Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pup.bundle-installer.01 virus


  • This topic is locked This topic is locked
15 replies to this topic

#1 Jerry9494

Jerry9494

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 10 February 2012 - 03:21 PM

I was hit by several infections:
1. Backdoor Win32/trojan:cycbot!cfg
2. PUP.bundle-installer.0I
3. Trojan.agent/Gen-Dropper(temp)


I restarted my computer in Safe Mode and ran Super Spyware Blaster with found Gen-Dropper and supposedly deleted it.
I ran Malwarebytes and it found PUP.bundle-installer.0I. It removes it, but then it comes back.
It was Microsoft's Security Essentials which found Win32 trojan:Cycbot!cfg and quarantined it.

The PUP keeps coming back and I can't get rid of it.

If anyone could help me I sure would appreciate it. Thanking you advance.

The DDS "attach" txt file is attached to this post now, as is the ark.log.

Attached Files


Edited by Jerry9494, 10 February 2012 - 05:21 PM.


BC AdBot (Login to Remove)

 


#2 Jerry9494

Jerry9494
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 10 February 2012 - 03:28 PM

DDS log:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Gerald at 14:10:25 on 2012-02-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2602 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Andrea Electronics\AudioCommander\AudioCommander.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AudioCommander] "c:\program files\andrea electronics\audiocommander\AudioCommander.exe" /tray
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoInternetIcon = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 205.171.2.65 68.94.156.1 12.127.16.67
TCP: Interfaces\{492E158B-BF82-45EE-ABDC-CDB147F3E836} : DhcpNameServer = 205.171.2.65 68.94.156.1 12.127.16.67
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gerald\application data\mozilla\firefox\profiles\c9tt2bvd.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2010-8-4 23712]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsleed03da3;MpKsleed03da3;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d2ae2a7d-f958-4899-b3e1-3518417b8c96}\MpKsleed03da3.sys [2012-2-10 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 5U875UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U875.sys [2010-8-3 72448]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2010-8-3 243856]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2010-8-3 41216]
R3 QtsDongle;USB Software Key;c:\windows\system32\qtsusk.sys [2005-2-18 10752]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2010-8-3 71961]
S3 aeaudio2;AE USB Audio Driver2 (WDM);c:\windows\system32\drivers\AEAudio2.sys [2009-9-10 113664]
S3 aeaudiol;AE USB Audio Driver-Lower (WDM);c:\windows\system32\drivers\AEAudioL.sys [2009-6-26 15104]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 QCFiltersny;Sony USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfiltersny.sys [2010-8-4 5248]
S3 qcusbnetsny;Sony USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetsny.sys [2010-8-4 115200]
S3 qcusbsersny;Sony USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbsersny.sys [2010-8-4 103680]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2007-10-22 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2007-10-22 44928]
S3 wdfsgusbV3;Stenograph WDF USB Writer Service V3;c:\windows\system32\drivers\wdfsgusb.sys [2010-2-17 18952]
S4 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2009-3-2 345336]
.
=============== Created Last 30 ================
.
2012-02-10 20:07:50 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d2ae2a7d-f958-4899-b3e1-3518417b8c96}\MpKsleed03da3.sys
2012-02-10 14:50:09 -------- d-----w- c:\documents and settings\gerald\application data\DigiDelivery
2012-02-10 14:49:59 -------- d-----w- c:\program files\Aspera
2012-02-09 15:05:35 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d2ae2a7d-f958-4899-b3e1-3518417b8c96}\MpKsl2193a678.sys
2012-02-06 14:45:16 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d2ae2a7d-f958-4899-b3e1-3518417b8c96}\mpengine.dll
2012-02-01 22:32:32 -------- d-----w- c:\program files\Sophos
2012-01-30 15:15:15 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-01-27 16:24:05 -------- d-----w- c:\program files\CCleaner
2012-01-24 15:23:48 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-24 15:22:18 -------- d-----w- c:\program files\Microsoft Security Client
.
==================== Find3M ====================
.
2011-12-28 23:38:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:10:42.65 ===============

#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 PM

Posted 11 February 2012 - 12:13 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

  • Once the Microsoft Windows Recovery Console is installed click on Yes[/b], to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#4 Jerry9494

Jerry9494
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 11 February 2012 - 04:40 PM

Thanks McMurphy for helping me.

I realize I may have to reformat my hard drive but I'd like to go down swinging if I have to.

Here is the Combo Fix log:





ComboFix 12-02-11.03 - Gerald 02/11/2012 15:15:11.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2491 [GMT -6:00]
Running from: c:\documents and settings\Gerald\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-10 18:57 . 2012-02-10 18:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-02-10 14:50 . 2012-02-10 15:11 -------- d-----w- c:\documents and settings\Gerald\Application Data\DigiDelivery
2012-02-10 14:49 . 2012-02-10 14:49 -------- d-----w- c:\program files\Aspera
2012-02-09 15:05 . 2012-02-09 15:05 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D2AE2A7D-F958-4899-B3E1-3518417B8C96}\MpKsl2193a678.sys
2012-02-06 14:45 . 2012-01-17 10:39 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D2AE2A7D-F958-4899-B3E1-3518417B8C96}\mpengine.dll
2012-02-01 22:32 . 2012-02-01 22:32 -------- d-----w- c:\program files\Sophos
2012-01-30 15:15 . 2012-01-17 10:39 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-27 17:18 . 2012-01-27 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-27 16:24 . 2012-01-27 16:24 -------- d-----w- c:\program files\CCleaner
2012-01-24 15:23 . 2012-01-29 11:10 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-24 15:22 . 2012-01-24 15:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-19 12:43 . 2012-01-19 12:43 -------- d-----w- c:\documents and settings\Gerald\Application Data\Roxio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 23:38 . 2011-12-28 23:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:24 . 2010-02-17 14:26 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-03 18:50 . 2011-06-16 15:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\program files\Story Weaver 1_0\Story Weaver .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gerald\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gerald\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gerald\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gerald\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioCommander"="c:\program files\Andrea Electronics\AudioCommander\AudioCommander.exe" [2008-08-29 888832]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2008-03-26 217088]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-31 170520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-31 150040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-31 13549568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-08-22 21:46 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gerald^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Gerald\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gerald^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Gerald\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AEFltrs]
2008-08-29 14:22 741376 ------w- c:\program files\Andrea Electronics\AudioCommander\AEFltrs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-11 18:11 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-05-21 15:57 118784 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioCommander]
2008-08-29 12:57 888832 ----a-w- c:\program files\Andrea Electronics\AudioCommander\AudioCommander.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\conhost]
c:\documents and settings\Gerald\Application Data\Microsoft\conhost.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-16 00:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-05-21 20:06 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2009-05-21 20:49 1372160 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2008-05-16 00:31 315392 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
c:\program files\iTunes\iTunesHelper.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobilink3]
c:\program files\Novatel Wireless\Virgin Mobile\MobiLink3.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-07-31 22:52 13549568 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PartSeal]
2008-08-22 23:49 18432 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-07-31 22:39 141848 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
c:\program files\Protector Suite QL\launcher.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
c:\program files\Search Settings\SearchSettings.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 20:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 21:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-03-16 22:24 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwiftToDoList]
c:\program files\Swift To-Do List\Swift To-Do List.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2008-07-22 23:02 503808 ----a-w- c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syncplicity]
c:\program files\Syncplicity\Syncplicity.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2008-08-22 23:49 18432 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 4]
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2008-07-31 19:10 1134592 ------w- c:\program files\Andrea Electronics\VoiceCenter\AndreaVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Application Updater"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"gusvc"=3 (0x3)
"NvtlService"=2 (0x2)
"btwdins"=2 (0x2)
"VAIO Event Service"=2 (0x2)
"SQLWriter"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"QDLService"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IviRegMgr"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMON"=2 (0x2)
"EvtEng"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\CAT4\\CaseCatalyst.exe"=
"c:\\Documents and Settings\\Gerald\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1091:UDP"= 1091:UDP:Windows Media Format SDK (wmplayer.exe)
"1090:UDP"= 1090:UDP:Windows Media Format SDK (wmplayer.exe)
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [8/4/2010 10:44 AM 23712]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R3 5U875UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U875.sys [8/3/2010 7:53 PM 72448]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [8/3/2010 7:52 PM 243856]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [8/3/2010 7:53 PM 41216]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [8/3/2010 7:53 PM 71961]
S3 aeaudio2;AE USB Audio Driver2 (WDM);c:\windows\system32\drivers\AEAudio2.sys [9/10/2009 12:20 PM 113664]
S3 aeaudiol;AE USB Audio Driver-Lower (WDM);c:\windows\system32\drivers\AEAudioL.sys [6/26/2009 10:25 AM 15104]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/18/2009 11:13 AM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/18/2009 11:12 AM 174720]
S3 QCFiltersny;Sony USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfiltersny.sys [8/4/2010 12:12 PM 5248]
S3 qcusbnetsny;Sony USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetsny.sys [8/4/2010 12:12 PM 115200]
S3 qcusbsersny;Sony USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbsersny.sys [8/4/2010 12:12 PM 103680]
S3 QtsDongle;USB Software Key;c:\windows\system32\qtsusk.sys [2/18/2005 10:47 AM 10752]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 7:29 PM 32408]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [10/22/2007 11:03 PM 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [10/22/2007 11:03 PM 44928]
S3 wdfsgusbV3;Stenograph WDF USB Writer Service V3;c:\windows\system32\drivers\wdfsgusb.sys [2/17/2010 6:47 AM 18952]
S4 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [3/2/2009 4:59 PM 345336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
.
2010-02-17 c:\windows\Tasks\scribeSevenDaysInit.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-02-17 14:05]
.
2012-01-27 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-02-17 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Gerald\Application Data\Mozilla\Firefox\Profiles\c9tt2bvd.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 15:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(2364)
c:\windows\system32\WININET.dll
c:\documents and settings\Gerald\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\rtfcreext.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-11 15:18:14
ComboFix-quarantined-files.txt 2012-02-11 21:18
ComboFix2.txt 2012-02-11 21:09
.
Pre-Run: 367,186,259,968 bytes free
Post-Run: 367,165,091,840 bytes free
.
- - End Of File - - 8D10C37859B3091F0EFB6855C2964A4B

#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 PM

Posted 11 February 2012 - 06:50 PM

Jerry9494:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

RenV::
c:\program files\Story Weaver 1_0\Story Weaver .exe

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 Jerry9494

Jerry9494
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 12 February 2012 - 11:29 AM

I dragged the line in the code box into ComboFix and it ran Combo Fix.
I then ran Malwarebytes after updating it.
I unchecked C\System Volume Information even though Malwarebytes did find the PUP in System Volume Information and I saved the log.

ComboFix log below:

ComboFix 12-02-11.03 - Gerald 02/12/2012 7:59.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2631 [GMT -6:00]
Running from: c:\documents and settings\Gerald\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gerald\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-10 18:57 . 2012-02-10 18:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-02-10 14:50 . 2012-02-10 15:11 -------- d-----w- c:\documents and settings\Gerald\Application Data\DigiDelivery
2012-02-10 14:49 . 2012-02-10 14:49 -------- d-----w- c:\program files\Aspera
2012-02-09 15:05 . 2012-02-09 15:05 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D2AE2A7D-F958-4899-B3E1-3518417B8C96}\MpKsl2193a678.sys
2012-02-06 14:45 . 2012-01-17 10:39 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D2AE2A7D-F958-4899-B3E1-3518417B8C96}\mpengine.dll
2012-02-01 22:32 . 2012-02-01 22:32 -------- d-----w- c:\program files\Sophos
2012-01-30 15:15 . 2012-01-17 10:39 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-27 17:18 . 2012-01-27 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-27 16:24 . 2012-01-27 16:24 -------- d-----w- c:\program files\CCleaner
2012-01-24 15:23 . 2012-01-29 11:10 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-24 15:22 . 2012-01-24 15:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-19 12:43 . 2012-01-19 12:43 -------- d-----w- c:\documents and settings\Gerald\Application Data\Roxio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 23:38 . 2011-12-28 23:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:24 . 2010-02-17 14:26 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-03 18:50 . 2011-06-16 15:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-11_21.07.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-12 13:50 . 2012-02-12 13:50 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_2c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gerald\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gerald\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gerald\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gerald\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioCommander"="c:\program files\Andrea Electronics\AudioCommander\AudioCommander.exe" [2008-08-29 888832]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2008-03-26 217088]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-31 170520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-31 150040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-31 13549568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-08-22 21:46 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gerald^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Gerald\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gerald^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Gerald\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AEFltrs]
2008-08-29 14:22 741376 ------w- c:\program files\Andrea Electronics\AudioCommander\AEFltrs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-11 18:11 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-05-21 15:57 118784 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioCommander]
2008-08-29 12:57 888832 ----a-w- c:\program files\Andrea Electronics\AudioCommander\AudioCommander.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-16 00:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-05-21 20:06 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2009-05-21 20:49 1372160 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2008-05-16 00:31 315392 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-07-31 22:52 13549568 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PartSeal]
2008-08-22 23:49 18432 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-07-31 22:39 141848 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 20:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 21:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-03-16 22:24 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2008-07-22 23:02 503808 ----a-w- c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2008-08-22 23:49 18432 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2008-07-31 19:10 1134592 ------w- c:\program files\Andrea Electronics\VoiceCenter\AndreaVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Application Updater"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"gusvc"=3 (0x3)
"NvtlService"=2 (0x2)
"btwdins"=2 (0x2)
"VAIO Event Service"=2 (0x2)
"SQLWriter"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"QDLService"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IviRegMgr"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMON"=2 (0x2)
"EvtEng"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\CAT4\\CaseCatalyst.exe"=
"c:\\Documents and Settings\\Gerald\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1091:UDP"= 1091:UDP:Windows Media Format SDK (wmplayer.exe)
"1090:UDP"= 1090:UDP:Windows Media Format SDK (wmplayer.exe)
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [8/4/2010 10:44 AM 23712]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R3 5U875UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U875.sys [8/3/2010 7:53 PM 72448]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [8/3/2010 7:52 PM 243856]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [8/3/2010 7:53 PM 41216]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [8/3/2010 7:53 PM 71961]
S3 aeaudio2;AE USB Audio Driver2 (WDM);c:\windows\system32\drivers\AEAudio2.sys [9/10/2009 12:20 PM 113664]
S3 aeaudiol;AE USB Audio Driver-Lower (WDM);c:\windows\system32\drivers\AEAudioL.sys [6/26/2009 10:25 AM 15104]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/18/2009 11:13 AM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/18/2009 11:12 AM 174720]
S3 QCFiltersny;Sony USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfiltersny.sys [8/4/2010 12:12 PM 5248]
S3 qcusbnetsny;Sony USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetsny.sys [8/4/2010 12:12 PM 115200]
S3 qcusbsersny;Sony USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbsersny.sys [8/4/2010 12:12 PM 103680]
S3 QtsDongle;USB Software Key;c:\windows\system32\qtsusk.sys [2/18/2005 10:47 AM 10752]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 7:29 PM 32408]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [10/22/2007 11:03 PM 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [10/22/2007 11:03 PM 44928]
S3 wdfsgusbV3;Stenograph WDF USB Writer Service V3;c:\windows\system32\drivers\wdfsgusb.sys [2/17/2010 6:47 AM 18952]
S4 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [3/2/2009 4:59 PM 345336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
.
2010-02-17 c:\windows\Tasks\scribeSevenDaysInit.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-02-17 14:05]
.
2012-01-27 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-02-17 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Gerald\Application Data\Mozilla\Firefox\Profiles\c9tt2bvd.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
MSConfigStartUp-conhost - c:\documents and settings\Gerald\Application Data\Microsoft\conhost.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-Mobilink3 - c:\program files\Novatel Wireless\Virgin Mobile\MobiLink3.exe
MSConfigStartUp-PSQLLauncher - c:\program files\Protector Suite QL\launcher.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-SwiftToDoList - c:\program files\Swift To-Do List\Swift To-Do List.exe
MSConfigStartUp-Syncplicity - c:\program files\Syncplicity\Syncplicity.exe
MSConfigStartUp-VAIO Update 4 - c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-12 08:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1052)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(1220)
c:\windows\system32\WININET.dll
c:\documents and settings\Gerald\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\rtfcreext.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-12 08:06:03
ComboFix-quarantined-files.txt 2012-02-12 14:06
ComboFix2.txt 2012-02-11 21:18
ComboFix3.txt 2012-02-11 21:09
.
Pre-Run: 367,152,160,768 bytes free
Post-Run: 367,126,794,240 bytes free
.
- - End Of File - - 6821CF37EDFB71E6072BB770F9A09889



-----------------------------------------------------Malwarebytes log below:


