Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Data Restore Virus


  • Please log in to reply
11 replies to this topic

#1 glassgreen

glassgreen

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 26 November 2011 - 08:08 PM

I've been having this problem too, and now I am infected with the Data Restore virus. I don't know if the two issues are related...

Edited by hamluis, 26 November 2011 - 09:16 PM.
Split from differerent topic, PM sent new OP.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:17 AM

Posted 27 November 2011 - 12:02 AM

Hello and welcome.
This infection family will also hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.


If needed
Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode

<<><<><><><><><><><><><><><><><><><><><><><>
Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


These apps can be downloaded to a flash drive or CD and run off there also.

Please follow our Removal Guide here Remove System Fix (Uninstall Guide) .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

Edited by boopme, 27 November 2011 - 12:09 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 glassgreen

glassgreen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 27 November 2011 - 01:15 PM

I already ran the uninstall instruction -- in both safe mode and regular mode.

In safe mode rkill stopped an executable called ovLtsvlxcxH.exe. It also said that Windows was configured to use a proxy and that the proxy settings have been removed. TDSSS found and removed a rootkit. Malwarebytes found and removed one instance of PUM.Hijack.StartMenu. Then I used unhide.exe to view my files again.

Malwarebytes prompted me to restart my system. I let my system start in regular mode and I still had the issue. I reran everything. Rkill found the ovLtsvlxcxH.exe. I don't remember if the proxy issue was found again. TDSS didn't find anything. Malwarebyes found and removed six instances of PUM.Hijack.StartMenu.

I renamed the ovLtsnlxcxh.exe, hoping to stop it from executing. My system was still infected and my system came to a crawl. I started to run Stinger to see if it would find anything and let it run over night.

This morning I found that stinger had hung overnight. I restarted my system in safe mode and am running stinger again now. So far it's found rkill.exe and iExplore.exe infected with the Artemis!6A5C52064E8 virus/trojan and has removed it. I downloaded these executables from your website using the links on the System Fix uninstall page. Not sure if they were downloaded infected or if some other process infected them.

I am using an uninfected computer to download files to a flash drive to use them on my infected computer. I'll be seriously bummed if my good computer gets infected too.

I renamed all the rkill files on my flash drive to text files (e.g., rkill.txt). I hope that stops them from running. I'm scanning my good system with Stinger right now.

I'll update this later with my log files from the earlier uninstall processes and the results of the Stinger scan. I'm a little hestitant to transfer any files to my good system at this point. I'll try to update this from my infected system when stinger is done.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:17 AM

Posted 27 November 2011 - 01:35 PM

The files from BC you ate seeing in Stinger are not infected. They are being seen as infections by Stingers detection scheme. I just checked them all to be sure.

Can you at least post the bottom portion of the TDSS log?


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 glassgreen

glassgreen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 27 November 2011 - 01:39 PM

Should I do all this in safe mode or if I am unable to do it all in regular mode?

Also, should I rename the ovLtsvlxcxH.exe file so it's an exe again before running all this?

Thx

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:17 AM

Posted 27 November 2011 - 01:49 PM

Hello.If needed do it in Safe Mode.

Let RKill find and stop it then run the Tools MBAM etc,,Do Not Reboot until ALL are done. As once you reboot Rkill release its stopped files and the other tools are neede to remove what was stopped.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 glassgreen

glassgreen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 27 November 2011 - 05:35 PM

Here are my rkill, TDSS and Malwarebyte logs.

My Stinger scan is still running it's stuck on a file called dc1.exe that's in the c:\recycler folder. I searched the the BC website and it says it's an undesirable file. Malwarebytes and Webroot didn't flag it as a virus, trojan, etc. Stinger has been hanging on the file for 2+ hours. Not sure how to remove it.

Will get to the other scans and post results.

Also note that I am windows XP SP 3

***************************************
rkill log


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 11/26/2011 at 21:05:17.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\All Users\Application Data\ovLtSvlXCxH.exe
E:\rkill.exe
E:\eXplorer.exe


--- ATTENTION ---

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is:

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.


Rkill completed on 11/26/2011 at 21:06:14.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 11/26/2011 at 21:54:19.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\All Users\Application Data\ovLtSvlXCxH.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\rkill.exe
E:\eXplorer.exe


Rkill completed on 11/26/2011 at 21:55:09.

