|
Answer» Here is the RootRepeal Log.
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:2010/06/08 20:16
Program Version:Version 1.3.5.0
Windows Version:Windows XP SP3
==================================================
Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF75A8000Size: 187776File Visible: -Signed: Yes
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000Size: 2260992File Visible: -Signed: Yes
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB6A40000Size: 138496File Visible: -Signed: Yes
Status: -
Name: ASACPI.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ASACPI.sys
Address: 0xF79C5000Size: 5152File Visible: -Signed: Yes
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF749A000Size: 96512File Visible: -Signed: Yes
Status: -
Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF065000Size: 626688File Visible: -Signed: Yes
Status: -
Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF012000Size: 339968File Visible: -Signed: Yes
Status: -
Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xB8F4B000Size: 3891200File Visible: -Signed: Yes
Status: -
Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF1CD000Size: 3821568File Visible: -Signed: Yes
Status: -
Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBF0FE000Size: 540672File Visible: -Signed: Yes
Status: -
Name: atiok3x2.dll
Image Path: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBF182000Size: 307200File Visible: -Signed: Yes
Status: -
Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBF572000Size: 2670592File Visible: -Signed: Yes
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000Size: 286720File Visible: -Signed: Yes
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7A68000Size: 3072File Visible: -Signed: Yes
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79D7000Size: 4224File Visible: -Signed: Yes
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000Size: 12288File Visible: -Signed: Yes
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF7517000Size: 63744File Visible: -Signed: Yes
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF76A7000Size: 62976File Visible: -Signed: Yes
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7637000Size: 53248File Visible: -Signed: Yes
Status: -
Name: cmdguard.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
Address: 0xB6B64000Size: 222208File Visible: -Signed: Yes
Status: -
Name: cmdhlp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cmdhlp.sys
Address: 0xF777F000Size: 18304File Visible: -Signed: Yes
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF7627000Size: 36352File Visible: -Signed: Yes
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xF74B2000Size: 153344File Visible: -Signed: Yes
Status: -
Name: dmload.sys
Image Path: dmload.sys
Address: 0xF798D000Size: 5888File Visible: -Signed: Yes
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7507000Size: 61440File Visible: -Signed: Yes
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB6BAF000Size: 12288File Visible: -Signed: Yes
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000Size: 73728File Visible: -Signed: Yes
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xB651D000Size: 4096File Visible: -Signed: Yes
Status: -
Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF77F7000Size: 27392File Visible: -Signed: Yes
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBA750000Size: 44544File Visible: -Signed: Yes
Status: -
Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF7757000Size: 20480File Visible: -Signed: Yes
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF747A000Size: 129792File Visible: -Signed: Yes
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79D5000Size: 7936File Visible: -Signed: Yes
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74D8000Size: 125056File Visible: -Signed: Yes
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806FF000Size: 134400File Visible: -Signed: Yes
Status: -
Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB8F0F000Size: 163840File Visible: -Signed: Yes
Status: -
Name: HdAudio.sys
Image Path: C:\WINDOWS\system32\drivers\HdAudio.sys
Address: 0xB6CE2000Size: 131072File Visible: -Signed: Yes
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBA710000Size: 36864File Visible: -Signed: Yes
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xB9341000Size: 28672File Visible: -Signed: Yes
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xB8E0D000Size: 10368File Visible: -Signed: Yes
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB2D37000Size: 265728File Visible: -Signed: Yes
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xB9D73000Size: 52480File Visible: -Signed: Yes
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF7697000Size: 42112File Visible: -Signed: Yes
Status: -
Name: inspect.sys
Image Path: inspect.sys
Address: 0xF743D000Size: 80512File Visible: -Signed: Yes
Status: -
Name: intelide.sys
Image Path: intelide.sys
Address: 0xF798B000Size: 5504File Visible: -Signed: Yes
Status: -
Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xB9D83000Size: 36352File Visible: -Signed: Yes
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xB6AB2000Size: 152832File Visible: -Signed: Yes
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xB6B31000Size: 75264File Visible: -Signed: Yes
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F7000Size: 37248File Visible: -Signed: Yes
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF77FF000Size: 24576File Visible: -Signed: Yes
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000Size: 8192File Visible: -Signed: Yes
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB280B000Size: 172416File Visible: -Signed: Yes
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB8E7D000Size: 143360File Visible: -Signed: Yes
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7451000Size: 92928File Visible: -Signed: Yes
Status: -
Name: lknuhst.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lknuhst.sys
Address: 0xBA6F6000Size: 12032File Visible: -Signed: No
Status: -
Name: lknuhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lknuhub.sys
Address: 0xF7547000Size: 39424File Visible: -Signed: No
Status: -
Name: mfehidk.sys
Image Path: C:\WINDOWS\system32\drivers\mfehidk.sys
Address: 0xB2EF1000Size: 164672File Visible: -Signed: Yes
Status: -
Name: mferkdk.sys
Image Path: C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
Address: 0xF7787000Size: 25088File Visible: -Signed: Yes
Status: -
Name: mfetdik.sys
Image Path: C:\WINDOWS\system32\drivers\mfetdik.sys
Address: 0xBA780000Size: 45376File Visible: -Signed: Yes
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79D9000Size: 4224File Visible: -Signed: Yes
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7817000Size: 23040File Visible: -Signed: Yes
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xB8E09000Size: 12160File Visible: -Signed: Yes
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7607000Size: 42368File Visible: -Signed: Yes
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xB69A5000Size: 455680File Visible: -Signed: Yes
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF776F000Size: 19072File Visible: -Signed: Yes
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF76F7000Size: 35072File Visible: -Signed: Yes
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA6FA000Size: 15488File Visible: -Signed: Yes
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xF787D000Size: 105344File Visible: -Signed: Yes
Status: -
Name: NDIS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\NDIS.SYS
Address: 0xF7410000Size: 182656File Visible: -Signed: Yes
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBA7C0000Size: 10112File Visible: -Signed: Yes
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB40DC000Size: 14592File Visible: -Signed: Yes
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB8E66000Size: 91520File Visible: -Signed: Yes
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7557000Size: 40576File Visible: -Signed: Yes
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBA760000Size: 34688File Visible: -Signed: Yes
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xB6A62000Size: 162816File Visible: -Signed: Yes
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7777000Size: 30848File Visible: -Signed: Yes
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7B52000Size: 574976File Visible: -Signed: Yes
Status: -
Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000Size: 2260992File Visible: -Signed: Yes
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7AAE000Size: 2944File Visible: -Signed: Yes
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB8EA0000Size: 80128File Visible: -Signed: Yes
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000Size: 19712File Visible: -Signed: Yes
Status: -
Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF79B9000Size: 6784File Visible: -Signed: Yes
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF7597000Size: 68224File Visible: -Signed: Yes
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7A4F000Size: 3328File Visible: -Signed: Yes
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000Size: 28672File Visible: -Signed: Yes
Status: -
Name: pnarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\pnarp.sys
Address: 0xB66E3000Size: 18560File Visible: -Signed: Yes
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000Size: 2260992File Visible: -Signed: Yes
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB6CBE000Size: 147456File Visible: -Signed: Yes
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB8E55000Size: 69120File Visible: -Signed: Yes
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7807000Size: 17792File Visible: -Signed: Yes
Status: -
Name: purendis.sys
Image Path: C:\WINDOWS\system32\DRIVERS\purendis.sys
Address: 0xB66DB000Size: 19840File Visible: -Signed: Yes
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xBA7E4000Size: 8832File Visible: -Signed: Yes
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF76C7000Size: 51328File Visible: -Signed: Yes
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF76D7000Size: 41472File Visible: -Signed: Yes
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF76E7000Size: 48384File Visible: -Signed: Yes
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF780F000Size: 16512File Visible: -Signed: Yes
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000Size: 2260992File Visible: -Signed: Yes
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xB6A15000Size: 175744File Visible: -Signed: Yes
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79DB000Size: 4224File Visible: -Signed: Yes
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB8E25000Size: 196224File Visible: -Signed: Yes
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF76B7000Size: 57600File Visible: -Signed: Yes
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB3622000Size: 49152File Visible: NoSigned: No
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBA7C8000Size: 15744File Visible: -Signed: Yes
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xB9D63000Size: 64512File Visible: -Signed: Yes
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xF7468000Size: 73472File Visible: -Signed: Yes
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB369A000Size: 353792File Visible: -Signed: Yes
Status: -
Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xBA740000Size: 53248File Visible: -Signed: Yes
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF79C7000Size: 4352File Visible: -Signed: Yes
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB3FD8000Size: 60800File Visible: -Signed: Yes
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB6AD8000Size: 361600File Visible: -Signed: Yes
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF7717000Size: 20480File Visible: -Signed: Yes
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7587000Size: 40704File Visible: -Signed: Yes
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB8D9F000Size: 384768File Visible: -Signed: Yes
Status: -
Name: usbaudio.sys
Image Path: C:\WINDOWS\system32\drivers\usbaudio.sys
Address: 0xBA730000Size: 60032File Visible: -Signed: Yes
Status: -
Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF778F000Size: 32128File Visible: -Signed: Yes
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF79D1000Size: 8192File Visible: -Signed: Yes
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF77EF000Size: 30208File Visible: -Signed: Yes
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBA7A0000Size: 59520File Visible: -Signed: Yes
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB8EB4000Size: 147456File Visible: -Signed: Yes
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF77E7000Size: 20608File Visible: -Signed: Yes
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7767000Size: 20992File Visible: -Signed: Yes
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB8F37000Size: 81920File Visible: -Signed: Yes
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7617000Size: 52352File Visible: -Signed: Yes
Status: -
Name: VX6000Xp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
Address: 0xB6798000Size: 2068480File Visible: -Signed: Yes
Status: -
Name: VX6KCamd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\VX6KCamd.sys
Address: 0xB9349000Size: 28672File Visible: -Signed: Yes
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBA770000Size: 34560File Visible: -Signed: Yes
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7797000Size: 20480File Visible: -Signed: Yes
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB3E4B000Size: 83072File Visible: -Signed: Yes
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000Size: 1851392File Visible: -Signed: Yes
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000Size: 1851392File Visible: -Signed: Yes
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7989000Size: 8192File Visible: -Signed: Yes
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000Size: 2260992File Visible: -Signed: Yes
Status: -
[recovering disk space - old attachment deleted by admin]How is your computer running now? Any more redirects?No more redirects. Everything seems to be running fine. My gf said she had some pop ups yesterday. I wasn't home but it wasn't the fake security alerts. I have been able to update XP so overall I think I am in good shape.
I wonder about IO Bit Advanced System Care and if it really helps or not and about switching McAfee for one of the anti virus products recommended here.
I really appreciate your help and input, thanks.Well, that sound good. Let's run one more scan and if that comes up clean, we'll do some clean-up. I'll have some more suggestions about how to keep your computer safe in the clean-up speech.
I'd like us to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Wow, 33 items found, was this expected?
[emailprotected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a0d5c9e1b047ac48af0108484ba6a6e9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-10 05:13:14
# local_time=2010-06-09 10:13:14 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 4507239 4507239 0 0
# compatibility_mode=3073 16777213 80 92 0 11094560 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=77165
# found=33
# cleaned=33
# scan_time=8895
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ubxo.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\gyqig.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\Documents and Settings\Jon\Application Data\Kuyzwe\omzun.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\Documents and Settings\Jon\Application Data\Sun\Java\Deployment\cache\6.0\46\2ef6a5ae-29c19df4a variant of Java/TrojanDownloader.Agent.NBE trojan (deleted - quarantined)00000000000000000000000000000000C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\0\43120580-4af80629a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined)00000000000000000000000000000000C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-6a642e70a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined)00000000000000000000000000000000C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\44\5473416c-2e86c9caa variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined)00000000000000000000000000000000C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\63\43e0867f-1c23f9a1probably a variant of Win32/Agent trojan (deleted - quarantined)00000000000000000000000000000000C
C:\Program Files\Unlocker\eBay_shortcuts_1016.exea variant of Win32/Adware.ADON application (deleted - quarantined)00000000000000000000000000000000C
C:\Qoobox\Quarantine\C\WINDOWS\system32\mirepcmw.dll.vira variant of Win32/Agent.WQK trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\imapi.sys.virWin32/Olmarik.ZC trojan (cleaned - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP36\A0018169.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP46\A0022896.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP46\A0022906.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP48\A0026253.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP48\A0026255.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP48\A0026256.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP49\A0029852.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP49\A0029853.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP49\A0029883.dlla variant of Win32/Agent.WQK trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP52\A0030305.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP52\A0030306.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP52\A0032444.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP52\A0032446.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP52\A0032447.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP52\A0035015.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP52\A0035016.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP55\A0036642.sysWin32/Olmarik.ZC trojan (cleaned - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP55\A0036698.dlla variant of Win32/Agent.WQK trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP59\A0039289.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP59\A0039290.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP59\A0039291.exea variant of Win32/Kryptik.EMT trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\System Volume Information\_restore{CB71ABFF-714E-48BB-873E-6FB22EA024B9}\RP59\A0039292.exea variant of Win32/Adware.ADON application (deleted - quarantined)00000000000000000000000000000000C
[recovering disk space - old attachment deleted by admin]The most of these are duplicates and most were in System RESTORE.
* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter
* The above PROCEDURE will:
* Delete the following:
* ComboFix and its associated files and folders.
* RESET the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
==============================
Download OTC by OldTimer and save it to your desktop.
1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.
If there are any tools/programs left, install them or delete them.
==============================
Clean out your temporary internet files and temp files.
Download TFC by OldTimer to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
=================================
Use the Secunia Software Inspector to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update and get all critical updates.
----------
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here
Protect yourself against spyware using the Immunize feature in Spybot - SEARCH & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ
Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!I have been away for a couple days. Just finished your LAST suggestions. Thank you so much. The computer is running really well and I am very happy with the results. You turned a source of frustration and anger into a workable and enjoyable experience. I learned as I went and really appreciate your help.
|
