Solve : Need help...please?

1.	Solve : Need help...please?
Answer» Quote Do I need to Delete the quarantined files? and also is this a program that I should uninstall or will I use it regularly from now on? You can wait about a week then empty the quarantine folder. Mp4 Player is supposed to be a safe application. How's your computer running now?Hey Dave, My computer seems pretty "normal". I can print fine now and the screen looks "normal" for a while it looked just odd. I have been using it and so far so good. I have not rebooted it for a day or so. It feels good to have it be "OK". Should I back it up now or wait a week to delete the quarantined files? Also, what do you suggest I as a virus protection. I use Malwarebytes every couple of weeks. Honestly I have never had any problems until this past week. Thanks. Quote Should I back it up now or wait a week to delete the quarantined files? If everything is running fine you can empty the quarantine folder. Quote Also, what do you suggest I as a virus protection. I use Malwarebytes every couple of weeks. Honestly I have never had any problems until this past week. First of all, you need a good, up-to-date Anti-Virus program and a third-party firewall. MBAM and SAS are good to run every so often. I will suggest some others when we are finished. One more scan, please. Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop. link # 1 Link # 2 If you are using Firefox, make sure that your download settings are as follows: * Tools->Options->Main tab * Set to "Always ask me where to Save the files". Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Right-click combofix.exe and select Run as Administrator and follow the prompts. When finished, ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete. Yeah, able to do both of those now ComboFix 11-04-15.06 - jjsangelandjan 04/16/2011 16:40:12.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1786 [GMT -4:00] Running from: c:\users\jjsangelandjan\Desktop\ComboFix.exe SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\BSTIeprintctl1.dll c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll . . ((((((((((((((((((((((((( Files Created from 2011-03-16 to 2011-04-16 ))))))))))))))))))))))))))))))) . . 2011-04-16 20:48 . 2011-04-16 20:49 -------- d-----w- c:\users\jjsangelandjan\AppData\Local\temp 2011-04-16 20:48 . 2011-04-16 20:48 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp 2011-04-16 20:48 . 2011-04-16 20:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-04-16 20:48 . 2011-04-16 20:48 -------- d-----w- c:\users\Lisa Long\AppData\Local\temp 2011-04-16 20:48 . 2011-04-16 20:48 -------- d-----w- c:\users\Hazel\AppData\Local\temp 2011-04-16 20:48 . 2011-04-16 20:48 -------- d-----w- c:\users\Giving Works Today\AppData\Local\temp 2011-04-16 20:48 . 2011-04-16 20:48 -------- d-----w- c:\users\Danielas Account\AppData\Local\temp 2011-04-16 20:48 . 2011-04-16 20:48 -------- d-----w- c:\users\Bens Account\AppData\Local\temp 2011-04-16 20:48 . 2011-04-16 20:48 -------- d-----w- c:\users\Roberts Account\AppData\Local\temp 2011-04-16 20:48 . 2011-04-16 20:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-04-16 16:51 . 2011-04-16 16:51 -------- d-----w- c:\users\jjsangelandjan\AppData\Local\{26C05198-F838-40AB-82CC-5A7758DB2BE6} 2011-04-15 17:18 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-15 16:50 . 2011-04-16 04:51 -------- d-----w- c:\users\jjsangelandjan\AppData\Local\{E23B81FE-69BB-4308-A2B8-5344BB8931C1} 2011-04-15 06:01 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition UPDATES\{588CD8F9-C519-48D0-A67F-872FCB2670A1}\mpengine.dll 2011-04-14 21:58 . 2011-04-14 21:58 -------- d-----w- c:\program files\ESET 2011-04-13 02:10 . 2011-04-13 14:11 -------- d-----w- c:\users\jjsangelandjan\AppData\Local\{21B88FEE-85C9-4800-868D-B744E8938192} 2011-04-12 12:59 . 2011-04-12 12:59 -------- d-----w- c:\users\jjsangelandjan\AppData\Roaming\SUPERAntiSpyware.com 2011-04-12 12:59 . 2011-04-12 12:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-04-12 12:59 . 2011-04-12 12:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-04-11 01:47 . 2011-04-11 13:48 -------- d-----w- c:\users\jjsangelandjan\AppData\Local\{1BE5394E-D636-4DC3-B969-EBCA40A40D82} 2011-04-08 01:30 . 2011-04-10 13:32 -------- d-----w- c:\users\jjsangelandjan\AppData\Local\{93BDE59F-4BB9-4979-AA6E-86734974B9CA} 2011-04-06 10:04 . 2011-04-07 10:05 -------- d-----w- c:\users\jjsangelandjan\AppData\Local\{F742A92F-9581-4369-9336-D547166C376A} 2011-04-05 22:04 . 2011-04-05 22:04 -------- d-----w- c:\users\jjsangelandjan\AppData\Local\{33BDE833-9B1B-42C6-AE08-FCE7B62A873C} 2011-04-04 10:03 . 2011-04-05 10:03 -------- d-----w- c:\users\jjsangelandjan\AppData\Local\{3F64CE41-12A6-4ABB-8792-33437B8B4A00} 2011-04-03 22:00 . 2011-04-03 22:00 -------- d-----w- c:\users\Administrator\AppData\Roaming\HPAppData 2011-03-31 22:01 . 2011-04-03 22:03 -------- d-----w- c:\users\jjsangelandjan\AppData\Local\{8973526F-506B-44D8-B587-4EE36E0894D5} 2011-03-29 17:05 . 2011-03-31 05:06 -------- d-----w- c:\users\jjsangelandjan\AppData\Local\{38701BC8-0FE8-437A-9B11-DEA83A2E95E4} 2011-03-26 02:42 . 2011-03-26 02:42 -------- d-----w- c:\users\Public\summer_floral_48258 2011-03-25 23:48 . 2011-03-25 23:48 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2011-03-23 12:56 . 2011-03-29 00:59 -------- d-----w- c:\users\jjsangelandjan\AppData\Local\{A4C4797D-0F19-4C78-B7C1-9A0AAE84986C} 2011-03-22 21:45 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-03-22 21:45 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-03-22 21:45 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-03-21 09:30 . 2011-03-22 21:31 -------- d-----w- c:\users\jjsangelandjan\AppData\Local\{3AE8680E-5F41-4375-9506-FBBE49C8945B} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-10 02:49 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-02-02 22:11 . 2009-10-02 16:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-20 16:37 . 2011-02-09 04:29 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-01-20 16:08 . 2011-02-09 04:29 478720 ----a-w- c:\windows\system32\dxgi.dll 2011-01-20 16:08 . 2011-02-09 04:29 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-01-20 16:08 . 2011-02-09 04:29 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2011-01-20 16:08 . 2011-02-09 04:29 1029120 ----a-w- c:\windows\system32\d3d10.dll 2011-01-20 16:08 . 2011-02-09 04:29 189952 ----a-w- c:\windows\system32\d3d10core.dll 2011-01-20 16:07 . 2011-02-09 04:29 37376 ----a-w- c:\windows\system32\cdd.dll 2011-01-20 16:07 . 2011-02-09 04:29 258048 ----a-w- c:\windows\system32\winspool.drv 2011-01-20 16:07 . 2011-02-09 04:29 586240 ----a-w- c:\windows\system32\stobject.dll 2011-01-20 16:06 . 2011-02-09 04:29 2873344 ----a-w- c:\windows\system32\mf.dll 2011-01-20 16:06 . 2011-02-09 04:29 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2011-01-20 16:04 . 2011-02-09 04:29 209920 ----a-w- c:\windows\system32\mfplat.dll 2011-01-20 16:04 . 2011-02-09 04:29 98816 ----a-w- c:\windows\system32\mfps.dll 2011-01-20 14:28 . 2011-02-09 04:29 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2011-01-20 14:27 . 2011-02-09 04:29 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-20 14:26 . 2011-02-09 04:29 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2011-01-20 14:25 . 2011-02-09 04:29 847360 ----a-w- c:\windows\system32\OpcServices.dll 2011-01-20 14:24 . 2011-02-09 04:29 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2011-01-20 14:15 . 2011-02-09 04:29 979456 ----a-w- c:\windows\system32\MFH264Dec.dll 2011-01-20 14:14 . 2011-02-09 04:29 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll 2011-01-20 14:14 . 2011-02-09 04:29 261632 ----a-w- c:\windows\system32\mfreadwrite.dll 2011-01-20 14:14 . 2011-02-09 04:29 302592 ----a-w- c:\windows\system32\mfmp4src.dll 2011-01-20 14:12 . 2011-02-09 04:29 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2011-01-20 14:11 . 2011-02-09 04:29 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2011-01-20 13:47 . 2011-02-09 04:29 683008 ----a-w- c:\windows\system32\d2d1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088] "googletalk"="c:\users\jjsangelandjan\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112] "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 151552] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656] "QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "Malwarebytes' Anti-Malware (reboot)"="e:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136] . c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216] . c:\users\Roberts Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216] . c:\users\Bens Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216] . c:\users\Hazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216] . c:\users\Lisa Long\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216] . c:\users\jjsangelandjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696] R3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-06-04 184320] R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648] R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071204.001\IDSvix86.sys [2007-11-06 180272] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-09-21 112688] S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2006-11-22 336000] S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-06-04 3768] S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936] . . --- Other Services/Drivers In Memory --- . NewlyCreated - COMHOST . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-04-16 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Lisa Long.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48] . 2011-04-15 c:\windows\Tasks\User_Feed_Synchronization-{FC857FE0-93F1-49AE-9D69-02E072DD5496}.job - c:\windows\system32\msfeedssync.exe [2011-04-15 04:43] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop uInternet Settings,ProxyOverride = .local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html FF - ProfilePath - c:\users\jjsangelandjan\AppData\Roaming\Mozilla\Firefox\Profiles\m8jvtigk.default\ FF - prefs.js: browser.startup.homepage - www.ipburger.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D51D388B-F5DC-471A-A1CE-5E2D671091C0} - (no file) . . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-16 16:49 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ********************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.0.6002 Disk: SAMSUNG_SP2504C rev.VT100-49 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1 . device: opened successfully user: MBR read successfully kernel: MBR read successfully user != kernel MBR !!! sectors 488397166 (+255): user != kernel . ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2011-04-16 16:52:43 ComboFix-quarantined-files.txt 2011-04-16 20:52 . Pre-Run: 98,973,835,264 bytes free Post-Run: 99,919,798,272 bytes free . - - End Of File - - CEA3191586138A204C013A4F60FF9073 here is the hijack log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:43:26 PM, on 4/16/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19048) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\WINDOWS\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe E:\Program Files\QuickTime\QTTask.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe E:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\sdclt.exe C:\Windows\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe O4 - HKCU\..\Run: [googletalk] C:\Users\jjsangelandjan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - E:\Program Files\SoundTaxi\YouTubeRipper.dll O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - E:\Program Files\SoundTaxi\YouTubeRipper.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://www.auctiva.com/Aurigma/ImageUploader57.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11035 bytes The only thing I notice that is different now is the it seems to take FOREVER to boot up. I dont remember it ever taking so long. THANKS! Quote The only thing I notice that is different now is the it seems to take FOREVER to boot up. I dont remember it ever taking so long. I will include a program so you can look at and adjust what starts in startup. A couple of items to fix in HJT and we can do some cleanup. Open HijackThis* and select Do a system scan only Place a check mark next to the following entries: (if there) O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ******************************************* StartupLite Download StartupLite by MalwareBytes to your Desktop. Doubleclick StartupLite.exe to launch the program. Ensure the Disable box is checked. Click Continue. A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer. Re-start your computer. ************************************ To uninstall ComboFix Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane. In the field, type in ComboFix /uninstall (Note: Make sure there's a space between the word ComboFix and the forward-slash.) Then, press Enter, or click OK. This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore. ******************************************** Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC** will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. *********************************************** Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. ************************************************ Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start** •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! Hi Dave, I have done everything that you have suggested except the firewall. My vista fire wall is "ON" do you advise adding an additional firewall on top of that? My computer still takes a long time to boot up....it still seems longer than it used to but I have not used a couple of the clean up tools listed on the "SLOW computer" page that you suggested. I have used a program CALLED: "Clean up" by Steven Gould that seems to have worked well in the past....are you familiar with this? and if so is it adequate or would the "CCleaner" be better? I am planning to add another memory card here soon. Thanks again for your help and the clear easy to follow steps! Lisa Just a follow up...I updated my Spybot today and than ran a scan. It FOUND a trojan hiding as well. Is there anything else I should be running? Quote My computer still takes a long time to boot up....it still seems longer than it used to but I have not used a couple of the clean up tools listed on the "SLOW computer" page that you suggested. How much time are we talking about? Quote I have used a program called: "Clean up" by Steven Gould that seems to have worked well in the past....are you familiar with this? and if so is it adequate or would the "CCleaner" be better? Looks like a bit like CCleaner with a few more bells and whistles. Quote Is there anything else I should be running? You should keep SAS and MBAM. Update them and run them on a regular basis. Quote from: SuperDave on April 18, 2011, 12:04:57 PM How much time are we talking about? It takes it about 8 - 10 minutes to boot up, then another 5 - 6 minutes to open my main user up. I never timed it before but it seemed before to boot up in about 5 minutes and may be 3 - 4 minutes for the main user. Now, I have done all of the updates with the browsers and when it booted the last time, I wondered if this might have something to do with it....normally my computer is very fast. Otherwise other than getting used to the "new" look of the browsers things seem pretty fine. I used my system as NORMAL today Thanks!Did you find anything when you ran StartupLite? If there a lot of apps starting it can really slow things down.Yes, I removed about 8 things with the STARTUPLite! Here's a bunch of links concerning slow boot with Vista. I hope it helps.ok Great! You are a very valuable knowledgeable asset to this forum. Thanks for being willing to share that with all of us who struggle against these nasty virus'. No words to really express my gratitude! Take care You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Answer»

Quote

Do I need to Delete the quarantined files? and also is this a program that I should uninstall or will I use it regularly from now on?

You can wait about a week then empty the quarantine folder.
Mp4 Player is supposed to be a safe application.
How's your computer running now?Hey Dave,

My computer seems pretty "normal". I can print fine now and the screen looks "normal" for a while it looked just odd. I have been using it and so far so good. I have not rebooted it for a day or so. It feels good to have it be "OK". Should I back it up now or wait a week to delete the quarantined files? Also, what do you suggest I as a virus protection. I use Malwarebytes every couple of weeks. Honestly I have never had any problems until this past week.

Thanks. Quote

Should I back it up now or wait a week to delete the quarantined files?

If everything is running fine you can empty the quarantine folder.

Quote

Also, what do you suggest I as a virus protection. I use Malwarebytes every couple of weeks. Honestly I have never had any problems until this past week.

First of all, you need a good, up-to-date Anti-Virus program and a third-party firewall. MBAM and SAS are good to run every so often. I will suggest some others when we are finished. One more scan, please.

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
Yeah, able to do both of those now

ComboFix 11-04-15.06 - jjsangelandjan 04/16/2011 16:40:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1786 [GMT -4:00]
Running from: c:\users\jjsangelandjan\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\BSTIeprintctl1.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-16 to 2011-04-16 )))))))))))))))))))))))))))))))
.
.
2011-04-16 20:48 . 2011-04-16 20:49   --------   d-----w-   c:\users\jjsangelandjan\AppData\Local\temp
2011-04-16 20:48 . 2011-04-16 20:48   --------   d-----w-   c:\users\IUSR_NMPR\AppData\Local\temp
2011-04-16 20:48 . 2011-04-16 20:48   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-04-16 20:48 . 2011-04-16 20:48   --------   d-----w-   c:\users\Lisa Long\AppData\Local\temp
2011-04-16 20:48 . 2011-04-16 20:48   --------   d-----w-   c:\users\Hazel\AppData\Local\temp
2011-04-16 20:48 . 2011-04-16 20:48   --------   d-----w-   c:\users\Giving Works Today\AppData\Local\temp
2011-04-16 20:48 . 2011-04-16 20:48   --------   d-----w-   c:\users\Danielas Account\AppData\Local\temp
2011-04-16 20:48 . 2011-04-16 20:48   --------   d-----w-   c:\users\Bens Account\AppData\Local\temp
2011-04-16 20:48 . 2011-04-16 20:48   --------   d-----w-   c:\users\Roberts Account\AppData\Local\temp
2011-04-16 20:48 . 2011-04-16 20:48   --------   d-----w-   c:\users\Administrator\AppData\Local\temp
2011-04-16 16:51 . 2011-04-16 16:51   --------   d-----w-   c:\users\jjsangelandjan\AppData\Local\{26C05198-F838-40AB-82CC-5A7758DB2BE6}
2011-04-15 17:18 . 2011-02-22 13:24   213504   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 16:50 . 2011-04-16 04:51   --------   d-----w-   c:\users\jjsangelandjan\AppData\Local\{E23B81FE-69BB-4308-A2B8-5344BB8931C1}
2011-04-15 06:01 . 2011-03-15 04:05   6792528   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition UPDATES\{588CD8F9-C519-48D0-A67F-872FCB2670A1}\mpengine.dll
2011-04-14 21:58 . 2011-04-14 21:58   --------   d-----w-   c:\program files\ESET
2011-04-13 02:10 . 2011-04-13 14:11   --------   d-----w-   c:\users\jjsangelandjan\AppData\Local\{21B88FEE-85C9-4800-868D-B744E8938192}
2011-04-12 12:59 . 2011-04-12 12:59   --------   d-----w-   c:\users\jjsangelandjan\AppData\Roaming\SUPERAntiSpyware.com
2011-04-12 12:59 . 2011-04-12 12:59   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-04-12 12:59 . 2011-04-12 12:59   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-04-11 01:47 . 2011-04-11 13:48   --------   d-----w-   c:\users\jjsangelandjan\AppData\Local\{1BE5394E-D636-4DC3-B969-EBCA40A40D82}
2011-04-08 01:30 . 2011-04-10 13:32   --------   d-----w-   c:\users\jjsangelandjan\AppData\Local\{93BDE59F-4BB9-4979-AA6E-86734974B9CA}
2011-04-06 10:04 . 2011-04-07 10:05   --------   d-----w-   c:\users\jjsangelandjan\AppData\Local\{F742A92F-9581-4369-9336-D547166C376A}
2011-04-05 22:04 . 2011-04-05 22:04   --------   d-----w-   c:\users\jjsangelandjan\AppData\Local\{33BDE833-9B1B-42C6-AE08-FCE7B62A873C}
2011-04-04 10:03 . 2011-04-05 10:03   --------   d-----w-   c:\users\jjsangelandjan\AppData\Local\{3F64CE41-12A6-4ABB-8792-33437B8B4A00}
2011-04-03 22:00 . 2011-04-03 22:00   --------   d-----w-   c:\users\Administrator\AppData\Roaming\HPAppData
2011-03-31 22:01 . 2011-04-03 22:03   --------   d-----w-   c:\users\jjsangelandjan\AppData\Local\{8973526F-506B-44D8-B587-4EE36E0894D5}
2011-03-29 17:05 . 2011-03-31 05:06   --------   d-----w-   c:\users\jjsangelandjan\AppData\Local\{38701BC8-0FE8-437A-9B11-DEA83A2E95E4}
2011-03-26 02:42 . 2011-03-26 02:42   --------   d-----w-   c:\users\Public\summer_floral_48258
2011-03-25 23:48 . 2011-03-25 23:48   4284416   ----a-w-   c:\windows\system32\GPhotos.scr
2011-03-23 12:56 . 2011-03-29 00:59   --------   d-----w-   c:\users\jjsangelandjan\AppData\Local\{A4C4797D-0F19-4C78-B7C1-9A0AAE84986C}
2011-03-22 21:45 . 2011-02-22 14:13   288768   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2011-03-22 21:45 . 2011-02-22 13:33   1068544   ----a-w-   c:\windows\system32\DWrite.dll
2011-03-22 21:45 . 2011-02-22 13:33   797696   ----a-w-   c:\windows\system32\FntCache.dll
2011-03-21 09:30 . 2011-03-22 21:31   --------   d-----w-   c:\users\jjsangelandjan\AppData\Local\{3AE8680E-5F41-4375-9506-FBBE49C8945B}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 02:49 . 2010-06-24 16:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 22:11 . 2009-10-02 16:51   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 04:29   638336   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 04:29   478720   ----a-w-   c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 04:29   219648   ----a-w-   c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 04:29   160768   ----a-w-   c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 04:29   1029120   ----a-w-   c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 04:29   189952   ----a-w-   c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 04:29   37376   ----a-w-   c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 04:29   258048   ----a-w-   c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 04:29   586240   ----a-w-   c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 04:29   2873344   ----a-w-   c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 04:29   26112   ----a-w-   c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 04:29   209920   ----a-w-   c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 04:29   98816   ----a-w-   c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 04:29   1554432   ----a-w-   c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 04:29   876032   ----a-w-   c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 04:29   667648   ----a-w-   c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 04:29   847360   ----a-w-   c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 04:29   135680   ----a-w-   c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 04:29   979456   ----a-w-   c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 04:29   357376   ----a-w-   c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 04:29   261632   ----a-w-   c:\windows\system32\mfreadwrite.dll
2011-01-20 14:14 . 2011-02-09 04:29   302592   ----a-w-   c:\windows\system32\mfmp4src.dll
2011-01-20 14:12 . 2011-02-09 04:29   1172480   ----a-w-   c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 04:29   486400   ----a-w-   c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 04:29   683008   ----a-w-   c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"googletalk"="c:\users\jjsangelandjan\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 151552]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware (reboot)"="e:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
.
c:\users\Roberts Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
.
c:\users\Bens Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
.
c:\users\Hazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
.
c:\users\Lisa Long\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
.
c:\users\jjsangelandjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-06-04 184320]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071204.001\IDSvix86.sys [2007-11-06 180272]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-09-21 112688]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2006-11-22 336000]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-06-04 3768]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-16 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Lisa Long.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]
.
2011-04-15 c:\windows\Tasks\User_Feed_Synchronization-{FC857FE0-93F1-49AE-9D69-02E072DD5496}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
FF - ProfilePath - c:\users\jjsangelandjan\AppData\Roaming\Mozilla\Firefox\Profiles\m8jvtigk.default\
FF - prefs.js: browser.startup.homepage - www.ipburger.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D51D388B-F5DC-471A-A1CE-5E2D671091C0} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-16 16:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: SAMSUNG_SP2504C rev.VT100-49 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-16 16:52:43
ComboFix-quarantined-files.txt 2011-04-16 20:52
.
Pre-Run: 98,973,835,264 bytes free
Post-Run: 99,919,798,272 bytes free
.
- - End Of File - - CEA3191586138A204C013A4F60FF9073

