Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Setwallpaper.cmd Virus??


  • This topic is locked This topic is locked
7 replies to this topic

#1 blockisle9

blockisle9

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 17 September 2011 - 09:42 AM

Last week I had some kind of a redirect virus and possibly more.
So I recovered windows using F-9 and the recovery portition on my laptop. This deleted all partitions and created a new system patition as drive c. This put my computer back to when I first got it.
After getting all my files, software reinstalled,and deleting all the bloatware, and shutting down any un-needed start up stuff,
I found this "setwallpaper.cmd" I can not find any info on this except that it might be a virus. I cant even located it in explorer. The PC seems to be running just find.I ran malwarebyte quick scan, full scan and flash scan and it found nothing. Also a full scan with McAffe found nothing.
Thank you in advace for your help.
Lenny
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Len at 10:10:52 on 2011-09-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2860 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110916072520.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
mRun: [<NO NAME>]
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: cinemanow.com
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A58B36E8-F80E-4501-9F06-DDDCE5F2D00F} : DhcpNameServer = 192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110916072520.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
mRun-x64: [(Default)]
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\qnrc4q61.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.my.yahoo.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-9-4 14904]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-11 127352]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-16 366152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-15 355440]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-15 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-15 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-15 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-9-15 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-9-15 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-09-16 22:52:26 -------- d-----w- C:\Users\Len\AppData\Roaming\Malwarebytes
2011-09-16 22:52:16 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-16 22:52:12 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-16 22:52:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-16 19:15:34 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-16 02:17:36 1933312 ----a-w- C:\Windows\SysWow64\cdintf250.dll
2011-09-16 01:27:44 -------- d-----w- C:\Windows\SysWow64\Wat
2011-09-16 01:27:44 -------- d-----w- C:\Windows\System32\Wat
2011-09-16 01:25:50 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-09-16 01:25:50 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-09-16 01:18:33 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2011-09-16 01:15:58 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-09-16 01:14:30 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-09-16 01:12:44 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-09-16 01:12:44 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-09-16 01:12:44 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-09-16 01:12:44 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-09-16 01:12:25 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-09-16 01:12:25 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-09-16 00:54:46 -------- d-----w- C:\Windows\pss
2011-09-16 00:42:21 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-09-16 00:42:21 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-09-16 00:42:15 -------- d-----w- C:\Program Files\CCleaner
2011-09-16 00:32:22 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-09-16 00:32:22 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-09-16 00:32:22 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-09-16 00:32:22 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-09-16 00:32:22 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-09-16 00:32:22 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-09-16 00:32:22 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-09-16 00:32:22 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-09-16 00:32:22 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-09-16 00:32:22 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-09-16 00:22:33 -------- d-----w- C:\Users\Len\AppData\Local\Microsoft Help
2011-09-15 23:28:25 -------- d-----w- C:\Users\Len\AppData\Local\Adobe
2011-09-15 23:26:59 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-09-15 23:24:56 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2011-09-15 23:24:56 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2011-09-15 23:24:56 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2011-09-15 23:20:06 158832 ----a-w- C:\Windows\System32\mfevtps.exe
2011-09-15 22:12:20 -------- d-----w- C:\Windows\System32\log
2011-09-15 21:02:47 -------- d-----w- C:\Program Files (x86)\Common Files\L&H
2011-09-15 21:02:44 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
2011-09-15 20:56:16 -------- d-----w- C:\Users\Len\AppData\Roaming\Intuit
2011-09-15 20:56:04 -------- d-----w- C:\Program Files (x86)\Common Files\Palo Alto Software
2011-09-15 20:55:58 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2011-09-15 20:55:50 -------- d-----w- C:\ProgramData\Intuit
2011-09-15 20:55:50 -------- d-----w- C:\Program Files (x86)\Quicken
2011-09-15 20:47:41 -------- d-----w- C:\ProgramData\WEBREG
2011-09-15 20:47:00 -------- d-----w- C:\Users\Len\AppData\Local\HP
2011-09-15 20:45:56 226816 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzpp5oe.dll
2011-09-15 20:43:45 -------- d-----w- C:\Users\Len\AppData\Roaming\HpUpdate
2011-09-15 20:42:34 -------- d-----w- C:\Windows\SysWow64\spool
2011-09-15 20:41:43 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2011-09-15 20:41:42 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2011-09-15 20:41:15 671816 ----a-w- C:\Windows\System32\hpcdmc32.dll
2011-09-15 20:41:15 235008 ----a-w- C:\Windows\SysWow64\hpzc35oe.dll
2011-09-15 20:41:15 131072 ----a-w- C:\Windows\System32\hpz3l5oe.dll
2011-09-15 20:41:04 -------- d-----w- C:\Program Files (x86)\HP
2011-09-15 20:39:53 944128 ----a-w- C:\Windows\System32\hpwwiax4.dll
2011-09-15 20:39:53 358744 ----a-w- C:\Windows\System32\hpzids40.dll
2011-09-15 20:39:52 740864 ----a-w- C:\Windows\System32\hpwtscl3.dll
2011-09-15 20:39:52 540672 ----a-w- C:\Windows\System32\hppldcoi.dll
2011-09-15 20:39:52 488960 ----a-w- C:\Windows\System32\hpovst11.dll
2011-09-15 20:08:48 -------- d-----w- C:\Users\Len\AppData\Local\Apple
2011-09-15 20:08:32 -------- d-----w- C:\Program Files\Bonjour
2011-09-15 20:08:32 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-09-15 19:56:29 -------- d-----w- C:\Users\Len\AppData\Roaming\McAfee
2011-09-15 19:43:58 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4DFB00FF-4023-419E-B168-82619E0042F3}\mpengine.dll
2011-09-15 19:43:55 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-09-15 19:30:50 -------- d-----w- C:\Program Files (x86)\Yahoo!
2011-09-15 19:19:19 -------- d-----w- C:\Users\Len\AppData\Local\Power2Go
2011-09-15 19:18:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-09-15 19:18:41 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-09-15 19:18:40 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-09-15 19:18:40 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-09-15 19:16:11 -------- d-----w- C:\Users\Len\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-09 05:14:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:30:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-06-23 05:29:39 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:38:05 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 10:12:38.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 19,210 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:24 AM

Posted 22 September 2011 - 08:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.


This SetWallpaper is not a virus. It's part of the Operating system. It's started each time you start the computer from this key.

mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd

If you want to disable it at startup you possibly can do it by running the MSCONFIG.EXE from the Start > run box and disable the startup item.

===

If you want to remove it completely run this tool and I will prepare a script to remove it.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

While I have your attention you might be interested in checking your 3rd party security status.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#3 blockisle9

blockisle9
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 22 September 2011 - 02:18 PM

First I want to thank you very much for your help!
I did not do the combofix thing, I just unchecked it in MSCONFIG start ups (Unless you think it should be completley removed)
I did down load and ran Secuity Check and the logs are posted below.
One other thing I would like to ask, In my task bar there are icons listed for Asus Live update, Cinamanow media manager, Asus data secuity managers tray. I dont think I use them, can I uninstall them control panel uninstaller? Theres also a bunch of other Asus stuff there also.
Thanks again for all your help!
Lenny

Results of screen317's Security Check version 0.99.18
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Flash Player Out of Date!
Adobe Flash Player 10.0.32.18
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

#4 nasdaq

nasdaq

  • Malware Response Team
  • 19,210 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:24 AM

Posted 22 September 2011 - 06:08 PM

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Flash Player 10.3.183.10 ... Flash Player for Android update to Adobe Flash Player for Android 10.3.186.7

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.

Download for Internet Explorer

Download for Firefox and other browsers
===

One other thing I would like to ask, In my task bar there are icons listed for Asus Live update, Cinamanow media manager, Asus data secuity managers tray. I dont think I use them, can I uninstall them control panel uninstaller? Theres also a bunch of other Asus stuff there also.


Right Click on the Task Bar Icon. You may be able to remove or disable them.
===

This removal tool can be used to uninstall unwanted program.

http://majorgeeks.com/Revo_Uninstaller_d5706.html

Revo Uninstaller helps you to remove any unwanted application installed on your computer.

#5 blockisle9

blockisle9
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 22 September 2011 - 06:51 PM

Thanks,
adobe updated.
In your oppinion, are Asus Live update, Cinamanow media manager, Asus data secuity managers tray needed programs on my machine? I want to uninstall them, but dont want to create any problems.
To rap this up, do I need to remove any of the stuff Ive installed under your direction?
Thanks for all your help
Lenny

Edited by blockisle9, 22 September 2011 - 09:02 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 19,210 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:24 AM

Posted 23 September 2011 - 06:54 AM

In your oppinion, are Asus Live update, Cinamanow media manager, Asus data secuity managers tray needed programs on my machine? I want to uninstall them, but dont want to create any problems.

Asus Live update is not required at startup. Can be disable using MSCONFIG.
I would not delete it. IF something goes bad with your drivers you can the use it to update your drivers.
===

Cinamanow media manager http://canada.cinemanow.com/
Installed by Roxio. If you are not going to use this computer to view films you can remove it.
===

ASUS Data Security Manager FingerPrint Driver
http://freeallsoftwares.com/2010/12/asus-data-security-manager-fingerprint-driver/

Find out if you want this.
===

If ComboFix was not executed you can delete the .exe file.

If it was you need to remove it this way.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

The other tool you can just delete it.

#7 blockisle9

blockisle9
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 23 September 2011 - 07:08 AM

Again,
Thank you for your help!
Lenny

#8 nasdaq

nasdaq

  • Malware Response Team
  • 19,210 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:24 AM

Posted 29 September 2011 - 07:26 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users