ComboFix 12-02-11.03 - Gerald 02/12/2012 7:59.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2631 [GMT -6:00]
Running from: c:\documents and settings\Gerald\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gerald\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-10 18:57 . 2012-02-10 18:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-02-10 14:50 . 2012-02-10 15:11 -------- d-----w- c:\documents and settings\Gerald\Application Data\DigiDelivery
2012-02-10 14:49 . 2012-02-10 14:49 -------- d-----w- c:\program files\Aspera
2012-02-09 15:05 . 2012-02-09 15:05 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D2AE2A7D-F958-4899-B3E1-3518417B8C96}\MpKsl2193a678.sys
2012-02-06 14:45 . 2012-01-17 10:39 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D2AE2A7D-F958-4899-B3E1-3518417B8C96}\mpengine.dll
2012-02-01 22:32 . 2012-02-01 22:32 -------- d-----w- c:\program files\Sophos
2012-01-30 15:15 . 2012-01-17 10:39 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-27 17:18 . 2012-01-27 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-27 16:24 . 2012-01-27 16:24 -------- d-----w- c:\program files\CCleaner
2012-01-24 15:23 . 2012-01-29 11:10 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-24 15:22 . 2012-01-24 15:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-19 12:43 . 2012-01-19 12:43 -------- d-----w- c:\documents and settings\Gerald\Application Data\Roxio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 23:38 . 2011-12-28 23:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:24 . 2010-02-17 14:26 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-03 18:50 . 2011-06-16 15:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-11_21.07.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-12 13:50 . 2012-02-12 13:50 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_2c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gerald\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gerald\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gerald\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gerald\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioCommander"="c:\program files\Andrea Electronics\AudioCommander\AudioCommander.exe" [2008-08-29 888832]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2008-03-26 217088]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-31 170520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-31 150040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-31 13549568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-08-22 21:46 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gerald^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Gerald\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gerald^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Gerald\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AEFltrs]
2008-08-29 14:22 741376 ------w- c:\program files\Andrea Electronics\AudioCommander\AEFltrs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-11 18:11 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-05-21 15:57 118784 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioCommander]
2008-08-29 12:57 888832 ----a-w- c:\program files\Andrea Electronics\AudioCommander\AudioCommander.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-16 00:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-05-21 20:06 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2009-05-21 20:49 1372160 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2008-05-16 00:31 315392 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-07-31 22:52 13549568 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PartSeal]
2008-08-22 23:49 18432 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-07-31 22:39 141848 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 20:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 21:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-03-16 22:24 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2008-07-22 23:02 503808 ----a-w- c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2008-08-22 23:49 18432 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2008-07-31 19:10 1134592 ------w- c:\program files\Andrea Electronics\VoiceCenter\AndreaVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Application Updater"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"gusvc"=3 (0x3)
"NvtlService"=2 (0x2)
"btwdins"=2 (0x2)
"VAIO Event Service"=2 (0x2)
"SQLWriter"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"QDLService"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IviRegMgr"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMON"=2 (0x2)
"EvtEng"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\CAT4\\CaseCatalyst.exe"=
"c:\\Documents and Settings\\Gerald\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1091:UDP"= 1091:UDP:Windows Media Format SDK (wmplayer.exe)
"1090:UDP"= 1090:UDP:Windows Media Format SDK (wmplayer.exe)
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [8/4/2010 10:44 AM 23712]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R3 5U875UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U875.sys [8/3/2010 7:53 PM 72448]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [8/3/2010 7:52 PM 243856]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [8/3/2010 7:53 PM 41216]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [8/3/2010 7:53 PM 71961]
S3 aeaudio2;AE USB Audio Driver2 (WDM);c:\windows\system32\drivers\AEAudio2.sys [9/10/2009 12:20 PM 113664]
S3 aeaudiol;AE USB Audio Driver-Lower (WDM);c:\windows\system32\drivers\AEAudioL.sys [6/26/2009 10:25 AM 15104]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/18/2009 11:13 AM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/18/2009 11:12 AM 174720]
S3 QCFiltersny;Sony USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfiltersny.sys [8/4/2010 12:12 PM 5248]
S3 qcusbnetsny;Sony USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetsny.sys [8/4/2010 12:12 PM 115200]
S3 qcusbsersny;Sony USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbsersny.sys [8/4/2010 12:12 PM 103680]
S3 QtsDongle;USB Software Key;c:\windows\system32\qtsusk.sys [2/18/2005 10:47 AM 10752]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 7:29 PM 32408]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [10/22/2007 11:03 PM 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [10/22/2007 11:03 PM 44928]
S3 wdfsgusbV3;Stenograph WDF USB Writer Service V3;c:\windows\system32\drivers\wdfsgusb.sys [2/17/2010 6:47 AM 18952]
S4 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [3/2/2009 4:59 PM 345336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
.
2010-02-17 c:\windows\Tasks\scribeSevenDaysInit.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-02-17 14:05]
.
2012-01-27 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-02-17 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Gerald\Application Data\Mozilla\Firefox\Profiles\c9tt2bvd.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
MSConfigStartUp-conhost - c:\documents and settings\Gerald\Application Data\Microsoft\conhost.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-Mobilink3 - c:\program files\Novatel Wireless\Virgin Mobile\MobiLink3.exe
MSConfigStartUp-PSQLLauncher - c:\program files\Protector Suite QL\launcher.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-SwiftToDoList - c:\program files\Swift To-Do List\Swift To-Do List.exe
MSConfigStartUp-Syncplicity - c:\program files\Syncplicity\Syncplicity.exe
MSConfigStartUp-VAIO Update 4 - c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-12 08:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1052)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(1220)
c:\windows\system32\WININET.dll
c:\documents and settings\Gerald\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\rtfcreext.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-12 08:06:03
ComboFix-quarantined-files.txt 2012-02-12 14:06
ComboFix2.txt 2012-02-11 21:18
ComboFix3.txt 2012-02-11 21:09
.
Pre-Run: 367,152,160,768 bytes free
Post-Run: 367,126,794,240 bytes free
.
- - End Of File - - 6821CF37EDFB71E6072BB770F9A09889

#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 PM

Posted 12 February 2012 - 11:52 AM

Hi,

You posted the ComboFix log twice instead of the MBAM log. Can you re-post the MBAM log for me, please?

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 Jerry9494

Jerry9494
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 12 February 2012 - 12:14 PM

Sorry about posting the Combo log twice.

Here is the Malwarebyte log.


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.12.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gerald :: VALUED-AB767982 [administrator]

2/12/2012 8:09:14 AM
mbam-log-2012-02-12 (10-19-46).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256848
Time elapsed: 1 hour(s), 9 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{E0DD984C-3F52-4666-B4F0-D8463990D025}\RP387\A0348410.exe (PUP.BundleInstaller.OI) -> No action taken.

(end)

#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 PM

Posted 12 February 2012 - 12:51 PM

Jerry9494:

How is your computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
  • Run the insatller you just downloaded
Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 Jerry9494

Jerry9494
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 12 February 2012 - 01:51 PM

As to my computer running, Malwarebytes found the PUP like it always does, but I didn't remove it with Malwarebytes per your instructions of "Uncheck any entries from C:\System Volume Information or C:\Qoobox" which is were the PUP is.

I will update the Java.

I ran ESET Online.

It found two items.

log below:

C:\Documents and Settings\Gerald\My Documents\YouTubeDownloaderSetup263.exe a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\_restore{E0DD984C-3F52-4666-B4F0-D8463990D025}\RP387\A0348410.exe a variant of Win32/Adware.OpenInstall application

#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 PM

Posted 12 February 2012 - 03:27 PM

Jerry9494:

That recurring PUP detection is in your system restore cache and will be removed when we uninstall ComboFix. ESET flagged your YouTube downloader because they consider it adware, it install toolbars or has other unclear objectives. If you no longer want that app, uninstall them via Control Panel > Add/Remove Programs. Just removing the exe with ESET will leave things behind.

Otherwise your logs look good! All I have left for you is some very important cleanup:

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • GMER
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 Jerry9494

Jerry9494
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 12 February 2012 - 06:50 PM

If you could keep this topic open until tomorrow afternoon I would appreciate it.

I cannot uninstall youtubedownloader. I already uninstalled it a long time ago. The PUP was left behind. I thought it might be the culprit in very long shutdown times.

When I try to turn my computer off by going to "start" and then "turn computer off" it takes five minutes for the "shutdown menu" to even appear. Then when I choose "turn off" it
takes another five minutes to shut down.

Thanks again for your help.

#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 PM

Posted 12 February 2012 - 09:50 PM

Sure I will.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 Jerry9494

Jerry9494
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 14 February 2012 - 11:13 AM

I've run virus checkers the last two days and all traces of the PUP seem to be gone.

Thank you so much, RPMcMurphy. I'm not sure what is making my laptop take so long to bring up the shutdown/logoff menu when I hit "start" and "turn off computer" but at least I now know it is not the infection.
Thank you again.

#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 PM

Posted 14 February 2012 - 05:53 PM

You're welcome, Jerry. Here are a few things you can look into for your general slowness:

Take care!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users