InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Infected laptop? |
|
Answer» Hey guys, Folders Infected: Did you let Malwarebytes fix this after copying the log? If not then please update and run it again letting MBAM fix/remove that file. ---------- You have Viewpoint installed. Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". More information: * ViewMgr.exe - Useless * Viewpoint to Plunge Into Adware It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present. * Viewpoint * Viewpoint Manager * Viewpoint Media Player * Viewpoint Toolbar * Viewpoint Experience Technology ---------- Right click HijackThis and choose Run as Administrator Next select Do a system scan only Place a check mark next to the following entries: (if there)
Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- Go to Start > Run and type Notepad.exe then click OK. Copy and paste the following text within the code box into the new Notepad file. Code: [Select]@ECHO OFF sc stop "CVGWULIWOJ" sc delete "CVGWULIWOJ" exit In Notepad select File and Save as Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files. Next double click fixservice.bat to run it. A black box should open and close after a short time, this is normal. Do not continue until the black box has closed Delete fixservice.bat from the Desktop. ---------- If you already have ComboFix be sure to delete it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure to save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixAye on Malware, I had it clean all of the files that got flagged. Removed Viewpoint, and deleted both 'R1' and 'O2' with HijackThis. Notepad ran fine, then followed with ComboFix. Here's the log it generated. (Quick note, after running CF I couldn't open my internet explorer. I kept getting a message that the registry key was marked for deletion. I restarted the laptop and it opened fine. Not sure if that was expected or not but thought I'd at least mention it.) ComboFix 10-09-12.01 - Whitney 09/12/2010 14:32:48.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.921 [GMT -7:00] Running from: c:\users\Whitney\Desktop\ComboFix.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 ))))))))))))))))))))))))))))))) . 2010-09-12 21:45 . 2010-09-12 21:45--------d-----w-c:\users\Public\AppData\Local\temp 2010-09-12 21:45 . 2010-09-12 21:45--------d-----w-c:\users\Default\AppData\Local\temp 2010-09-11 17:20 . 2010-09-11 17:20388096----a-r-c:\users\Whitney\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-11 17:20 . 2010-09-11 17:20--------d-----w-c:\program files\Trend Micro 2010-09-10 18:58 . 2010-09-10 18:5863488----a-w-c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-09-10 18:58 . 2010-09-10 18:5852224----a-w-c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-09-10 18:58 . 2010-09-10 18:58117760----a-w-c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-09-10 18:58 . 2010-09-10 18:58--------d-----w-c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com 2010-09-10 18:58 . 2010-09-10 18:58--------d-----w-c:\programdata\SUPERAntiSpyware.com 2010-09-10 18:58 . 2010-09-10 18:58--------d-----w-c:\program files\SUPERAntiSpyware 2010-09-10 18:27 . 2010-09-10 18:2756---ha-w-c:\windows\system32\ezsidmv.dat 2010-09-09 03:13 . 2010-09-09 03:14--------d-----w-c:\programdata\PrevxCSI 2010-09-07 17:06 . 2010-09-07 17:06314880----a-w-c:\programdata\comsnap32.dll 2010-09-06 23:00 . 2010-09-06 22:5953632----a-w-c:\users\Whitney\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-09-06 22:59 . 2010-09-06 22:59--------d-----w-c:\programdata\Electronic Arts 2010-09-06 22:58 . 2010-09-06 22:5953632----a-w-c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-09-06 22:58 . 2010-09-06 23:00--------d-----w-c:\program files\Common Files\Adobe AIR 2010-09-06 22:56 . 2010-09-06 22:56--------d-----w-c:\program files\Electronic Arts 2010-09-06 22:45 . 2010-09-06 22:451180----a-w-c:\windows\system32\ealregsnapshot1.reg 2010-09-06 22:04 . 2010-09-06 22:04--------d-----w-c:\program files\EA Games 2010-09-06 18:04 . 2010-09-06 18:04--------d-----w-c:\programdata\Media Center Programs 2010-09-06 17:53 . 2010-09-06 17:53--------d-----w-c:\program files\Codemasters 2010-09-02 01:29 . 2010-09-02 01:29--------d-----w-c:\program files\iPod 2010-09-02 01:21 . 2010-09-02 01:2173000----a-w-c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-08-29 07:07 . 2010-08-29 07:07--------d-----w-c:\users\Whitney\AppData\Roaming\LolClient 2010-08-29 04:42 . 2008-07-31 17:4168616----a-w-c:\windows\system32\XAPOFX1_1.dll 2010-08-29 04:42 . 2008-07-31 17:40509448----a-w-c:\windows\system32\XAudio2_2.dll 2010-08-29 04:42 . 2008-07-12 15:18467984----a-w-c:\windows\system32\d3dx10_39.dll 2010-08-29 04:42 . 2008-07-12 15:181493528----a-w-c:\windows\system32\D3DCompiler_39.dll 2010-08-29 04:42 . 2008-07-12 15:183851784----a-w-c:\windows\system32\D3DX9_39.dll 2010-08-29 04:36 . 2010-08-29 04:36--------d-----w-C:\Riot Games 2010-08-27 07:03 . 2010-08-27 07:31--------d-----w-c:\program files\SWGANH Client 2010-08-27 06:32 . 2010-08-27 06:32--------d-----w-c:\users\Whitney\AppData\Local\LaunchpadEnhanced 2010-08-26 08:26 . 2010-08-27 07:05--------d-----w-C:\SWGEmu 2010-08-26 08:26 . 2010-08-26 08:26--------d-----w-c:\users\Whitney\AppData\Roaming\LPECommon 2010-08-26 08:25 . 2010-08-26 08:26--------d-----w-c:\program files\Launchpad Enhanced 2010-08-26 08:24 . 2010-09-06 22:44--------d-----w-c:\users\Whitney\AppData\Local\Downloaded Installations 2010-08-26 08:12 . 2010-08-27 07:25--------d-----w-c:\program files\StarWarsGalaxies 2010-08-25 21:27 . 2010-08-25 21:27--------d-----w-c:\program files\Sony 2010-08-19 07:31 . 2010-08-19 07:31--------d-----w-C:\$AVG 2010-08-19 07:17 . 2010-09-12 19:41--------d-----w-c:\windows\system32\drivers\Avg 2010-08-19 07:17 . 2010-08-19 07:1712536----a-w-c:\windows\system32\avgrsstx.dll 2010-08-19 07:15 . 2010-08-19 07:15216400----a-w-c:\windows\system32\drivers\avgldx86.sys 2010-08-19 07:15 . 2010-08-19 07:1529584----a-w-c:\windows\system32\drivers\avgmfx86.sys 2010-08-19 07:14 . 2010-08-19 07:14--------d-----w-c:\program files\AVG 2010-08-19 07:13 . 2010-09-09 04:29--------d-----w-c:\programdata\avg9 2010-08-19 06:51 . 2010-08-19 06:510----a-w-c:\users\Whitney\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe 2010-08-19 06:48 . 2010-08-19 17:05--------d-----w-c:\users\Whitney\AppData\Roaming\FrostWire 2010-08-17 08:43 . 2010-08-17 08:50--------d-----w-c:\program files\Spybot - Search & Destroy 2010-08-17 08:22 . 2007-11-07 02:151140056------w-c:\programdata\HP\Installer\Temp\hpzmsi01.exe 2010-08-16 17:00 . 2010-08-16 17:00--------d-----w-c:\program files\Common Files\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-12 21:24 . 2007-06-27 03:02--------d-----w-c:\programdata\Viewpoint 2010-09-12 19:43 . 2008-02-19 03:31--------d-----w-c:\users\Whitney\AppData\Roaming\Skype 2010-09-12 19:43 . 2008-02-19 03:33--------d-----w-c:\users\Whitney\AppData\Roaming\skypePM 2010-09-11 06:11 . 2007-04-19 19:43--------d-----w-c:\program files\Common Files\Java 2010-09-11 06:11 . 2007-04-19 19:43--------d-----w-c:\program files\Java 2010-09-10 18:55 . 2008-01-01 01:17--------d-----w-c:\programdata\Spybot - Search & Destroy 2010-09-08 07:30 . 2009-07-08 07:06--------d-----w-c:\program files\Microsoft Silverlight 2010-09-06 22:57 . 2007-04-19 18:17--------d--h--w-c:\program files\InstallShield Installation Information 2010-09-06 18:18 . 2010-01-07 20:20--------d-----w-c:\program files\AGEIA Technologies 2010-09-06 18:18 . 2010-01-07 20:20--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2010-09-06 18:06 . 2010-01-07 20:36107888----a-w-c:\windows\system32\CmdLineExt.dll 2010-09-02 01:30 . 2010-06-28 03:33--------d-----w-c:\program files\iTunes 2010-09-02 01:28 . 2007-09-21 02:35--------d-----w-c:\program files\Common Files\Apple 2010-08-30 02:28 . 2010-08-30 02:280----a-w-c:\users\Whitney\AppData\Roaming\E337.tmp 2010-08-30 02:28 . 2010-08-30 02:280----a-w-c:\users\Whitney\AppData\Roaming\E336.tmp 2010-08-29 04:00 . 2008-12-29 05:09--------d-----w-c:\programdata\PMB Files 2010-08-22 09:52 . 2010-08-22 09:520----a-w-c:\users\Whitney\AppData\Roaming\5022.tmp 2010-08-21 03:44 . 2010-08-21 03:440----a-w-c:\users\Whitney\AppData\Roaming\2043.tmp 2010-08-21 03:44 . 2010-08-21 03:440----a-w-c:\users\Whitney\AppData\Roaming\1F39.tmp 2010-08-18 15:10 . 2009-01-08 08:57--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2010-08-16 17:00 . 2008-02-19 03:30--------d-----r-c:\program files\Skype 2010-08-16 17:00 . 2008-02-19 03:30--------d-----w-c:\programdata\Skype 2010-08-13 10:03 . 2007-04-19 18:46--------d-----w-c:\programdata\Microsoft Help 2010-08-13 10:02 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail 2010-08-05 21:04 . 2010-03-22 05:51765952----a-w-c:\programdata\NexonUS\NGM\NGMDll.dll 2010-08-05 16:52 . 2007-04-19 18:14--------d-----w-c:\program files\Hewlett-Packard 2010-07-17 12:00 . 2010-06-28 04:47423656----a-w-c:\windows\system32\deployJava1.dll 2010-06-27 20:49 . 2007-09-23 00:31680----a-w-c:\users\Whitney\AppData\Local\d3d9caps.dat 2010-06-26 06:05 . 2010-08-12 22:17916480----a-w-c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-12 22:1771680----a-w-c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-12 22:17109056----a-w-c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-12 22:17133632----a-w-c:\windows\system32\ieUnatt.exe 2010-06-21 13:37 . 2010-08-12 22:172037760----a-w-c:\windows\system32\win32k.sys 2010-06-18 17:31 . 2010-08-12 22:1736864----a-w-c:\windows\system32\rtutils.dll 2010-06-18 15:04 . 2010-08-12 22:17302080----a-w-c:\windows\system32\drivers\srv.sys 2010-06-18 15:04 . 2010-08-12 22:17144896----a-w-c:\windows\system32\drivers\srv2.sys 2010-06-16 16:04 . 2010-08-12 22:17905088----a-w-c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-22 2937528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 133912] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744] "HostManager"="c:\program files\Common Files\AOL\1182913076\ee\AOLSoftware.exe" [2006-09-26 50736] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-13 517768] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-19 2065760] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128] c:\users\Whitney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;c:\users\Whitney\AppData\Local\Temp\nsb66F5.tmp\TfFRegNt.sys R3 CVGWULIWOJ;CVGWULIWOJ;c:\users\Whitney\AppData\Local\Temp\CVGWULIWOJ.exe R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-19 216400] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-19 308136] S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder 2010-08-24 c:\windows\Tasks\HPCeeScheduleForWhitney.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-19 21:23] 2010-09-12 c:\windows\Tasks\User_Feed_Synchronization-{B03C6987-6114-4E67-AC33-138A9BE347B4}.job - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hotmail.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = ;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-12 14:46 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\users\Whitney\AppData\Local\Temp\catchme.dll 53248 bytes executable scan completed successfully hidden files: 1 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-141832275-3565902227-3691053196-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:3b,17,8f,e3,71,c2,6e,70,b4,80,33,b5,11,0a,d4,4d,48,8d,aa,1e,18,09,21, 8a,6b,57,89,24,26,5d,93,8e,99,5c,ff,ed,74,b8,da,8f,8d,04,3e,23,96,94,f7,81,\ "??"=hex:ec,5c,64,33,3e,25,07,8d,a9,be,f0,f5,44,b0,15,dd [HKEY_USERS\S-1-5-21-141832275-3565902227-3691053196-1000\Software\SecuROM\License information*] "datasecu"=hex:a0,e1,d1,53,4b,89,9f,98,77,58,f3,6d,69,ff,51,57,6b,0a,4d,03,be, 42,a4,76,1e,bb,80,62,20,c3,3c,ee,30,2a,42,87,c7,7e,e6,6b,a9,7a,f9,70,ed,52,\ "rkeysecu"=hex:95,15,48,c9,66,df,77,db,9c,3e,96,07,b9,3c,d8,c6 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2010-09-12 14:52:55 ComboFix-quarantined-files.txt 2010-09-12 21:52 ComboFix2.txt 2010-09-10 17:37 Pre-Run: 45,583,073,280 bytes free Post-Run: 45,608,779,776 bytes free - - End Of File - - D7A113FCC84205E008893F651D4BF1C5 Quote from: Seer98 on September 12, 2010, 03:43:34 PM (Quick note, after running CF I couldn't open my internet explorer. I kept getting a message that the registry key was marked for deletion. I restarted the laptop and it opened fine. Not sure if that was expected or not but thought I'd at least mention it.) No problem. As long as the process was completed on the next restart. Scan Suspicious File(s) Please go to VirusTotal.com (If more than one file needs scanned they must be done separately and logs posted for each one) 1. Copy the file path in the below Code box: Code: [Select]c:\programdata\comsnap32.dll 2. At the upload site, click once inside the window next to Browse. 3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window. 4. Next click Send File Your file will possibly be entered into a queue which normally takes less than a minute to clear. This will perform a scan across multiple different virus scanning engines. Important: Wait for all of the scanning engines to complete. 5. Copy and then Paste the link to the results in the next reply. Important! If you get a page that says 'File has already been analysed' in the results then you will need to click the 'Show last report' button to get new scan results. Also see if you can scan this file at VirusTotal and post the link to the results back here. Code: [Select]c:\users\Whitney\AppData\Roaming\E337.tmp ---------- Please go to Start and copy/paste the following blue text in the search box, then press Enter: C:\QooBox\Add-Remove Programs.txt A text file should open. Please post the contents of that file in your next reply. Link for results of comsnap32.dll: http://www.virustotal.com/file-scan/report.html?id=f898e4f983b6e124e5c9079fa748edb83675fa1a3390edf0a792135be0019722-1284330475 ---------- Tried to scan E337.tmp but VirusTotal wouldn't give me an analysis of it. ---------- QooBox info: 32 Bit HP CIO Components Installer 4500_Help Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe Shockwave Player AOL Uninstaller (Choose which Products to Remove) Apple Application Support Apple Mobile Device Support Apple Software Update AudibleManager AVG Free 9.0 Bonjour BPD_HPSU bpd_scan BPDSoftware BPDSoftware_Ini BufferChm Clive Barker's Jericho Conexant HD Audio CustomerResearchQFolder Destination Component DeviceDiscovery DeviceManagementQFolder DocMgr DocProc DocProcQFolder Download Updater (AOL LLC) EA Download Manager EA Download Manager UI ESU for Microsoft Vista eSupportQFolder Fax GPBaseService GPBaseService2 HDAUDIO Soft Data Fax Modem with SmartCP HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hoyle Board Games 4 Hoyle Card Games 4 HP Active Support Library HP Active Support Library 32 bit components HP Customer Experience Enhancements HP Customer Participation Program 10.0 HP Doc Viewer HP Document Manager 1.0 HP Easy Setup - Frontend HP Help and Support HP Imaging Device Functions 10.0 HP Officejet J4500 Series HP Photosmart Essential 2.5 HP Quick Launch Buttons 6.20 B1 HP QuickPlay 3.2 HP Smart Web Printing HP Solution Center 13.0 HP Total Care Advisor HP Update HP User Guides 0082 HP Wireless Assistant HPAsset component for HP Active Support Library HPNetworkAssistant HPProductAssistant Intel(R) Graphics Media Accelerator Driver iTunes J4500 Japanese Fonts Support For Adobe Reader 8 Java Auto Updater Java(TM) 6 Update 2 Java(TM) 6 Update 21 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Java(TM) SE Runtime Environment 6 Junk Mail FILTER update Launchpad Enhanced League of Legends LightScribe 1.4.136.1 LiveUpdate Notice (Symantec Corporation) Malwarebytes' Anti-Malware MapleStory MarketResearch Mercenaries 2: World in Flames(tm) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable MobileMe Control Panel MSCU for Microsoft Vista MSVCRT MSVCSetup MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My HP Games NVIDIA PhysX v8.08.18 OCR Software by I.R.I.S. 10.0 OGA Notifier 2.0.0048.0 Pando Media Booster ProductContext PSSWCORE QuickTime Qwest Installer Qwest QuickAssist Desktop Tools Rhapsody Player Engine Roxio Activation Module Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio MyDVD Basic v9 RTC Client API v1.2 Safari Scan Security Update for 2007 Microsoft Office System (KB2277947) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB982312) Security Update for 2007 Microsoft Office System (KB982331) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB982308) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2251419) Skype Toolbars Skype™ 4.2 SmartWebPrintingOC SolutionCenter Spybot - Search & Destroy Star Wars Galaxies Station Launcher Status SUPERAntiSpyware Synaptics Pointing Device Driver Toolbox TrayApp Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VideoLAN VLC media player 0.8.6f VideoToolkit01 WebReg Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool WinRAR archiver Go to Add or Remove Programs (Programs and Features) and uninstall: LiveUpdate Notice (Symantec Corporation) Java(TM) 6 Update 2 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Java(TM) SE Runtime Environment 6 ->> Do not uninstall Java(TM) 6 Update 21 ---------- 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: AhnRptTfFRegFNT CVGWULIWOJ File:: c:\programdata\comsnap32.dll c:\users\Whitney\AppData\Local\Temp\CVGWULIWOJ.exe c:\users\Whitney\AppData\Roaming\E337.tmp c:\users\Whitney\AppData\Roaming\E336.tmp c:\users\Whitney\AppData\Roaming\5022.tmp c:\users\Whitney\AppData\Roaming\2043.tmp c:\users\Whitney\AppData\Roaming\1F39.tmp Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze ---------- Also let me know how the computer is running now?ComboFix Log: ComboFix 10-09-12.03 - Whitney 09/13/2010 3:03.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1109 [GMT -7:00] Running from: c:\users\Whitney\Desktop\ComboFix.exe Command switches used :: c:\users\Whitney\Desktop\CFScript.txt SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\programdata\comsnap32.dll" "c:\users\Whitney\AppData\Local\Temp\CVGWULIWOJ.exe" "c:\users\Whitney\AppData\Roaming\1F39.tmp" "c:\users\Whitney\AppData\Roaming\2043.tmp" "c:\users\Whitney\AppData\Roaming\5022.tmp" "c:\users\Whitney\AppData\Roaming\E336.tmp" "c:\users\Whitney\AppData\Roaming\E337.tmp" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\comsnap32.dll c:\users\Whitney\AppData\Roaming\1F39.tmp c:\users\Whitney\AppData\Roaming\2043.tmp c:\users\Whitney\AppData\Roaming\5022.tmp c:\users\Whitney\AppData\Roaming\E336.tmp c:\users\Whitney\AppData\Roaming\E337.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AHNRPTTFFREGFNT -------\Service_AhnRptTfFRegFNT -------\Service_CVGWULIWOJ ((((((((((((((((((((((((( Files Created from 2010-08-13 to 2010-09-13 ))))))))))))))))))))))))))))))) . 2010-09-13 10:15 . 2010-09-13 10:21--------d-----w-c:\users\Whitney\AppData\Local\temp 2010-09-13 10:15 . 2010-09-13 10:15--------d-----w-c:\users\Public\AppData\Local\temp 2010-09-13 10:15 . 2010-09-13 10:15--------d-----w-c:\users\Default\AppData\Local\temp 2010-09-11 17:20 . 2010-09-11 17:20--------d-----w-c:\program files\Trend Micro 2010-09-10 18:58 . 2010-09-10 18:58--------d-----w-c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com 2010-09-10 18:58 . 2010-09-10 18:58--------d-----w-c:\programdata\SUPERAntiSpyware.com 2010-09-10 18:58 . 2010-09-10 18:58--------d-----w-c:\program files\SUPERAntiSpyware 2010-09-10 18:27 . 2010-09-10 18:2756---ha-w-c:\windows\system32\ezsidmv.dat 2010-09-09 03:13 . 2010-09-09 03:14--------d-----w-c:\programdata\PrevxCSI 2010-09-06 22:59 . 2010-09-06 22:59--------d-----w-c:\programdata\Electronic Arts 2010-09-06 22:58 . 2010-09-06 23:00--------d-----w-c:\program files\Common Files\Adobe AIR 2010-09-06 22:56 . 2010-09-06 22:56--------d-----w-c:\program files\Electronic Arts 2010-09-06 22:45 . 2010-09-06 22:451180----a-w-c:\windows\system32\ealregsnapshot1.reg 2010-09-06 22:04 . 2010-09-06 22:04--------d-----w-c:\program files\EA Games 2010-09-06 18:04 . 2010-09-06 18:04--------d-----w-c:\programdata\Media Center Programs 2010-09-06 17:53 . 2010-09-06 17:53--------d-----w-c:\program files\Codemasters 2010-09-02 01:29 . 2010-09-02 01:29--------d-----w-c:\program files\iPod 2010-08-29 07:07 . 2010-08-29 07:07--------d-----w-c:\users\Whitney\AppData\Roaming\LolClient 2010-08-29 04:42 . 2008-07-31 17:4168616----a-w-c:\windows\system32\XAPOFX1_1.dll 2010-08-29 04:42 . 2008-07-31 17:40509448----a-w-c:\windows\system32\XAudio2_2.dll 2010-08-29 04:42 . 2008-07-12 15:18467984----a-w-c:\windows\system32\d3dx10_39.dll 2010-08-29 04:42 . 2008-07-12 15:181493528----a-w-c:\windows\system32\D3DCompiler_39.dll 2010-08-29 04:42 . 2008-07-12 15:183851784----a-w-c:\windows\system32\D3DX9_39.dll 2010-08-29 04:36 . 2010-08-29 04:36--------d-----w-C:\Riot Games 2010-08-27 07:03 . 2010-08-27 07:31--------d-----w-c:\program files\SWGANH Client 2010-08-27 06:32 . 2010-08-27 06:32--------d-----w-c:\users\Whitney\AppData\Local\LaunchpadEnhanced 2010-08-26 08:26 . 2010-08-27 07:05--------d-----w-C:\SWGEmu 2010-08-26 08:26 . 2010-08-26 08:26--------d-----w-c:\users\Whitney\AppData\Roaming\LPECommon 2010-08-26 08:25 . 2010-08-26 08:26--------d-----w-c:\program files\Launchpad Enhanced 2010-08-26 08:24 . 2010-09-06 22:44--------d-----w-c:\users\Whitney\AppData\Local\Downloaded Installations 2010-08-26 08:12 . 2010-08-27 07:25--------d-----w-c:\program files\StarWarsGalaxies 2010-08-25 21:27 . 2010-08-25 21:27--------d-----w-c:\program files\Sony 2010-08-19 07:31 . 2010-08-19 07:31--------d-----w-C:\$AVG 2010-08-19 07:17 . 2010-09-13 01:58--------d-----w-c:\windows\system32\drivers\Avg 2010-08-19 07:17 . 2010-08-19 07:1712536----a-w-c:\windows\system32\avgrsstx.dll 2010-08-19 07:15 . 2010-08-19 07:15216400----a-w-c:\windows\system32\drivers\avgldx86.sys 2010-08-19 07:15 . 2010-08-19 07:1529584----a-w-c:\windows\system32\drivers\avgmfx86.sys 2010-08-19 07:14 . 2010-08-19 07:14--------d-----w-c:\program files\AVG 2010-08-19 07:13 . 2010-09-09 04:29--------d-----w-c:\programdata\avg9 2010-08-19 06:48 . 2010-08-19 17:05--------d-----w-c:\users\Whitney\AppData\Roaming\FrostWire 2010-08-17 08:43 . 2010-08-17 08:50--------d-----w-c:\program files\Spybot - Search & Destroy 2010-08-16 17:00 . 2010-08-16 17:00--------d-----w-c:\program files\Common Files\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-13 09:51 . 2007-04-19 18:30--------d-----w-c:\programdata\Symantec 2010-09-13 09:51 . 2007-04-19 18:30--------d-----w-c:\program files\Common Files\Symantec Shared 2010-09-13 09:49 . 2007-04-19 19:43--------d-----w-c:\program files\Java 2010-09-13 09:49 . 2007-04-19 19:43--------d-----w-c:\program files\Common Files\Java 2010-09-13 09:46 . 2008-02-19 03:31--------d-----w-c:\users\Whitney\AppData\Roaming\Skype 2010-09-13 09:44 . 2008-02-19 03:33--------d-----w-c:\users\Whitney\AppData\Roaming\skypePM 2010-09-12 21:24 . 2007-06-27 03:02--------d-----w-c:\programdata\Viewpoint 2010-09-11 17:20 . 2010-09-11 17:20388096----a-r-c:\users\Whitney\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-10 18:58 . 2010-09-10 18:5863488----a-w-c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-09-10 18:58 . 2010-09-10 18:5852224----a-w-c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-09-10 18:58 . 2010-09-10 18:58117760----a-w-c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-09-10 18:55 . 2008-01-01 01:17--------d-----w-c:\programdata\Spybot - Search & Destroy 2010-09-08 07:30 . 2009-07-08 07:06--------d-----w-c:\program files\Microsoft Silverlight 2010-09-06 22:59 . 2010-09-06 23:0053632----a-w-c:\users\Whitney\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-09-06 22:59 . 2010-09-06 22:5853632----a-w-c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-09-06 22:57 . 2007-04-19 18:17--------d--h--w-c:\program files\InstallShield Installation Information 2010-09-06 18:18 . 2010-01-07 20:20--------d-----w-c:\program files\AGEIA Technologies 2010-09-06 18:18 . 2010-01-07 20:20--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2010-09-06 18:06 . 2010-01-07 20:36107888----a-w-c:\windows\system32\CmdLineExt.dll 2010-09-02 01:30 . 2010-06-28 03:33--------d-----w-c:\program files\iTunes 2010-09-02 01:28 . 2007-09-21 02:35--------d-----w-c:\program files\Common Files\Apple 2010-09-02 01:21 . 2010-09-02 01:2173000----a-w-c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-08-29 04:00 . 2008-12-29 05:09--------d-----w-c:\programdata\PMB Files 2010-08-19 06:51 . 2010-08-19 06:510----a-w-c:\users\Whitney\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe 2010-08-18 15:10 . 2009-01-08 08:57--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2010-08-16 17:00 . 2008-02-19 03:30--------d-----r-c:\program files\Skype 2010-08-16 17:00 . 2008-02-19 03:30--------d-----w-c:\programdata\Skype 2010-08-13 10:03 . 2007-04-19 18:46--------d-----w-c:\programdata\Microsoft Help 2010-08-13 10:02 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail 2010-08-05 21:04 . 2010-03-22 05:51765952----a-w-c:\programdata\NexonUS\NGM\NGMDll.dll 2010-08-05 16:52 . 2007-04-19 18:14--------d-----w-c:\program files\Hewlett-Packard 2010-07-17 12:00 . 2010-06-28 04:47423656----a-w-c:\windows\system32\deployJava1.dll 2010-06-27 20:49 . 2007-09-23 00:31680----a-w-c:\users\Whitney\AppData\Local\d3d9caps.dat 2010-06-26 06:05 . 2010-08-12 22:17916480----a-w-c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-12 22:1771680----a-w-c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-12 22:17109056----a-w-c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-12 22:17133632----a-w-c:\windows\system32\ieUnatt.exe 2010-06-21 13:37 . 2010-08-12 22:172037760----a-w-c:\windows\system32\win32k.sys 2010-06-18 17:31 . 2010-08-12 22:1736864----a-w-c:\windows\system32\rtutils.dll 2010-06-18 15:04 . 2010-08-12 22:17302080----a-w-c:\windows\system32\drivers\srv.sys 2010-06-18 15:04 . 2010-08-12 22:17144896----a-w-c:\windows\system32\drivers\srv2.sys 2010-06-16 16:04 . 2010-08-12 22:17905088----a-w-c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-22 2937528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 133912] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744] "HostManager"="c:\program files\Common Files\AOL\1182913076\ee\AOLSoftware.exe" [2006-09-26 50736] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-19 2065760] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128] c:\users\Whitney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-19 216400] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-19 308136] S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder 2010-08-24 c:\windows\Tasks\HPCeeScheduleForWhitney.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-19 21:23] 2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{B03C6987-6114-4E67-AC33-138A9BE347B4}.job - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hotmail.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = ;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab . - - - - ORPHANS REMOVED - - - - HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-141832275-3565902227-3691053196-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:3b,17,8f,e3,71,c2,6e,70,b4,80,33,b5,11,0a,d4,4d,48,8d,aa,1e,18,09,21, 8a,6b,57,89,24,26,5d,93,8e,99,5c,ff,ed,74,b8,da,8f,8d,04,3e,23,96,94,f7,81,\ "??"=hex:ec,5c,64,33,3e,25,07,8d,a9,be,f0,f5,44,b0,15,dd [HKEY_USERS\S-1-5-21-141832275-3565902227-3691053196-1000\Software\SecuROM\License information*] "datasecu"=hex:a0,e1,d1,53,4b,89,9f,98,77,58,f3,6d,69,ff,51,57,6b,0a,4d,03,be, 42,a4,76,1e,bb,80,62,20,c3,3c,ee,30,2a,42,87,c7,7e,e6,6b,a9,7a,f9,70,ed,52,\ "rkeysecu"=hex:95,15,48,c9,66,df,77,db,9c,3e,96,07,b9,3c,d8,c6 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe c:\program files\AVG\AVG9\avgtray.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE c:\windows\ehome\ehmsas.exe c:\windows\system32\igfxsrvc.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Hewlett-Packard\HP Advisor\SSDK04.exe c:\windows\system32\WUDFHost.exe . ************************************************************************** . Completion time: 2010-09-13 03:32:01 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-13 10:31 ComboFix2.txt 2010-09-12 21:52 ComboFix3.txt 2010-09-10 17:37 Pre-Run: 44,194,054,144 bytes free Post-Run: 49,908,961,280 bytes free - - End Of File - - F2A8F3FFDCC5B4947CB8CCA6246E4064 ---------- Comps running a little faster, and the net doesn't seem to be thinking about every little thing before loading By the by, sorry for the late reply. Went out with some friends then was too tired when I got home to post.* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /Uninstall in the runbox * Make sure there's a SPACE between Combofix and /Uninstall * Then hit Enter * Let ComboFix finish uninstalling. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ---------- ESET Online Scan Scan your computer with the ESET FREE Online Virus Scan * Click the ESET Online Scanner button. * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop * Double click on the esetsmartinstaller_enu.exe icon on your desktop. * Place a check mark next to YES, I accept the Terms of Use. * Click the Start button. * Accept any security warnings from your browser. * Leave the check mark next to Remove found threats and place a check next to Scan archives. * Click the Start button. * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time. * When the scan completes, click List of found threats. * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply. * Click the <<Back button then click Finish. In your next reply please include the ESET Online Scan Log (Sorry for the delay in reply. Got called in for doubleshifts at work) After running ESET, it gave me a "No Threats Found" message and closed without giving me a log.If there are no more malware issues we can finish up now. Use the Secunia Software Inspector to check for out of date software. * Click Start Scanner * Check the box next to Enable thorough system inspection. * Click Start * Allow the scan to finish and scroll down to see if any updates are needed. * Update anything listed. You can also download and use the Secunia Personal Software Inspector (PSI) which is FREE for Home Users. This will allow Secunia to run in real time and alert you to potential security threats from outdated software installed on your computer. ---------- Go to Microsoft Windows Update and get all critical updates. ---------- If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page. ---------- I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan. I also suggest keeping CCleaner Slim. It is an excellent and safe disk cleaner. Running CCleaner on a daily basis helps to protect your privacy and make your computer faster and more secure. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. * Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|