Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by MS Antispyware 2009


  • This topic is locked This topic is locked
2 replies to this topic

#1 Mike Anderson

Mike Anderson

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 02 March 2009 - 09:56 AM

Saturday I started getting pop ups galore, and have been doing everything in my power to get rid of this bugger. I have red circles in my task bar with a white x in them. If i click on them I get a browser window that takes me to spywareremover2009 or bestspywareremoval2009 or some crud like that. Also, every once in a while I get a popup that says "You have a security problem! Do you want to scan your computer for viruses?" Every time that comes up I get a loud thunk sound from windows. I found "MS Antispyware 2009" in my programs and uninstalled it as soon as possible.

I have run adaware, spydoctor, malwarebytes, trend micro, and Microsoft Onecare. All of them have found spyware or malware at some point and removed, but I still have the problem. It's driving me crazy.

I think because of one of my antispyware programs now internet explorer isn't working. Even when i'm not trying to run it it windows keeps popping up saying it is not responding, and do I want to send a report to Microsoft.

Please, please help!


DDS (Ver_09-02-01.01) - NTFSx86
Run by MikeAnderson at 9:39:55.88 on 03/02/09
Internet Explorer: 8.0.6001.18372
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2022.830 [GMT -5:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated)
AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\csifcsvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TSSchBkpService.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Camera Assistant Software for ViewSonic\traybar.exe
C:\Program Files\Belkin Storage Manager\StorageManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
C:\Program Files\Camera Assistant Software for ViewSonic\CEC_MAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Timeslips\TSTimer.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Digsby\lib\digsby-app.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail.google.com/mail/#inbox
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\mike\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Uniblue ProcessQuickLink 2] "c:\program files\uniblue\processquicklink 2\ProcessQuickLink2.exe" /autostart
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [TSTimer] "c:\program files\timeslips\TSTimer.exe"
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for viewsonic\traybar.exe"
mRun: [Belkin Storage Manager] "c:\program files\belkin storage manager\StorageManager.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tstimer.lnk - c:\program files\timeslips\TSTimer.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://moe/ConnectComputer/nshelp.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli ACGina psqlpwd ACGina

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-7-31 20616]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-28 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-2-28 130424]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-5-27 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-5-27 4224]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-5-27 4442]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-11-5 25968]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-28 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-28 1095560]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-15 11152]
R2 TSScheduleBackup;TimeslipsBackup;c:\windows\system32\TSSchBkpService.exe [2008-6-5 705024]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2008-6-6 2944]
R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2008-6-6 60416]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2008-6-6 11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2008-6-6 10368]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2008-5-27 81280]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S2 gupdate1c9860c6a3837d8;Google Update Service (gupdate1c9860c6a3837d8);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-21 30192]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]

=============== Created Last 30 ================

2009-03-01 19:16 7,256 a------- c:\windows\system32\OEMINFO.PNF
2009-03-01 18:49 91,328 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-03-01 18:49 116,416 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-03-01 18:46 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-03-01 18:42 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-03-01 18:42 <DIR> --d----- C:\23605f6c6361a30fc6d191e3
2009-03-01 10:02 <DIR> --d----- c:\docume~1\mike\applic~1\Malwarebytes
2009-03-01 10:02 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-01 10:02 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-01 10:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-01 10:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-28 22:29 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-28 21:24 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-28 21:21 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-28 21:21 <DIR> --d----- c:\program files\Lavasoft
2009-02-28 20:57 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-02-28 20:57 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-02-28 20:57 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-02-28 20:57 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-02-28 20:57 <DIR> --d----- c:\program files\common files\PC Tools
2009-02-28 20:57 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-28 20:57 <DIR> --d----- c:\docume~1\mike\applic~1\PC Tools
2009-02-28 20:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-02-23 16:10 <DIR> --d----- c:\program files\Rainmeter
2009-02-07 08:36 46,456 a----r-- c:\windows\system32\exitwx.exe
2009-02-07 08:33 661,808 a------- c:\windows\system32\UfWSC.cpl
2009-02-04 09:41 48 a---h--- c:\windows\system32\ezsidmv.dat
2009-02-04 09:39 <DIR> --d--r-- c:\program files\Skype

==================== Find3M ====================

2009-02-28 19:04 66,560 a------- c:\windows\system32\userinit.exe
2009-01-23 08:12 90,112 a------- c:\windows\DUMP9819.tmp
2009-01-15 02:17 636,264 a------- c:\windows\system32\dllcache\iexplore.exe
2009-01-15 02:17 392,040 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-01-15 02:13 5,888,512 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-15 02:12 10,963,968 a------- c:\windows\system32\dllcache\ieframe.dll
2009-01-15 02:06 1,182,720 a------- c:\windows\system32\dllcache\urlmon.dll
2009-01-15 02:06 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-01-15 02:06 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-01-15 02:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 02:05 911,872 a------- c:\windows\system32\dllcache\wininet.dll
2009-01-15 02:05 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-01-15 02:05 109,056 a------- c:\windows\system32\dllcache\occache.dll
2009-01-15 02:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 02:05 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-01-15 02:04 755,200 a------- c:\windows\system32\dllcache\VGX.dll
2009-01-15 02:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 02:04 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-01-15 02:04 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-01-15 02:02 1,975,296 a------- c:\windows\system32\dllcache\iertutil.dll
2009-01-15 02:02 593,920 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-01-15 02:02 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-01-15 02:01 183,808 a------- c:\windows\system32\dllcache\iepeers.dll
2009-01-15 02:01 59,904 a------- c:\windows\system32\dllcache\icardie.dll
2009-01-15 02:01 54,272 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-15 02:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 02:01 34,304 a------- c:\windows\system32\dllcache\imgutil.dll
2009-01-15 02:01 348,160 a------- c:\windows\system32\dllcache\dxtmsft.dll
2009-01-15 02:01 46,592 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-01-15 02:01 216,064 a------- c:\windows\system32\dllcache\dxtrans.dll
2009-01-15 02:01 66,560 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-01-15 02:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 02:00 48,128 a------- c:\windows\system32\dllcache\mshtmler.dll
2009-01-15 02:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 02:00 45,568 a------- c:\windows\system32\dllcache\mshta.exe
2009-01-15 01:53 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-01-15 01:50 156,160 a------- c:\windows\system32\msls31.dll
2009-01-15 01:50 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-01-15 01:35 445,440 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-13 12:22 16,384 a------- c:\windows\DCEBoot.exe
2009-01-11 00:00 79,360 -------- c:\windows\system32\dllcache\iecompat.dll
2009-01-07 16:44 87,608 a------- c:\docume~1\mike\applic~1\inst.exe
2009-01-07 16:44 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-01-07 16:44 47,360 a------- c:\docume~1\mike\applic~1\pcouffin.sys
2009-01-05 17:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2009-01-04 17:03 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-22 16:39 721,912 a------- c:\documents and settings\mike\gotomypc_428.exe
2008-12-14 17:12 3,698,040 a------- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-06-14 15:20 16,088 -------- c:\program files\iPod Software License.rtf
2008-05-27 19:11 32,768 ---sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-06-04 02:56 32,768 ---sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008060420080605\index.dat
2008-09-30 18:45 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008093020081001\index.dat

============= FINISH: 9:40:50.03 ===============

Attached Files


Edited by Mike Anderson, 02 March 2009 - 09:59 AM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:43 PM

Posted 15 March 2009 - 08:53 AM

Hello Mike Anderson,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:43 PM

Posted 23 March 2009 - 03:49 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users