here is the hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:26 PM, on 4/16/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
E:\Program Files\QuickTime\QTTask.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\jjsangelandjan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - E:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - E:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://www.auctiva.com/Aurigma/ImageUploader57.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11035 bytes

The only thing I notice that is different now is the it seems to take FOREVER to boot up. I dont remember it ever taking so long.

THANKS! Quote

The only thing I notice that is different now is the it seems to take FOREVER to boot up. I dont remember it ever taking so long.

I will include a program so you can look at and adjust what starts in startup.
A couple of items to fix in HJT and we can do some cleanup.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
*********************************************
StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
****************************************
To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
****************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Hi Dave,

I have done everything that you have suggested except the firewall. My vista fire wall is "ON" do you advise adding an additional firewall on top of that?

My computer still takes a long time to boot up....it still seems longer than it used to but I have not used a couple of the clean up tools listed on the "SLOW computer" page that you suggested.

I have used a program CALLED: "Clean up" by Steven Gould that seems to have worked well in the past....are you familiar with this? and if so is it adequate or would the "CCleaner" be better?

I am planning to add another memory card here soon.

Thanks again for your help and the clear easy to follow steps!

Lisa Just a follow up...I updated my Spybot today and than ran a scan. It FOUND a trojan hiding as well. Is there anything else I should be running? Quote

My computer still takes a long time to boot up....it still seems longer than it used to but I have not used a couple of the clean up tools listed on the "SLOW computer" page that you suggested.

How much time are we talking about?

Quote

I have used a program called: "Clean up" by Steven Gould that seems to have worked well in the past....are you familiar with this? and if so is it adequate or would the "CCleaner" be better?

Looks like a bit like CCleaner with a few more bells and whistles.
Quote

Is there anything else I should be running?

You should keep SAS and MBAM. Update them and run them on a regular basis. Quote from: SuperDave on April 18, 2011, 12:04:57 PM

How much time are we talking about?

It takes it about 8 - 10 minutes to boot up, then another 5 - 6 minutes to open my main user up. I never timed it before but it seemed before to boot up in about 5 minutes and may be 3 - 4 minutes for the main user. Now, I have done all of the updates with the browsers and when it booted the last time, I wondered if this might have something to do with it....normally my computer is very fast. Otherwise other than getting used to the "new" look of the browsers things seem pretty fine. I used my system as NORMAL today

Thanks!Did you find anything when you ran StartupLite? If there a lot of apps starting it can really slow things down.Yes, I removed about 8 things with the STARTUPLite! Here's a bunch of links concerning slow boot with Vista. I hope it helps.ok Great!

You are a very valuable knowledgeable asset to this forum. Thanks for being willing to share that with all of us who struggle against these nasty virus'. No words to really express my gratitude!

Take care You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Solve : Need help...please?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment