Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Internet Explorer Windows Opening


  • This topic is locked This topic is locked
6 replies to this topic

#1 dirtee

dirtee

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 26 April 2012 - 08:37 PM

Good evening,

I recently restored my computer to factory condition after not being able to reboot in safe mode or any other boot mode. I noticed after being away from computer for 2 days that I had approximately 10 Internet Explorer browser windows with "bing" loaded on screen. Any assistance with this would be greatly appreciated.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Tee at 16:03:47 on 2012-04-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1999 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\PictureMover\Bin\PictureMover.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Users\Tee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.3.6\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Google Update] "c:\users\tee\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\program files\hewlett-packard\kbd\KbdStub.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{69A720C2-32E0-4E1C-B5F9-44079352667D} : DhcpNameServer = 192.168.1.1 71.252.0.12
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2012-4-9 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2012-4-9 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2012-4-9 467592]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20120425.001\IDSvix86.sys [2012-4-25 368248]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\hewlett-packard\media\dvd\000.fcl [2008-9-26 59376]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2012-4-9 117648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-4-6 106104]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008030.006\symndisv.sys [2012-4-9 48760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-26 10:01:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-26 10:01:00 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-04-26 00:19:17 -------- d-----w- c:\programdata\ALM
2012-04-26 00:10:39 -------- d-----w- c:\program files\common files\PX Storage Engine
2012-04-25 23:55:13 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-04-25 23:19:37 -------- d-----w- c:\users\tee\appdata\local\Adobe
2012-04-25 23:19:01 -------- d-----w- c:\program files\common files\Macrovision Shared
2012-04-25 22:52:05 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-25 22:52:04 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-04-25 22:52:04 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-04-25 22:52:04 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-25 22:52:04 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-04-25 22:52:04 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-04-25 10:48:20 -------- d-----w- c:\program files\Windows Portable Devices
2012-04-25 10:27:10 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-04-25 10:27:09 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-04-25 10:27:09 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-04-25 10:22:58 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-25 10:22:58 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-25 10:22:58 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-25 10:22:57 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-25 10:22:15 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-25 10:22:15 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-25 10:19:00 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-25 10:19:00 748336 ----a-w- c:\program files\internet explorer\iexplore.exe
2012-04-25 10:19:00 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-25 10:19:00 307200 ----a-w- c:\program files\internet explorer\iediagcmd.exe
2012-04-25 10:19:00 161792 ----a-w- c:\windows\system32\msls31.dll
2012-04-25 10:19:00 107008 ----a-w- c:\program files\internet explorer\iecleanup.exe
2012-04-25 10:17:58 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-04-23 23:37:40 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-04-23 23:37:40 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-04-23 23:37:40 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-04-23 23:37:40 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-04-23 23:37:39 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-04-23 23:37:39 189952 ----a-w- c:\windows\system32\winmm.dll
2012-04-23 23:37:37 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-04-23 23:37:36 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-04-23 23:36:48 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-04-23 23:36:15 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-04-23 23:36:14 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-23 23:36:00 66560 ----a-w- c:\windows\system32\packager.dll
2012-04-23 23:34:47 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-04-23 23:34:47 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-04-23 23:34:46 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-23 23:34:46 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-04-23 23:34:29 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-04-23 23:33:27 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-04-23 23:26:45 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-04-23 23:26:45 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-21 22:11:06 -------- d-----w- c:\windows\system32\vi-VN
2012-04-21 22:11:06 -------- d-----w- c:\windows\system32\eu-ES
2012-04-21 22:11:06 -------- d-----w- c:\windows\system32\ca-ES
2012-04-21 21:54:27 -------- d-----w- c:\windows\system32\EventProviders
2012-04-20 23:07:17 -------- d-----w- c:\users\tee\appdata\roaming\Malwarebytes
2012-04-20 23:07:10 -------- d-----w- c:\programdata\Malwarebytes
2012-04-20 23:07:09 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-20 23:07:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-14 15:43:59 463872 ----a-w- c:\windows\system32\IasMigReader.exe
2012-04-14 15:42:59 218624 ----a-w- c:\windows\system32\wdscore.dll
2012-04-14 15:42:59 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2012-04-14 15:42:56 247808 ----a-w- c:\windows\system32\drvstore.dll
2012-04-11 10:00:59 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-04-11 10:00:59 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-04-11 10:00:59 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-04-11 10:00:59 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-04-11 10:00:59 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-04-11 02:45:01 315904 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp70w.dll
2012-04-11 02:42:52 -------- d-----w- c:\program files\Yahoo!
2012-04-11 02:41:46 -------- d-----w- c:\program files\common files\HP
2012-04-11 02:41:45 -------- d-----w- c:\program files\common files\Hewlett-Packard
2012-04-11 02:41:20 -------- d-----w- c:\windows\hpoj4500g510g-m
2012-04-11 02:40:33 966656 ----a-w- c:\windows\system32\hpwtiop5.dll
2012-04-11 02:40:33 749568 ----a-w- c:\windows\system32\hpwwiax6.dll
2012-04-11 02:40:33 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2012-04-11 02:40:33 315392 ----a-w- c:\windows\system32\hpwvst01.dll
2012-04-11 02:40:32 309760 ----a-w- c:\windows\system32\difxapi.dll
2012-04-11 02:40:26 452408 ----a-w- c:\windows\system32\hpzids01.dll
2012-04-11 02:40:23 123904 ----a-w- c:\windows\system32\hpf3l70w.dll
2012-04-10 10:18:02 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-04-10 10:18:01 17920 ----a-w- c:\windows\system32\netevent.dll
2012-04-09 11:34:54 89976 ----a-w- c:\windows\system32\drivers\nis\1008030.006\symfw.sys
2012-04-09 11:34:54 48760 ----a-w- c:\windows\system32\drivers\nis\1008030.006\symndisv.sys
2012-04-09 11:34:54 43696 ----a-w- c:\windows\system32\drivers\nis\1008030.006\srtspx.sys
2012-04-09 11:34:54 36472 ----a-w- c:\windows\system32\drivers\nis\1008030.006\symndis.sys
2012-04-09 11:34:54 33144 ----a-w- c:\windows\system32\drivers\nis\1008030.006\symids.sys
2012-04-09 11:34:54 310320 ----a-w- c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys
2012-04-09 11:34:54 308272 ----a-w- c:\windows\system32\drivers\nis\1008030.006\srtsp.sys
2012-04-09 11:34:54 259632 ----a-w- c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys
2012-04-09 11:34:54 217464 ----a-w- c:\windows\system32\drivers\nis\1008030.006\symtdi.sys
2012-04-09 11:34:46 467592 ----a-w- c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys
2012-04-09 11:34:45 -------- d-----w- c:\windows\system32\drivers\nis\1008030.006
2012-04-09 10:04:13 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-04-09 10:04:10 411648 ----a-w- c:\windows\system32\drivers\http.sys
2012-04-09 10:04:10 30720 ----a-w- c:\windows\system32\httpapi.dll
2012-04-09 10:03:25 -------- d-----w- c:\program files\MSXML 4.0
2012-04-08 20:33:42 -------- d-----w- c:\program files\HP
2012-04-08 20:33:35 -------- d-----w- c:\users\tee\appdata\roaming\HpUpdate
2012-04-08 20:33:33 -------- d-----w- c:\windows\Hewlett-Packard
2012-04-07 01:51:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-04-07 01:49:58 36864 ----a-w- c:\windows\system32\rtutils.dll
2012-04-07 01:48:44 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-04-07 01:47:46 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-04-07 01:47:46 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-04-06 04:20:30 -------- d-----w- c:\users\tee\appdata\local\Google
2012-04-06 04:20:23 -------- d-----w- c:\users\tee\appdata\local\Deployment
2012-04-06 04:20:23 -------- d-----w- c:\users\tee\appdata\local\Apps
2012-04-06 04:20:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-06 04:15:38 -------- d-----w- c:\programdata\Maxtor
2012-04-06 04:15:37 -------- d-----w- c:\program files\Maxtor
2012-04-06 04:14:49 -------- d-----w- c:\windows\Downloaded Installations
2012-04-06 04:12:53 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-04-06 04:12:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-06 04:12:50 -------- d-----w- c:\program files\Symantec
2012-04-06 04:12:50 -------- d-----w- c:\program files\common files\Symantec Shared
2012-04-06 04:11:46 98304 ----a-w- c:\windows\system32\cabview.dll
2012-04-06 04:11:35 -------- d-----w- c:\users\tee\appdata\local\Hewlett-Packard
2012-04-06 04:11:26 -------- d-----w- c:\users\tee\appdata\roaming\PictureMover
2012-04-06 04:08:02 -------- d-----w- c:\users\tee\appdata\roaming\HP TCS
2012-04-06 04:06:22 2421760 ----a-w- c:\windows\system32\wucltux.dll
2012-04-06 04:06:15 87552 ----a-w- c:\windows\system32\wudriver.dll
2012-04-06 04:06:11 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-04-06 04:06:11 171608 ----a-w- c:\windows\system32\wuwebv.dll
2012-04-06 04:06:03 -------- d-----w- c:\users\tee\appdata\local\VirtualStore
.
==================== Find3M ====================
.
2012-04-25 10:17:58 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 16:04:12.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:32 PM

Posted 30 April 2012 - 09:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#3 dirtee

dirtee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 30 April 2012 - 07:43 PM

Hello there and thank you in advance for all your help.


ComboFix 12-04-31.02 - Tee 04/30/2012 19:02:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1879 [GMT -4:00]
Running from: c:\users\Tee\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 23:12 . 2012-04-30 23:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-28 00:08 . 2012-04-28 00:08 -------- d-----w- c:\programdata\FLEXnet
2012-04-27 23:55 . 2012-04-28 00:21 -------- d-----w- c:\programdata\Alien Skin
2012-04-27 23:55 . 2012-04-27 23:55 -------- d-----w- c:\program files\Alien Skin
2012-04-27 02:01 . 2012-04-27 02:01 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-27 02:01 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-27 02:01 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-04-27 02:00 . 2012-04-27 02:00 -------- d-----w- c:\program files\iPod
2012-04-27 01:59 . 2012-04-27 02:01 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-04-27 01:59 . 2012-04-27 02:01 -------- d-----w- c:\program files\iTunes
2012-04-27 01:59 . 2012-04-27 01:59 -------- d-----w- c:\programdata\Apple Computer
2012-04-27 01:58 . 2012-04-27 01:58 -------- d-----w- c:\program files\Apple Software Update
2012-04-27 01:57 . 2012-04-27 01:58 -------- d-----w- c:\windows\LastGood
2012-04-27 01:56 . 2012-04-27 01:56 -------- d-----w- c:\program files\Bonjour
2012-04-27 01:56 . 2012-04-27 02:00 -------- d-----w- c:\program files\Common Files\Apple
2012-04-27 01:56 . 2012-04-27 01:58 -------- d-----w- c:\programdata\Apple
2012-04-26 10:01 . 2012-02-28 01:58 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-26 10:01 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-26 00:19 . 2012-04-26 00:19 -------- d-----w- c:\programdata\ALM
2012-04-26 00:10 . 2012-04-26 00:10 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2012-04-25 23:55 . 2008-04-07 12:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-04-25 23:42 . 2012-04-25 23:42 -------- d-----w- c:\program files\Adobe Media Player
2012-04-25 23:37 . 2012-04-25 23:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-04-25 23:19 . 2012-04-25 23:19 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-04-25 22:54 . 2012-04-26 10:23 -------- d-----w- c:\program files\Common Files\Adobe
2012-04-25 22:52 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-25 22:52 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-04-25 22:52 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-25 22:52 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-04-25 22:52 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-04-25 22:52 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-04-25 10:48 . 2012-04-25 10:48 -------- d-----w- c:\program files\Windows Portable Devices
2012-04-25 10:27 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-04-25 10:27 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-04-25 10:27 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-04-25 10:25 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2012-04-25 10:25 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2012-04-25 10:25 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2012-04-25 10:25 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2012-04-25 10:25 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2012-04-25 10:25 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2012-04-25 10:25 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2012-04-25 10:25 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2012-04-25 10:25 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2012-04-25 10:25 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2012-04-25 10:25 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2012-04-25 10:25 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2012-04-25 10:22 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-25 10:22 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-25 10:22 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-25 10:22 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-25 10:22 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-25 10:22 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-25 10:19 . 2012-04-25 10:19 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-25 10:19 . 2012-04-25 10:19 748336 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-04-25 10:19 . 2012-04-25 10:19 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-25 10:19 . 2012-04-25 10:19 307200 ----a-w- c:\program files\Internet Explorer\iediagcmd.exe
2012-04-25 10:19 . 2012-04-25 10:19 161792 ----a-w- c:\windows\system32\msls31.dll
2012-04-25 10:19 . 2012-04-25 10:19 107008 ----a-w- c:\program files\Internet Explorer\iecleanup.exe
2012-04-25 10:17 . 2012-04-25 10:17 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-04-23 23:37 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-04-23 23:37 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-04-23 23:37 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-04-23 23:37 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-04-23 23:37 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-04-23 23:37 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-04-23 23:37 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-04-23 23:37 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-04-23 23:36 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-04-23 23:36 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-04-23 23:36 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-23 23:36 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-04-23 23:34 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-04-23 23:34 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-04-23 23:34 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-23 23:34 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-04-23 23:34 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-04-23 23:33 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-04-23 23:26 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-04-23 23:26 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-21 22:11 . 2012-04-21 22:11 -------- d-----w- c:\windows\system32\ca-ES