*********************************************************************

TDSS log



22:22:57.0715 1720 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
22:22:58.0326 1720 ============================================================
22:22:58.0326 1720 Current date / time: 2011/11/26 22:22:58.0326
22:22:58.0326 1720 SystemInfo:
22:22:58.0326 1720
22:22:58.0326 1720 OS Version: 5.1.2600 ServicePack: 3.0
22:22:58.0326 1720 Product type: Workstation
22:22:58.0326 1720 ComputerName: MSYSTEM
22:22:58.0326 1720 UserName: Main
22:22:58.0326 1720 Windows directory: C:\WINDOWS
22:22:58.0326 1720 System windows directory: C:\WINDOWS
22:22:58.0326 1720 Processor architecture: Intel x86
22:22:58.0326 1720 Number of processors: 1
22:22:58.0326 1720 Page size: 0x1000
22:22:58.0326 1720 Boot type: Normal boot
22:22:58.0326 1720 ============================================================
22:23:03.0634 1720 Initialize success
22:23:06.0087 0708 ============================================================
22:23:06.0087 0708 Scan started
22:23:06.0087 0708 Mode: Manual;
22:23:06.0087 0708 ============================================================
22:23:11.0064 0708 Abiosdsk - ok
22:23:11.0084 0708 abp480n5 - ok
22:23:11.0175 0708 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:23:11.0185 0708 ACPI - ok
22:23:11.0245 0708 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:23:11.0245 0708 ACPIEC - ok
22:23:11.0295 0708 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
22:23:11.0335 0708 adfs - ok
22:23:11.0375 0708 adpu160m - ok
22:23:11.0415 0708 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:23:11.0425 0708 aec - ok
22:23:11.0465 0708 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
22:23:11.0465 0708 Afc - ok
22:23:11.0515 0708 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
22:23:11.0515 0708 AFD - ok
22:23:11.0575 0708 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:23:11.0575 0708 agp440 - ok
22:23:11.0595 0708 Aha154x - ok
22:23:11.0615 0708 aic78u2 - ok
22:23:11.0655 0708 aic78xx - ok
22:23:11.0695 0708 AliIde - ok
22:23:11.0715 0708 amsint - ok
22:23:11.0775 0708 ApfiltrService (42860ba463d5c9c58a91d1ad208169a9) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
22:23:11.0775 0708 ApfiltrService - ok
22:23:11.0825 0708 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:23:11.0825 0708 Arp1394 - ok
22:23:11.0845 0708 asc - ok
22:23:11.0866 0708 asc3350p - ok
22:23:11.0876 0708 asc3550 - ok
22:23:11.0916 0708 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:23:11.0916 0708 AsyncMac - ok
22:23:11.0936 0708 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:23:11.0936 0708 atapi - ok
22:23:11.0986 0708 Atdisk - ok
22:23:12.0096 0708 ati2mtag (e564f459722294f0e3a47527783bd03c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:23:12.0176 0708 ati2mtag - ok
22:23:12.0226 0708 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:23:12.0226 0708 Atmarpc - ok
22:23:12.0266 0708 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:23:12.0276 0708 audstub - ok
22:23:12.0326 0708 BCM43XX (0c3fc803184f6f85e665dd012611225b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:23:12.0336 0708 BCM43XX - ok
22:23:12.0466 0708 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
22:23:12.0496 0708 bcm4sbxp - ok
22:23:12.0787 0708 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
22:23:12.0827 0708 BCMModem - ok
22:23:12.0937 0708 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:23:12.0937 0708 Beep - ok
22:23:13.0027 0708 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
22:23:13.0027 0708 BVRPMPR5 - ok
22:23:13.0077 0708 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:23:13.0087 0708 cbidf2k - ok
22:23:13.0107 0708 cd20xrnt - ok
22:23:13.0147 0708 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:23:13.0147 0708 Cdaudio - ok
22:23:13.0197 0708 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:23:13.0197 0708 Cdfs - ok
22:23:13.0247 0708 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:23:13.0247 0708 Cdrom - ok
22:23:13.0268 0708 Changer - ok
22:23:13.0308 0708 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:23:13.0308 0708 CmBatt - ok
22:23:13.0328 0708 CmdIde - ok
22:23:13.0338 0708 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:23:13.0348 0708 Compbatt - ok
22:23:13.0398 0708 Cpqarray - ok
22:23:13.0428 0708 dac2w2k - ok
22:23:13.0438 0708 dac960nt - ok
22:23:13.0468 0708 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:23:13.0468 0708 Disk - ok
22:23:13.0528 0708 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:23:13.0548 0708 dmboot - ok
22:23:13.0598 0708 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:23:13.0598 0708 dmio - ok
22:23:13.0658 0708 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:23:13.0658 0708 dmload - ok
22:23:13.0728 0708 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:23:13.0728 0708 DMusic - ok
22:23:13.0788 0708 dpti2o - ok
22:23:13.0828 0708 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:23:13.0838 0708 drmkaud - ok
22:23:13.0938 0708 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:23:13.0949 0708 Fastfat - ok
22:23:13.0999 0708 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:23:13.0999 0708 Fdc - ok
22:23:14.0029 0708 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:23:14.0039 0708 Fips - ok
22:23:14.0069 0708 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:23:14.0079 0708 Flpydisk - ok
22:23:14.0099 0708 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:23:14.0109 0708 FltMgr - ok
22:23:14.0139 0708 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:23:14.0139 0708 Fs_Rec - ok
22:23:14.0159 0708 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:23:14.0169 0708 Ftdisk - ok
22:23:14.0219 0708 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:23:14.0219 0708 GEARAspiWDM - ok
22:23:14.0239 0708 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:23:14.0249 0708 Gpc - ok
22:23:14.0299 0708 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:23:14.0299 0708 HidUsb - ok
22:23:14.0319 0708 hpn - ok
22:23:14.0379 0708 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:23:14.0389 0708 HPZid412 - ok
22:23:14.0419 0708 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:23:14.0429 0708 HPZipr12 - ok
22:23:14.0509 0708 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:23:14.0509 0708 HPZius12 - ok
22:23:14.0599 0708 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
22:23:14.0609 0708 HTTP - ok
22:23:14.0650 0708 i2omgmt - ok
22:23:14.0670 0708 i2omp - ok
22:23:14.0710 0708 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:23:14.0710 0708 i8042prt - ok
22:23:14.0750 0708 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:23:14.0750 0708 Imapi - ok
22:23:14.0790 0708 ini910u - ok
22:23:14.0850 0708 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:23:14.0850 0708 IntelIde - ok
22:23:14.0890 0708 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:23:14.0900 0708 intelppm - ok
22:23:14.0920 0708 iomdisk (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys
22:23:14.0930 0708 iomdisk - ok
22:23:14.0970 0708 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:23:14.0970 0708 Ip6Fw - ok
22:23:15.0010 0708 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:23:15.0010 0708 IpFilterDriver - ok
22:23:15.0040 0708 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:23:15.0040 0708 IpInIp - ok
22:23:15.0070 0708 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:23:15.0080 0708 IpNat - ok
22:23:15.0100 0708 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:23:15.0110 0708 IPSec - ok
22:23:15.0130 0708 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:23:15.0130 0708 IRENUM - ok
22:23:15.0150 0708 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:23:15.0150 0708 isapnp - ok
22:23:15.0230 0708 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:23:15.0230 0708 Kbdclass - ok
22:23:15.0280 0708 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:23:15.0290 0708 kmixer - ok
22:23:15.0300 0708 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
22:23:15.0310 0708 KSecDD - ok
22:23:15.0330 0708 lbrtfdc - ok
22:23:15.0431 0708 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
22:23:15.0431 0708 MarvinBus - ok
22:23:15.0461 0708 MBAMSwissArmy - ok
22:23:15.0511 0708 MDC8021X (73c0d9baa649c3df94761474e8c5f8c9) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
22:23:15.0521 0708 MDC8021X - ok
22:23:15.0571 0708 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:23:15.0571 0708 mnmdd - ok
22:23:15.0641 0708 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:23:15.0641 0708 Modem - ok
22:23:15.0671 0708 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:23:15.0681 0708 Mouclass - ok
22:23:15.0731 0708 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:23:15.0731 0708 mouhid - ok
22:23:15.0781 0708 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:23:15.0781 0708 MountMgr - ok
22:23:15.0801 0708 mraid35x - ok
22:23:15.0831 0708 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:23:15.0841 0708 MRxDAV - ok
22:23:16.0102 0708 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:23:16.0122 0708 MRxSmb - ok
22:23:16.0162 0708 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:23:16.0162 0708 Msfs - ok
22:23:16.0212 0708 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:23:16.0212 0708 MSKSSRV - ok
22:23:16.0232 0708 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:23:16.0232 0708 MSPCLOCK - ok
22:23:16.0312 0708 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:23:16.0312 0708 MSPQM - ok
22:23:16.0352 0708 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:23:16.0352 0708 mssmbios - ok
22:23:16.0372 0708 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:23:16.0382 0708 Mup - ok
22:23:16.0432 0708 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:23:16.0442 0708 NDIS - ok
22:23:16.0482 0708 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:23:16.0482 0708 NdisTapi - ok
22:23:16.0512 0708 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:23:16.0512 0708 Ndisuio - ok
22:23:16.0532 0708 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:23:16.0542 0708 NdisWan - ok
22:23:16.0562 0708 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:23:16.0562 0708 NDProxy - ok
22:23:16.0612 0708 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:23:16.0612 0708 NetBIOS - ok
22:23:16.0662 0708 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:23:16.0662 0708 NetBT - ok
22:23:16.0722 0708 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:23:16.0733 0708 NIC1394 - ok
22:23:16.0783 0708 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:23:16.0783 0708 Npfs - ok
22:23:16.0843 0708 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:23:16.0923 0708 Ntfs - ok
22:23:16.0993 0708 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:23:16.0993 0708 Null - ok
22:23:17.0033 0708 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:23:17.0033 0708 NwlnkFlt - ok
22:23:17.0063 0708 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:23:17.0063 0708 NwlnkFwd - ok
22:23:17.0093 0708 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:23:17.0093 0708 ohci1394 - ok
22:23:17.0123 0708 OMCI (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
22:23:17.0133 0708 OMCI - ok
22:23:17.0173 0708 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:23:17.0173 0708 Parport - ok
22:23:17.0203 0708 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:23:17.0203 0708 PartMgr - ok
22:23:17.0233 0708 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:23:17.0233 0708 ParVdm - ok
22:23:17.0273 0708 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:23:17.0283 0708 PCI - ok
22:23:17.0343 0708 PCIDump - ok
22:23:17.0383 0708 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:23:17.0383 0708 PCIIde - ok
22:23:17.0434 0708 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:23:17.0444 0708 Pcmcia - ok
22:23:17.0504 0708 PDCOMP - ok
22:23:17.0534 0708 PDFRAME - ok
22:23:17.0554 0708 PDRELI - ok
22:23:17.0574 0708 PDRFRAME - ok
22:23:17.0594 0708 perc2 - ok
22:23:17.0614 0708 perc2hib - ok
22:23:17.0674 0708 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:23:17.0674 0708 PptpMiniport - ok
22:23:17.0704 0708 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:23:17.0704 0708 PSched - ok
22:23:17.0734 0708 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:23:17.0734 0708 Ptilink - ok
22:23:17.0794 0708 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:23:17.0794 0708 PxHelp20 - ok
22:23:17.0814 0708 ql1080 - ok
22:23:17.0834 0708 Ql10wnt - ok
22:23:17.0854 0708 ql12160 - ok
22:23:17.0864 0708 ql1240 - ok
22:23:17.0884 0708 ql1280 - ok
22:23:17.0924 0708 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:23:17.0924 0708 RasAcd - ok
22:23:17.0954 0708 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:23:17.0964 0708 Rasl2tp - ok
22:23:17.0994 0708 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:23:17.0994 0708 RasPppoe - ok
22:23:18.0014 0708 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:23:18.0014 0708 Raspti - ok
22:23:18.0064 0708 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:23:18.0074 0708 Rdbss - ok
22:23:18.0114 0708 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:23:18.0114 0708 RDPCDD - ok
22:23:18.0155 0708 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:23:18.0165 0708 RDPWD - ok
22:23:18.0205 0708 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:23:18.0205 0708 redbook - ok
22:23:18.0285 0708 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:23:18.0295 0708 Secdrv - ok
22:23:18.0345 0708 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:23:18.0345 0708 Serial - ok
22:23:18.0395 0708 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:23:18.0405 0708 Sfloppy - ok
22:23:18.0435 0708 Simbad - ok
22:23:18.0485 0708 Sparrow - ok
22:23:18.0525 0708 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:23:18.0525 0708 splitter - ok
22:23:18.0575 0708 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:23:18.0585 0708 sr - ok
22:23:18.0625 0708 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
22:23:18.0635 0708 Srv - ok
22:23:18.0705 0708 ssfmonm (fd5319e0cd62a10527dc8b5297bef7ff) C:\WINDOWS\system32\DRIVERS\ssfmonm.sys
22:23:18.0705 0708 ssfmonm - ok
22:23:18.0775 0708 sshrmd (51a68e41c77bf7ebeb0521027245b5f3) C:\WINDOWS\system32\DRIVERS\sshrmd.sys
22:23:18.0775 0708 sshrmd - ok
22:23:18.0866 0708 ssidrv (4b5a595dcce2eddd97b82532096c271e) C:\WINDOWS\system32\DRIVERS\ssidrv.sys
22:23:18.0876 0708 ssidrv - ok
22:23:18.0956 0708 STAC97 (b3034de9020cde2c46f653d972446bf2) C:\WINDOWS\system32\drivers\stac97.sys
22:23:18.0966 0708 STAC97 - ok
22:23:19.0016 0708 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:23:19.0036 0708 swenum - ok
22:23:19.0076 0708 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:23:19.0086 0708 swmidi - ok
22:23:19.0106 0708 symc810 - ok
22:23:19.0126 0708 symc8xx - ok
22:23:19.0146 0708 sym_hi - ok
22:23:19.0166 0708 sym_u3 - ok
22:23:19.0206 0708 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:23:19.0206 0708 sysaudio - ok
22:23:19.0246 0708 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:23:19.0256 0708 Tcpip - ok
22:23:19.0286 0708 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:23:19.0286 0708 TDPIPE - ok
22:23:19.0316 0708 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:23:19.0316 0708 TDTCP - ok
22:23:19.0336 0708 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:23:19.0336 0708 TermDD - ok
22:23:19.0356 0708 TosIde - ok
22:23:19.0396 0708 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:23:19.0406 0708 Udfs - ok
22:23:19.0426 0708 ultra - ok
22:23:19.0466 0708 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:23:19.0476 0708 Update - ok
22:23:19.0537 0708 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:23:19.0537 0708 USBAAPL - ok
22:23:19.0597 0708 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:23:19.0597 0708 usbccgp - ok
22:23:19.0637 0708 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:23:19.0647 0708 usbehci - ok
22:23:19.0687 0708 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:23:19.0687 0708 usbhub - ok
22:23:19.0727 0708 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:23:19.0727 0708 usbprint - ok
22:23:19.0767 0708 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:23:19.0767 0708 usbscan - ok
22:23:19.0827 0708 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:23:19.0827 0708 USBSTOR - ok
22:23:19.0867 0708 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:23:19.0877 0708 usbuhci - ok
22:23:19.0927 0708 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:23:19.0937 0708 VgaSave - ok
22:23:19.0947 0708 ViaIde - ok
22:23:19.0977 0708 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:23:19.0987 0708 VolSnap - ok
22:23:20.0047 0708 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:23:20.0047 0708 Wanarp - ok
22:23:20.0067 0708 WDICA - ok
22:23:20.0127 0708 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:23:20.0127 0708 wdmaud - ok
22:23:20.0238 0708 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:23:20.0438 0708 \Device\Harddisk0\DR0 - ok
22:23:20.0448 0708 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR2
22:23:20.0458 0708 \Device\Harddisk1\DR2 - ok
22:23:20.0468 0708 Boot (0x1200) (8c15ca782106fb45c8b7a5080292bb40) \Device\Harddisk0\DR0\Partition0
22:23:20.0468 0708 \Device\Harddisk0\DR0\Partition0 - ok
22:23:20.0478 0708 Boot (0x1200) (22666043925b92ae70eed2e2e0563bbb) \Device\Harddisk1\DR2\Partition0
22:23:20.0478 0708 \Device\Harddisk1\DR2\Partition0 - ok
22:23:20.0488 0708 ============================================================
22:23:20.0488 0708 Scan finished
22:23:20.0488 0708 ============================================================
22:23:20.0498 0692 Detected object count: 0
22:23:20.0498 0692 Actual detected object count: 0
22:24:01.0877 3904 Deinitialize success

*********************************************

Malwarebytes Log



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8251

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/26/2011 10:38:32 PM
mbam-log-2011-11-26 (22-38-32).txt

Scan type: Quick scan
Objects scanned: 201573
Time elapsed: 12 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:17 AM

Posted 27 November 2011 - 08:37 PM

Ok, will wait for the other logs... Thanks fo telling me about XP the other topic starter was Win7, that's why it's always better to start your own topic.

This looks like an autorun infection. If you connected a flashdrive it is infected and will infect the next PC.
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 glassgreen

glassgreen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 28 November 2011 - 12:03 AM

Here are my latest logs.

The MiniToolBox scan yielded some interest results. It lists a few users that I don't recognize. In addition, it shows that the StiSvc service is attempting to start. According to BC, that's an undesirable service to have on my system... I removed some info from the log that I didn't want to post. If you need the info, please let me know and I can send you the complete log. In the Installed Programs section I marked programs I don't recognize using ----><program>

Saw your latest post about running the flash disinfector. Will do tomorrow morning and post results.

Thanks for all your help!

*********************************************************

Eset

C:\Documents and Settings\All Users\Application Data\ovLtSvlXCxH.txt a variant of Win32/Kryptik.WDU trojan cleaned by deleting - quarantined
C:\Documents and Settings\Main\Desktop\Desktop Stuff\Freeware_PrimoPDF.exe Win32/OpenCandy application deleted - quarantined
C:\Documents and Settings\Main\My Documents\family\Washington_CD\PrimoPDF.exe Win32/OpenCandy application deleted - quarantined

MiniToolBox

MiniToolBox by Farbar
Ran by <removed by glassgreen> (administrator) on 27-11-2011 at 21:26:11
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


<removed by glassgreen> localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)
Motorola Wireless Notebook Adapter WN825G = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : <removed by glassgreen>

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : <removed by glassgreen>

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : <removed by glassgreen>

Subnet Mask . . . . . . . . . . . : <removed by glassgreen>

Default Gateway . . . . . . . . . : <removed by glassgreen>

DHCP Server . . . . . . . . . . . : <removed by glassgreen>

DNS Servers . . . . . . . . . . . : <removed by glassgreen>

Lease Obtained. . . . . . . . . . : Sunday, November 27, 2011 6:38:14 PM

Lease Expires . . . . . . . . . . : Monday, November 28, 2011 6:38:14 PM



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Motorola Wireless Notebook Adapter WN825G

Physical Address. . . . . . . . . : <removed by glassgreen>

Server: UnKnown
Address: <removed by glassgreen>

Name: google.com
Addresses: 74.125.225.83, 74.125.225.80, 74.125.225.84, 74.125.225.81
74.125.225.82



Pinging google.com [74.125.225.48] with 32 bytes of data:



Reply from 74.125.225.48: bytes=32 time=36ms TTL=50

Reply from 74.125.225.48: bytes=32 time=35ms TTL=50



Ping statistics for 74.125.225.48:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 35ms, Maximum = 36ms, Average = 35ms

Server: UnKnown
Address: <removed by glassgreen>

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



Reply from 98.139.180.149: bytes=32 time=50ms TTL=45

Reply from 98.139.180.149: bytes=32 time=49ms TTL=45



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 49ms, Maximum = 50ms, Average = 49ms

Server: UnKnown
Address: <removed by glassgreen>

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging <removed by glassgreen> with 32 bytes of data:



Reply from <removed by glassgreen>: bytes=32 time<1ms TTL=128

Reply from <removed by glassgreen> bytes=32 time<1ms TTL=128



Ping statistics for <removed by glassgreen>:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...<removed by glassgreen> ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...<removed by glassgreen> ...... Motorola Wireless Notebook Adapter WN825G - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
<removed by glassgreen>
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/26/2011 10:57:39 PM) (Source: Bonjour Service) (User: )
Description: 204: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (11/26/2011 10:49:38 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 1.9.2.4324, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/26/2011 10:49:38 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 1.9.2.4324, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/23/2011 11:27:37 PM) (Source: Application Hang) (User: )
Description: Hanging application FlipShare.exe, version 5.8.11.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/23/2011 11:27:37 PM) (Source: Application Hang) (User: )
Description: Hanging application FlipShare.exe, version 5.8.11.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/23/2011 11:27:36 PM) (Source: Application Hang) (User: )
Description: Hanging application FlipShare.exe, version 5.8.11.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/23/2011 11:27:36 PM) (Source: Application Hang) (User: )
Description: Hanging application FlipShare.exe, version 5.8.11.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/22/2011 09:04:30 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 1.9.2.4324, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0000100b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (11/17/2011 09:38:37 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 1.9.2.4324, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0000100b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (11/17/2011 09:37:02 PM) (Source: Application Hang) (User: )
Description: Hanging application Acrobat.exe, version 9.4.5.236, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (11/27/2011 06:38:57 PM) (Source: Service Control Manager) (User: )
Description: The Network DDE service depends on the Network DDE DSDM service which failed to start because of the following error:
%%1058

Error: (11/27/2011 06:36:42 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/27/2011 05:47:06 PM) (Source: DCOM) (User: Main)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/27/2011 05:47:06 PM) (Source: DCOM) (User: Main)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/27/2011 05:46:01 PM) (Source: DCOM) (User: Main)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/27/2011 05:46:01 PM) (Source: DCOM) (User: Main)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/27/2011 05:45:49 PM) (Source: DCOM) (User: Main)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/27/2011 05:45:49 PM) (Source: DCOM) (User: Main)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/27/2011 05:45:40 PM) (Source: DCOM) (User: Main)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/27/2011 05:45:40 PM) (Source: DCOM) (User: Main)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================
Error: (11/26/2011 10:57:39 PM) (Source: Bonjour Service)(User: )
Description: 204: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (11/26/2011 10:49:38 PM) (Source: Application Hang)(User: )
Description: firefox.exe1.9.2.4324hungapp0.0.0.000000000

Error: (11/26/2011 10:49:38 PM) (Source: Application Hang)(User: )
Description: firefox.exe1.9.2.4324hungapp0.0.0.000000000

Error: (11/23/2011 11:27:37 PM) (Source: Application Hang)(User: )
Description: FlipShare.exe5.8.11.0hungapp0.0.0.000000000

Error: (11/23/2011 11:27:37 PM) (Source: Application Hang)(User: )
Description: FlipShare.exe5.8.11.0hungapp0.0.0.000000000

Error: (11/23/2011 11:27:36 PM) (Source: Application Hang)(User: )
Description: FlipShare.exe5.8.11.0hungapp0.0.0.000000000

Error: (11/23/2011 11:27:36 PM) (Source: Application Hang)(User: )
Description: FlipShare.exe5.8.11.0hungapp0.0.0.000000000

Error: (11/22/2011 09:04:30 PM) (Source: Application Error)(User: )
Description: plugin-container.exe1.9.2.4324ntdll.dll5.1.2600.55120000100b

Error: (11/17/2011 09:38:37 PM) (Source: Application Error)(User: )
Description: plugin-container.exe1.9.2.4324ntdll.dll5.1.2600.55120000100b

Error: (11/17/2011 09:37:02 PM) (Source: Application Hang)(User: )
Description: Acrobat.exe9.4.5.236hungapp0.0.0.000000000


=========================== Installed Programs ============================

7300 (Version: 47.0.1.000)
7300_Help (Version: 47.0.1.000)
7300Trb (Version: 47.0.1.000)
Acrobat.com (Version: 1.6.65)
Active Disk
Adobe Acrobat 9 Pro (Version: 9.4.5)
Adobe Acrobat 9.4.5 - CPSID_83708
Adobe AIR (Version: 3.0.0.4080)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Download Assistant (Version: 1.0.5)
Adobe Drive CS4 (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.26)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Fonts All (Version: 2.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Photoshop Lightroom 2 (Version: 2)
Adobe Reader 9.4.5 (Version: 9.4.5)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
AiO_Scan (Version: 47.0.1.000)
AiOSoftware (Version: 47.0.1.000)
ALPS Touch Pad Driver
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1006)
ATI Control Panel (Version: 6.14.10.5043)
ATI Display Driver (Version: 8.12-050317m-022182C-Dell)
Avid Studio (Version: 1.0.0.2804)
BCM V.92 56K Modem
Bonjour (Version: 3.0.0.2)
Broadcom 440x 10/100 Integrated Controller (Version: 3.27)
Brother HL-5250DN (Version: 1.00)
----->BufferChm (Version: 45.4.157.000)
Camedia Master 4.3 (Version: 1.00.0000)
Canon CanoScan Toolbox 4.9
Canon Easy-PhotoPrint EX
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon ScanGear Starter
Canon Solution Menu EX
---->Connect (Version: 1.0.0.1)
---->Copy (Version: 45.4.157.000)
Corel VideoStudio 12 (Version: 12.0.0.0000)
CP_AtenaShokunin1Config (Version: 45.4.131.000)
---->cp_dwShrek2Albums1 (Version: 45.4.157.000)
---->cp_dwShrek2Cards1 (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
---->CueTour (Version: 45.4.157.000)
Dell ResourceCD
---->Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
---->DocProc (Version: 4.5.0.0)
---->DocumentViewer (Version: 45.4.157.000)
ESET Online Scanner v3
---->Fast Browser Search (My Tattoons) (Version: 2.0)
Fax (Version: 47.0.1.000)
FlipShare (Version: 5.8.11.0)
HijackThis 2.0.2 (Version: 2.0.2)
HP Image Zone 4.7 (Version: 4.7)
HP Image Zone Express (Version: 1.1.000.035)
HP Officejet 7300 series
HP Product Assistant (Version: 2.0.0.0)
HP PSC & OfficeJet 4.7
HP Software Update (Version: 3.0.2.991)
HPSystemDiagnostics (Version: 1.6.0.0)
HyperSnap 6 (Version: 6.61.02)
InstantShare (Version: 45.4.157.000)
IomegaWare 4.0.3
iPod for Windows 2005-03-23 (Version: 3.8.0)
iTunes (Version: 10.4.1.10)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
----->kuler (Version: 2.0)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office 97, Standard Edition
Microsoft Primary Interoperability Assemblies 2005 (Version: 9.0.21022)
Microsoft Silverlight (Version: 3.0.40624.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Motorola Wireless Network Adapter
Mozilla Firefox (3.6.24) (Version: 3.6.24 (en-US))
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0)
OLYMPUS CAMEDIA Master 4.3
Pando Media Booster (Version: 2.3.6.0)
PanoStandAlone (Version: 45.4.157.000)
Passage Express (Version: 2.00.0017)
PDF Settings CS4 (Version: 9.0)
Personal Historian 1.2.1.16
PhotoGallery (Version: 45.4.157.000)
Photoshop Camera Raw (Version: 5.0)
---->Pinnacle Video Driver (Version: 12.1.0.030)
PKZIP for Windows 8.00.0018 (Version: 8.00.0018)
PowerDVD 5.1
----->ProductContext (Version: 47.0.1.000)
----->QFolder (Version: 1.00.0000)
Quest Software Toad Data Modeler Freeware 2.25
QuickTime (Version: 7.70.80.34)
----->Readme (Version: 47.0.1.000)
RealPlayer
RootsMagic 3.2.2.0
Safari (Version: 5.34.50.0)
----->Scan (Version: 4.5.0.0)
----->ScannerCopy (Version: 4.5.0.0)
SigmaTel AC97 Audio Drivers (Version: 4029)
SkinsHP1 (Version: 45.4.157.000)
SmartSound Quicktracks Plugin (Version: 3.0.5.0)
SnagIt 7 (Version: 7.2)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Suite Shared Configuration CS4 (Version: 1.0)
----->TrayApp (Version: 45.4.157.000)
----->Unload (Version: 4.5.0)
VideoStudio (Version: 12.0.0.0000)
----->WebFldrs XP (Version: 9.50.7523)
----->WebReg (Version: 45.4.157.000)
Webroot Software (Version: 7.0.4.83)
----->Windows Genuine Advantage Validation Tool (KB892130)
----->Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows XP Service Pack 3 (Version: 20080414.031525)
----->XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 62%
Total physical RAM: 511.23 MB
Available physical RAM: 190.07 MB
Total Pagefile: 1247.41 MB
Available Pagefile: 775.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.9 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:32.31 GB) NTFS
3 Drive e: () (Removable) (Total:1.86 GB) (Free:1.83 GB) FAT

========================= Users: ========================================

User accounts for \\<removed by glassgreen>

Administrator ASPNET <removed by glassgreen>
HelpAssistant <removed by glassgreen> SUPPORT_388945a0
<removed by glassgreen>

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini080911-01.dmp

**** End of log ****

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:17 AM

Posted 30 November 2011 - 10:09 PM

Ok ,how is it running now?

You removed the hosts file so I cannot tell if its infected.. Do you use a Hosts file App?
You can PM me it there's another reason.


You will need to changs your passwords stored on here,especially any financials as Kryptik.WDU trojan has stolen them.


You need to update to Java 7 and Adpbe Reader X or 10

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586-s.exe (or jre-7u1-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 glassgreen

glassgreen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 04 December 2011 - 11:20 PM

Sorry, for the delay in my response, but I've been traveling.

Yes, the system is now running.

You noted that I did not post a host file. I thought I had posted all the files that you requested. To the best of my knowledge I do not have a Hosts file app. Please let me know what to do.

I will change my passwords.

As far as updating Java, I am running XP. Should I uninstall it as you describe below for Windows 7?

As for Adobe Reader 9, that comes bundled with Adobe Acrobat 9. I guess I can delete Adobe Reader v9 and install v10...

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:17 AM

Posted 05 December 2011 - 04:19 PM

You noted that I did not post a host file. I thought I had posted all the files that you requested. To the best of my knowledge I do not have a Hosts file app. Please let me know what to do.

I asked as it said you removed it from the log.
<removed by glassgreen> localhost

You show...Java™ 6 Update 22 (Version: 6.0.220)
It is now at JRE7.. Install JRE 7 for xp from my instructions after removing the old.

Again similarly remove ADobe 9 and install X

Edited by boopme, 05 December 2011 - 04:19 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users