Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown Malware Causing Freezing


  • This topic is locked This topic is locked

#1
carlotin

carlotin

    Member

  • Member
  • PipPip
  • 22 posts
Greetings Geeks2Go,

I've recently discovered this forum and immediately signed up. Thank you in advance for any and all efforts in assisting with my issue. Here goes:

A couple of weeks ago I noticed that my laptop was taking a very long time to load Windows. I suspected it had something to do with Norton Internet Security running all of its crap during startup, so I removed it prior to the subscription being up and downloaded AVG per the recommendation of a friend. I hoped this would resolve the issue with the freezing (whenever the laptop enters screen-saver mode, it stays there, refusing to unfreeze and is not responsive to moving the mouse, hitting ctrl+alt+delete, or manually hitting the power switch), however the freezing has continued, if not gotten worse. I also continuously get messages that say that network drives were not connected and have noticed that the laptop connects to the internet only via Wireless Network. Any attempts to connect directly to LAN (via ethernet cable to modem) gives no connectivity. There have also been issues with the HP All-In-One Printer- the use is hit or miss (sometimes prints/faxes/scans, other times no) and is limited via Wireless Network, as well. Directly connecting multi-use printer to laptop via ethernet or usb connection gives no results.

I know that the issue with the All-In-One and LAN are likely to be driver issues, but I am sure that I also have Malware. I followed the Malware Cleaning Guide to the best of my ability, but only have gotten so far, due to the freezing of my system. I downloaded and ran the ATF Cleaner and created a new System Restore point. Then I downloaded Malwarebytes'Anti-Malware and ran a scan. I got these results:

Malwarebytes Scan 05/01/2008:

Malwarebytes' Anti-Malware 1.11
Database version: 704

Scan type: Quick Scan
Objects scanned: 45767
Time elapsed: 15 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Carlos\g2mdlhlpx.exe (Trojan.Agent) -> Quarantined and deleted successfully.


After that I downloaded SuperAntispyware, and here is where things became a little weird- each time I would scan for harmful software, the laptop would freeze when it arrived at the following file: C:\Program Files\HP\Digital Imaging\bin\gdiplus.dll. I was a bit frustrated that the scan could never complete in order for me to provide a log, but I figured I would just continue the other steps..

I go on to do the Online Panda Activescan, ran a scan and each time it would freeze on the same file: C:\System Volume Informat...}\RP175\A0018261.dll. Not sure what this means..

I opted not to download the Windows XP SP2, since it's likely that I have malware on my system. I went ahead and downloaded HiJachThis, ran a scan, and the following is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:31 AM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ge security supra\syncservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\SSL\stunnel-4.10.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.mi...b?1184544872078
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62...geWell-ipix.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32

\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Last, but not least, is the Uninstall List:

Adobe Reader 8.1.1
Adobe SVG Viewer 6.0
Adobe® Photoshop® Album Starter Edition 3.2
Apple Mobile Device Support
Apple Software Update
AutoContract Pre-Installation Support Files
AutoContract-Gold
AVG 7.5
Awave Studio v9.1
Azureus Vuze
BlackBerry Desktop Software 4.1
BlackBerry Desktop Software 4.1
Bonjour
Conexant HD Audio
CP210x USB to UART Bridge Controller
Customer Experience Enhancement
DisplayKEY USB Cradle version 0.7.2.1
Easy Internet Sign-up
eFax Messenger 4.3
getPlus®_ocx
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Driver Diagnostics
HP Extended Capabilities 4.7
HP Help and Support
HP Imaging Device Functions 6.0
HP Integrated Module with Bluetooth wireless technology
HP Photosmart Premier Software 6.0
HP PSC & OfficeJet 4.7
HP QuickPlay 2.0
HP Rhapsody
HP Update
HP User Guides 0019
HP User Guides--System Recovery
HP Wireless Assistant 2.00 C1
Intel® PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 6
Malwarebytes' Anti-Malware
MeridianLink Site Security Certificate
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office Standard Edition 2003
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 4.5
NVIDIA Drivers
Office 2003 Trial Assistant
OpenSSL 0.9.7f
Otto
Panda ActiveScan 2.0
Quick Launch Buttons 5.20 F2
Quicken 2006
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
SopCast 1.1.2
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TourSetup
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Windows XP Media Center Edition 2005 KB908250
WinRAR archiver
Wireless Home Network Setup
Xvid 1.1.2 final uninstall

Hope I've helped you help me. Thanks!
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Let's see if it's indeed related to malware...

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
carlotin

carlotin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thanks for the response greyknight,

I downloaded and ran the program. Here are the results:

ComboFix 08-05-01.3 - Carlos 2008-05-05 0:22:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512 [GMT -4:00]
Running from: C:\Program Files\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent


((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-05 00:19 . 2008-05-05 00:19 2,855 --a------ C:\Program Files\ComboFix.PIF
2008-05-05 00:16 . 2008-05-05 00:20 1,782,564 --a------ C:\Program Files\ComboFix.exe
2008-05-03 00:09 . 2008-05-03 00:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-03 00:05 . 2008-05-03 00:05 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-05-01 22:47 . 2008-05-01 22:47 <DIR> d-------- C:\Program Files\Panda Security
2008-05-01 02:13 . 2008-05-01 20:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-01 02:13 . 2008-05-01 02:13 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\SUPERAntiSpyware.com
2008-05-01 02:13 . 2008-05-01 02:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-01 02:10 . 2008-05-01 02:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-01 02:09 . 2008-05-01 02:09 5,797,152 --a------ C:\Program Files\SUPERAntiSpyware.exe
2008-05-01 01:50 . 2008-05-01 01:50 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\Malwarebytes
2008-05-01 01:49 . 2008-05-01 01:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-01 01:49 . 2008-05-01 01:49 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-01 01:49 . 2008-05-01 01:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-01 01:47 . 2008-05-01 01:47 128,368 --a------ C:\Program Files\Download_mbam-setup.exe
2008-05-01 01:28 . 2008-05-01 01:28 50,688 --a------ C:\Program Files\ATF_Cleaner.exe
2008-04-12 18:16 . 2008-04-12 18:16 <DIR> d-------- C:\WINDOWS\wt
2008-04-05 04:03 . 2008-04-05 04:03 <DIR> d-------- C:\Program Files\iPod
2008-04-05 03:44 . 2008-04-05 03:44 156,887 --a------ C:\Program Files\hosts.zip
2008-04-05 03:33 . 2008-04-05 03:33 18,843,904 --a------ C:\Program Files\CFP_Patch_3.0.14.276_XP_Vista_x64.exe
2008-04-05 03:27 . 2008-04-05 03:27 30,752,512 --a------ C:\Program Files\CFP_Setup_3.0.21.329_XP_Vista_x64.exe
2008-04-05 02:36 . 2008-04-05 02:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-05 02:36 . 2008-05-05 00:08 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\AVG7
2008-04-05 02:36 . 2008-04-05 02:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-05 02:36 . 2008-04-05 02:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-05 02:33 . 2008-04-05 02:33 35,960,792 --a------ C:\Program Files\avg75free_519a1276.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 15:30 --------- d-----w C:\Program Files\GE Security Supra
2008-05-01 05:47 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-01 05:43 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-04-25 03:52 --------- d-----w C:\Program Files\WildTangent
2008-04-25 03:50 --------- d-----w C:\Program Files\ESPNMotion
2008-04-18 08:54 --------- d-----w C:\Documents and Settings\Carlos\Application Data\Azureus
2008-04-18 05:55 --------- d-----w C:\Program Files\Azureus
2008-04-05 18:55 --------- d-----w C:\Documents and Settings\Carlos\Application Data\Apple Computer
2008-04-05 08:04 --------- d-----w C:\Program Files\iTunes
2008-04-05 08:02 --------- d-----w C:\Program Files\QuickTime
2008-04-05 07:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-28 01:10 --------- d-----w C:\Program Files\ACWin
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 02:53 --------- d-----w C:\Program Files\SopCast
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-05 20:51 202 ----a-w C:\Documents and Settings\Carlos\Application Data\wklnhst.dat
2008-01-30 05:30 58,619,176 ----a-w C:\Program Files\iTunesSetup.exe
2007-12-30 01:45 7,792,648 ----a-w C:\Program Files\Azureus_3.0.4.2_windows.exe
2007-12-28 07:45 9,238,783 ----a-w C:\Program Files\ip90xp185us.exe
2007-08-16 22:31 1,494,562 ----a-w C:\Program Files\Windos Awave91 Studio.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 11:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-01 20:11 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 20:45 579584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-15 07:42 7331840]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 04:04 761945]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 17:03 36975]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 14:23 1187840]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2005-12-12 15:39 94208]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [ ]
"nwiz"="nwiz.exe" [2005-12-15 07:42 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-15 07:42 86016]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 20:45 507904]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 22:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56 64512]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 13:21 116224]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 14:56 409600]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-06-29 17:48 233534]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 11:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-05 02:36 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-08-16 11:56:00 577597]
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2007-07-01 02:26:09 629248]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 05:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-05-01 20:11 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 13:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dab6b69d-2d66-11dc-aa79-000fb0f8f4ed}]
\Shell\AutoRun\command - F:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-08 22:10:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 00:28:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\GE Security Supra\SyncService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\SSL\stunnel-4.10.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-05-05 0:39:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-05 04:39:42

Pre-Run: 42,269,241,344 bytes free
Post-Run: 43,181,887,488 bytes free

199 --- E O F --- 2008-04-25 18:21:16



edit: Forgot to mention that the following balloon continues to appear "No firewall is turned on"

Edited by carlotin, 04 May 2008 - 11:24 PM.

  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Looks clear here.

Do you have a firewall there? If not, that's why you see the message. You can enable the Windows Firewall if you want. Go to Start->Settings->Control Panel->Windows Firewall.

Download the Flash Disinfector at http://www.techsuppo...Disinfector.exe and save it to your desktop. Double-click on it to run it and follow the on-screen instructions.

