file and the RK Quarantine folder. The programs can be deleted too. They are often updated so older versions aren't much use tho OTL might come in handy if you get reinfected and the malware doesn't allow downloads.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP