TechSpot

Searches Hijacked

By Steelhead99
Jun 19, 2011
  1. Problem is as follows ... from Firefox toolbar I select Yahoo search, and ask for search on dog. Results appear normal with Wikipedia being top result .... Ii select the top result and am given a page of search results from this URL ...

    h t t p://lookserch-resu1t.com/gosearch.php?q=dog

    Only with no spaces between the first four letters (I didn't want to paste the actual link as it could be dangerous to YOUR browser.) I have included a screenshot of the offending page.
    [​IMG]

    When I select Google search, and ask for search on dog. I get the following two results which seem to toggle back and forth ..
    [​IMG]
    and
    [​IMG]

    ogs from seven step prep to follow in next post.

    Edit: from Bobbye: Please note: the images you left were far to large and unnecessary. You subject "Searches Hijacked" was sufficient. If you want to leave an example, just type in a domain name such as 'look-search.'
     
  2. Steelhead99

    Steelhead99 TS Rookie Topic Starter Posts: 52

    ... and now the logs ...

    mbam-log-2011-06-18 (20-47-39)

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6891

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    6/18/2011 8:47:39 PM
    mbam-log-2011-06-18 (20-47-39).txt

    Scan type: Quick scan
    Objects scanned: 163124
    Time elapsed: 7 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  3. Steelhead99

    Steelhead99 TS Rookie Topic Starter Posts: 52

    GMER log ...

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-18 22:22:27
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PC2O
    Running: b6sz8kzs.exe; Driver: C:\Users\Author\AppData\Local\Temp\ufdcqpow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs cbfs.sys
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat cbfs.sys
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  4. Steelhead99

    Steelhead99 TS Rookie Topic Starter Posts: 52

    DDS ...

    .
    DDS (Ver_2011-06-12.02) - NTFSx86
    Internet Explorer: 8.0.7600.16385
    Run by Author at 11:16:51 on 2011-06-19
    Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.59 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\IDT\WDM\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\Author\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Users\Author\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ZumoDrive] c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [Google Update] "c:\users\author\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [ZumoDrive] "c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk"
    mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\users\author\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\author\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\author\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpmedi~1.lnk - c:\program files\hewlett-packard\hp media suite\home\ArcStart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{211D83A8-55C7-4CEE-9AEE-4308E9207742} : DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{211D83A8-55C7-4CEE-9AEE-4308E9207742}\16474777966696 : DhcpNameServer = 10.130.168.129 64.134.255.2 64.134.255.10
    TCP: Interfaces\{211D83A8-55C7-4CEE-9AEE-4308E9207742}\D436E4564777F627B6 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{380AA253-6A73-45F3-BDE4-7E3537A907DD} : DhcpNameServer = 209.18.47.61 209.18.47.62
    Notify: igfxcui - igfxdev.dll
    mASetup: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} - c:\program files\hewlett-packard\hp media suite\home\HPMediaSuite.exe "/installer"
    mASetup: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - c:\windows\system32\wscript.exe "c:\program files\hewlett-packard\hp media suite\home\PinItem.vbs"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\author\appdata\roaming\mozilla\firefox\profiles\jxqhv4ms.default\
    FF - prefs.js: browser.search.selectedEngine - Dogpile
    FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\author\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\users\author\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\author\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2011-1-12 147416]
    R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [2009-11-11 18136]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 MpKsl3fb43c53;MpKsl3fb43c53;c:\programdata\microsoft\microsoft antimalware\definition updates\{d8315d4c-48e3-4824-819b-15d9f0eae549}\MpKsl3fb43c53.sys [2011-6-19 28752]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-12-11 81920]
    R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2010-5-21 140272]
    R2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\hpqwmm\quickweb\qw.sys\config\DVMExportService.exe [2010-7-20 338168]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-7-8 103992]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-7-12 92216]
    R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-6-29 27192]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-12-11 275048]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-14 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-14 136176]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
    .
    =============== Created Last 30 ================
    .
    2011-06-19 15:05:59 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d8315d4c-48e3-4824-819b-15d9f0eae549}\MpKsl3fb43c53.sys
    2011-06-19 02:23:57 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d8315d4c-48e3-4824-819b-15d9f0eae549}\mpengine.dll
    2011-06-19 00:38:59 -------- d-----w- c:\users\author\appdata\roaming\Malwarebytes
    2011-06-19 00:38:44 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-19 00:38:40 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-19 00:38:34 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-19 00:38:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-16 20:03:54 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-16 20:03:53 311296 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-06-16 20:03:53 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-16 20:03:48 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-16 20:03:46 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-06-16 20:03:40 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-06-16 20:03:35 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2011-06-16 20:03:31 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2011-06-16 20:03:24 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
    2011-06-16 20:00:40 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-16 20:00:39 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-16 20:00:39 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-05-21 13:15:47 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{658dddf7-c06f-4ade-ad67-d3d95300eccd}\gapaengine.dll
    .
    ==================== Find3M ====================
    .
    2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-04-22 19:31:50 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-04-22 19:31:26 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec
    2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
    .
    ============= FINISH: 11:18:35.96 ===============
     
  5. Steelhead99

    Steelhead99 TS Rookie Topic Starter Posts: 52

    Attach ...

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-12.02)
    .
    Microsoft Windows 7 Starter
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/11/2011 7:01:39 PM
    System Uptime: 6/19/2011 11:05:12 AM (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1584
    Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz | CPU | 999/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 216 GiB total, 139.427 GiB free.
    D: is FIXED (NTFS) - 17 GiB total, 2.448 GiB free.
    Z: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP Color LaserJet 3600
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: Hewlett-Packard
    Name: HP Color LaserJet 3600
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP LaserJet 4050 Series
    Device ID: ROOT\MULTIFUNCTION\0002
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet 4050 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0002
    Service:
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl2455d3ef
    Device ID: ROOT\LEGACY_MPKSL2455D3EF\0000
    Manufacturer:
    Name: MpKsl2455d3ef
    PNP Device ID: ROOT\LEGACY_MPKSL2455D3EF\0000
    Service: MpKsl2455d3ef
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP LaserJet 4050 Series
    Device ID: ROOT\MULTIFUNCTION\0003
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet 4050 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0003
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C7200 series
    Device ID: ROOT\MULTIFUNCTION\0004
    Manufacturer: HP
    Name: Photosmart C7200 series
    PNP Device ID: ROOT\MULTIFUNCTION\0004
    Service:
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslb1d6d80f
    Device ID: ROOT\LEGACY_MPKSLB1D6D80F\0000
    Manufacturer:
    Name: MpKslb1d6d80f
    PNP Device ID: ROOT\LEGACY_MPKSLB1D6D80F\0000
    Service: MpKslb1d6d80f
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl3f71094b
    Device ID: ROOT\LEGACY_MPKSL3F71094B\0000
    Manufacturer:
    Name: MpKsl3f71094b
    PNP Device ID: ROOT\LEGACY_MPKSL3F71094B\0000
    Service: MpKsl3f71094b
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Deskjet F4500 series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Deskjet F4500 series
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl8441a272
    Device ID: ROOT\LEGACY_MPKSL8441A272\0000
    Manufacturer:
    Name: MpKsl8441a272
    PNP Device ID: ROOT\LEGACY_MPKSL8441A272\0000
    Service: MpKsl8441a272
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl09b83bb4
    Device ID: ROOT\LEGACY_MPKSL09B83BB4\0000
    Manufacturer:
    Name: MpKsl09b83bb4
    PNP Device ID: ROOT\LEGACY_MPKSL09B83BB4\0000
    Service: MpKsl09b83bb4
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl0caae1ba
    Device ID: ROOT\LEGACY_MPKSL0CAAE1BA\0000
    Manufacturer:
    Name: MpKsl0caae1ba
    PNP Device ID: ROOT\LEGACY_MPKSL0CAAE1BA\0000
    Service: MpKsl0caae1ba
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl982dd0d7
    Device ID: ROOT\LEGACY_MPKSL982DD0D7\0000
    Manufacturer:
    Name: MpKsl982dd0d7
    PNP Device ID: ROOT\LEGACY_MPKSL982DD0D7\0000
    Service: MpKsl982dd0d7
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl11a2747e
    Device ID: ROOT\LEGACY_MPKSL11A2747E\0000
    Manufacturer:
    Name: MpKsl11a2747e
    PNP Device ID: ROOT\LEGACY_MPKSL11A2747E\0000
    Service: MpKsl11a2747e
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Deskjet F4500 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Deskjet F4500 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP33: 3/18/2011 4:27:31 PM - Windows Update
    RP34: 3/19/2011 10:26:56 AM - Windows Update
    RP35: 3/20/2011 12:39:06 AM - Windows Update
    RP36: 4/21/2011 4:13:19 PM - Windows Update
    RP37: 4/22/2011 6:14:57 PM - Windows Update
    RP38: 4/22/2011 6:25:18 PM - Windows Update
    RP39: 4/30/2011 4:03:05 PM - Windows Update
    RP40: 5/5/2011 3:24:27 PM - Windows Update
    RP41: 5/6/2011 3:39:23 PM - Windows Update
    RP42: 5/13/2011 7:59:05 AM - Windows Update
    RP43: 5/14/2011 2:55:55 PM - Windows Update
    RP44: 5/14/2011 3:03:31 PM - Windows Update
    RP45: 5/18/2011 11:21:21 AM - Windows Update
    RP48: 5/19/2011 6:22:51 PM - Windows Update
    RP49: 5/21/2011 9:14:18 AM - Windows Update
    RP50: 5/25/2011 12:42:16 AM - Windows Update
    RP51: 5/26/2011 11:47:52 AM - Windows Update
    RP52: 5/31/2011 3:37:24 AM - Windows Update
    RP53: 6/1/2011 4:17:42 PM - Windows Update
    RP54: 6/2/2011 5:35:18 PM - Windows Update
    RP55: 6/10/2011 12:33:21 PM - Windows Update
    RP56: 6/16/2011 4:02:04 PM - Windows Update
    RP57: 6/18/2011 8:07:10 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3 MUI
    Adobe Shockwave Player 11.5
    Alcor Micro USB Card Reader
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bejeweled 2 Deluxe
    Bonjour
    Broadcom 802.11 Wireless LAN Adapter
    BufferChm
    Chuzzle Deluxe
    CinemaNow Media Manager
    Copy
    Coupon Printer for Windows
    CyberLink DVD Suite
    Destinations
    DeviceDiscovery
    Diner Dash 2 Restaurant Rescue
    DJ_AIO_06_F4500_SW_MIN
    Dream Chronicles
    Dropbox
    Energy Star Digital Logo
    ESU for Microsoft Windows 7
    Evernote
    F4500
    FATE
    Free NaturalReader
    Google Earth
    Google Talk Plugin
    Google Update Helper
    GPBaseService2
    HP CloudDrive
    HP Customer Experience Enhancements
    HP Customer Participation Program 14.0
    HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
    HP Documentation
    HP Game Console
    HP Games
    HP HomeBase
    HP Imaging Device Functions 14.0
    HP Media Suite CinemaNow
    HP Photo Creations
    HP Power Manager
    HP Quick Launch
    HP QuickSync
    HP QuickWeb Installer
    HP Setup
    HP Smart Web Printing 4.60
    HP Software Framework
    HP Solution Center 14.0
    HP Support Assistant
    HP Update
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    IDT Audio
    Insaniquarium Deluxe
    Intel(R) Graphics Media Accelerator Driver
    IntelĀ® Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    Jewel Quest - Heritage
    Jewel Quest II
    Jewel Quest Solitaire
    JoJo's Fashion Show
    Junk Mail filter update
    Mahjongg Artifacts
    Malwarebytes' Anti-Malware version 1.51.0.1200
    MarketResearch
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2000 Premium
    Microsoft Search Enhancement Pack
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox (3.6.17)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network
    OpenOffice.org 3.2
    OverDrive Media Console
    Penguins!
    Plants vs. Zombies
    Polar Bowler
    Power2Go
    QuickTime
    Realtek Ethernet Controller Driver For Windows 7
    Recovery Manager
    Roxio CinemaNow 2.0
    Scan
    Shop for HP Supplies
    Skip-Bo - Castaway Caper
    Slingo Deluxe
    SmartWebPrinting
    SolutionCenter
    Status
    Synaptics Pointing Device Driver
    The Weather Channel Desktop 6
    Times Reader
    Toolbox
    Tradewinds Legends
    TrayApp
    Virtual Villagers - The Secret City
    WebReg
    Wedding Dash
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/19/2011 11:06:21 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    6/19/2011 11:06:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    6/18/2011 8:14:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.2115.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    6/18/2011 8:14:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.2115.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    6/18/2011 8:14:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.2115.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    6/18/2011 8:03:34 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    6/16/2011 7:32:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    6/16/2011 2:58:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    .
    ==== End Of File ===========================
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

  7. Steelhead99

    Steelhead99 TS Rookie Topic Starter Posts: 52

    No ... this is a second laptop with the same symptoms.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay! Thank you. If this should come up again, let us know that you're working on 2 systems. You did the right thing making a separate thread. I had all the instructions typed out but noticed the other thread.

    You will have seen that I deleted the very large images. Telling us the searches are being directed and giving an example of a domain such as 'search-tool.com' is far more space saving!
    =========================================
    Have you intentionally installed C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe?
    It's an Icon Utility which does this: "When different cards are inserted into the card reader, it shows different icons according to the inserted card type."

    I'm finding many such utilities and apps that are frequently unknown to the user.
    =======================================
    I'm not seeing any potential hijackers in the logs, so we look further:
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    =======================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • If there are any changes in the system as we go along, please let me know.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  9. Steelhead99

    Steelhead99 TS Rookie Topic Starter Posts: 52

    >>Have you intentionally installed C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe?<<

    No sir, I did not knowingly install it. Could it have been part of the original config? Well ... I shall get to following your instructions.
     
  10. Steelhead99

    Steelhead99 TS Rookie Topic Starter Posts: 52

    ComboFix stalled several hours on reboot and I finally disconnected battery. Program (ComboFix) resumed on restart and produced this log ...

    ComboFix 11-06-17.04 - Author 06/19/2011 14:16:01.1.2 - x86
    Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.357 [GMT -4:00]
    Running from: c:\users\Author\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Author\AppData\Local\Temp\libsqlitejdbc-3424771247784584219.lib
    c:\users\Author\AppData\Local\Temp\swt-gdip-win32-3448.dll
    c:\users\Author\AppData\Local\Temp\swt-win32-3448.dll
    c:\users\Author\AppData\Local\Temp\WindowsAPI.dll
    c:\users\Author\AppData\Local\Temp\WindowsFolderWatcher.dll
    c:\users\Author\AppData\Local\Temp\WindowsZFSJNI.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-19 to 2011-06-19 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-19 18:30 . 2011-06-19 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-19 18:12 . 2011-06-19 18:12 -------- d-----w- C:\32788R22FWJFW
    2011-06-19 15:23 . 2011-06-19 15:23 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34D831A3-4AA4-4FD2-BBD1-7E4A951C4F7C}\MpKslc2a49906.sys
    2011-06-19 15:23 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34D831A3-4AA4-4FD2-BBD1-7E4A951C4F7C}\mpengine.dll
    2011-06-19 00:38 . 2011-06-19 00:38 -------- d-----w- c:\users\Author\AppData\Roaming\Malwarebytes
    2011-06-19 00:38 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-19 00:38 . 2011-06-19 00:38 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-19 00:38 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-19 00:38 . 2011-06-19 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-16 20:03 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-16 20:03 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-06-16 20:03 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-16 20:03 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-16 20:03 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-06-16 20:03 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-06-16 20:03 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2011-06-16 20:03 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2011-06-16 20:03 . 2011-04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2011-06-16 20:00 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-16 20:00 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-16 20:00 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-05-21 13:15 . 2011-01-12 00:48 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{658DDDF7-C06F-4ADE-AD67-D3D95300ECCD}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-09 20:46 . 2011-01-13 01:51 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-04-09 06:13 . 2011-05-13 11:55 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-04-09 06:13 . 2011-05-13 11:55 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-09 05:56 . 2011-05-18 15:19 123904 ----a-w- c:\windows\system32\poqexec.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
    @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
    [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
    2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
    @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
    [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
    2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
    @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
    [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
    2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
    @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
    [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
    2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
    @="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
    [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
    2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Author\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Author\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Author\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-08-16 2038]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-06-04 822384]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1778984]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
    "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-17 237568]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-06-18 495708]
    "HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-08-16 2038]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-06 8192]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    .
    c:\users\Author\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Author\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 MpKsl09b83bb4;MpKsl09b83bb4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEF7FD83-AF19-4269-8A42-601F6AA61EB5}\MpKsl09b83bb4.sys [x]
    R1 MpKsl0caae1ba;MpKsl0caae1ba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD9F4756-584B-4394-979B-02D0B8B9A6BA}\MpKsl0caae1ba.sys [x]
    R1 MpKsl11a2747e;MpKsl11a2747e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB351E46-E54E-4564-9DC8-2816EE6F22C5}\MpKsl11a2747e.sys [x]
    R1 MpKsl2455d3ef;MpKsl2455d3ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBAF65B4-47B8-4B89-AB70-4E8219EBA4E6}\MpKsl2455d3ef.sys [x]
    R1 MpKsl3f71094b;MpKsl3f71094b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{971FB2B4-6D56-4D59-936F-6168FE70EF7F}\MpKsl3f71094b.sys [x]
    R1 MpKsl8441a272;MpKsl8441a272;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC92DD97-4703-45A7-9A3E-8EFF21DB15FF}\MpKsl8441a272.sys [x]
    R1 MpKsl982dd0d7;MpKsl982dd0d7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB351E46-E54E-4564-9DC8-2816EE6F22C5}\MpKsl982dd0d7.sys [x]
    R1 MpKslb1d6d80f;MpKslb1d6d80f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD9F4756-584B-4394-979B-02D0B8B9A6BA}\MpKslb1d6d80f.sys [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 136176]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 136176]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
    S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-03-28 147416]
    S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136]
    S1 MpKslc2a49906;MpKslc2a49906;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34D831A3-4AA4-4FD2-BBD1-7E4A951C4F7C}\MpKslc2a49906.sys [2011-06-19 28752]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
    S2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
    S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-07-20 338168]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-08 103992]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-07-12 92216]
    S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-24 275048]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]
    2010-06-24 02:47 687104 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
    2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 20:19]
    .
    2011-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 20:19]
    .
    2011-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3644153530-1873711080-1203108431-1000Core.job
    - c:\users\Author\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02 19:40]
    .
    2011-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3644153530-1873711080-1203108431-1000UA.job
    - c:\users\Author\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02 19:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    FF - ProfilePath - c:\users\Author\AppData\Roaming\Mozilla\Firefox\Profiles\jxqhv4ms.default\
    FF - prefs.js: browser.search.selectedEngine - Dogpile
    FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(2076)
    c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
    c:\users\Author\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\IDT\WDM\STacSV.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\windows\system32\taskhost.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-19 17:09:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-19 21:09
    .
    Pre-Run: 149,653,172,224 bytes free
    Post-Run: 149,259,255,808 bytes free
    .
    - - End Of File - - 927C7761062C988F829DC99E75EEF9E2


    Shall I go forward wit ESET directions??
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Yes, please go on.
     
  12. Steelhead99

    Steelhead99 TS Rookie Topic Starter Posts: 52

    Okay, this was VERY strange. After I rebooted from Combofix, the problem was gone. My searches appear not to be hijacked anymore. I have waited a bit to report this development in case it reverted, but it has not.

    What happened?
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    It is not uncommon for a problem to be resolved after running a scan. But that does not mean that all the malware entries have been removed! Occasionally a member will either desert a thread ot request it be closed if this happens. We always encourage the member to finish the cleaning.
    ======================================
    Please run the Eset Online Virus scan as instructed.
    =======================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    DDS::
    mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
    mRun: [<NO NAME>] 
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AmIcoSinglun"=-
    "HP Software Update"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ======================================
    The Java needs to be updated: Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    The Adobe Reader needs to be updated: Adobe Reader site . Uninstall any earlier updates as they are vulnerabilities.
    =====================================
    Possible Security Risk:
    04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    Microsoft Internet Explorer Vector Markup Language VGX.DLL Remote Buffer Overflow Vulnerability
    Risk> High
    See http://www.symantec.com/security_response/vulnerability.jsp?bid=25310
    ======================================
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    =====================================
    FYI: Computer manufacturers pre-load many processes before shipping. Most users 1. Don't realize they are on the system. 2. Don't use most of them. 3. Don't realize they can uninstall what they don't use. 4. Can take almost all of the processes off of the Startup Menu. HP has installed the following: 23 processes:
    ===============================================
    Another FYI: I noticed you had 14 Devices connected. There are 3 different HP Printers:
     
  14. Steelhead99

    Steelhead99 TS Rookie Topic Starter Posts: 52

    Then we shall go on. For clarity's sake, I never ran ESet. I was ABOUT to run it when the problem appeared to be cleared. I will run ESet and continue, as per your instructions.
     
  15. Steelhead99

    Steelhead99 TS Rookie Topic Starter Posts: 52

    ESet completed ... no malicious software found.
     
  16. Steelhead99

    Steelhead99 TS Rookie Topic Starter Posts: 52

    Moving on to specialized scrip for ComboFix instructions
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Every sentence you put in a separate post generates email feed back to me. Please use the Edit feature. I don't need an email notice of 'moving on.'

    Run the script. Post the log.
    Run HijackThis. Post the log.

    Address my comment regarding 14 devices, of which 3 are different printers.

    Advise me of any progress or change in the system.

    Do not make a post to tell me you're going on- just do it. When you do post the log, I will be notified.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...