Can someone check over my virus scan logs please? Thank you!

NinkyNonk_2
NinkyNonk_2 Posts: 116 Forumite
in Techie Stuff
Please could someone check over my combo fix and hijack this logs? A week ago today, my yahoo email account was hacked and I've been trying to get my computer safe. Please see this thread if it helps, showing what I have done so far.
https://forums.moneysavingexpert.com/discussion/4023343=

The 1st time I ran spybot, it found malware and it is still in the recovery folder.
Here's my Combo fix log as of today:

ComboFix 12-06-21.01 - Jones 21/06/2012 12:06:48.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2815.1667 [GMT 1:00]
Running from: c:\users\Jones\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\TEMP
c:\programdata\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\programdata\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\programdata\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-20 09:33 . 2012-06-20 09:33
d
w- c:\program files\Sophos
2012-06-19 19:32 . 2012-06-19 19:32
d
w- c:\windows\en
2012-06-19 19:29 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-19 19:28 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-19 19:28 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-19 19:28 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-19 19:28 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-19 19:28 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-19 19:28 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-19 19:27 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-19 19:27 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-19 19:27 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-19 19:24 . 2012-06-19 19:24 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\142b83b01cd4e5101\DSETUP.dll
2012-06-19 19:24 . 2012-06-19 19:24 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\142b83b01cd4e5101\DXSETUP.exe
2012-06-19 19:24 . 2012-06-19 19:24 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\142b83b01cd4e5101\dsetup32.dll
2012-06-18 12:30 . 2012-06-19 19:17
d
w- c:\program files\adawaretb
2012-06-16 18:09 . 2012-06-16 18:09
d
w- c:\program files\MSXML 4.0
2012-06-15 22:33 . 2012-06-15 22:33
d
w- c:\program files\Panda Security
2012-06-15 22:31 . 2012-06-15 22:31
d--h--w- c:\windows\AxInstSV
2012-06-15 22:12 . 2012-06-19 19:18
d
w- c:\program files\Ad-Aware Antivirus
2012-06-15 22:11 . 2012-06-19 19:17
d
w- c:\program files\Toolbar Cleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 10:45 . 2012-04-04 10:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-09 10:45 . 2011-06-09 14:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-31 04:39 . 2012-05-12 06:33 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-12 06:33 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-12 06:33 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2004-11-11 16:36 . 2004-11-11 16:36 1020416 ----a-w- c:\program files\PSCore3.dll
2004-11-11 16:36 . 2004-11-11 16:36 92160 ----a-w- c:\program files\PSSourceFilter3.dll
2004-11-11 16:36 . 2004-11-11 16:36 901120 ----a-w- c:\program files\MSRAAutoFix.dll
2004-11-11 16:36 . 2004-11-11 16:36 77312 ----a-w- c:\program files\PSPublish.dll
2004-11-11 16:36 . 2004-11-11 16:36 78848 ----a-w- c:\program files\CabinetDll3.dll
2004-11-11 16:36 . 2004-11-11 16:36 76800 ----a-w- c:\program files\bandexpander.dll
2004-11-11 16:36 . 2004-11-11 16:36 71680 ----a-w- c:\program files\PSTransitionFilter.dll
2004-11-11 16:36 . 2004-11-11 16:36 49664 ----a-w- c:\program files\PSDMusicDMO.dll
2004-11-11 16:36 . 2004-11-11 16:36 41984 ----a-w- c:\program files\WavDest3.dll
2004-11-11 16:36 . 2004-11-11 16:36 102912 ----a-w- c:\program files\PhotoStory3.exe
2004-09-17 19:00 . 2004-09-17 19:00 31440 ----a-w- c:\program files\PSLegitCheck.dll
2011-12-21 07:42 . 2012-01-09 12:43 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3806b089-6759-411d-b2c3-b7995a9f34d7}"= "c:\program files\Harmony_Hollow_Software\prxtbHarm.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3806b089-6759-411d-b2c3-b7995a9f34d7}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3806b089-6759-411d-b2c3-b7995a9f34d7}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Harmony_Hollow_Software\prxtbHarm.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3806b089-6759-411d-b2c3-b7995a9f34d7}"= "c:\program files\Harmony_Hollow_Software\prxtbHarm.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3806b089-6759-411d-b2c3-b7995a9f34d7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 412432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"HostManager"="c:\program files\Common Files\AOL\1269802939\ee\AOLSoftware.exe" [2008-06-24 41824]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSClearCloudTrayApp]
2010-08-18 09:37 537936 ----a-w- c:\program files\ClearCloud\ClearCloud DNS\SBCC_Utility_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre6\bin\jusched.exe [BU]
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-21 1343400]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AVGIDSDriver
*Deregistered* - AVGIDSEH
*Deregistered* - AVGIDSFilter
*Deregistered* - AVGIDSShim
*Deregistered* - Avgrkx86
*Deregistered* - Avgtdix
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 10:45]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 09:45]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 09:45]
.
.
Supplementary Scan
.
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol broadband toolbar 5.0\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: valuedopinions.co.uk\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jones\AppData\Roaming\Mozilla\Firefox\Profiles\5qndzzfz.default\
.
.
LOCKED REGISTRY KEYS
.
[HKEY_USERS\S-1-5-21-2391137309-2146828521-3579586563-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2391137309-2146828521-3579586563-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-21 12:15:21
ComboFix-quarantined-files.txt 2012-06-21 11:15
ComboFix2.txt 2012-06-18 12:10
ComboFix3.txt 2012-06-15 20:46
ComboFix4.txt 2011-01-22 11:49
ComboFix5.txt 2012-06-21 11:06
.
Pre-Run: 209,808,666,624 bytes free
Post-Run: 209,766,449,152 bytes free
.
- - End Of File - - 41871F30E88C5867AC088EFDB562BB22
«13