Download and run the Norton Removal Tool to see if it finds any Norton remnants and remove them permanently.

This might not be a malware related issue that you are experiencing...
  • 0

#5
carlotin

carlotin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Not a malware issue? I don't know whether to feel relieved or more worried. Hopefully it's not a case of a bad hard-drive, as the one that is in is already a replacement.

I ran the removal tool and restarted the machine. Prior to that I ran the Flash disinfector. I also turned on the Windows Firewall, and upon the reboot it notified that it blocked HP Digital Imaging from accessing the net. I thought it was peculiar as it was a file in that folder that would cause the antispyware and system to freeze.

I'm assuming the best thing to do at this point is start from the top and follow the Malware Cleaning Guide step by step?
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Feel free to disable that HP program from starting up. Go to Start->Run and type in msconfig and hit OK. Then go to the Startup tab and disable it by unchecking that HP entry. Click OK and restart the computer to see if it still has problems now.
  • 0

#7
carlotin

carlotin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello greyknight,

Prior to your response I had attempted to run the Antispyware program, and unsurprisingly, it from on the same HP Digital Imaging file that I've previously noted. This frustrated me, and I figured that it would be a good idea to just remove the program/software. I went ahead and did that, but noticed that the folder and file were still in my C drive once I rebooted. I went to the specific file and attempted to delete it, but it refused to delete. What in God's name is that thing?

I've done what you instructed, and disabled that file and also the NvCpl.exe file- I noticed that it is located in the C:\\Windows folder, and is potentially a virus, according to some.
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Where is that HP folder located and are you sure you uninstalled that one specifically? I know HP usually likes bundling several software packages together sometimes.

I want you to upload this file (C:\WINDOWS\Nvcpl.exe) to http://virusscan.jotti.org and report back what it found.

How is the computer running so far? Should be better now that you disabled HP.
  • 0

#9
carlotin

carlotin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
The computer isn't running well, at all. It typically freezes after about 10 minutes of use, but once it's restarted, it will run with no problems. However, if I leave it idle (not typing or navigating from page to page) it will freeze after several minutes, regardless.

I uploaded the file, which is located in C:\WINDOWS\system32\NvCpl.dll, and the report came back finding nothing. In the bottom half of the "Scanner Results" page there was a "Statistics" section which said the following:

Last file scanned at least one scanner reported something about: is153266.exe (MD5: 4a1bff594e8fef41c695ed681938255a, size: 59904 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir TR/Vundo.Gen
ArcaVir Heur.W32
Avast X
AVG Antivirus Generic10.QEQ
BitDefender Trojan.Vundo.EJF
ClamAV Trojan.Vundo-2807
CPsecure Packed.W32.Monder.gen
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus Trojan.Win32.Monder.gen
Fortinet X
Ikarus Win32.Rigel.6468
Kaspersky Anti-Virus Trojan.Win32.Monder.gen
NOD32 X
Norman Virus Control Vundo.gen166
Panda Antivirus X
Sophos Antivirus Mal/Generic-A
VirusBuster X
VBA32 X


I wasn't sure if that was found in my system, or if it's just saying the file name of the latest threat/virus.

The HP folder is located at C:\Program Files\HP\Digital Imaging\bin\gdiplus.dll, and no, I am not sure if I successfully uninstalled it specifically.

Edit: I uploaded the C:\Program Files\HP\Digital Imaging\bin\gdiplus.dll file to http://virusscan.jotti.org and the computer immediately froze.

Edited by carlotin, 10 May 2008 - 06:10 PM.

  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Rename C:\Program Files\HP\ to something like C:\Program Files\HPold\ instead.

We can also try disabling a bunch of startup programs to see if it helps.


Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

- Download the latest version of Java Runtime Environment (get JDK) from http://java.sun.com/...loads/index.jsp and save it to your desktop.
- Just click on the Download button to the right.
- Read the License Agreement and then check the box that says Accept License Agreement. The page will refresh.
- Click on the link to download Windows Offline Installation and save the file to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start->Settings->Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
- Click (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove all the older Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on Java installer file you downloaded earlier to install the newest version.

- After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
- Applications and Applets
- Trace and Log Files
- Click OK on Delete Temporary Files window
Note: This deletes ALL the Downloaded Java Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.
  • 0

#11
carlotin

carlotin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Alrighty, I renamed the HP folder to "HP old" (it was clever), I ran a scan in Hijack This and checked the list of files (some no longer existed), I removed all older versions of java and installed the newer one, and I cleared the Cache.

A while back I disabled the majority of the startup programs, but it seemed to not do much in terms of the freezing issue..



EDIT: The laptop was running pretty well last night, but froze today after about 15 min of use.

Edited by carlotin, 12 May 2008 - 02:04 PM.

  • 0

#12
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I'm not sure if it's malware related at this point. It might be some other software conflict or hardware issue. Try asking this in the Windows board to see if anyone has other ideas on what might be causing this.
  • 0

#13
carlotin

carlotin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Darn. I'll do that- thanks for your efforts, greyknight.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP