Laptop Will Not Load Operating System

Hsv_Man

Hsv_Man

New Member
Hey all, I have a laptop that came to me yesteday with a bigg virus that has deleted the boot configuration settings and therefore will not boot into windows vista. The lady that brought it to me said her boyfriend was on the internet and downloaded a file and that in turn "F'd" the computer" at the moment i do not have my vista operating system disc (will be picking it up tonight from work) what do you guys suggest the best way to repair this machine. I was thinking a repair of the boot.ini (i know this is windows xp can't think of the vista/7 term for it) and see if that fixes the problem and then hopefully boot into windows. The lady says she wants the machine back asap (monday) so i'm just looking for the best course of action.

I have already downloaded all the virus programs that i know of that are good and all programs suggested here so john you can be expecting some loggs in the next 12 hours or so thanks so much for all your help on this matter.
 
Ok so i managed to boot into windows vista recovery console and manually through command prompt fix the master boot record (mbr) once i done this vista loaded and everything was back. Here is the malware bytes log and if required i can put up a hijack this log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4458

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

22/08/2010 7:05:12 AM
mbam-log-2010-08-22 (07-05-12).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 321664
Time elapsed: 2 hour(s), 17 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 40

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OWMI000Q\d3cc[1] (Worm.YIM) -> Quarantined and deleted successfully.
C:\Users\williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OWMI000Q\d3cc[2] (Worm.YIM) -> Quarantined and deleted successfully.
C:\Users\williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OWMI000Q\d3cc[3] (Worm.YIM) -> Quarantined and deleted successfully.
C:\Users\williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OWMI000Q\d3cc[4] (Worm.YIM) -> Quarantined and deleted successfully.
C:\Users\williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OWMI000Q\qkl4Cix7f4XUCs8MTQ1fGRvd25sb2FkfA==18k[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Users\williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03ZFJASA\d3cc[1] (Worm.YIM) -> Quarantined and deleted successfully.
C:\Users\williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03ZFJASA\d3cc[2] (Worm.YIM) -> Quarantined and deleted successfully.
C:\Users\williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03ZFJASA\d3cc[3] (Worm.YIM) -> Quarantined and deleted successfully.
C:\Users\williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03ZFJASA\d3cc[4] (Worm.YIM) -> Quarantined and deleted successfully.
C:\Users\williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8XKHPDKC\d3cc[1] (Worm.YIM) -> Quarantined and deleted successfully.
C:\Users\williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8XKHPDKC\d3cc[2] (Trojan.Oficla) -> Quarantined and deleted successfully.
C:\Users\williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8XKHPDKC\decc[1] (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\williams\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8XKHPDKC\decc[2] (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\williams\AppData\Local\Temp\1709.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\williams\AppData\Local\Temp\172A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\williams\AppData\Local\Temp\1CA4.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
 
thanks john,

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:53:47 PM, on 22/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Telstra\BigPond Wireless Broadband\BigPond_CM.exe
C:\Users\Laura & Steven\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Presario&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Presario&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband\BigPond_CM.exe" -tsr
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Users\Laura & Steven\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe

--
End of file - 10616 bytes
 
As Buzz as said please run combofix and post its log along with a new hijackthis log as you are still infected with fast browser search and more of my web search according to this entry.

O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe

Also, you have a lot of unnecessary programs running at bootup but we will take care of that later.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
thanks Buzz and John, the machine itself is running much much better after running many antivirus programs see the bottom of this post for what has been completed on the laptop so far.

ComboFix 10-08-22.05 - Laura & Steven 23/08/2010 14:03:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1978.1074 [GMT 10:00]
Running from: c:\users\Laura & Steven\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\SGPSA
c:\program files\SGPSA\ie3sh.exe
c:\users\Public\RemoveSGP0.exe
c:\users\williams\AppData\Roaming\.#

.
((((((((((((((((((((((((( Files Created from 2010-07-23 to 2010-08-23 )))))))))))))))))))))))))))))))
.

2010-08-23 04:15 . 2010-08-23 04:15 -------- d-----w- c:\users\williams\AppData\Local\temp
2010-08-23 04:15 . 2010-08-23 04:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-23 03:03 . 2010-08-23 03:03 -------- d-----w- c:\users\williams\AppData\Local\Mozilla
2010-08-22 05:04 . 2010-08-22 05:04 -------- d--h--w- c:\windows\PIF
2010-08-22 04:50 . 2010-08-22 04:50 388096 ----a-r- c:\users\Laura & Steven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-22 04:50 . 2010-08-22 04:50 -------- d-----w- c:\program files\Trend Micro
2010-08-22 01:53 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-22 01:53 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-22 01:52 . 2010-06-28 20:39 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-08-22 01:52 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-22 01:52 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-22 01:52 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-22 01:51 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-22 01:51 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-22 01:51 . 2010-08-22 01:51 -------- d-----w- c:\programdata\Alwil Software
2010-08-22 01:51 . 2010-08-22 01:51 -------- d-----w- c:\program files\Alwil Software
2010-08-22 01:33 . 2010-08-22 01:33 0 ----a-w- c:\windows\nsreg.dat
2010-08-22 01:33 . 2010-08-22 01:33 -------- d-----w- c:\users\Laura & Steven\AppData\Local\Mozilla
2010-08-22 01:11 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-08-22 01:11 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-08-21 23:08 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-08-21 23:08 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2010-08-21 23:08 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2010-08-21 23:08 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2010-08-21 23:08 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2010-08-21 23:08 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2010-08-21 23:08 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2010-08-21 23:08 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2010-08-21 23:08 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2010-08-21 23:08 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2010-08-21 23:08 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2010-08-21 23:08 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2010-08-21 23:07 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2010-08-21 23:07 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2010-08-21 23:07 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2010-08-21 23:07 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2010-08-21 23:07 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2010-08-21 23:07 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2010-08-21 23:07 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2010-08-21 21:58 . 2010-08-21 21:58 63488 ----a-w- c:\users\Laura & Steven\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-21 21:58 . 2010-08-21 21:58 52224 ----a-w- c:\users\Laura & Steven\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-21 21:58 . 2010-08-21 21:58 117760 ----a-w- c:\users\Laura & Steven\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-21 21:56 . 2010-08-21 21:56 -------- d-----w- c:\users\Laura & Steven\AppData\Roaming\SUPERAntiSpyware.com
2010-08-21 21:56 . 2010-08-21 21:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-21 21:56 . 2010-08-21 21:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-21 21:37 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-21 21:37 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-21 21:37 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 21:36 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-21 21:27 . 2010-08-21 21:27 -------- d-----w- c:\program files\Common Files\Java
2010-08-21 21:17 . 2010-08-22 04:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-21 21:17 . 2010-08-21 21:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-21 18:42 . 2010-08-21 18:42 -------- d-----w- c:\users\Laura & Steven\AppData\Roaming\Malwarebytes
2010-08-21 18:42 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 18:42 . 2010-08-21 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-21 18:42 . 2010-08-21 18:42 -------- d-----w- c:\programdata\Malwarebytes
2010-08-21 18:42 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-06 16:23 . 2007-12-28 18:17 -------- d-----w- c:\users\Public\3
2010-08-06 04:23 . 2010-08-06 05:30 -------- d-----w- c:\program files\DJ Music Mixer
2010-08-04 09:01 . 2010-08-06 05:08 -------- d-----w- c:\users\Laura & Steven\AppData\Local\VirtualStore
2010-08-04 07:58 . 2010-08-23 03:31 680 ----a-w- c:\users\Laura & Steven\AppData\Local\d3d9caps.dat
2010-08-04 05:38 . 2010-08-04 05:52 -------- d-----w- c:\program files\Common Files\Real
2010-08-04 04:56 . 2010-08-04 08:58 -------- d-----w- c:\users\Laura & Steven\AppData\Roaming\CyberLink
2010-08-04 04:56 . 2010-08-21 22:36 -------- d-----w- c:\users\Laura & Steven\AppData\Local\QuickPlay
2010-08-02 12:04 . 2010-08-02 12:07 -------- d-----w- c:\program files\IDT(22)
2010-08-02 04:52 . 2010-08-13 03:21 -------- d-----w- c:\users\Laura & Steven\AppData\Roaming\uTorrent
2010-07-31 04:31 . 2010-07-31 04:31 -------- d-----w- c:\users\williams\AppData\Local\Apple Computer
2010-07-31 00:50 . 2010-07-31 00:50 -------- d-----w- c:\users\Laura & Steven\AppData\Roaming\WildTangent
2010-07-30 23:18 . 2010-08-02 23:01 -------- d-----w- c:\users\Laura & Steven\AppData\Local\Adobe
2010-07-29 07:22 . 2010-07-31 00:16 -------- d-----w- c:\users\Laura & Steven\AppData\Roaming\Paltalk
2010-07-28 11:44 . 2010-08-11 08:49 -------- d-----w- c:\users\Laura & Steven\AppData\Roaming\skypePM
2010-07-28 11:43 . 2010-08-11 13:32 -------- d-----w- c:\users\Laura & Steven\AppData\Roaming\Skype
2010-07-28 09:28 . 2010-08-23 03:58 -------- d-----w- c:\users\Laura & Steven\Tracing
2010-07-28 06:57 . 2010-08-02 06:51 -------- d-----w- c:\users\williams\AppData\Roaming\Apple Computer
2010-07-28 06:36 . 2010-08-11 10:07 -------- d-----w- c:\users\Laura & Steven\AppData\Roaming\LimeWire
2010-07-28 06:34 . 2010-07-28 09:22 -------- d-----w- c:\users\Laura & Steven\AppData\Roaming\Apple Computer
2010-07-28 06:34 . 2010-07-28 06:34 -------- d-----w- c:\users\Laura & Steven\AppData\Local\Apple Computer
2010-07-28 06:34 . 2010-07-28 06:34 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-28 06:34 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-28 06:34 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-28 06:34 . 2010-07-28 06:34 -------- d-----w- c:\users\Laura & Steven\Mozilla Plugins
2010-07-28 06:34 . 2010-07-28 06:34 -------- d-----w- c:\users\Laura & Steven\iTunesMiniPlayer.Resources
2010-07-28 06:34 . 2010-07-28 06:34 -------- d-----w- c:\users\Laura & Steven\iTunesHelper.Resources
2010-07-28 06:33 . 2010-07-28 06:34 -------- d-----w- c:\users\Laura & Steven\iTunes.Resources
2010-07-28 06:33 . 2010-07-28 06:33 -------- d-----w- c:\program files\iPod
2010-07-28 06:33 . 2010-07-28 06:34 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-28 06:33 . 2010-07-28 06:33 -------- d-----w- c:\users\Laura & Steven\CD Configuration
2010-07-28 06:31 . 2010-07-28 06:32 -------- d-----w- c:\program files\QuickTime
2010-07-28 06:31 . 2010-07-28 06:33 -------- d-----w- c:\programdata\Apple Computer
2010-07-28 06:31 . 2010-07-28 06:31 -------- d-----w- c:\users\Laura & Steven\AppData\Local\Apple
2010-07-28 06:31 . 2010-07-28 06:31 -------- d-----w- c:\program files\Apple Software Update
2010-07-28 06:30 . 2010-07-28 06:33 -------- d-----w- c:\program files\Common Files\Apple
2010-07-28 06:26 . 2010-07-28 06:26 -------- d-----w- c:\users\Laura & Steven\{49d0375b-3993-4ef4-b67d-13df03ec9475}
2010-07-28 06:25 . 2010-07-28 09:21 -------- d-----w- c:\programdata\Apple
2010-07-28 06:25 . 2010-07-28 06:25 -------- d-----w- c:\program files\Bonjour
2010-07-28 06:03 . 2010-07-28 06:03 -------- d-----w- c:\users\Laura & Steven\AppData\Roaming\Sierra Wireless
2010-07-28 06:03 . 2009-11-20 05:09 114688 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2010-07-28 06:03 . 2009-11-20 05:09 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-07-28 06:03 . 2009-11-20 05:09 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-07-28 06:03 . 2009-11-20 05:09 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-07-28 06:03 . 2009-09-05 08:05 7168 ----a-w- c:\windows\system32\drivers\massfilter.sys
2010-07-28 05:59 . 2010-07-28 05:59 -------- d-----w- c:\users\Laura & Steven\AppData\Local\Hewlett-Packard
2010-07-28 05:59 . 2010-07-28 05:59 -------- d-----w- c:\users\Laura & Steven\AppData\Roaming\Hewlett-Packard
2010-07-28 05:59 . 2010-08-23 03:10 105520 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-28 05:59 . 2010-08-04 09:01 105520 ----a-w- c:\users\Laura & Steven\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-24 21:30 . 2010-07-31 01:01 16428368 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en\Installers\SetupGamesClient.exe
2010-07-24 16:29 . 2010-07-24 16:31 -------- d-----w- c:\users\williams\AppData\Roaming\Paltalk
2010-07-24 16:28 . 2010-07-29 07:22 -------- d-----w- c:\program files\Paltalk Messenger
2010-07-24 16:28 . 2010-07-29 07:22 -------- d-----w- c:\windows\PaltalkScene
2010-07-24 16:08 . 2010-07-24 16:08 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-24 16:08 . 2010-07-28 04:08 -------- d-----w- c:\users\williams\AppData\Roaming\skypePM
2010-07-24 16:07 . 2010-07-28 05:57 -------- d-----w- c:\users\williams\AppData\Roaming\Skype
2010-07-24 16:06 . 2010-07-24 16:06 -------- d-----w- c:\program files\Common Files\Skype
2010-07-24 16:06 . 2010-07-24 16:07 -------- d-----r- c:\program files\Skype
2010-07-24 16:06 . 2010-07-24 16:06 -------- d-----w- c:\programdata\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 10:14 . 2010-07-24 01:02 -------- d-----w- c:\users\williams\AppData\Roaming\uTorrent
2010-08-22 10:14 . 2010-07-24 01:03 -------- d-----w- c:\program files\uTorrent
2010-08-22 10:14 . 2009-05-29 10:36 -------- d-----w- c:\program files\IDT
2010-08-22 06:02 . 2009-07-10 08:35 -------- d-----w- c:\program files\AVG
2010-08-22 01:12 . 2010-08-22 01:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-08-22 01:12 . 2010-08-22 01:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-08-21 21:45 . 2009-03-04 07:58 -------- d-----w- c:\programdata\Microsoft Help
2010-08-21 21:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-21 21:26 . 2009-03-04 09:09 -------- d-----w- c:\program files\Java
2010-08-21 18:36 . 2009-07-10 12:34 -------- d-----w- c:\program files\CCleaner
2010-08-06 16:49 . 2009-03-04 07:41 -------- d-----w- c:\program files\HP Games
2010-07-31 01:18 . 2009-03-04 07:41 -------- d-----w- c:\programdata\WildTangent
2010-07-28 06:02 . 2010-04-27 10:26 -------- d-----w- c:\program files\Telstra
2010-07-24 01:02 . 2009-07-18 06:12 -------- d-----w- c:\users\williams\AppData\Roaming\LimeWire
2010-07-22 11:40 . 2010-07-22 11:40 -------- d-----w- c:\programdata\WindowsSearch
2010-07-21 06:30 . 2010-07-21 06:30 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-21 05:53 . 2010-07-21 05:53 294688 ----a-w- c:\users\Laura & Steven\iTunesOutlookAddIn.dll
2010-07-21 05:53 . 2010-07-21 05:53 293672 ----a-w- c:\users\Laura & Steven\iTunesPhotoProcessor.exe
2010-07-21 05:53 . 2010-07-21 05:53 172832 ----a-w- c:\users\Laura & Steven\iTunesHelper.dll
2010-07-21 05:53 . 2010-07-21 05:53 141608 ----a-w- c:\users\Laura & Steven\iTunesHelper.exe
2010-07-21 05:53 . 2010-07-21 05:53 124200 ----a-w- c:\users\Laura & Steven\iTunesMiniPlayer.dll
2010-07-21 05:53 . 2010-07-21 05:53 384296 ----a-w- c:\users\Laura & Steven\iTunesAdmin.dll
2010-07-21 05:53 . 2010-07-21 05:53 10358568 ----a-w- c:\users\Laura & Steven\iTunes.exe
2010-07-21 05:52 . 2010-07-21 05:52 17918240 ----a-w- c:\users\Laura & Steven\iTunes.dll
2010-07-21 05:52 . 2010-07-21 05:52 722160 ----a-w- c:\users\Laura & Steven\CDDBControlApple.dll
2010-07-21 05:52 . 2010-07-21 05:52 648992 ----a-w- c:\users\Laura & Steven\iPodUpdaterExt.dll
2010-07-16 19:00 . 2010-07-11 08:28 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-14 00:59 . 2009-06-30 11:31 -------- d-----w- c:\users\williams\AppData\Roaming\Hewlett-Packard
2010-07-14 00:56 . 2010-07-14 00:56 -------- d-----w- c:\users\williams\AppData\Roaming\InstallShield
2010-07-14 00:54 . 2009-03-04 07:13 -------- d-----w- c:\programdata\Hewlett-Packard
2010-07-10 15:40 . 2010-07-01 16:02 -------- d-----w- c:\programdata\Downloader
2010-07-05 23:47 . 2010-07-05 23:47 2605008 ----a-w- c:\users\williams\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-07-04 21:15 . 2010-07-01 16:02 -------- d-----w- c:\program files\BigPond
2010-06-27 00:22 . 2009-06-30 11:29 105520 ----a-w- c:\users\williams\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-27 00:19 . 2009-07-10 12:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-26 23:58 . 2009-07-10 12:29 -------- d-----w- c:\program files\Microsoft
2010-06-26 23:55 . 2009-03-04 08:00 -------- d-----w- c:\program files\Microsoft.NET
2010-06-26 06:05 . 2010-08-21 21:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-21 21:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-21 21:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-21 21:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-21 21:38 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-21 21:38 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-21 21:38 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-21 21:38 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-11 16:15 . 2010-08-21 21:38 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-05-27 20:08 . 2010-08-21 21:38 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-27 12:32 . 2010-05-27 12:32 245936 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-05-27 12:31 . 2008-12-04 22:54 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-05-27 12:31 . 2008-12-04 22:54 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-05-27 12:31 . 2010-05-27 12:31 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2010-05-27 12:31 . 2008-12-04 22:54 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-05-26 17:06 . 2010-06-26 23:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-26 23:46 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 04:24 . 2010-07-14 00:47 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2009-03-04 08:30 . 2009-03-04 08:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-06-28 20:59 153184 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"BigPondWirelessBroadbandCM"="c:\program files\Telstra\BigPond Wireless Broadband\BigPond_CM.exe" [2009-11-27 2400768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\users\Laura & Steven\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2010-6-17 12732680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c3,19,80,05,59,01,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-09-05 7168]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-11-20 114688]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-24 365952]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-05 222512]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Laura & Steven\AppData\Roaming\Mozilla\Firefox\Profiles\i2um9mmk.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\Laura & Steven\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 14:15
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-23 14:19:52
ComboFix-quarantined-files.txt 2010-08-23 04:19

Pre-Run: 369,553,915,904 bytes free
Post-Run: 369,985,466,368 bytes free

- - End Of File - - 161EAA9CF4B6039055BE7F6DB3976520
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:26:26 PM, on 23/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Telstra\BigPond Wireless Broadband\BigPond_CM.exe
C:\Users\Laura & Steven\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband\BigPond_CM.exe" -tsr
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Users\Laura & Steven\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe

--
End of file - 9567 bytes

And here is a report on what i have done on the machine so far

20/8/2010 - 23/8/2010 Williams Laptop Repair

Windows Recovery Required
Fixed Master Boot Record (MBR) windows vista is now booting
Removed ask toolbar
Ccleaner Removed 967.0 mb temporary internet files/viruses
Malware Bytes Removed 54 infected objects/files/worms/viruses
Super Anti Spyware Removed 5 entries spyware/adware/tracking cookies
Avast Antivirus Removed 1 High risk file
Removed AVG 8.5
Cleaned laptop case and hardware
Combofix fixed IE3SH error on startup
Ran Windows Vista Disk Defragmenter
Installed Microsoft Windows Updates (Updated as of 23/8/2010)

thanks again and i appologise for you having to read this wall of text, I had to spread it out to two posts.
 
Rerun hijackthis and place checks next to the following entries.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMen u.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStart Menu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Users\Laura & Steven\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe

Then click on fix checked. Reboot your system and let us know how its running.
 
Thanks again john done as said above and restarted. The machine is much more responsive to all tasks now including start up and what should be expected from an intel T3400 running @ 2.16 GHz and 2.17GHz with 2 gb ram. I think we can just about call this one unless you have any other programs you can think of to run. Btw I ran another malware bytes full system scan it found nothing.
 
Not unless you feel that you are still infected or anything. You've already ran ccleaner so thats good.
 
No i'm happy with the machine now thanks again for everything i will run avast full system scan then c cleaner again and a disk defragment and send it back :good:
 
You must log in or register to reply here.
Back
Top