Hi deltalima,
Here are the scans you asked for. I would like to take this opportunity to wish you and all your friends at "Malware Removal" a very
Merry Christmas Season PopaTom
Scanning result of "1277496.dll", processed in VirusTotal at 12/21/2009 19:01:09 (CET).
[ file data ]
* name..: 1277496.dll
* size..: 2143744
* md5...: c0cc790ac0ffbd942ff4571cf9620b21
* sha1..: 86ac89c11fdec84ce14a3c2a25fe0c4f24ad8f1a
* peid..: -
[ scan result ]
a-squared 4.5.0.43/20091221 found nothing
AhnLab-V3 5.0.0.2/20091221 found nothing
AntiVir 7.9.1.114/20091221 found nothing
Antiy-AVL 2.0.3.7/20091218 found nothing
Authentium 5.2.0.5/20091221 found nothing
Avast 4.8.1351.0/20091221 found nothing
AVG 8.5.0.427/20091221 found nothing
BitDefender 7.2/20091221 found nothing
CAT-QuickHeal 10.00/20091221 found nothing
ClamAV 0.94.1/20091221 found nothing
Comodo 3321/20091221 found nothing
DrWeb 5.0.0.12182/20091221 found nothing
eSafe 7.0.17.0/20091221 found nothing
eTrust-Vet 35.1.7187/20091221 found nothing
F-Prot 4.5.1.85/20091221 found nothing
F-Secure 9.0.15370.0/20091221 found nothing
Fortinet 4.0.14.0/20091221 found nothing
GData 19/20091221 found nothing
Ikarus T3.1.1.79.0/20091221 found nothing
Jiangmin 13.0.900/20091221 found nothing
K7AntiVirus 7.10.925/20091221 found nothing
Kaspersky 7.0.0.125/20091221 found nothing
McAfee 5839/20091221 found nothing
McAfee+Artemis 5839/20091221 found nothing
McAfee-GW-Edition 6.8.5/20091221 found nothing
Microsoft 1.5302/20091221 found nothing
NOD32 4706/20091221 found nothing
Norman 6.04.03/20091221 found nothing
nProtect 2009.1.8.0/20091221 found nothing
Panda 10.0.2.2/20091215 found nothing
PCTools 7.0.3.5/20091221 found nothing
Prevx 3.0/20091221 found nothing
Rising 22.27.00.04/20091221 found nothing
Sophos 4.49.0/20091221 found nothing
Sunbelt 3.2.1858.2/20091220 found [WebWatcher]
Symantec 1.4.4.12/20091221 found nothing
TheHacker 6.5.0.3.101/20091221 found nothing
TrendMicro 9.120.0.1004/20091221 found nothing
VBA32 3.12.12.0/20091219 found nothing
ViRobot 2009.12.21.2099/20091221 found nothing
VirusBuster 5.0.21.0/20091221 found nothing
*********************************************************************************************************************************************************************************************************File wpsnuio.sys received on 2009.12.21 18:39:55 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 50 and 71 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:
Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.21 -
AhnLab-V3 5.0.0.2 2009.12.21 -
AntiVir 7.9.1.122 2009.12.21 -
Antiy-AVL 2.0.3.7 2009.12.18 -
Authentium 5.2.0.5 2009.12.21 -
Avast 4.8.1351.0 2009.12.21 -
AVG 8.5.0.427 2009.12.21 -
BitDefender 7.2 2009.12.21 -
CAT-QuickHeal 10.00 2009.12.21 -
ClamAV 0.94.1 2009.12.21 -
Comodo 3321 2009.12.21 -
DrWeb 5.0.0.12182 2009.12.21 -
eSafe 7.0.17.0 2009.12.21 -
eTrust-Vet 35.1.7187 2009.12.21 -
F-Prot 4.5.1.85 2009.12.21 -
F-Secure 9.0.15370.0 2009.12.21 -
Fortinet 4.0.14.0 2009.12.21 -
GData 19 2009.12.21 -
Ikarus T3.1.1.79.0 2009.12.21 -
Jiangmin 13.0.900 2009.12.21 -
K7AntiVirus 7.10.925 2009.12.21 -
Kaspersky 7.0.0.125 2009.12.21 -
McAfee 5839 2009.12.21 -
McAfee+Artemis 5839 2009.12.21 -
McAfee-GW-Edition 6.8.5 2009.12.21 -
Microsoft 1.5302 2009.12.21 -
NOD32 4707 2009.12.21 -
Norman 6.04.03 2009.12.21 -
nProtect 2009.1.8.0 2009.12.21 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.21 -
Prevx 3.0 2009.12.21 -
Rising 22.27.00.04 2009.12.21 -
Sophos 4.49.0 2009.12.21 -
Sunbelt 3.2.1858.2 2009.12.20 -
Symantec 1.4.4.12 2009.12.21 -
TheHacker 6.5.0.3.101 2009.12.21 -
TrendMicro 9.120.0.1004 2009.12.21 -
VBA32 3.12.12.0 2009.12.19 -
ViRobot 2009.12.21.2099 2009.12.21 -
VirusBuster 5.0.21.0 2009.12.21 -
Additional information
File size: 13696 bytes
MD5...: 6b579993e3c456b1d1043e58b5069663
SHA1..: c0fd8609933644d5a9b623a5ca445e1d067aa362
SHA256: 314b2b92e2eb8d63807d41e40e2b3f5a8d28570ae264aff6075f419c2f093dc0
ssdeep: 384:Jt2RwaToIOYbXjpo1lUjN56ilte3tu/R:JiwTITr/ZtYu/R
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x28f5
timedatestamp.....: 0x49663c52 (Thu Jan 08 17:48:02 2009)
machinetype.......: 0x14c (I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x1b8c 0x1c00 6.25 bd403b9c5b09f2c1b15dcec7d6450b45
.rdata 0x2080 0x153 0x180 4.22 927f01f2a53f05dbb5cc900c3d63d851
.data 0x2200 0x88 0x100 1.91 6e69d49d514129beb0822a2923939282
PAGE 0x2300 0x3c4 0x400 5.67 1ca9ee80e6f52dd9b05b8e68c73d4b8c
INIT 0x2700 0x78e 0x800 5.55 3b7559d00dbd780bd6a2f43a09182488
.rsrc 0x2f00 0x3b0 0x400 3.16 11049af9d7f51839bfc3f244f807102e
.reloc 0x3300 0x266 0x280 5.73 f96eac073a2b91f74b930a61f47b7eb0
( 3 imports )
> ntoskrnl.exe: KeBugCheckEx, KeTickCount, IoReleaseCancelSpinLock, MmMapLockedPagesSpecifyCache, IoFreeMdl, memcpy, memset, IoCreateDevice, IoCreateSymbolicLink, IofCompleteRequest, RtlInitUnicodeString, IoDeleteSymbolicLink, IoDeleteDevice
> HAL.dll: KfReleaseSpinLock, KfAcquireSpinLock
> NDIS.SYS: NdisUnchainBufferAtFront, NdisGetPoolFromPacket, NdisFreePacket, NdisReturnPackets, NdisAllocateBuffer, NdisCopyFromPacketToPacket, NdisOpenProtocolConfiguration, NdisReadConfiguration, NdisCloseConfiguration, NdisAllocateMemoryWithTag, NdisAllocatePacketPoolEx, NdisCancelSendPackets, NdisAllocatePacket, NdisFreeBufferPool, NdisFreeMemory, NdisWaitEvent, NdisGeneratePartialCancelId, NdisRegisterProtocol, NdisInitializeEvent, NdisSetEvent, NdisFreePacketPool, NdisQueryPendingIOCount, NdisDeregisterProtocol, NdisRequest, NdisCloseAdapter, NdisQueryAdapterInstanceName, NdisOpenAdapter, NdisAllocateBufferPool, NdisSetPacketPoolProtocolId
( 0 exports )
RDS...: NSRL Reference Data Set
-
trid..: Clipper DOS Executable (33.3%)
Generic Win/DOS Executable (33.0%)
DOS Executable Generic (33.0%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
pdfid.: -
sigcheck:
publisher....: Skyhook Wireless
copyright....: Copyright (c) Skyhook Wireless 2006-2009
product......: WPS NDIS User Mode I/O Driver
description..: WPS NDIS User Mode I/O Driver
original name: WPSNUIO.SYS
internal name: WPSNUIO
file version.: 3.0.0.17 ($Rev: 3415 $)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
-------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:11:09 PM, on 12/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r203425\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/USCON/1R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.live.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://g.msn.com/USCON/1R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://g.msn.com/USCON/1O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Google Sidewiki... -
res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r203425\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
O24 - Desktop Component 0: (no name) -
http://www.freshtracks.ca/images/aurora-borealis.jpg--
End of file - 8182 bytes
THANK YOU