Malware or Virus possibly on my computer

[casey071]

I have gone thru all the steps to remove the virus/malware that is shown on the Computer Hope Malware Removal Steps. I am unsure of what to do next. I will attach the Files it told me to. Thank you for your help!



[regaining space - attachment deleted by admin]

[casey071]

More attachments:

Thank you in advance for all your help!

[regaining space - attachment deleted by admin]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
RegClean Pro
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
****************************************************
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\windows\system32\roboot.exe
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
*****************************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[casey071]

http://virusscan.jotti.org/en/scanresult/31e5f9f0f00d72bafd8da6ca879ef09138219cf5

[casey071]

Combo Fix Log

[regaining space - attachment deleted by admin]

[SuperDave]

Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
****************************************************************
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\windows\System32\drivers\qimss.sys
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
**************************************************************
Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  DDS::
  
  uInternet Settings,ProxyOverride = searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.
  windows.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.
  networkassociates.com;cf.netzero.net;qs.netzero.net;*.quicken.com;feed.untd.com;*.pogo.com;<local>;*.local
  
  Trusted Zone: 67.128.114.130
  Trusted Zone: facebook.com\login
  Trusted Zone: facebook.com\www
  Trusted Zone: farmville.com
  Trusted Zone: netzero.com
  Trusted Zone: netzero.net
  Trusted Zone: sstirelexington.net
  Trusted Zone: sstireonline.com
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

[casey071]

 Results of screen317's Security Check version 0.99.24 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
 avast! Free Antivirus   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 CCleaner     
 Java(TM) 6 Update 29 
 Adobe Flash Player    11.0.1.152 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
``````````End of Log````````````

[casey071]

When I try to go to Jotti's Malware scan, I click "browse" then paste the file path in, and it gives me this error message:
qmiss.sys     File not found.   Check the file name and try again.
 
I have tried this multiple times, with the same error message. 
Thanks so much for your help!

[SuperDave]

Ok. Please run the ComboFix script and we'll see if it shows up again.

[casey071]

ComboFix 11-12-06.01 - office depot 12/07/2011  22:25:33.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2045.1514 [GMT -6:00]
Running from: c:\users\office depot\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2011-11-08 to 2011-12-08  )))))))))))))))))))))))))))))))
.
.
2011-12-08 04:38 . 2011-12-08 04:38   --------   d-----w-   c:\users\office depot\AppData\Local\temp
2011-12-08 04:38 . 2011-12-08 04:38   --------   d-----w-   c:\users\QBDataServiceUser18\AppData\Local\temp
2011-12-08 04:38 . 2011-12-08 04:38   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-12-08 04:38 . 2011-12-08 04:38   --------   d-----w-   c:\users\Brandon\AppData\Local\temp
2011-12-08 03:03 . 2011-12-08 03:03   56200   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9A7527B-0109-41F8-8899-6BE5E7C81451}\offreg.dll
2011-12-06 18:21 . 2011-12-06 18:21   --------   d-----w-   c:\users\office depot\AppData\Roaming\SUPERAntiSpyware.com
2011-12-06 18:20 . 2011-12-06 18:21   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-12-06 18:20 . 2011-12-06 18:20   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-12-06 15:09 . 2011-11-28 17:53   314456   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-12-06 15:09 . 2011-11-28 17:51   20568   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-12-06 15:09 . 2011-11-28 17:53   435032   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-12-06 15:09 . 2011-11-28 17:52   34392   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-12-06 15:09 . 2011-11-28 17:52   52952   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-12-06 15:09 . 2011-11-28 17:52   55128   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2011-12-06 15:09 . 2011-11-28 18:01   41184   ----a-w-   c:\windows\avastSS.scr
2011-12-06 15:09 . 2011-11-28 18:01   199816   ----a-w-   c:\windows\system32\aswBoot.exe
2011-12-06 15:09 . 2011-12-06 15:09   --------   d-----w-   c:\programdata\AVAST Software
2011-12-06 15:09 . 2011-12-06 15:09   --------   d-----w-   c:\program files\AVAST Software
2011-12-05 23:31 . 2011-12-05 23:31   --------   d-----w-   c:\users\office depot\AppData\Roaming\Malwarebytes
2011-12-05 23:31 . 2011-12-05 23:31   --------   d-----w-   c:\programdata\Malwarebytes
2011-12-05 23:31 . 2011-12-05 23:31   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-12-05 23:31 . 2011-08-31 23:00   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-12-05 22:57 . 2011-12-05 22:57   --------   d-----w-   c:\users\office depot\AppData\Roaming\Systweak
2011-12-05 22:57 . 2011-11-19 17:52   17280   ----a-w-   c:\windows\system32\roboot.exe
2011-12-05 22:57 . 2011-12-05 22:57   --------   d-----w-   c:\program files\RegClean Pro
2011-12-05 20:40 . 2011-10-07 03:48   6668624   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9A7527B-0109-41F8-8899-6BE5E7C81451}\mpengine.dll
2011-11-27 20:56 . 2011-11-27 20:56   --------   d-----w-   c:\program files\iPod(21)
2011-11-27 20:56 . 2011-11-27 20:58   --------   d-----w-   c:\program files\iTunes(22)
2011-11-09 15:53 . 2011-10-17 11:41   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 15:53 . 2011-09-20 21:02   905088   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:53 . 2011-09-30 15:57   707584   ----a-w-   c:\program files\Common Files\System\wab32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-31 19:55 . 2011-06-21 21:05   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 19:29 . 2011-10-24 19:29   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2011-10-03 10:06 . 2010-05-19 00:20   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-09-30 23:06 . 2011-10-12 14:50   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-12 14:50   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-12 14:50   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-12 14:50   71680   ----a-w-   c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-12 14:50   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-12 14:50   385024   ----a-w-   c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-12 14:50   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-12 14:50   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01   122512   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-29 39408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-29 34520]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-8 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R0 peptu;peptu;c:\windows\System32\drivers\qimss.sys

R1 aswSnx;aswSnx;

R1 aswSP;aswSP;

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 aswFsBlk;aswFsBlk;

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 MSSQL$ALLDATASC;SQL Server (ALLDATASC);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
R2 MSSQL$SOSHOME309;SQL Server (SOSHOME309);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe [2006-09-13 128536]
R3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys

R3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys

R3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys

R3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys

R3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys

R3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys

R3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 getPlus(R) Installer;getPlus(R) Installer;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-16 59552]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R3 hcw85bda;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2006-12-01 622080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-03-31 190080]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-05-04 148096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
HPService   REG_MULTI_SZ      HPSLPSVC
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
getPlusHelper   REG_MULTI_SZ      getPlusHelper
nosGetPlusHelper   REG_MULTI_SZ      nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 20:14]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 20:14]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-981839275-669083101-988588451-1000Core.job
- c:\users\office depot\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 15:45]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-981839275-669083101-988588451-1000UA.job
- c:\users\office depot\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 15:45]
.
2010-04-09 c:\windows\Tasks\HPCeeScheduleForoffice depot.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-29 00:08]
.
2011-12-07 c:\windows\Tasks\User_Feed_Synchronization-{E711352B-2144-4CCB-92E2-F93AF208A142}.job
- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;
*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates
.com;cf.netzero.net;qs.netzero.net;*.quicken.com;feed.untd.com;*.pogo.com;<local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: 67.128.114.130
Trusted Zone: facebook.com\login
Trusted Zone: facebook.com\www
Trusted Zone: farmville.com
Trusted Zone: netzero.com
Trusted Zone: netzero.net
Trusted Zone: sstirelexington.net
Trusted Zone: sstireonline.com
TCP: DhcpNameServer = 67.142.160.8 67.142.160.9 192.168.1.1
DPF: RaptisoftGameLoader - hxxp://www.gamehouse.com/realarcade-webgames/hamsterball/raptisoftgameloader.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-07 22:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-07  22:41:42
ComboFix-quarantined-files.txt  2011-12-08 04:41
ComboFix2.txt  2011-12-07 03:31
.
Pre-Run: 57,325,883,392 bytes free
Post-Run: 57,032,499,200 bytes free
.
- - End Of File - - D7DA9A1C5CA97C8C4FFD83A1A4676FBB

[SuperDave]

No, that's not correct. You need to follow the directions for the ComboFix script as outlined in Reply  # 5

[casey071]

Is this what I needed to do?
 

Results of screen317's Security Check version 0.99.24 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
 avast! Free Antivirus   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 CCleaner     
 Java(TM) 6 Update 29 
 Adobe Flash Player    11.0.1.152 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
``````````End of Log````````````

[SuperDave]

No, that's Reply # 6. Go to Reply # 5.

[casey071]

Ok, I'm sorry. I am a little confused.  The Reply #6 is where I sent you the results from Security Check by screen317.
I did the first part of Reply #5: I had to use the 2nd link, because the first link wouldn't work.
The second part of Reply # 5 is:  Jotti's malware scan. That is the one I had problems with, so that is why we were having to redo the Combofix.
I thought I sent you the Combofix in Reply#9.
I'm sorry. I'm not sure which one to do. Thanks so much for your patience!

[SuperDave]

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  DDS::
  
  uInternet Settings,ProxyOverride = searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.
  windows.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.
  networkassociates.com;cf.netzero.net;qs.netzero.net;*.quicken.com;feed.untd.com;*.pogo.com;<local>;*.local
  
  Trusted Zone: 67.128.114.130
  Trusted Zone: facebook.com\login
  Trusted Zone: facebook.com\www
  Trusted Zone: farmville.com
  Trusted Zone: netzero.com
  Trusted Zone: netzero.net
  Trusted Zone: sstirelexington.net
  Trusted Zone: sstireonline.com
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.