Compaq Laptop May Be Infected

[mare_wbpa]

I uninstalled Java 6 update 7 but didn't uninstall update Java 7 update 45 before downloading  the above Java.  I saved it to my documents.  It doesn't appear in the add/remove programs listed in the control panel option for uninstall.

[Corrine]

You don't need to uninstall Java 7 (it is listed in your installed programs as Java 7 update 25).  Just follow the link I provided to get the update to the latest version 45.  Then move on to the remaining instructions.

[mare_wbpa]

Here is the only combofix text document that I could find that looked anything like a log.  I had trouble finding it as it didn't come up when I pasted C:\ComboFix.txt into search.  I followed the other instructions and uninstalled norton and Iwin .

ComboFix 13-12-13.01 - mary ann 12/13/2013  17:54:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1790.858 [GMT -5:00]
Running from: C:\Users\mary ann\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Blinkx
C:\Program Files\Blinkx\blinkx.ico
C:\Program Files\Blinkx\blinkxss.exe
C:\Program Files\Blinkx\blinkxstop.exe
C:\Program Files\Blinkx\lang.dll
C:\Program Files\Blinkx\templates\beat.ico
C:\Program Files\Blinkx\templates\index.html
C:\Program Files\Blinkx\templates\noflash.html
C:\Program Files\Blinkx\templates\offline.html
C:\Program Files\Blinkx\templates\offline.swf
C:\Program Files\Blinkx\templates\uninstall.exe
C:\ProgramData\ntuser.dat
C:\Users\mary ann\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
C:\Users\mary ann\install_flash_player_11_plugin.exe
C:\Users\mary ann\Norton_Removal_Tool.exe
C:\Windows\isRS-000.tmp


(((((((((((((((((((((((((   Files Created from 2013-11-13 to 2013-12-13  )))))))))))))))))))))))))))))))


2013-12-13 23:08:46 . 2013-12-13 23:09:06   --------   d-----w-   C:\Users\mary ann\AppData\Local\temp
2013-12-13 23:08:46 . 2013-12-13 23:08:46   --------   d-----w-   C:\Users\Default\AppData\Local\temp
2013-12-12 15:05:59 . 2013-10-30 00:35:24   2050560   ----a-w-   C:\Windows\system32\win32k.sys
2013-12-12 15:05:50 . 2013-10-30 02:12:54   335360   ----a-w-   C:\Windows\system32\SysFxUI.dll
2013-12-12 15:05:50 . 2013-10-30 01:43:04   130048   ----a-w-   C:\Windows\system32\drivers\drmk.sys
2013-12-12 15:05:50 . 2013-10-30 00:43:06   167936   ----a-w-   C:\Windows\system32\drivers\portcls.sys
2013-12-12 15:05:24 . 2013-10-11 02:08:55   131072   ----a-w-   C:\Windows\system32\wshom.ocx
2013-12-12 15:05:24 . 2013-10-11 00:35:42   135168   ----a-w-   C:\Windows\system32\cscript.exe
2013-12-12 15:05:24 . 2013-10-11 00:35:41   155648   ----a-w-   C:\Windows\system32\wscript.exe
2013-12-12 15:05:16 . 2013-10-11 02:08:55   36864   ----a-w-   C:\Windows\system32\wshcon.dll
2013-12-12 15:05:16 . 2013-10-11 02:08:35   172032   ----a-w-   C:\Windows\system32\scrrun.dll
2013-12-12 15:04:01 . 2013-10-22 07:19:59   158208   ----a-w-   C:\Windows\system32\imagehlp.dll
2013-12-10 23:50:16 . 2013-12-10 23:50:25   --------   d-----w-   C:\ProgramData\Oracle
2013-12-10 23:50:03 . 2013-12-10 23:50:03   --------   d-----w-   C:\Program Files\Common Files\Java
2013-12-10 23:48:11 . 2013-10-08 12:50:41   94632   ----a-w-   C:\Windows\system32\WindowsAccessBridge.dll
2013-12-10 23:40:04 . 2013-12-10 23:40:09   915368   ----a-w-   C:\jxpiinstall.exe
2013-12-09 00:17:13 . 2013-12-09 00:28:14   --------   d-----w-   C:\AdwCleaner
2013-11-14 15:20:28 . 2013-11-14 15:22:29   --------   d-----w-   C:\d75b162b80459d40b8e3ea44193fe7e9
.


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-12-13 00:04:13 . 2013-06-02 22:07:32   71048   ----a-w-   C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-13 00:04:13 . 2013-06-02 22:07:32   692616   ----a-w-   C:\Windows\system32\FlashPlayerApp.exe
2013-11-06 02:50:48 . 2013-11-06 02:50:48   120600   ----a-w-   C:\Windows\system32\drivers\avgdiskx.sys
2013-11-05 02:57:30 . 2013-11-05 02:57:30   209176   ----a-w-   C:\Windows\system32\drivers\avgidsdriverx.sys
2013-11-01 04:00:28 . 2013-11-01 04:00:28   176952   ----a-w-   C:\Windows\system32\drivers\avgldx86.sys
2013-11-01 03:30:08 . 2013-11-01 03:30:08   222520   ----a-w-   C:\Windows\system32\drivers\avglogx.sys
2013-10-30 02:13:01 . 2008-01-21 02:23:21   1304064   ----a-w-   C:\Windows\system32\WMALFXGFXDSP.dll
2013-10-25 03:28:32 . 2013-10-25 03:28:32   147768   ----a-w-   C:\Windows\system32\drivers\avgidshx.sys
2013-10-11 02:08:02 . 2013-11-13 22:32:34   444928   ----a-w-   C:\Windows\system32\IKEEXT.DLL
2013-10-11 02:07:57 . 2013-11-13 22:32:34   596480   ----a-w-   C:\Windows\system32\FWPUCLNT.DLL
2013-10-03 12:45:50 . 2013-11-13 22:32:54   297984   ----a-w-   C:\Windows\system32\gdi32.dll
2013-10-03 12:45:45 . 2013-11-13 22:32:48   993792   ----a-w-   C:\Windows\system32\crypt32.dll
2013-10-01 05:49:38 . 2013-10-01 05:49:38   102712   ----a-w-   C:\Windows\system32\drivers\avgmfx86.sys
2013-09-17 05:57:26 . 2013-09-17 05:57:26   22840   ----a-w-   C:\Windows\system32\drivers\avgidsshimx.sys


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 23:56:04 972080]
"oovoo.exe"="C:\program files\oovoo\oovoo.exe" [2011-12-12 23:21:54 22459984]
"SacReminderHDDV2N"="C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 09:05:07 862032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 18:05:10 1049896]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2008-09-24 01:21:52 468264]
"UpdateLBPShortCut"="C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 01:11:32 210216]
"UpdatePSTShortCut"="C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 03:42:38 210216]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 23:14:02 202032]
"UpdateP2GoShortCut"="C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 01:11:32 210216]
"UpdatePDIRShortCut"="C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 01:11:32 210216]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 14:58:56 75008]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 21:51:00 488752]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 01:01:00 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 01:50:00 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 13:03:38 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 16:02:14 79400]
"WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 12:35:26 20480]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-04-28 19:06:30 142120]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 07:41:12 49208]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 01:43:52 59720]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2013-05-01 07:59:04 421888]
"AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe" [2013-11-08 03:03:50 4956176]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 14:16:26 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14:42   451872   ----a-w-   C:\Program Files\Common Files\LightScribe\LSRunOnce.exe

Contents of the 'Scheduled Tasks' folder

2013-12-13 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-02 22:07:33 . 2013-12-13 00:04:13]

2013-12-13 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 21:34:59 . 2010-02-05 21:34:39]

2013-12-13 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 21:34:59 . 2010-02-05 21:34:39]


------- Supplementary Scan -------

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 24.229.54.212 207.44.96.129 24.229.54.220
FF - ProfilePath - C:\Users\mary ann\AppData\Roaming\Mozilla\Firefox\Profiles\zni3qowh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - ExtSQL: !HIDDEN! 2009-08-14 10:39; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

- - - - ORPHANS REMOVED - - - -

HKCU-Run-AVG-Secure-Search-Update_0913a - C:\Users\mary ann\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
HKCU-Run-AVG-Secure-Search-Update_1113a - C:\Users\mary ann\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Family Feud - C:\Program Files\iWin\Family Feud\Uninstall.exe
AddRemove-blinkx beat - C:\Program Files\Blinkx\templates\uninstall.exe

[Corrine]

Excellent! 

Are you still getting popups?  Is your laptop still slow and freezing?

[mare_wbpa]

So far so good.  I will update when I have been on long enough to know if the problems are solved.  Good to know that you and the team are there for when I get into trouble.  Thanks for all your help.

[Corrine]

In that case, please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.


Please refer to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?".

Let us know if you have any other questions.

[mare_wbpa]

Had a major freeze up today when I visited this site.

http://www.wdcs.co.uk/media/flash/whalebanner/content_us.html

[Corrine]

Please go to the About Flash Player page with both IE and Firefox to make sure you have the latest version, 11.9.900.170. 

[mare_wbpa]

I have the latest Adobe Flash in FF.  I have IE on the dfesktop, but when I double click non it, it'd not the IE startup page. 

[Corrine]

I'm not sure if you mean that the shortcut on your desktop for IE doesn't work or when you launch IE from the shortcut it doesn't go to your home/startup page.

1.  If you mean when launched IE does not open to your home/start page, it is likely that it was reset when you ran AdwCleaner.  If that is the case, see the instructions here:  Change your home page in Internet Explorer - Microsoft Windows Help.

2.  On the other hand, if you mean that the shortcut on your desktop for IE isn't working, try creating a new shortcut and deleting the old, non-working shortcut.  To delete the old shortcut, right-click it and select delete.  Instructions are in the section "Method 1: Create a shortcut to Internet Explorer on your desktop" at The Internet Explorer icon is missing from your desktop.  You could, alternatively, run the Microsoft Fixit that is located on that page.

[mare_wbpa]

Merry Christmas to Corinne and the team.  Please be patient with me.  I've been very busy with holiday prep, with no time to play with the computer.  I'll be back soon after the holiday with a reply to last suggestions.  Mare

[Corrine]

Merry Christmas, Mare!  No hurry.  Family first!  We'll be here and do our best to help.

[mare_wbpa]

Happy New Year, I'm back.  Sorry it took so long, besides the holidays there was my Birthday festivities and other later celebrations.  Getting back to business, it seems that there is no IE shortcut on my desktop.  there was a shortcut that said it was IE, but had the FF logo.  I went into all programs and found IE, when I clicked on it I was taken to a page that had a big Google logo with a search bar.  I decided to stop there and come here to ask what to do next.

[Corrine]

Hi, Mare.  Belated Happy Birthday!

Because you had so many adware, "browser hijackers" and toolbars, when AdwCleaner removed those files, it set your IE start page to Google.  That way, you can set your start page to your choice.  All you need to do is go to the page you want to open when you launch IE and set it as your start/home page.  Instructions for IE 9 are here:  Change your home page in Internet Explorer.

[mare_wbpa]

I have the latest version of Adobe Flash on FF but not on IE.  I'm waiting to do any downloads or upgrading til I get further instructions from you.