Computer Hope
Software => Computer viruses and spyware => Topic started by: Seer98 on September 11, 2010, 11:21:07 AM
-
Hey guys,
My lady's laptop had been acting funny so I told her I'd take a look at it. Turns out she's got multiple viruses that Hirens/AVG have so far been unable to fix (Though granted I'm not an expert with all of the programs in Hirens).
As to details of it, it will hijack email and send spam, and seems to run when an internet browser is opened.
Logs:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/10/2010 at 03:23 PM
Application Version : 4.42.1000
Core Rules Database Version : 5486
Trace Rules Database Version: 3298
Scan type : Complete Scan
Total Scan Time : 02:56:43
Memory items scanned : 726
Memory threats detected : 0
Registry items scanned : 9381
Registry threats detected : 0
File items scanned : 164450
File threats detected : 2
Adware.Tracking Cookie
C:\Users\Whitney\AppData\Roaming\Microsoft\Windows\Cookies\whitney@atdmt[2].txt
Adware.Unknown Origin
C:\PROGRAM FILES\HEWLETT-PACKARD\HP ADVISOR\COMPSHOP\TEMPLATES\AD.HTML
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
9/11/2010 1:52:33 AM
mbam-log-2010-09-11 (01-52-33).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 288267
Time elapsed: 2 hour(s), 8 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\ProgramData\407057728 (Rogue.WindowsSmartSecurity) -> No action taken.
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:32:59 AM, on 9/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\AOL\1182913076\ee\aolsoftware.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1182913076\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://www.corestaff.com/application/ScriptX.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8C63DABA-CBA8-4B5D-A0F7-AE00F2920929} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles/heartbeat.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-pi-the-lottery-ticket/SpinTopGamesLauncher.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: CVGWULIWOJ - Unknown owner - C:\Users\Whitney\AppData\Local\Temp\CVGWULIWOJ.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 13503 bytes
Let me know what, if any, other information you need and I'll get it posted. Thanks!
-
Folders Infected:
C:\ProgramData\407057728 (Rogue.WindowsSmartSecurity) -> No action taken.
Did you let Malwarebytes fix this after copying the log? If not then please update and run it again letting MBAM fix/remove that file.
----------
You have Viewpoint installed.
Viewpoint Media Player/Manager/Toolbar is considered as Foistware (http://en.wikipedia.org/wiki/Foistware) instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
More information:
* ViewMgr.exe - Useless (http://www.greatis.com/appdata/u/v/viewmgr.exe.htm)
* Viewpoint to Plunge Into Adware (http://www.clickz.com/news/article.php/3561546/)
It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.
* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
----------
Right click HijackThis and choose Run as Administrator
Next select Do a system scan only
Place a check mark next to the following entries: (if there)
- R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
- O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
.
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
----------
Go to Start > Run and type Notepad.exe then click OK.
Copy and paste the following text within the code box into the new Notepad file.
@ECHO OFF
sc stop "CVGWULIWOJ"
sc delete "CVGWULIWOJ"
exit
In Notepad select File and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files.
Next double click fixservice.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservice.bat from the Desktop.
----------
If you already have ComboFix be sure to delete it and download a new copy.
Download ComboFix© by sUBs from one of the below links. Be sure to save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://www.forospyware.com/sUBs/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
Aye on Malware, I had it clean all of the files that got flagged. Removed Viewpoint, and deleted both 'R1' and 'O2' with HijackThis. Notepad ran fine, then followed with ComboFix. Here's the log it generated.
(Quick note, after running CF I couldn't open my internet explorer. I kept getting a message that the registry key was marked for deletion. I restarted the laptop and it opened fine. Not sure if that was expected or not but thought I'd at least mention it.)
ComboFix 10-09-12.01 - Whitney 09/12/2010 14:32:48.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.921 [GMT -7:00]
Running from: c:\users\Whitney\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
.
2010-09-12 21:45 . 2010-09-12 21:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-12 21:45 . 2010-09-12 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-11 17:20 . 2010-09-11 17:20 388096 ----a-r- c:\users\Whitney\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-11 17:20 . 2010-09-11 17:20 -------- d-----w- c:\program files\Trend Micro
2010-09-10 18:58 . 2010-09-10 18:58 63488 ----a-w- c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-10 18:58 . 2010-09-10 18:58 52224 ----a-w- c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-10 18:58 . 2010-09-10 18:58 117760 ----a-w- c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-10 18:58 . 2010-09-10 18:58 -------- d-----w- c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com
2010-09-10 18:58 . 2010-09-10 18:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-10 18:58 . 2010-09-10 18:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-10 18:27 . 2010-09-10 18:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-09-09 03:13 . 2010-09-09 03:14 -------- d-----w- c:\programdata\PrevxCSI
2010-09-07 17:06 . 2010-09-07 17:06 314880 ----a-w- c:\programdata\comsnap32.dll
2010-09-06 23:00 . 2010-09-06 22:59 53632 ----a-w- c:\users\Whitney\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-06 22:59 . 2010-09-06 22:59 -------- d-----w- c:\programdata\Electronic Arts
2010-09-06 22:58 . 2010-09-06 22:59 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-06 22:58 . 2010-09-06 23:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-06 22:56 . 2010-09-06 22:56 -------- d-----w- c:\program files\Electronic Arts
2010-09-06 22:45 . 2010-09-06 22:45 1180 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-09-06 22:04 . 2010-09-06 22:04 -------- d-----w- c:\program files\EA Games
2010-09-06 18:04 . 2010-09-06 18:04 -------- d-----w- c:\programdata\Media Center Programs
2010-09-06 17:53 . 2010-09-06 17:53 -------- d-----w- c:\program files\Codemasters
2010-09-02 01:29 . 2010-09-02 01:29 -------- d-----w- c:\program files\iPod
2010-09-02 01:21 . 2010-09-02 01:21 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-29 07:07 . 2010-08-29 07:07 -------- d-----w- c:\users\Whitney\AppData\Roaming\LolClient
2010-08-29 04:42 . 2008-07-31 17:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-08-29 04:42 . 2008-07-31 17:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-08-29 04:42 . 2008-07-12 15:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-08-29 04:42 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-08-29 04:42 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-08-29 04:36 . 2010-08-29 04:36 -------- d-----w- C:\Riot Games
2010-08-27 07:03 . 2010-08-27 07:31 -------- d-----w- c:\program files\SWGANH Client
2010-08-27 06:32 . 2010-08-27 06:32 -------- d-----w- c:\users\Whitney\AppData\Local\LaunchpadEnhanced
2010-08-26 08:26 . 2010-08-27 07:05 -------- d-----w- C:\SWGEmu
2010-08-26 08:26 . 2010-08-26 08:26 -------- d-----w- c:\users\Whitney\AppData\Roaming\LPECommon
2010-08-26 08:25 . 2010-08-26 08:26 -------- d-----w- c:\program files\Launchpad Enhanced
2010-08-26 08:24 . 2010-09-06 22:44 -------- d-----w- c:\users\Whitney\AppData\Local\Downloaded Installations
2010-08-26 08:12 . 2010-08-27 07:25 -------- d-----w- c:\program files\StarWarsGalaxies
2010-08-25 21:27 . 2010-08-25 21:27 -------- d-----w- c:\program files\Sony
2010-08-19 07:31 . 2010-08-19 07:31 -------- d-----w- C:\$AVG
2010-08-19 07:17 . 2010-09-12 19:41 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-19 07:17 . 2010-08-19 07:17 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-19 07:15 . 2010-08-19 07:15 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-19 07:15 . 2010-08-19 07:15 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-19 07:14 . 2010-08-19 07:14 -------- d-----w- c:\program files\AVG
2010-08-19 07:13 . 2010-09-09 04:29 -------- d-----w- c:\programdata\avg9
2010-08-19 06:51 . 2010-08-19 06:51 0 ----a-w- c:\users\Whitney\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-08-19 06:48 . 2010-08-19 17:05 -------- d-----w- c:\users\Whitney\AppData\Roaming\FrostWire
2010-08-17 08:43 . 2010-08-17 08:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-17 08:22 . 2007-11-07 02:15 1140056 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-08-16 17:00 . 2010-08-16 17:00 -------- d-----w- c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 21:24 . 2007-06-27 03:02 -------- d-----w- c:\programdata\Viewpoint
2010-09-12 19:43 . 2008-02-19 03:31 -------- d-----w- c:\users\Whitney\AppData\Roaming\Skype
2010-09-12 19:43 . 2008-02-19 03:33 -------- d-----w- c:\users\Whitney\AppData\Roaming\skypePM
2010-09-11 06:11 . 2007-04-19 19:43 -------- d-----w- c:\program files\Common Files\Java
2010-09-11 06:11 . 2007-04-19 19:43 -------- d-----w- c:\program files\Java
2010-09-10 18:55 . 2008-01-01 01:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-08 07:30 . 2009-07-08 07:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-06 22:57 . 2007-04-19 18:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-06 18:18 . 2010-01-07 20:20 -------- d-----w- c:\program files\AGEIA Technologies
2010-09-06 18:18 . 2010-01-07 20:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-06 18:06 . 2010-01-07 20:36 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-09-02 01:30 . 2010-06-28 03:33 -------- d-----w- c:\program files\iTunes
2010-09-02 01:28 . 2007-09-21 02:35 -------- d-----w- c:\program files\Common Files\Apple
2010-08-30 02:28 . 2010-08-30 02:28 0 ----a-w- c:\users\Whitney\AppData\Roaming\E337.tmp
2010-08-30 02:28 . 2010-08-30 02:28 0 ----a-w- c:\users\Whitney\AppData\Roaming\E336.tmp
2010-08-29 04:00 . 2008-12-29 05:09 -------- d-----w- c:\programdata\PMB Files
2010-08-22 09:52 . 2010-08-22 09:52 0 ----a-w- c:\users\Whitney\AppData\Roaming\5022.tmp
2010-08-21 03:44 . 2010-08-21 03:44 0 ----a-w- c:\users\Whitney\AppData\Roaming\2043.tmp
2010-08-21 03:44 . 2010-08-21 03:44 0 ----a-w- c:\users\Whitney\AppData\Roaming\1F39.tmp
2010-08-18 15:10 . 2009-01-08 08:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 17:00 . 2008-02-19 03:30 -------- d-----r- c:\program files\Skype
2010-08-16 17:00 . 2008-02-19 03:30 -------- d-----w- c:\programdata\Skype
2010-08-13 10:03 . 2007-04-19 18:46 -------- d-----w- c:\programdata\Microsoft Help
2010-08-13 10:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-05 21:04 . 2010-03-22 05:51 765952 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2010-08-05 16:52 . 2007-04-19 18:14 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-17 12:00 . 2010-06-28 04:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-27 20:49 . 2007-09-23 00:31 680 ----a-w- c:\users\Whitney\AppData\Local\d3d9caps.dat
2010-06-26 06:05 . 2010-08-12 22:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 22:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 22:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 22:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-12 22:17 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 22:17 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-12 22:17 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-12 22:17 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-12 22:17 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-22 2937528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 133912]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HostManager"="c:\program files\Common Files\AOL\1182913076\ee\AOLSoftware.exe" [2006-09-26 50736]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-13 517768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-19 2065760]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\users\Whitney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;c:\users\Whitney\AppData\Local\Temp\nsb66F5.tmp\TfFRegNt.sys
R3 CVGWULIWOJ;CVGWULIWOJ;c:\users\Whitney\AppData\Local\Temp\CVGWULIWOJ.exe
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-19 216400]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-19 308136]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-08-24 c:\windows\Tasks\HPCeeScheduleForWhitney.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-19 21:23]
2010-09-12 c:\windows\Tasks\User_Feed_Synchronization-{B03C6987-6114-4E67-AC33-138A9BE347B4}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 14:46
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\Whitney\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-141832275-3565902227-3691053196-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3b,17,8f,e3,71,c2,6e,70,b4,80,33,b5,11,0a,d4,4d,48,8d,aa,1e,18,09,21,
8a,6b,57,89,24,26,5d,93,8e,99,5c,ff,ed,74,b8,da,8f,8d,04,3e,23,96,94,f7,81,\
"??"=hex:ec,5c,64,33,3e,25,07,8d,a9,be,f0,f5,44,b0,15,dd
[HKEY_USERS\S-1-5-21-141832275-3565902227-3691053196-1000\Software\SecuROM\License information*]
"datasecu"=hex:a0,e1,d1,53,4b,89,9f,98,77,58,f3,6d,69,ff,51,57,6b,0a,4d,03,be,
42,a4,76,1e,bb,80,62,20,c3,3c,ee,30,2a,42,87,c7,7e,e6,6b,a9,7a,f9,70,ed,52,\
"rkeysecu"=hex:95,15,48,c9,66,df,77,db,9c,3e,96,07,b9,3c,d8,c6
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-12 14:52:55
ComboFix-quarantined-files.txt 2010-09-12 21:52
ComboFix2.txt 2010-09-10 17:37
Pre-Run: 45,583,073,280 bytes free
Post-Run: 45,608,779,776 bytes free
- - End Of File - - D7A113FCC84205E008893F651D4BF1C5
-
(Quick note, after running CF I couldn't open my internet explorer. I kept getting a message that the registry key was marked for deletion. I restarted the laptop and it opened fine. Not sure if that was expected or not but thought I'd at least mention it.)
No problem. As long as the process was completed on the next restart.
Scan Suspicious File(s)
Please go to VirusTotal.com (http://www.virustotal.com/en/indexf.html)
(If more than one file needs scanned they must be done separately and logs posted for each one)
1. Copy the file path in the below Code box:
c:\programdata\comsnap32.dll
2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Next click Send File
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
This will perform a scan across multiple different virus scanning engines.
Important: Wait for all of the scanning engines to complete.
5. Copy and then Paste the link to the results in the next reply.
Important! If you get a page that says 'File has already been analysed' in the results then you will need to click the 'Show last report' button to get new scan results.
Also see if you can scan this file at VirusTotal and post the link to the results back here.
c:\users\Whitney\AppData\Roaming\E337.tmp
----------
Please go to Start and copy/paste the following blue text in the search box, then press Enter:
C:\QooBox\Add-Remove Programs.txt
A text file should open. Please post the contents of that file in your next reply.
-
Link for results of comsnap32.dll:
http://www.virustotal.com/file-scan/report.html?id=f898e4f983b6e124e5c9079fa748edb83675fa1a3390edf0a792135be0019722-1284330475
----------
Tried to scan E337.tmp but VirusTotal wouldn't give me an analysis of it.
----------
QooBox info:
32 Bit HP CIO Components Installer
4500_Help
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AudibleManager
AVG Free 9.0
Bonjour
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Clive Barker's Jericho
Conexant HD Audio
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocMgr
DocProc
DocProcQFolder
Download Updater (AOL LLC)
EA Download Manager
EA Download Manager UI
ESU for Microsoft Vista
eSupportQFolder
Fax
GPBaseService
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Board Games 4
Hoyle Card Games 4
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Participation Program 10.0
HP Doc Viewer
HP Document Manager 1.0
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 10.0
HP Officejet J4500 Series
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Smart Web Printing
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HP User Guides 0082
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
iTunes
J4500
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 21
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Junk Mail filter update
Launchpad Enhanced
League of Legends
LightScribe 1.4.136.1
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
MapleStory
MarketResearch
Mercenaries 2: World in Flames(tm)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MSCU for Microsoft Vista
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
NVIDIA PhysX v8.08.18
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
Pando Media Booster
ProductContext
PSSWCORE
QuickTime
Qwest Installer
Qwest QuickAssist Desktop Tools
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio MyDVD Basic v9
RTC Client API v1.2
Safari
Scan
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Skype Toolbars
Skype™ 4.2
SmartWebPrintingOC
SolutionCenter
Spybot - Search & Destroy
Star Wars Galaxies
Station Launcher
Status
SUPERAntiSpyware
Synaptics Pointing Device Driver
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoLAN VLC media player 0.8.6f
VideoToolkit01
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
-
Go to Add or Remove Programs (Programs and Features) and uninstall:
LiveUpdate Notice (Symantec Corporation)
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
->> Do not uninstall Java(TM) 6 Update 21
----------
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
Driver::
AhnRptTfFRegFNT
CVGWULIWOJ
File::
c:\programdata\comsnap32.dll
c:\users\Whitney\AppData\Local\Temp\CVGWULIWOJ.exe
c:\users\Whitney\AppData\Roaming\E337.tmp
c:\users\Whitney\AppData\Roaming\E336.tmp
c:\users\Whitney\AppData\Roaming\5022.tmp
c:\users\Whitney\AppData\Roaming\2043.tmp
c:\users\Whitney\AppData\Roaming\1F39.tmp
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://img249.imageshack.us/img249/1218/cfscript1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
----------
Also let me know how the computer is running now?
-
ComboFix Log:
ComboFix 10-09-12.03 - Whitney 09/13/2010 3:03.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1109 [GMT -7:00]
Running from: c:\users\Whitney\Desktop\ComboFix.exe
Command switches used :: c:\users\Whitney\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\programdata\comsnap32.dll"
"c:\users\Whitney\AppData\Local\Temp\CVGWULIWOJ.exe"
"c:\users\Whitney\AppData\Roaming\1F39.tmp"
"c:\users\Whitney\AppData\Roaming\2043.tmp"
"c:\users\Whitney\AppData\Roaming\5022.tmp"
"c:\users\Whitney\AppData\Roaming\E336.tmp"
"c:\users\Whitney\AppData\Roaming\E337.tmp"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\comsnap32.dll
c:\users\Whitney\AppData\Roaming\1F39.tmp
c:\users\Whitney\AppData\Roaming\2043.tmp
c:\users\Whitney\AppData\Roaming\5022.tmp
c:\users\Whitney\AppData\Roaming\E336.tmp
c:\users\Whitney\AppData\Roaming\E337.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AHNRPTTFFREGFNT
-------\Service_AhnRptTfFRegFNT
-------\Service_CVGWULIWOJ
((((((((((((((((((((((((( Files Created from 2010-08-13 to 2010-09-13 )))))))))))))))))))))))))))))))
.
2010-09-13 10:15 . 2010-09-13 10:21 -------- d-----w- c:\users\Whitney\AppData\Local\temp
2010-09-13 10:15 . 2010-09-13 10:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-13 10:15 . 2010-09-13 10:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-11 17:20 . 2010-09-11 17:20 -------- d-----w- c:\program files\Trend Micro
2010-09-10 18:58 . 2010-09-10 18:58 -------- d-----w- c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com
2010-09-10 18:58 . 2010-09-10 18:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-10 18:58 . 2010-09-10 18:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-10 18:27 . 2010-09-10 18:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-09-09 03:13 . 2010-09-09 03:14 -------- d-----w- c:\programdata\PrevxCSI
2010-09-06 22:59 . 2010-09-06 22:59 -------- d-----w- c:\programdata\Electronic Arts
2010-09-06 22:58 . 2010-09-06 23:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-06 22:56 . 2010-09-06 22:56 -------- d-----w- c:\program files\Electronic Arts
2010-09-06 22:45 . 2010-09-06 22:45 1180 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-09-06 22:04 . 2010-09-06 22:04 -------- d-----w- c:\program files\EA Games
2010-09-06 18:04 . 2010-09-06 18:04 -------- d-----w- c:\programdata\Media Center Programs
2010-09-06 17:53 . 2010-09-06 17:53 -------- d-----w- c:\program files\Codemasters
2010-09-02 01:29 . 2010-09-02 01:29 -------- d-----w- c:\program files\iPod
2010-08-29 07:07 . 2010-08-29 07:07 -------- d-----w- c:\users\Whitney\AppData\Roaming\LolClient
2010-08-29 04:42 . 2008-07-31 17:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-08-29 04:42 . 2008-07-31 17:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-08-29 04:42 . 2008-07-12 15:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-08-29 04:42 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-08-29 04:42 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-08-29 04:36 . 2010-08-29 04:36 -------- d-----w- C:\Riot Games
2010-08-27 07:03 . 2010-08-27 07:31 -------- d-----w- c:\program files\SWGANH Client
2010-08-27 06:32 . 2010-08-27 06:32 -------- d-----w- c:\users\Whitney\AppData\Local\LaunchpadEnhanced
2010-08-26 08:26 . 2010-08-27 07:05 -------- d-----w- C:\SWGEmu
2010-08-26 08:26 . 2010-08-26 08:26 -------- d-----w- c:\users\Whitney\AppData\Roaming\LPECommon
2010-08-26 08:25 . 2010-08-26 08:26 -------- d-----w- c:\program files\Launchpad Enhanced
2010-08-26 08:24 . 2010-09-06 22:44 -------- d-----w- c:\users\Whitney\AppData\Local\Downloaded Installations
2010-08-26 08:12 . 2010-08-27 07:25 -------- d-----w- c:\program files\StarWarsGalaxies
2010-08-25 21:27 . 2010-08-25 21:27 -------- d-----w- c:\program files\Sony
2010-08-19 07:31 . 2010-08-19 07:31 -------- d-----w- C:\$AVG
2010-08-19 07:17 . 2010-09-13 01:58 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-19 07:17 . 2010-08-19 07:17 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-19 07:15 . 2010-08-19 07:15 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-19 07:15 . 2010-08-19 07:15 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-19 07:14 . 2010-08-19 07:14 -------- d-----w- c:\program files\AVG
2010-08-19 07:13 . 2010-09-09 04:29 -------- d-----w- c:\programdata\avg9
2010-08-19 06:48 . 2010-08-19 17:05 -------- d-----w- c:\users\Whitney\AppData\Roaming\FrostWire
2010-08-17 08:43 . 2010-08-17 08:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 17:00 . 2010-08-16 17:00 -------- d-----w- c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 09:51 . 2007-04-19 18:30 -------- d-----w- c:\programdata\Symantec
2010-09-13 09:51 . 2007-04-19 18:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-13 09:49 . 2007-04-19 19:43 -------- d-----w- c:\program files\Java
2010-09-13 09:49 . 2007-04-19 19:43 -------- d-----w- c:\program files\Common Files\Java
2010-09-13 09:46 . 2008-02-19 03:31 -------- d-----w- c:\users\Whitney\AppData\Roaming\Skype
2010-09-13 09:44 . 2008-02-19 03:33 -------- d-----w- c:\users\Whitney\AppData\Roaming\skypePM
2010-09-12 21:24 . 2007-06-27 03:02 -------- d-----w- c:\programdata\Viewpoint
2010-09-11 17:20 . 2010-09-11 17:20 388096 ----a-r- c:\users\Whitney\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-10 18:58 . 2010-09-10 18:58 63488 ----a-w- c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-10 18:58 . 2010-09-10 18:58 52224 ----a-w- c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-10 18:58 . 2010-09-10 18:58 117760 ----a-w- c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-10 18:55 . 2008-01-01 01:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-08 07:30 . 2009-07-08 07:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-06 22:59 . 2010-09-06 23:00 53632 ----a-w- c:\users\Whitney\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-06 22:59 . 2010-09-06 22:58 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-06 22:57 . 2007-04-19 18:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-06 18:18 . 2010-01-07 20:20 -------- d-----w- c:\program files\AGEIA Technologies
2010-09-06 18:18 . 2010-01-07 20:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-06 18:06 . 2010-01-07 20:36 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-09-02 01:30 . 2010-06-28 03:33 -------- d-----w- c:\program files\iTunes
2010-09-02 01:28 . 2007-09-21 02:35 -------- d-----w- c:\program files\Common Files\Apple
2010-09-02 01:21 . 2010-09-02 01:21 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-29 04:00 . 2008-12-29 05:09 -------- d-----w- c:\programdata\PMB Files
2010-08-19 06:51 . 2010-08-19 06:51 0 ----a-w- c:\users\Whitney\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-08-18 15:10 . 2009-01-08 08:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 17:00 . 2008-02-19 03:30 -------- d-----r- c:\program files\Skype
2010-08-16 17:00 . 2008-02-19 03:30 -------- d-----w- c:\programdata\Skype
2010-08-13 10:03 . 2007-04-19 18:46 -------- d-----w- c:\programdata\Microsoft Help
2010-08-13 10:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-05 21:04 . 2010-03-22 05:51 765952 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2010-08-05 16:52 . 2007-04-19 18:14 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-17 12:00 . 2010-06-28 04:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-27 20:49 . 2007-09-23 00:31 680 ----a-w- c:\users\Whitney\AppData\Local\d3d9caps.dat
2010-06-26 06:05 . 2010-08-12 22:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 22:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 22:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 22:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-12 22:17 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 22:17 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-12 22:17 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-12 22:17 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-12 22:17 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-22 2937528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 133912]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HostManager"="c:\program files\Common Files\AOL\1182913076\ee\AOLSoftware.exe" [2006-09-26 50736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-19 2065760]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\users\Whitney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-19 216400]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-19 308136]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-08-24 c:\windows\Tasks\HPCeeScheduleForWhitney.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-19 21:23]
2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{B03C6987-6114-4E67-AC33-138A9BE347B4}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-141832275-3565902227-3691053196-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3b,17,8f,e3,71,c2,6e,70,b4,80,33,b5,11,0a,d4,4d,48,8d,aa,1e,18,09,21,
8a,6b,57,89,24,26,5d,93,8e,99,5c,ff,ed,74,b8,da,8f,8d,04,3e,23,96,94,f7,81,\
"??"=hex:ec,5c,64,33,3e,25,07,8d,a9,be,f0,f5,44,b0,15,dd
[HKEY_USERS\S-1-5-21-141832275-3565902227-3691053196-1000\Software\SecuROM\License information*]
"datasecu"=hex:a0,e1,d1,53,4b,89,9f,98,77,58,f3,6d,69,ff,51,57,6b,0a,4d,03,be,
42,a4,76,1e,bb,80,62,20,c3,3c,ee,30,2a,42,87,c7,7e,e6,6b,a9,7a,f9,70,ed,52,\
"rkeysecu"=hex:95,15,48,c9,66,df,77,db,9c,3e,96,07,b9,3c,d8,c6
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\HP Advisor\SSDK04.exe
c:\windows\system32\WUDFHost.exe
.
**************************************************************************
.
Completion time: 2010-09-13 03:32:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-13 10:31
ComboFix2.txt 2010-09-12 21:52
ComboFix3.txt 2010-09-10 17:37
Pre-Run: 44,194,054,144 bytes free
Post-Run: 49,908,961,280 bytes free
- - End Of File - - F2A8F3FFDCC5B4947CB8CCA6246E4064
----------
Comps running a little faster, and the net doesn't seem to be thinking about every little thing before loading :P By the by, sorry for the late reply. Went out with some friends then was too tired when I got home to post.
-
* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter
* Let ComboFix finish uninstalling.
----------
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
----------
ESET Online Scan
Scan your computer with the ESET FREE Online Virus Scan (http://eset.com/onlinescan)
* Click the ESET Online Scanner button.
* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.
* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.
In your next reply please include the ESET Online Scan Log
-
(Sorry for the delay in reply. Got called in for doubleshifts at work)
After running ESET, it gave me a "No Threats Found" message and closed without giving me a log.
-
If there are no more malware issues we can finish up now.
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
* Click Start Scanner
* Check the box next to Enable thorough system inspection.
* Click Start
* Allow the scan to finish and scroll down to see if any updates are needed.
* Update anything listed.
You can also download and use the Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) which is
FREE for Home Users. This will allow Secunia to run in real time and alert you to potential security threats from outdated software installed on your computer.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page (http://www.microsoft.com/windows/ie/).
----------
I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.
I also suggest keeping CCleaner Slim (http://majorgeeks.com/download4191.html). It is an excellent and safe disk cleaner. Running CCleaner on a daily basis helps to protect your privacy and make your computer faster and more secure.
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy (http://www.safer-networking.org/en/spybotsd/index.html).
* Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.