Comments

  • NinkyNonk_2
    NinkyNonk_2 Posts: 116 Forumite
    My Hijack This log as of today.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:17:07, on 21/06/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Freecorder\FLVSrvc.exe
    C:\Program Files\Common Files\AOL\1269802939\ee\aolsoftware.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Sandboxie\SbieCtrl.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Sun\StarOffice 9\program\soffice.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Sun\StarOffice 9\program\soffice.bin
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Jones\Downloads\HijackThis.exe
    C:\Windows\system32\SearchProtocolHost.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://medion.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Harmony Hollow Software Toolbar - {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files\Harmony_Hollow_Software\prxtbHarm.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Harmony Hollow Software - {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files\Harmony_Hollow_Software\prxtbHarm.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: AOL Broadband Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O3 - Toolbar: Harmony Hollow Software Toolbar - {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files\Harmony_Hollow_Software\prxtbHarm.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1269802939\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
    O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
    O4 - Startup: StarOffice 9.lnk = C:\Program Files\Sun\StarOffice 9\program\quickstart.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol broadband toolbar 5.0\resources\en-GB\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
    --
    End of file - 8912 bytes
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    They look fine.

    Post the contents of ComboFix-quarantined-files.txt found in C:\qoobox

    Run the AVG removal tool.

    http://www.avg.com/ww-en/utilities
  • NinkyNonk_2
    NinkyNonk_2 Posts: 116 Forumite
    Here's the contents of ComboFix-quarantined-files.txt
    Running avg now :)

    2012-06-15 20:45:20 . 2012-06-15 20:45:20 928 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SunJavaUpdateSched.reg.dat
    2012-06-15 20:45:10 . 2012-06-15 20:45:10 156 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SunJavaUpdateSched.reg.dat
    2012-04-28 10:41:56 . 2011-10-16 14:56:02 18,387 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\chrome\ComplitlyChrome.crx.vir
    2012-04-28 10:41:56 . 2010-07-20 00:27:24 496 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\support@Complitly.com\chrome\content\options.xul.vir
    2012-04-28 10:41:56 . 2011-10-16 14:55:28 5,731 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul.vir
    2012-04-28 10:41:56 . 2010-10-12 04:54:38 2,945 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\support@Complitly.com\chrome\content\appIcon.png.vir
    2012-04-28 10:41:56 . 2011-10-16 14:56:02 1,934 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\support@Complitly.com\install.rdf.vir
    2012-04-28 10:41:56 . 2012-04-28 10:41:57 7,190 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\unins000.dat.vir
    2011-05-26 21:20:29 . 2011-05-17 13:51:06 16,704 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\roboot.exe.vir
    2011-01-22 11:34:17 . 2011-01-22 11:34:17 1,914 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-661756199.sherlockholmes.openmediagateway.com.reg.dat
    2011-01-22 11:34:02 . 2011-01-22 11:34:02 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
    2011-01-22 11:34:02 . 2011-01-22 11:34:02 132 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
    2011-01-22 11:31:55 . 2012-06-21 11:11:43 4,200 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2011-01-22 11:27:19 . 2012-06-21 11:06:48 638 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2009-09-22 09:04:35 . 2009-09-22 09:04:34 36,864 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe.vir
    2009-09-22 09:04:16 . 2009-09-22 09:04:15 53,319 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe.vir
    2009-09-22 09:03:59 . 2009-09-22 09:03:58 53,319 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe.vir
  • NinkyNonk_2
    NinkyNonk_2 Posts: 116 Forumite
    Done avg removal tool. It was so quick - is there anymore to do?
    Am I safe to go? I run a business on ebay and since email hacking, it's really been a lot of trouble. I have dared not log in ebay or paypal using this computer.
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Yes, but uninstall combofix.

    Open a Run command box. (Start > Run or Windows key + R on your keyboard) and copy/paste this command in:

    ComboFix /uninstall

    Note the space between ComboFix and /uninstall , it needs to be there.

    Click OK

    let combofix uninstall itself.
  • closed
    closed Posts: 10,886 Forumite
    Want this? Harmony Hollow Software Toolbar

    There's a lot of bloat running at startup
    !!
    > . !!!! ----> .
  • NinkyNonk_2
    NinkyNonk_2 Posts: 116 Forumite
    Combofix is uninstalled. What does uninstalling it do? I mean, don't I need it anymore?
    Am I safe to go? :)
  • NinkyNonk_2
    NinkyNonk_2 Posts: 116 Forumite
    closed wrote: »
    Want this? Harmony Hollow Software Toolbar

    I don't even know what that is :embarasse What is it? And if I am asking that question, I probably don't want/need it?
  • closed
    closed Posts: 10,886 Forumite
    edited 21 June 2012 at 6:55PM
    R3 - URLSearchHook: Harmony Hollow Software Toolbar - {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files\Harmony_Hollow_Software\prxtbHarm.dll

    Unless you need them running all the time, use the startup tab in msconfig (start, run, msconfig )to disable these items from running at startup (they can always be run manually if needed). When you reboot after doing this, you will get a prompt about selective startup - tick Don't show this message or launch the system configuration utility when windows starts,and click ok

    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1269802939\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - Startup: StarOffice 9.lnk = C:\Program Files\Sun\StarOffice 9\program\quickstart.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background

    Click the java icon in control panel, updates, untick check for updates

    __________________________________________________

    Using Hijackthis, tick and fix these entries
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    _________________________________________________

    Uninstall any IE toolbars (browser helper objects or BHO's) in Control panel, or Firefox plugins that you don't need. This is a list of the IE BHO's evident in the log, (firefox plugins don't show up in hijackthis). To disable IE addons, see IE, tools, manage addons

    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Harmony Hollow Software - {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files\Harmony_Hollow_Software\prxtbHarm.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    __________________________________________________

    uninstall adobe and google and google updaters.

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    __________________________________________________
    !!
    > . !!!! ----> .
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    NinkyNonk wrote: »
    Combofix is uninstalled. What does uninstalling it do? I mean, don't I need it anymore?
    Am I safe to go? :)

    Combofix performs some additional actions to help secure your system upon uninstallation. It's updated very regularly so you need to ensure you always have the latest version when you run it.

    That said, it's unwise to just run combofix of the cuff. It targets some pretty serious infections and should anything go wrong you could end up with an unbootable machine that could be hard to recover without expert guidance - you could lose valuable data. It's far better to get diagnostic logs first. (such as DDS - also from combofix's developer, sUBs.) In the event things did go wrong, we'd then have a better idea what is wrong and subsequently know how best to fix it.

    http://www.bleepingcomputer.com/forums/topic273628.html
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 349.9K Banking & Borrowing
  • 252.7K Reduce Debt & Boost Income
  • 453K Spending & Discounts
  • 242.8K Work, Benefits & Business
  • 619.7K Mortgages, Homes & Bills
  • 176.4K Life & Family
  • 255.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture