Inactive Searches Hijacked

[Steelhead99]

Problem is as follows ... from Firefox toolbar I select Yahoo search, and ask for search on dog. Results appear normal with Wikipedia being top result .... Ii select the top result and am given a page of search results from this URL ...

h t t p://lookserch-resu1t.com/gosearch.php?q=dog

Only with no spaces between the first four letters (I didn't want to paste the actual link as it could be dangerous to YOUR browser.) I have included a screenshot of the offending page.

When I select Google search, and ask for search on dog. I get the following two results which seem to toggle back and forth ..

and

ogs from seven step prep to follow in next post.

Edit: from Bobbye: Please note: the images you left were far to large and unnecessary. You subject "Searches Hijacked" was sufficient. If you want to leave an example, just type in a domain name such as 'look-search.'

 

[Steelhead99]

... and now the logs ...

mbam-log-2011-06-18 (20-47-39)

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6891

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/18/2011 8:47:39 PM
mbam-log-2011-06-18 (20-47-39).txt

Scan type: Quick scan
Objects scanned: 163124
Time elapsed: 7 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Steelhead99]

GMER log ...

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-18 22:22:27
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PC2O
Running: b6sz8kzs.exe; Driver: C:\Users\Author\AppData\Local\Temp\ufdcqpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs cbfs.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat cbfs.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

[Steelhead99]

DDS ...

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Author at 11:16:51 on 2011-06-19
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.59 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Author\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Users\Author\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ZumoDrive] c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\users\author\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ZumoDrive] "c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk"
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\author\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\author\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\author\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpmedi~1.lnk - c:\program files\hewlett-packard\hp media suite\home\ArcStart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{211D83A8-55C7-4CEE-9AEE-4308E9207742} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{211D83A8-55C7-4CEE-9AEE-4308E9207742}\16474777966696 : DhcpNameServer = 10.130.168.129 64.134.255.2 64.134.255.10
TCP: Interfaces\{211D83A8-55C7-4CEE-9AEE-4308E9207742}\D436E4564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{380AA253-6A73-45F3-BDE4-7E3537A907DD} : DhcpNameServer = 209.18.47.61 209.18.47.62
Notify: igfxcui - igfxdev.dll
mASetup: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} - c:\program files\hewlett-packard\hp media suite\home\HPMediaSuite.exe "/installer"
mASetup: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - c:\windows\system32\wscript.exe "c:\program files\hewlett-packard\hp media suite\home\PinItem.vbs"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\author\appdata\roaming\mozilla\firefox\profiles\jxqhv4ms.default\
FF - prefs.js: browser.search.selectedEngine - Dogpile
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\author\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\author\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\author\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2011-1-12 147416]
R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [2009-11-11 18136]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl3fb43c53;MpKsl3fb43c53;c:\programdata\microsoft\microsoft antimalware\definition updates\{d8315d4c-48e3-4824-819b-15d9f0eae549}\MpKsl3fb43c53.sys [2011-6-19 28752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-12-11 81920]
R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\hpqwmm\quickweb\qw.sys\config\DVMExportService.exe [2010-7-20 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-7-8 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-7-12 92216]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-6-29 27192]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-12-11 275048]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-14 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-14 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
.
=============== Created Last 30 ================
.
2011-06-19 15:05:59 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d8315d4c-48e3-4824-819b-15d9f0eae549}\MpKsl3fb43c53.sys
2011-06-19 02:23:57 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d8315d4c-48e3-4824-819b-15d9f0eae549}\mpengine.dll
2011-06-19 00:38:59 -------- d-----w- c:\users\author\appdata\roaming\Malwarebytes
2011-06-19 00:38:44 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-19 00:38:40 -------- d-----w- c:\programdata\Malwarebytes
2011-06-19 00:38:34 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 00:38:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-16 20:03:54 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 20:03:53 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 20:03:53 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 20:03:48 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 20:03:46 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 20:03:40 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 20:03:35 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 20:03:31 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 20:03:24 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-06-16 20:00:40 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 20:00:39 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 20:00:39 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-21 13:15:47 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{658dddf7-c06f-4ade-ad67-d3d95300eccd}\gapaengine.dll
.
==================== Find3M ====================
.
2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-22 19:31:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
.
============= FINISH: 11:18:35.96 ===============

 

[Steelhead99]

Attach ...

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 1/11/2011 7:01:39 PM
System Uptime: 6/19/2011 11:05:12 AM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1584
Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz | CPU | 999/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 216 GiB total, 139.427 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.448 GiB free.
Z: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet 3600
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 3600
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 4050 Series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4050 Series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl2455d3ef
Device ID: ROOT\LEGACY_MPKSL2455D3EF\0000
Manufacturer:
Name: MpKsl2455d3ef
PNP Device ID: ROOT\LEGACY_MPKSL2455D3EF\0000
Service: MpKsl2455d3ef
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 4050 Series
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4050 Series
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslb1d6d80f
Device ID: ROOT\LEGACY_MPKSLB1D6D80F\0000
Manufacturer:
Name: MpKslb1d6d80f
PNP Device ID: ROOT\LEGACY_MPKSLB1D6D80F\0000
Service: MpKslb1d6d80f
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl3f71094b
Device ID: ROOT\LEGACY_MPKSL3F71094B\0000
Manufacturer:
Name: MpKsl3f71094b
PNP Device ID: ROOT\LEGACY_MPKSL3F71094B\0000
Service: MpKsl3f71094b
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Deskjet F4500 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl8441a272
Device ID: ROOT\LEGACY_MPKSL8441A272\0000
Manufacturer:
Name: MpKsl8441a272
PNP Device ID: ROOT\LEGACY_MPKSL8441A272\0000
Service: MpKsl8441a272
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl09b83bb4
Device ID: ROOT\LEGACY_MPKSL09B83BB4\0000
Manufacturer:
Name: MpKsl09b83bb4
PNP Device ID: ROOT\LEGACY_MPKSL09B83BB4\0000
Service: MpKsl09b83bb4
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl0caae1ba
Device ID: ROOT\LEGACY_MPKSL0CAAE1BA\0000
Manufacturer:
Name: MpKsl0caae1ba
PNP Device ID: ROOT\LEGACY_MPKSL0CAAE1BA\0000
Service: MpKsl0caae1ba
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl982dd0d7
Device ID: ROOT\LEGACY_MPKSL982DD0D7\0000
Manufacturer:
Name: MpKsl982dd0d7
PNP Device ID: ROOT\LEGACY_MPKSL982DD0D7\0000
Service: MpKsl982dd0d7
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl11a2747e
Device ID: ROOT\LEGACY_MPKSL11A2747E\0000
Manufacturer:
Name: MpKsl11a2747e
PNP Device ID: ROOT\LEGACY_MPKSL11A2747E\0000
Service: MpKsl11a2747e
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP33: 3/18/2011 4:27:31 PM - Windows Update
RP34: 3/19/2011 10:26:56 AM - Windows Update
RP35: 3/20/2011 12:39:06 AM - Windows Update
RP36: 4/21/2011 4:13:19 PM - Windows Update
RP37: 4/22/2011 6:14:57 PM - Windows Update
RP38: 4/22/2011 6:25:18 PM - Windows Update
RP39: 4/30/2011 4:03:05 PM - Windows Update
RP40: 5/5/2011 3:24:27 PM - Windows Update
RP41: 5/6/2011 3:39:23 PM - Windows Update
RP42: 5/13/2011 7:59:05 AM - Windows Update
RP43: 5/14/2011 2:55:55 PM - Windows Update
RP44: 5/14/2011 3:03:31 PM - Windows Update
RP45: 5/18/2011 11:21:21 AM - Windows Update
RP48: 5/19/2011 6:22:51 PM - Windows Update
RP49: 5/21/2011 9:14:18 AM - Windows Update
RP50: 5/25/2011 12:42:16 AM - Windows Update
RP51: 5/26/2011 11:47:52 AM - Windows Update
RP52: 5/31/2011 3:37:24 AM - Windows Update
RP53: 6/1/2011 4:17:42 PM - Windows Update
RP54: 6/2/2011 5:35:18 PM - Windows Update
RP55: 6/10/2011 12:33:21 PM - Windows Update
RP56: 6/16/2011 4:02:04 PM - Windows Update
RP57: 6/18/2011 8:07:10 PM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3 MUI
Adobe Shockwave Player 11.5
Alcor Micro USB Card Reader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bejeweled 2 Deluxe
Bonjour
Broadcom 802.11 Wireless LAN Adapter
BufferChm
Chuzzle Deluxe
CinemaNow Media Manager
Copy
Coupon Printer for Windows
CyberLink DVD Suite
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
DJ_AIO_06_F4500_SW_MIN
Dream Chronicles
Dropbox
Energy Star Digital Logo
ESU for Microsoft Windows 7
Evernote
F4500
FATE
Free NaturalReader
Google Earth
Google Talk Plugin
Google Update Helper
GPBaseService2
HP CloudDrive
HP Customer Experience Enhancements
HP Customer Participation Program 14.0
HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
HP Documentation
HP Game Console
HP Games
HP HomeBase
HP Imaging Device Functions 14.0
HP Media Suite CinemaNow
HP Photo Creations
HP Power Manager
HP Quick Launch
HP QuickSync
HP QuickWeb Installer
HP Setup
HP Smart Web Printing 4.60
HP Software Framework
HP Solution Center 14.0
HP Support Assistant
HP Update
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPPhotoGadget
HPProductAssistant
HPSSupply
IDT Audio
Insaniquarium Deluxe
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Jewel Quest - Heritage
Jewel Quest II
Jewel Quest Solitaire
JoJo's Fashion Show
Junk Mail filter update
Mahjongg Artifacts
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2000 Premium
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.17)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
OpenOffice.org 3.2
OverDrive Media Console
Penguins!
Plants vs. Zombies
Polar Bowler
Power2Go
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Recovery Manager
Roxio CinemaNow 2.0
Scan
Shop for HP Supplies
Skip-Bo - Castaway Caper
Slingo Deluxe
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
The Weather Channel Desktop 6
Times Reader
Toolbox
Tradewinds Legends
TrayApp
Virtual Villagers - The Secret City
WebReg
Wedding Dash
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
6/19/2011 11:06:21 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/19/2011 11:06:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
6/18/2011 8:14:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.2115.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/18/2011 8:14:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.2115.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/18/2011 8:14:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.2115.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/18/2011 8:03:34 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/16/2011 7:32:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
6/16/2011 2:58:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
.
==== End Of File ===========================

 

[Bobbye]

Is this a duplicate of the thread that Broni is helping you with here: https://www.techspot.com/vb/topic165457.html

 

[Steelhead99]

No ... this is a second laptop with the same symptoms.

 

[Bobbye]

Okay! Thank you. If this should come up again, let us know that you're working on 2 systems. You did the right thing making a separate thread. I had all the instructions typed out but noticed the other thread.

You will have seen that I deleted the very large images. Telling us the searches are being directed and giving an example of a domain such as 'search-tool.com' is far more space saving!
=========================================
Have you intentionally installed C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe?
It's an Icon Utility which does this: "When different cards are inserted into the card reader, it shows different icons according to the inserted card type."

The only role of this "AmICoSinglun(64).exe" program (and its companion DLL "Gamicon.icl" containing the list of icons in resources usable by the Windows Explorer shell) is to dynamically change the icon displayed in the main PC folder or in the flash drive properties dialog.

I'm finding many such utilities and apps that are frequently unknown to the user.
=======================================
I'm not seeing any potential hijackers in the logs, so we look further:
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=======================================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
========================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• If there are any changes in the system as we go along, please let me know.

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[Steelhead99]

>>Have you intentionally installed C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe?<<

No sir, I did not knowingly install it. Could it have been part of the original config? Well ... I shall get to following your instructions.

 

[Steelhead99]

ComboFix stalled several hours on reboot and I finally disconnected battery. Program (ComboFix) resumed on restart and produced this log ...

ComboFix 11-06-17.04 - Author 06/19/2011 14:16:01.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.357 [GMT -4:00]
Running from: c:\users\Author\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Author\AppData\Local\Temp\libsqlitejdbc-3424771247784584219.lib
c:\users\Author\AppData\Local\Temp\swt-gdip-win32-3448.dll
c:\users\Author\AppData\Local\Temp\swt-win32-3448.dll
c:\users\Author\AppData\Local\Temp\WindowsAPI.dll
c:\users\Author\AppData\Local\Temp\WindowsFolderWatcher.dll
c:\users\Author\AppData\Local\Temp\WindowsZFSJNI.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-19 to 2011-06-19 )))))))))))))))))))))))))))))))
.
.
2011-06-19 18:30 . 2011-06-19 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-19 18:12 . 2011-06-19 18:12 -------- d-----w- C:\32788R22FWJFW
2011-06-19 15:23 . 2011-06-19 15:23 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34D831A3-4AA4-4FD2-BBD1-7E4A951C4F7C}\MpKslc2a49906.sys
2011-06-19 15:23 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34D831A3-4AA4-4FD2-BBD1-7E4A951C4F7C}\mpengine.dll
2011-06-19 00:38 . 2011-06-19 00:38 -------- d-----w- c:\users\Author\AppData\Roaming\Malwarebytes
2011-06-19 00:38 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-19 00:38 . 2011-06-19 00:38 -------- d-----w- c:\programdata\Malwarebytes
2011-06-19 00:38 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 00:38 . 2011-06-19 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-16 20:03 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 20:03 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 20:03 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 20:03 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 20:03 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 20:03 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 20:03 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 20:03 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 20:03 . 2011-04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 20:00 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 20:00 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 20:00 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-21 13:15 . 2011-01-12 00:48 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{658DDDF7-C06F-4ADE-AD67-D3D95300ECCD}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 20:46 . 2011-01-13 01:51 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-09 06:13 . 2011-05-13 11:55 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-13 11:55 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-18 15:19 123904 ----a-w- c:\windows\system32\poqexec.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Author\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Author\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Author\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-08-16 2038]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-06-04 822384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1778984]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-17 237568]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-06-18 495708]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-08-16 2038]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-06 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\users\Author\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Author\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl09b83bb4;MpKsl09b83bb4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEF7FD83-AF19-4269-8A42-601F6AA61EB5}\MpKsl09b83bb4.sys [x]
R1 MpKsl0caae1ba;MpKsl0caae1ba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD9F4756-584B-4394-979B-02D0B8B9A6BA}\MpKsl0caae1ba.sys [x]
R1 MpKsl11a2747e;MpKsl11a2747e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB351E46-E54E-4564-9DC8-2816EE6F22C5}\MpKsl11a2747e.sys [x]
R1 MpKsl2455d3ef;MpKsl2455d3ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBAF65B4-47B8-4B89-AB70-4E8219EBA4E6}\MpKsl2455d3ef.sys [x]
R1 MpKsl3f71094b;MpKsl3f71094b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{971FB2B4-6D56-4D59-936F-6168FE70EF7F}\MpKsl3f71094b.sys [x]
R1 MpKsl8441a272;MpKsl8441a272;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC92DD97-4703-45A7-9A3E-8EFF21DB15FF}\MpKsl8441a272.sys [x]
R1 MpKsl982dd0d7;MpKsl982dd0d7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB351E46-E54E-4564-9DC8-2816EE6F22C5}\MpKsl982dd0d7.sys [x]
R1 MpKslb1d6d80f;MpKslb1d6d80f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD9F4756-584B-4394-979B-02D0B8B9A6BA}\MpKslb1d6d80f.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-03-28 147416]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136]
S1 MpKslc2a49906;MpKslc2a49906;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34D831A3-4AA4-4FD2-BBD1-7E4A951C4F7C}\MpKslc2a49906.sys [2011-06-19 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
S2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-07-20 338168]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-08 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-07-12 92216]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-24 275048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]
2010-06-24 02:47 687104 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 20:19]
.
2011-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 20:19]
.
2011-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3644153530-1873711080-1203108431-1000Core.job
- c:\users\Author\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02 19:40]
.
2011-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3644153530-1873711080-1203108431-1000UA.job
- c:\users\Author\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02 19:40]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Author\AppData\Roaming\Mozilla\Firefox\Profiles\jxqhv4ms.default\
FF - prefs.js: browser.search.selectedEngine - Dogpile
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2076)
c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
c:\users\Author\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\taskhost.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-06-19 17:09:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-19 21:09
.
Pre-Run: 149,653,172,224 bytes free
Post-Run: 149,259,255,808 bytes free
.
- - End Of File - - 927C7761062C988F829DC99E75EEF9E2


Shall I go forward wit ESET directions??

 

[Bobbye]

Yes, please go on.

 

[Steelhead99]

Okay, this was VERY strange. After I rebooted from Combofix, the problem was gone. My searches appear not to be hijacked anymore. I have waited a bit to report this development in case it reverted, but it has not.

What happened?

 

[Bobbye]

It is not uncommon for a problem to be resolved after running a scan. But that does not mean that all the malware entries have been removed! Occasionally a member will either desert a thread ot request it be closed if this happens. We always encourage the member to finish the cleaning.
======================================
Please run the Eset Online Virus scan as instructed.
=======================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
DDS::
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [<NO NAME>] 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun"=-
"HP Software Update"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
======================================
The Java needs to be updated: Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
The Adobe Reader needs to be updated: Adobe Reader site . Uninstall any earlier updates as they are vulnerabilities.
=====================================
Possible Security Risk:
04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
Microsoft Internet Explorer Vector Markup Language VGX.DLL Remote Buffer Overflow Vulnerability
Risk> High
See http://www.symantec.com/security_response/vulnerability.jsp?bid=25310
======================================
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Extract it to a directory on your hard drive called c:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
=====================================
FYI: Computer manufacturers pre-load many processes before shipping. Most users 1. Don't realize they are on the system. 2. Don't use most of them. 3. Don't realize they can uninstall what they don't use. 4. Can take almost all of the processes off of the Startup Menu. HP has installed the following: 23 processes:

HP CloudDrive
HP Customer Experience Enhancements
HP Customer Participation Program 14.0
HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
HP Documentation
HP Game Console
HP Games
HP HomeBase
HP Imaging Device Functions 14.0
HP Media Suite CinemaNow
HP Photo Creations
HP Power Manager
HP Quick Launch
HP QuickSync
HP QuickWeb Installer
HP Setup
HP Smart Web Printing 4.60
HP Software Framework
HP Solution Center 14.0
HP Support Assistant
HP Update
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPPhotoGadget
HPProductAssistant
HPSSupply
Shop for HP Supplies

===============================================
Another FYI: I noticed you had 14 Devices connected. There are 3 different HP Printers:

Description: HP Deskjet F4500 series
Description: HP Photosmart C7200 series
Description: HP Color LaserJet 3600

 

[Steelhead99]

Then we shall go on. For clarity's sake, I never ran ESet. I was ABOUT to run it when the problem appeared to be cleared. I will run ESet and continue, as per your instructions.

 

[Steelhead99]

ESet completed ... no malicious software found.

 

[Steelhead99]

Moving on to specialized scrip for ComboFix instructions

 

[Bobbye]

Every sentence you put in a separate post generates email feed back to me. Please use the Edit feature. I don't need an email notice of 'moving on.'

Run the script. Post the log.
Run HijackThis. Post the log.

Address my comment regarding 14 devices, of which 3 are different printers.

Advise me of any progress or change in the system.

Do not make a post to tell me you're going on- just do it. When you do post the log, I will be notified.