1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Need help with a neighbor's laptop

Discussion in 'Malware and Virus Removal Archive' started by BillB, 2009/02/25.

Thread Status:
Not open for further replies.
  1. 2009/02/25
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    I have a neighbor's laptop with Vista Home Premium. When I got it, there were pop-ups from Anti-virus 1 all the time, even when not online. During boot, there were at least 20 to 30 command prompt windows opening and closing before the desktop finally loaded. It's a lot cleaner now than it was, I ran Spybot and MalwareBytes, both cleaned up a lot of stuff. Although it is much better than it was, I'm not sure it's completely clean. I'm including the HJT log here and attaching the logs from DDS. I ran a Kaspersky scan also, but somehow the log didn't save. There was only 1 item found with a red circle by it. I can't remember what it was. I don't have time to rerun the scan (it took quite a few hours) so I'm posting with what I have.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:39:34 AM, on 2/25/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16809)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Symantec AntiVirus\VPTray.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\wuauclt.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\tmp\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [HotbarOE] C:\Program Files\Hotbar\bin\10.0.412.0\OEAddOn.exe
    O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.0.412.0\HotbarSA.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Search - ?p=ZCxdm801MOUS
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
    O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - http://vram3.vcu.edu/dwa8W.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10484 bytes
     

    Attached Files:

    BillB,
    #1
  2. 2009/02/25
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Bill

    Post the logs in the thread, please - spread over 2 or more posts if necessary.

    Thanks.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2009/02/26
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    Pete,

    Sorry, I didn't know there was a preference. Here is the attach.txt file:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-02-01.01)

    Microsoft® Windows Vistaâ„¢ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/20/2007 9:52:57 PM
    System Uptime: 2/25/2009 8:01:17 AM (0 hours ago)

    Motherboard: Quanta | | 30BB
    Processor: Intel(R) Core(TM) Duo CPU T2450 @ 2.00GHz | U2E1 | 800/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 141 GiB total, 77.541 GiB free.
    D: is FIXED (NTFS) - 8 GiB total, 1.772 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0000
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0000
    Service: tunnel

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 8.1.0
    AIM 6
    AIM MusicLink 2.1.0.5
    AIMTunes
    AIO_Scan
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    BufferChm
    C4200
    C4200_doccd
    c4200_Help
    Cake Mania (remove only)
    Cake Mania 2 (remove only)
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Cards_Calendar_OrderGift_DoMorePlugout
    Conexant HD Audio
    Copy
    CustomerResearchQFolder
    D2500
    D2500_Help
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DJ_SF_03_D2500_ProductContext
    DJ_SF_03_D2500_Software
    DJ_SF_03_D2500_Software_Min
    DocProc
    ESU for Microsoft Vista
    eSupportQFolder
    GameTap
    Google Earth
    Google Updater
    GPBaseService
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Customer Experience Enhancements
    HP Customer Participation Program 11.0
    HP Deskjet D2500 Printer Driver Software 11.0 Rel .3
    HP Doc Viewer
    HP Easy Setup - Frontend
    HP Help and Support
    HP Imaging Device Functions 11.0
    HP OCR Software 9.0
    HP Photosmart All-In-One Software 9.0
    HP Photosmart Essential
    HP Photosmart Essential 2.5
    HP Photosmart Essential 3.0
    HP Quick Launch Buttons 6.20 B1
    HP QuickPlay 3.2
    HP Smart Web Printing
    HP Solution Center 11.0
    HP Total Care Advisor
    HP Update
    HP User Guides 0082
    HP Wireless Assistant
    HPNetworkAssistant
    HPProductAssistant
    HPSSupply
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java(TM) SE Runtime Environment 6
    LightScribe 1.4.136.1
    LiveUpdate 3.2 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox (2.0.0.12)
    MSCU for Microsoft Vista
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    muvee autoProducer 6.0
    My HP Games
    MySpaceIM
    Netflix Movie Viewer
    PS_AIO_ProductContext
    PS_AIO_Software
    PS_AIO_Software_min
    PSSWCORE
    QuickTime
    Rhapsody
    Rhapsody Player Engine
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Sandlot Games Client Services
    Scan
    SecureW2 TTLS Client 3.3.1 for Windows
    Shop for HP Supplies
    SmartWebPrinting
    SolutionCenter
    Spybot - Search & Destroy
    Status
    Symantec AntiVirus
    Synaptics Pointing Device Driver
    The Sims Complete Collection
    Toolbox
    TrayApp
    UnloadSupport
    VideoToolkit01
    Viewpoint Media Player
    Vongo
    WebReg
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Search Protection
    Yahoo! Toolbar

    ==== End Of File ===========================
     
    BillB,
    #3
  5. 2009/02/26
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    Here is the DDS.txt file:

    DDS (Ver_09-02-01.01) - NTFSx86
    Run by Paige at 8:16:11.94 on Wed 02/25/2009
    Internet Explorer: 7.0.6000.16809
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.1013.311 [GMT -5:00]

    AV: Symantec AntiVirus *On-access scanning enabled* (Updated)

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Symantec AntiVirus\VPTray.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Paige\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.aol.com/?src=aim
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
    BHO: NoExplorer - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Aim6]
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
    mRun: [HotbarOE] c:\program files\hotbar\bin\10.0.412.0\OEAddOn.exe
    mRun: [HotbarSA] "c:\program files\hotbar\bin\10.0.412.0\HotbarSA.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
    StartupFolder: c:\users\paige\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
    IE: &Search - ?p=ZCxdm801MOUS
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
    DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxp://vram3.vcu.edu/dwa8W.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
    DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\paige\appdata\roaming\mozilla\firefox\profiles\h4c6m94u.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - component: c:\progra~1\mozill~1\extensions\talkback@mozilla.org\components\qfaservices.dll

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.allow_platform_file_picker ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.cookie.p3plevel ", 1); // 0=low, 1=medium, 2=high, 3=custom
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.enablePad ", false); // Allow client to do proxy autodiscovery
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.hideGoButton ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.default ", "chrome://branding/content/searchconfig.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.custom ", "chrome://branding/content/searchconfig.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "signon.prefillForms ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.safebrowsing.remoteLookups ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.safebrowsing.provider.0.updateURL ", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}& ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.safebrowsing.provider.0.lookupURL ", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}& ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.safebrowsing.provider.0.reportURL ", "http://sb.google.com/safebrowsing/report? ");

    ============= SERVICES / DRIVERS ===============

    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-23 1153368]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-5 24652]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-24 99376]
    S4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]

    =============== Created Last 30 ================

    2009-02-23 21:58 4,413 a------- c:\windows\wininit.ini
    2009-02-23 20:27 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
    2009-02-23 20:27 <DIR> --d----- c:\program files\Spybot - Search & Destroy
    2009-02-23 20:27 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
    2009-02-23 20:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-23 20:24 <DIR> --d----- c:\users\paige\appdata\roaming\Malwarebytes
    2009-02-23 20:24 <DIR> --d----- c:\programdata\Malwarebytes
    2009-02-23 20:24 <DIR> --d----- c:\progra~2\Malwarebytes
    2009-02-23 20:24 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2009-02-23 20:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-02-23 20:21 <DIR> --d----- C:\tmp
    2009-02-22 15:45 97,800 a------- c:\windows\system32\infocardapi.dll
    2009-02-22 15:45 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-02-22 15:45 622,080 a------- c:\windows\system32\icardagt.exe
    2009-02-22 15:45 37,384 a------- c:\windows\system32\infocardcpl.cpl
    2009-02-22 15:45 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
    2009-02-22 15:45 11,264 a------- c:\windows\system32\icardres.dll
    2009-02-22 15:45 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
    2009-02-22 15:45 326,160 a------- c:\windows\system32\PresentationHost.exe
    2009-02-22 15:36 147,456 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
    2009-02-22 15:36 16,384 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
    2009-02-22 15:36 35,373,056 a------- c:\windows\ocsetup_install_NetFx3.etl
    2009-02-22 15:12 96,760 a------- c:\windows\system32\dfshim.dll
    2009-02-22 15:12 282,112 a------- c:\windows\system32\mscoree.dll
    2009-02-22 15:12 41,984 a------- c:\windows\system32\netfxperf.dll
    2009-02-22 15:11 158,720 a------- c:\windows\system32\mscorier.dll
    2009-02-22 15:11 83,968 a------- c:\windows\system32\mscories.dll

    ==================== Find3M ====================

    2009-01-30 17:24 14,600 a------- c:\windows\help\oem\scripts\HC_InstallHPHC.exe
    2009-01-14 23:16 826,368 a------- c:\windows\system32\wininet.dll
    2009-01-14 23:16 56,320 a------- c:\windows\system32\iesetup.dll
    2009-01-14 23:16 52,736 a------- c:\windows\apppatch\iebrshim.dll
    2009-01-14 23:15 26,624 a------- c:\windows\system32\ieUnatt.exe
    2009-01-11 16:02 165,282 a------- c:\windows\hphins25.dat
    2009-01-11 15:40 86,016 a------- c:\windows\inf\infstrng.dat
    2009-01-11 15:40 51,200 a------- c:\windows\inf\infpub.dat
    2009-01-11 15:36 86,016 a------- c:\windows\inf\infstor.dat
    2008-12-11 17:38 174 a--sh--- c:\program files\desktop.ini
    2008-06-11 15:53 665,600 a------- c:\windows\inf\drvindex.dat
    2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

    ============= FINISH: 8:18:40.51 ===============
     
    BillB,
    #4
  6. 2009/02/26
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Thanks :)

    One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

    Thank you for your patience.
     
    PeteC,
    #5
  7. 2009/03/02
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    Would someone please have a look at the logs I posted?


    Thanks.
     
    BillB,
    #6
  8. 2009/03/02
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Bill

    Our analysts are up to their eyeballs in logs at present - be assured your thread is in the list and as all logs are dealt with in the order received you should hear from one of them shortly.
     
    PeteC,
    #7
  9. 2009/03/11
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    You can close this thread, I have sought help elsewhere. Thanks.
     
    BillB,
    #8
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...