2012-04-21 22:11 . 2012-04-21 22:11 -------- d-----w- c:\windows\system32\eu-ES
2012-04-21 22:11 . 2012-04-21 22:11 -------- d-----w- c:\windows\system32\vi-VN
2012-04-21 21:54 . 2012-04-21 21:54 -------- d-----w- c:\windows\system32\EventProviders
2012-04-20 23:07 . 2012-04-20 23:07 -------- d-----w- c:\programdata\Malwarebytes
2012-04-20 23:07 . 2012-04-20 23:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-20 23:07 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-16 10:00 . 2012-04-16 10:00 -------- d-----w- c:\program files\Microsoft.NET
2012-04-14 15:43 . 2009-04-11 06:28 228352 ----a-w- c:\windows\system32\SLC.dll
2012-04-14 15:42 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2012-04-14 15:42 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2012-04-14 15:42 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2012-04-11 10:00 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-04-11 10:00 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-04-11 10:00 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-04-11 10:00 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-04-11 10:00 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-04-11 02:45 . 2009-04-20 19:23 315904 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70w.dll
2012-04-11 02:42 . 2012-04-11 03:27 -------- d-----w- c:\programdata\Yahoo! Companion
2012-04-10 10:18 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-04-10 10:18 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2012-04-09 11:34 . 2012-04-11 03:33 -------- d-----w- c:\windows\system32\drivers\NIS\1008030.006
2012-04-09 10:04 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-04-09 10:04 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2012-04-09 10:04 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2012-04-09 10:03 . 2012-04-09 10:03 -------- d-----w- c:\program files\MSXML 4.0
2012-04-08 20:47 . 2012-04-08 20:47 -------- d-----w- c:\users\Public\CyberLink
2012-04-08 20:33 . 2012-04-11 02:39 -------- d-----w- c:\program files\HP
2012-04-08 20:33 . 2012-04-08 20:33 -------- d-----w- c:\windows\Hewlett-Packard
2012-04-07 01:51 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-04-07 01:49 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2012-04-07 01:48 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-04-07 01:47 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2012-04-07 01:47 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-04-06 04:20 . 2012-04-06 04:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-06 04:15 . 2012-04-06 04:15 -------- d-----w- c:\programdata\Maxtor
2012-04-06 04:15 . 2012-04-06 04:15 -------- d-----w- c:\program files\Maxtor
2012-04-06 04:14 . 2012-04-06 04:14 -------- d-----w- c:\windows\Downloaded Installations
2012-04-06 04:12 . 2010-01-20 21:03 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-04-06 04:12 . 2012-04-09 01:17 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-06 04:12 . 2012-04-09 01:17 -------- d-----w- c:\program files\Symantec
2012-04-06 04:12 . 2012-04-06 04:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-04-06 04:11 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2012-04-06 04:07 . 2012-04-06 04:08 -------- d-----w- c:\program files\Microsoft Works
2012-04-06 04:06 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 10:17 . 2012-04-25 10:17 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01 . 2012-02-15 15:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-17 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-17 189736]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2008-9-8 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ADFS
*NewlyCreated* - FASTFAT
*NewlyCreated* - UFLDIPOW
*Deregistered* - ufldipow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2698528722-452013691-2003561610-1000Core.job
- c:\users\Tee\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-06 04:20]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2698528722-452013691-2003561610-1000UA.job
- c:\users\Tee\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-06 04:20]
.
2012-04-08 c:\windows\Tasks\HPCeeScheduleForTee.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-29 18:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-30 19:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-30 19:22:41
ComboFix-quarantined-files.txt 2012-04-30 23:22
.
Pre-Run: 220,019,634,176 bytes free
Post-Run: 220,049,010,688 bytes free
.
- - End Of File - - 037733FEF2C3F2660CEF7CB693A64197



Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Java™ 6 Update 7
Java version out of date!
Adobe Flash Player 10.0.2.54 Flash Player out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:32 PM

Posted 01 May 2012 - 08:00 AM

Your ComboFix log is clean.

Remove this old version of Java™ 6 Update 7 using the Add/Remove programs list.

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Are you still having problems with Internet Explorer?

#5 dirtee

dirtee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 02 May 2012 - 07:29 PM

After removing Java and updating Flash Player i am happy and grateful to let you know I am no longer having issues with Internet Explorer.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:32 PM

Posted 03 May 2012 - 08:40 AM

Glad we could help.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:32 PM

Posted 09 May 2012 - 09:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users