Solved PC Performance and stability analysis report

[kimmie938]

I am trying to follow the steps in the 6 step process, but am encountering difficulties. I finally got malwarebytes to install by downloading in safe mode to a jump drive, but I saw that I should try to run it in normal mode. I am helping a friend who has a laptop running vista service pack 2, using trendmicro antivirus,

Midway throught he malwarebytes scan i get a message that "malwarebytes anti malware has detected a malicious process attempting to start and has blocked the execution attempt ignore or quarantine".. I should quarantine, right?

it found c:\programdata\P1KALMIG2KB7FZ.EXE (TROJAN.FAKEALERT.GEN)

 

[kimmie938]

the computer is restarting itself

 

[kimmie938]

Got Log Results PC Performance and stability analysis virus

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7488

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

8/17/2011 2:42:35 PM
mbam-log-2011-08-17 (14-42-35).txt

Scan type: Quick scan
Objects scanned: 165412
Time elapsed: 43 minute(s), 21 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
c:\programdata\coqugeavxfws.exe (Trojan.FakeAlert.Gen) -> 3164 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{B15FD82E-85BC-430d-90CB-65DB1B030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F0D4B230-DA4B-4daf-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{F0D4B23A-DA4B-4DAF-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AskSBar.ToolbarPlugin.1 (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AskSBar.ToolbarPlugin (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AskSBar Uninstall (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\COqUGeAVXfWs (Trojan.FakeAlert.Gen) -> Value: COqUGeAVXfWs -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\coqugeavxfws.exe (Trojan.FakeAlert.Gen) -> Delete on reboot.
c:\program files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
c:\Users\Allem\AppData\Local\Temp\tmp4BB5.tmp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\programdata\p1kalmig2kb7fz.exe (Rogue.FakeHDD) -> Delete on reboot.

GMER.LOG
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-17 15:10:29
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 Hitachi_HTS541680J9SA00 rev.SB2OC7BP
Running: rvlrl66k.exe; Driver: C:\Users\Allem\AppData\Local\Temp\aglorpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19120
Run by Allem at 15:18:52 on 2011-08-17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.180 [GMT -4:00]
.
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
uInternet Settings,ProxyServer = http=192.168.0.1:87
uInternet Settings,ProxyOverride = www.systemcontrolcenter.com;hughesnetsupport.com;192.168.0.1;msn.com;hotmail.com;<local>
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1081\TmIEPlg.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [Windows Sidebar] "c:\program files\windows sidebar\Sidebar.exe" /autorun
uRun: [RunSpySweeperScheduleAtStartup] "c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{4180C337-39AA-4A18-B241-0BD8858CF1D3}
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [QlbCtrl] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Trend Micro Titanium] c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\allem\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CFECE204-F9E2-409D-9DBF-38A43C28DCCA} : NameServer = 198.77.116.8,198.77.116.12
TCP: Interfaces\{CFECE204-F9E2-409D-9DBF-38A43C28DCCA} : DhcpNameServer = 192.168.0.1
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1081\TmIEPlg.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-7-12 188272]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-19 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-17 366640]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-7-12 64080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-17 22712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2008-3-5 118784]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-17 41272]
S3 MRV6X32U;Linksys Wireless-N USB Network Adapter WUSB300N for Vista x86 (USB8x);c:\windows\system32\drivers\WUSB300N.sys [2008-3-16 316672]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-7-16 99200]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-17 16:54:40 -------- d--h--w- c:\users\allem\appdata\roaming\Malwarebytes
2011-08-17 16:54:20 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-17 16:54:19 -------- d--h--w- c:\programdata\Malwarebytes
2011-08-17 16:54:16 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-17 16:54:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-16 20:19:15 -------- d--h--w- C:\Temp
2011-08-16 18:58:01 -------- d--h--w- c:\users\allem\appdata\local\MigWiz
2011-08-10 03:23:04 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 03:23:02 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 03:22:56 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-10 03:13:30 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 03:13:29 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 03:13:24 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-12 15:30:48 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-07-12 15:30:48 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-07-12 15:30:48 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-06-29 12:45:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-21 04:09:00 200976 ---ha-w- c:\windows\system32\drivers\tmcomm.sys
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 15:21:41.47 ===============

 

[Bobbye]

I deleted you other thread. Please keep all logs and information together on this thread.

I there any reason why your friend can't register here and let us work first hand with him. It's free and a lot easier. You said you are helping a friend, yet here you are having us do it.

If that is a problem, I'll help you, but if it gets to the point of having to go back and forth with questions, I will request that your friend get his own account here.

There is another log from DDS. You posted the DDS.txt log. The other log is named Attach.txt That is a name, not a direction, so please paste it in to the next reply. Do not zip it.

Also note: I get an email feedback for each of your posts- whether they have 2 words or 20. For small bits of information, please use the Edit feature.
==================================================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
===================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once installed, you should see a blue screen prompt that says:
  The Recovery Console was successfully installed.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.

Logs for next reply:
Attach.txt
Combofix
Eset online scan

Scans should be done in Normal Mode unless instructed other wise.

 

[kimmie938]

You are right you are helping my friend and I am just running the programs you instruct me to. He is older and doesn't understand....

After combofix completed, the icons returned to the desktop and it is usable now. I am only getting a disc space issue warning now (and it may be unrelated, but thought I should share). 3 logs below.

DDS attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/21/2007 4:58:43 AM
System Uptime: 8/17/2011 4:03:12 PM (14 hours ago)
.
Motherboard: Hewlett-Packard | | 30C6
Processor: Genuine Intel(R) CPU T2080 @ 1.73GHz | U1 | 800/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 66 GiB total, 18.447 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 0.005 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1115: 7/12/2011 12:30:31 PM - Device Driver Package Install: Trend Micro Inc.
RP1117: 7/12/2011 12:31:16 PM - Device Driver Package Install: Trend Micro Inc.
RP1119: 7/12/2011 12:31:56 PM - Device Driver Package Install: Trend Micro Inc.
RP1121: 7/13/2011 3:01:38 AM - Windows Update
RP1123: 8/10/2011 3:00:49 AM - Windows Update
RP1125: 8/16/2011 3:00:43 AM - Windows Update
RP1126: 8/16/2011 10:59:34 AM - Windows Backup
RP1127: 8/16/2011 12:41:18 PM - Windows Backup
RP1128: 8/16/2011 12:53:34 PM - Windows Backup
RP1129: 8/17/2011 10:35:48 AM - Windows Backup
RP1130: 8/17/2011 7:00:31 PM - Windows Backup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
123 Free Solitaire
32 Bit HP CIO Components Installer
6400_Help
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Reader 8.2.0
bpd_scan
BPDSoftware
BPDSoftware_Ini
Conexant HD Audio
Driver Whiz
ESET Online Scanner v3
ESU for Microsoft Vista
Garmin City Navigator North America NT 2009.11 Update
Garmin Communicator Plugin
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Officejet J6400 Series
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 D3
HP Total Care Advisor
HP Update
HP User Guides 0079
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Intel(R) Graphics Media Accelerator Driver
J6400
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6
LightScribe 1.4.136.1
Linksys Wireless-N USB Network Adapter Driver - WUSB300N
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
Network
OGA Notifier 2.0.0048.0
ProductContext
PSSWCORE
QuickPlay SlingPlayer 0.4.6
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shape Shifter Free Trial
Sprint SmartView
Synaptics Pointing Device Driver
Toolbox
Trend Micro Titanium
Trend Micro™ Titanium™
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg
.
==== Event Viewer Messages From Past Week ========
.
8/17/2011 3:10:01 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 1 time(s).
8/17/2011 2:04:50 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/17/2011 2:01:27 PM, Error: Service Control Manager [7022] - The HP Network Devices Support service hung on starting.
8/17/2011 12:33:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/17/2011 12:33:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr tmtdi Wanarpv6
8/17/2011 12:33:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 12:33:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/17/2011 12:33:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/17/2011 12:33:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/17/2011 12:33:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/17/2011 10:46:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
8/17/2011 10:46:53 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/17/2011 10:46:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
8/16/2011 3:08:16 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2011 3:08:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx tmtdi Wanarpv6
8/16/2011 3:08:11 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2011 3:08:11 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2011 3:08:11 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2011 3:08:11 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2011 3:08:11 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2011 3:08:11 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2011 3:08:11 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2011 3:08:11 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2011 3:08:11 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2011 3:08:11 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2011 3:08:11 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2011 3:08:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2011 3:07:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/16/2011 3:07:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/16/2011 2:44:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
.
==== End Of File ===========================

ESET:

C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Win32/Toolbar.AskSBar application
C:\Users\Allem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G6PV67XL\stnc[1].pdf PDF/Exploit.Pidief.PBK.Gen trojan
Operating memory Win32/Toolbar.AskSBar application

combofix:

ComboFix 11-08-18.01 - Allem 08/18/2011 6:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.265 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Allem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
c:\users\Allem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair\System Repair.lnk
c:\users\Allem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair\Uninstall System Repair.lnk
c:\windows\system32\service
c:\windows\system32\service\16062011_TIS17_SfFniAU.log
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 11:03 . 2011-08-18 11:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-17 20:16 . 2011-08-17 20:16 -------- d-----w- c:\program files\ESET
2011-08-17 16:54 . 2011-08-17 16:54 -------- d--h--w- c:\users\Allem\AppData\Roaming\Malwarebytes
2011-08-17 16:54 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-17 16:54 . 2011-08-17 16:54 -------- d--h--w- c:\programdata\Malwarebytes
2011-08-17 16:54 . 2011-08-17 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-17 16:54 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 20:19 . 2011-08-16 21:18 -------- d-----w- C:\Temp
2011-08-16 18:58 . 2011-08-16 18:58 -------- d--h--w- c:\users\Allem\AppData\Local\MigWiz
2011-08-16 13:23 . 2011-08-16 13:23 -------- d--h--w- c:\programdata\WindowsSearch
2011-08-10 03:23 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 03:23 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 03:22 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 03:13 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 03:13 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 03:13 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-12 15:30 . 2011-07-12 16:32 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-07-12 15:30 . 2011-07-12 16:29 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-07-12 15:30 . 2011-07-12 16:29 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-06-29 12:45 . 2011-06-29 12:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-21 04:09 . 2011-07-12 16:29 200976 ---ha-w- c:\windows\system32\drivers\tmcomm.sys
2011-06-02 13:34 . 2011-07-13 01:15 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2007-11-16 66912]
.
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-11-16 00:35 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"Windows Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2011-07-23 13312]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-03-10 17672]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-11 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-11 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-11 133912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\Allem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [2008-03-05 118784]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 MRV6X32U;Linksys Wireless-N USB Network Adapter WUSB300N for Vista x86 (USB8x);c:\windows\system32\DRIVERS\WUSB300N.sys [2007-03-16 316672]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2007-10-12 99200]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-07-12 64080]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-21 c:\windows\Tasks\HPCeeScheduleForAllem.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-24 21:23]
.
2011-08-18 c:\windows\Tasks\User_Feed_Synchronization-{4180C337-39AA-4A18-B241-0BD8858CF1D3}.job
- c:\windows\system32\msfeedssync.exe [2011-08-10 09:26]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
uInternet Settings,ProxyServer = http=192.168.0.1:87
uInternet Settings,ProxyOverride = www.systemcontrolcenter.com;hughesnetsupport.com;192.168.0.1;msn.com;hotmail.com;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CFECE204-F9E2-409D-9DBF-38A43C28DCCA}: NameServer = 198.77.116.8,198.77.116.12
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-18 07:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-18 07:18:41
ComboFix-quarantined-files.txt 2011-08-18 11:18
.
Pre-Run: 19,677,081,600 bytes free
Post-Run: 22,072,029,184 bytes free
.
- - End Of File - - F972FD4C772AE06A5E5A47FD4855488C

 

[Bobbye]

Glad you got some of th icons and other missing things back. It's very alarming to suddenly have things go missing! I'e find it's gives a bit of confidence when some of the missing items can be restored. We might possible have to run this again, so don't be alarmed.

You have some rogue programs on board. They will send 'alerts', messages,warnings and other scareware as a scam to get you to click on their program to 'fix them.' Thing is all or most of those errors and warnings are manufactured so don't act on any of them.
=====================================
You need to look at all download screens carefully for any pre checked items- these are TB, BHO and other foistware that has nothing to do with what you're downloading. Once some of this-especial;y the Askbar, gets on a system, it plants itself all over. And it adds it's own updater!
=====================================
You have 2 outdated versions of Adobe Reader. They are vulnerabilities as long as they remain:Please update now: Adobe Reader site Uninstall Adobe Reader 8.1.3 & Adobe Reader 8.2.0 in Add/Remove Programs.
----------------------------
You have multiple old versions of Java and these are all vulnerabilities to the system-although a 4th version is current, the following program will removed all of the Java files. Follow the directions at the end to put current version back the system.do not have the current version.You have 3 outdated Java, so I'd like you to run the following. It will remove all of the Java files, including the current version v6u26 that you have so you will need oi download it again per the end of the program:
Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that
  a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.

Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
===========================================
You will have malware in the Java cache so you need to empty that:
To clear the Java Plug-in cache:

• 
  [1]. Click Start > Control Panel.
  [2]. Double-click the Java icon in the control panel.
  
  The Java Control Panel appears.
  
  
  
  [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  
  
  
  [4] Click Delete Files.The Delete Temporary Files dialog box appears.
  
  
  
  [5]. Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  [6]. Click Apply> OK on Temporary Files Settings window.

There is not log to leave for this either.
Images courtesy java.com
=======================================
For the Eset entries:
Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Files 
  C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
  C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL 
  C:\Users\Allem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G6PV67XL\stnc[1].pdf 
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===================================
Leave the OTM lgo in your next reply.
Please go on to the next reply for script to run through Combofix.

 

[Bobbye]

You have Spysweeper eunning on boot: Please disable it for now:
uRun: [RunSpySweeperScheduleAtStartup] "c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{4180C337-39AA-4A18-B241-0BD8858CF1D3}
========================================
Please run this Custom CFScript

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

File::

Folder::
DDS::
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Registry::
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= -.
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
lease run SuerantiSpyawre. It will help me to help you by resetting Cookies:

SuperAntiSpyware Home Edition Free Version

• Please download SuperAntiSpyware from HERE
• Launch SuperAntiSpyware and click on 'Check for updates'.
• Wait for the updates to be installed
• On the main screen click on 'Scan your computer'.
• Check: 'Perform Complete Scan then Click 'Next' to start the scan.
• Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
• Make sure everything found has a checkmark next to it,then press 'Next'.
• Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

• Click on 'Preferences'.
• Click on the 'Statistics/Logs' tab.
• Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.

It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply

 

[kimmie938]

Java removal and reinstall of current version was a little odd. The log seemed to say everything was out, then when I reinstalled it, it asked if I wanted to overwrite this version. I said yes.

From you "You have Spysweeper eunning on boot: Please disable it for now:
uRun: [RunSpySweeperScheduleAtStartup] "c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{4180C337-39AA-4A18-B241-0BD8858CF1D3}"
My response: I asked the computer owner because I couldn't find it anywhere on the computer except an old install file. He installed it at one time but said he removed it. I guess he didn't use add remove programs, so the best I could do was take out the remaining install file I located. I even checked in msconfig and it wasn't listed as a start up there. I am sorry if I messed up doing this, but wanted you to know.

Logs below,

All processes killed
========== FILES ==========
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL moved successfully.
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL moved successfully.
C:\Users\Allem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G6PV67XL\stnc[1].pdf moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Allem
->Temp folder emptied: 708509 bytes
->Temporary Internet Files folder emptied: 171341240 bytes
->Java cache emptied: 24 bytes
->Flash cache emptied: 67771 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5485 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 13691339 bytes
RecycleBin emptied: 10353522 bytes

Total Files Cleaned = 187.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 08192011_091207

Files moved on Reboot...

Registry entries deleted on Reboot...

ComboFix 11-08-18.01 - Allem 08/19/2011 12:37:17.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.180 [GMT -4:00]
Running from: F:\ComboFix.exe
Command switches used :: F:\cfscript.txt
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-19 to 2011-08-19 )))))))))))))))))))))))))))))))
.
.
2011-08-19 16:54 . 2011-08-19 16:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-19 13:12 . 2011-08-19 13:12 -------- d-----w- C:\_OTM
2011-08-19 11:56 . 2011-08-19 11:57 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-19 11:49 . 2011-08-19 11:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-17 20:16 . 2011-08-17 20:16 -------- d-----w- c:\program files\ESET
2011-08-17 16:54 . 2011-08-17 16:54 -------- d-----w- c:\users\Allem\AppData\Roaming\Malwarebytes
2011-08-17 16:54 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-17 16:54 . 2011-08-17 16:54 -------- d-----w- c:\programdata\Malwarebytes
2011-08-17 16:54 . 2011-08-17 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-17 16:54 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 20:19 . 2011-08-16 21:18 -------- d-----w- C:\Temp
2011-08-16 18:58 . 2011-08-16 18:58 -------- d-----w- c:\users\Allem\AppData\Local\MigWiz
2011-08-16 13:23 . 2011-08-16 13:23 -------- d-----w- c:\programdata\WindowsSearch
2011-08-10 03:23 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 03:23 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 03:22 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 03:13 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 03:13 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 03:13 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-19 13:03 . 2011-01-13 21:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-12 15:30 . 2011-07-12 16:32 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-07-12 15:30 . 2011-07-12 16:29 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-07-12 15:30 . 2011-07-12 16:29 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-06-29 12:45 . 2011-06-29 12:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-21 04:09 . 2011-07-12 16:29 200976 ---ha-w- c:\windows\system32\drivers\tmcomm.sys
2011-06-02 13:34 . 2011-07-13 01:15 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"Windows Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2011-07-23 13312]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-03-10 17672]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-11 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-11 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-11 133912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\Allem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [2008-03-05 118784]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 MRV6X32U;Linksys Wireless-N USB Network Adapter WUSB300N for Vista x86 (USB8x);c:\windows\system32\DRIVERS\WUSB300N.sys [2007-03-16 316672]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2007-10-12 99200]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-07-12 64080]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-21 c:\windows\Tasks\HPCeeScheduleForAllem.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-24 21:23]
.
2011-08-19 c:\windows\Tasks\User_Feed_Synchronization-{4180C337-39AA-4A18-B241-0BD8858CF1D3}.job
- c:\windows\system32\msfeedssync.exe [2011-08-10 09:26]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=192.168.0.1:87
uInternet Settings,ProxyOverride = www.systemcontrolcenter.com;hughesnetsupport.com;192.168.0.1;msn.com;hotmail.com;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CFECE204-F9E2-409D-9DBF-38A43C28DCCA}: NameServer = 198.77.116.8,198.77.116.12
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-19 12:55
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(460)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2011-08-19 13:00:48
ComboFix-quarantined-files.txt 2011-08-19 17:00
ComboFix2.txt 2011-08-18 11:18
.
Pre-Run: 21,938,348,032 bytes free
Post-Run: 21,973,626,880 bytes free
.
- - End Of File - - FC87C03DDC851A4643C3C5400693963B

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/19/2011 at 03:03 PM

Application Version : 5.0.1118

Core Rules Database Version : 7580
Trace Rules Database Version: 5392

Scan type : Complete Scan
Total Scan Time : 01:27:37

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 655
Memory threats detected : 0
Registry items scanned : 38010
Registry threats detected : 0
File items scanned : 57342
File threats detected : 3

Adware.Tracking Cookie
C:\Users\Allem\AppData\Roaming\Microsoft\Windows\Cookies\allem@cpohomelite[1].txt
C:\Users\Allem\AppData\Roaming\Microsoft\Windows\Cookies\allem@thefind[1].txt

Adware.Unknown Origin
C:\PROGRAM FILES\HEWLETT-PACKARD\HP ADVISOR\COMPSHOP\TEMPLATES\AD.HTML

 

[Bobbye]

uRun: [RunSpySweeperScheduleAtStartup] "c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{4180C337-39AA-4A18-B241-0BD8858CF1D3}

I broke the entry apart to search and here's what I came up with> it's complicated:

1. [RunSpySweeperScheduleAtStartup] was ser up as a HIDDEN TASK in "Scheduled Tasks" by Webroot Internet Essentials.
2. msfeedssync.exe: MSFeedSync.exe is Microsoft Feeds Synchronization task executable used by the Windows Internet Explorer 7 and 8 web browser to periodically update in-browser RSS feeds which have automatic RSS Feeds synchronization turned ON. It only appears in the Windows Task Manager if IE is running.
3.User_Feed_Synchronization updates your RSS feeds in IE 7/8.
---------------------
As far as I can make out, Spysweeper was scheduled to do a 'sweep' whenever each of the above was run. Since it's a hidden task, it wasn't seen to be removed.

I found the Registry entry to run the sweeps and will remove it with script to run through Combofix.
========================================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
Folder::
C:\Temp
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunSpySweeperScheduleAtStartup"=-
"HPAdvisor"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Health Check Scheduler"=-
"HP Software Update"-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
========================================
My compliments to the user on excellent ad and Cookie control!

If Java is now overwriting the old version, it's about time! They want to run the updater, but then don't overwrite. I've seen users with as many as 9 outdated Java versions on a system. That's why I discouraged using thei auto-udater. Checking yourself can also serve as a reminder to remove the outdated version.

Please let me know how the system is doing.

 

[kimmie938]

UPDATE: The internet issue was with aircard and cradlepoint router. fixed and fine. Computer owner sayd D drive has been full awhile, so I will work seperately on this with him. So, the computer is great! Hopefully I am solved

The computer is much better. I need to solve that the d drive is completely full. It seems to need to back up the c drive it is saying. The c drive shows 33% empty. And I need to solve that the internet connection is now local only, but I am not sure either is has anything to do with the malware isue we started with, so I am working on those seperately.

Combofix log below and thanks for everything ~

ComboFix 11-08-18.01 - Allem 08/21/2011 17:10:14.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.345 [GMT -4:00]
Running from: F:\ComboFix.exe
Command switches used :: F:\cfscript.txt
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
.
FILE ::
"c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Temp
.
.
((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 21:28 . 2011-08-21 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-19 17:17 . 2011-08-19 17:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-19 13:12 . 2011-08-19 13:12 -------- d-----w- C:\_OTM
2011-08-19 11:56 . 2011-08-19 11:57 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-19 11:49 . 2011-08-19 11:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-17 20:16 . 2011-08-17 20:16 -------- d-----w- c:\program files\ESET
2011-08-17 16:54 . 2011-08-17 16:54 -------- d-----w- c:\users\Allem\AppData\Roaming\Malwarebytes
2011-08-17 16:54 . 2011-08-17 16:54 -------- d-----w- c:\programdata\Malwarebytes
2011-08-16 18:58 . 2011-08-16 18:58 -------- d-----w- c:\users\Allem\AppData\Local\MigWiz
2011-08-16 13:23 . 2011-08-16 13:23 -------- d-----w- c:\programdata\WindowsSearch
2011-08-10 03:23 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 03:23 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 03:22 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 03:13 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 03:13 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 03:13 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-19 13:03 . 2011-01-13 21:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-12 15:30 . 2011-07-12 16:32 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-07-12 15:30 . 2011-07-12 16:29 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-07-12 15:30 . 2011-07-12 16:29 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-06-29 12:45 . 2011-06-29 12:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-21 04:09 . 2011-07-12 16:29 200976 ---ha-w- c:\windows\system32\drivers\tmcomm.sys
2011-06-02 13:34 . 2011-07-13 01:15 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Windows Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-03-10 17672]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-11 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-11 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-11 133912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Allem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [2008-03-05 118784]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MRV6X32U;Linksys Wireless-N USB Network Adapter WUSB300N for Vista x86 (USB8x);c:\windows\system32\DRIVERS\WUSB300N.sys [2007-03-16 316672]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2007-10-12 99200]
S0 SASKUTIL;SASKUTIL; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-21 c:\windows\Tasks\HPCeeScheduleForAllem.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-24 21:23]
.
2011-08-21 c:\windows\Tasks\User_Feed_Synchronization-{4180C337-39AA-4A18-B241-0BD8858CF1D3}.job
- c:\windows\system32\msfeedssync.exe [2011-08-10 09:26]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=192.168.0.1:87
uInternet Settings,ProxyOverride = www.systemcontrolcenter.com;hughesnetsupport.com;192.168.0.1;msn.com;hotmail.com;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CFECE204-F9E2-409D-9DBF-38A43C28DCCA}: NameServer = 198.77.116.8,198.77.116.12
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-21 17:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1512)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2011-08-21 17:35:05
ComboFix-quarantined-files.txt 2011-08-21 21:34
ComboFix2.txt 2011-08-19 17:00
ComboFix3.txt 2011-08-18 11:18
.
Pre-Run: 22,325,612,544 bytes free
Post-Run: 22,444,929,024 bytes free
.
- - End Of File - - D07622342527FFE047CD5CE382F498F6

 

[Bobbye]

Combofix looks fine. I do not think the connections problems you mentioned are due to malware- unless mlware corrupted something and caused a setting to be changed. So check the settings well.

You've done a good job!

Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

 

[kimmie938]

completed. thanks!

 

[Bobbye]

You're welcome! Here are some tips to help you stay clean:

Tips for added security and safer browsing: (Links are in Bold Blue)

1. Browser Security
   [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
   [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
   [o] Replace the Host Files
   [o] Google Toolbar Pop Up Blocker
   [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
   
2. Have layered Security:
   [o]Antivirus :(only one):Both of the following programs are free and known to be good:
   [o]Avira-AntiVir-Personal-Free-Antivirus
   [o] [o]Avast-Free Antivirus
   [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
   [o]Comodo
   [o]Zone Alarm
   
3. Antimalware: I recommend all of the following:
   [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
   [o]Spybot Search & Destroy
   
4. Updates: Stay current:
   [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
   [o]Adobe Reader Install current, uninstall old.
   [o]Java Updates Install current, uninstall old.
   
5. Tracking Cookies
   Reset Cookie:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
   
6. Do regular Maintenance
   Clean the temporary internet files often:
   [o] Temporary File Cleaner
   [o] ATF Cleaner by Atribune
7. Restore Points:
   [o]See System Restore Guide
8. Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Please let me know if you find any bad link.