Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Vundo!


  • This topic is locked This topic is locked
18 replies to this topic

#1 exal85

exal85

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 29 October 2009 - 10:32 AM

Constantly getting popups, and there are clearly programs running in the background that should not be. My virus scan does not fix the problem. I have tried removing the files manually even disabling their start up ability then deleting but that still did not work. Files constantly regenerate themselves. Seems like the virus has implanted its self deep into the registry. I got a blue screen after installing daemon tools, but I think that is an unrelated driver problem. Here are my logs:

Thank you.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Alex at 0:45:38.34 on Thu 10/29/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2026.760 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:WINDOWSsystem32ibmpmsvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
svchost.exe
C:Program FilesLavasoftAd-AwareAAWService.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
svchost.exe
C:Program FilesLENOVOHOTKEYTPHKSVC.exe
C:Program FilesThinkPadConnectUtilitiesAcPrfMgrSvc.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:WINDOWSSystem32svchost.exe -k HTTPFilter
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesCommon FilesIntelPrivacy IconPrivacyIconClient.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesLenovoNPDIRECTTPFNF7SP.exe
C:WINDOWSsystem32TpShocks.exe
C:PROGRA~1ThinkPadUTILIT~1EzEjMnAp.Exe
C:Program FilesLenovoHOTKEYTPOSDSVC.exe
C:Program FilesLenovoHOTKEYTPFNF6R.exe
C:Program FilesIntelAMTLMS.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesCommon FilesLenovoSchedulerscheduler_proxy.exe
c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
c:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe
C:Program FilesLenovoHOTKEYTPONSCR.exe
C:WINDOWSSystem32TPHDEXLG.exe
C:Program FilesLenovoZoomTpScrex.exe
C:PROGRA~1THINKV~1PrdCtrLPMGR.exe
C:PROGRA~1THINKV~1PrdCtrLPMLCHK.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesLenovoClient Security Solutioncssauth.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesLenovoRescue and Recoveryrrpservice.exe
C:Program FilesLenovoRescue and Recoveryrrservice.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWindows Media PlayerWMPNSCFG.exe
c:Program FilesCommon FilesLenovoSchedulertvtsched.exe
C:Documents and SettingsAlexLocal SettingsApplication DataGoogleUpdate1.2.183.7GoogleCrashHandler.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesCommon FilesIntelPrivacy IconUNSUNS.exe
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesThinkPadConnectUtilitiesAcSvc.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:Program FilesThinkPadUtilitiesPWMDBSVC.EXE
c:program fileslenovosystem updatesuservice.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesThinkPadConnectUtilitiesSvcGuiHlpr.exe
C:PROGRA~1ThinkPadUTILIT~1PWMUIAux.exe
C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe
C:Documents and SettingsAlexLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsAlexLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsAlexLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsAlexLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsAlexLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsAlexMy DocumentsDownloadsdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg8toolbarIEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg8toolbarIEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg8avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:progra~1micros~2office12GRA8E1~1.DLL
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg8toolbarIEToolbar.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:program fileswindows live toolbarmsntb.dll
BHO: 1 (0x1) - No File
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:program fileslenovoclient security solutiontvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:program fileswindows live toolbarmsntb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:program filesavgavg8toolbarIEToolbar.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [Google Update] "c:documents and settingsalexlocal settingsapplication datagoogleupdateGoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:program fileswindows media playerWMPNSCFG.exe
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [picon] "c:program filescommon filesintelprivacy iconPrivacyIconClient.exe" -startup
mRun: [TPFNF7] c:program fileslenovonpdirectTPFNF7SP.exe /r
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:progra~1thinkpadutilit~1EzEjMnAp.Exe
mRun: [TPHOTKEY] c:program fileslenovohotkeyTPOSDSVC.exe
mRun: [LENOVO.TPFNF6R] c:program fileslenovohotkeyTPFNF6R.exe
mRun: [StartCCC] "c:program filesati technologiesati.acecore-staticCLIStart.exe" MSRun
mRun: [TVT Scheduler Proxy] c:program filescommon fileslenovoschedulerscheduler_proxy.exe
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [LPManager] c:progra~1thinkv~1prdctrLPMGR.exe
mRun: [LPMailChecker] c:progra~1thinkv~1prdctrLPMLCHK.exe
mRun: [AMSG] c:program filesthinkvantageamsgAmsg.exe /startup
mRun: [PWRMGRTR] rundll32 c:progra~1thinkpadutilit~1PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:progra~1thinkpadutilit~1BatLogEx.DLL,StartBattLog
mRun: [CreateLMBCShortCut] "c:program fileslenovomobile broadband connectUserShortcutCreator.exe"
mRun: [cssauth] "c:program fileslenovoclient security solutioncssauth.exe" silent
mRun: [AVG8_TRAY] c:progra~1avgavg8avgtray.exe
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe"
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [MSConfig] c:windowspchealthhelpctrbinariesMSConfig.exe /auto
mRun: [tuguhisom] Rundll32.exe "c:windowssystem32kebulovo.dll",a
StartupFolder: c:docume~1alexstartm~1programsstartuponenot~1.lnk - c:program filesmicrosoft officeoffice12ONENOTEM.EXE
StartupFolder: c:docume~1alluse~1startm~1programsstartupdigita~1.lnk - c:program filesdigital line detectDLG.exe
IE: &Windows Live Search - c:program fileswindows live toolbarmsntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:program filesaimaim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~2office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:program fileslenovoclient security solutiontvtpwm_ie_com.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {59B16FCE-5149-4BDE-8DA8-C788DD73F7DE} = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:progra~1micros~2office12GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg8avgpp.dll
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: tpfnf2 - c:program fileslenovohotkeynotifyf2.dll
AppInit_DLLs: webogori.dll c:windowssystem32kebulovo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SSODL: zopipazeb - {40f92092-999e-41c6-8efe-2592e15a4696} - c:windowssystem32kebulovo.dll
STS: jugezatag: {40f92092-999e-41c6-8efe-2592e15a4696} - c:windowssystem32kebulovo.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:program fileswindows desktop searchMSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:progra~1micros~2office12GRA8E1~1.DLL
LSA: Notification Packages = scecli ACGina yeluriya.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1alexapplic~1mozillafirefoxprofilestn3qbeuk.default
FF - plugin: c:documents and settingsalexlocal settingsapplication datagoogleupdate1.2.183.7npGoogleOneClick8.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpViewpoint.dll
FF - plugin: c:program filesunitywebplayerloadernpUnity3D32.dll
FF - plugin: c:program filesviewpointviewpoint media playernpViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [2009-10-26 64288]
R0 Shockprf;Shockprf;c:windowssystem32driversApsX86.sys [2008-5-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:windowssystem32driversApsHM86.sys [2008-5-14 19496]
R1 ANC;ANC;c:windowssystem32driversANC.sys [2009-6-4 11520]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-8-23 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:windowssystem32driversavgtdix.sys [2009-8-23 108552]
R1 IBMTPCHK;IBMTPCHK;c:windowssystem32driversIBMBLDID.sys [2009-6-4 4224]
R1 TPPWRIF;TPPWRIF;c:windowssystem32driversTPPWRIF.SYS [2009-6-4 4442]
R1 vcdrom;Virtual CD-ROM Device Driver;c:documents and settingsalexdesktopVCdRom.sys [2001-12-19 8576]
R2 avg8emc;AVG Free8 E-mail Scanner;c:progra~1avgavg8avgemc.exe [2009-8-23 908056]
R2 avg8wd;AVG Free8 WatchDog;c:progra~1avgavg8avgwdsvc.exe [2009-8-23 297752]
R2 cpuz132;cpuz132;c:windowssystem32driverscpuz132_x32.sys [2009-9-20 12672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program fileslavasoftad-awareAAWService.exe [2009-9-24 1170768]
R2 Power Manager DBC Service;Power Manager DBC Service;c:program filesthinkpadutilitiesPWMDBSVC.exe [2009-6-4 53248]
R2 TPHKSVC;On Screen Display;c:program fileslenovohotkeyTPHKSVC.exe [2009-4-17 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:program fileslenovorescue and recoveryrrpservice.exe [2008-11-24 520192]
R2 UNS;IntelŽ Active Management Technology User Notification Service;c:program filescommon filesintelprivacy iconunsUNS.exe [2009-6-4 2058776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesviewpointcommonViewpointService.exe [2009-8-28 24652]
R3 e1yexpress;IntelŽ Gigabit Network Connections Driver;c:windowssystem32driverse1y5132.sys [2009-6-4 239760]
R3 RTL8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:windowssystem32driversrtl8192se.sys [2009-6-4 555520]
R3 TVTI2C;Lenovo SM bus driver;c:windowssystem32driverstvti2c.sys [2008-2-22 37312]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:program fileslenovohotkeymicmute.exe [2009-4-17 45424]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:program fileslenovorescue and recoveryUpdateMonitor.exe [2008-5-9 360448]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:program filesmicrosoft sql servermssql.1mssqlbinnsqlservr.exe [2007-2-10 29178224]
S3 RoxMediaDB10;RoxMediaDB10;c:program filescommon filesroxio shared10.0sharedcomRoxMediaDB10.exe [2008-4-25 1120752]
S4 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:program filesmicrosoft small businessbusiness contact managerBcmSqlStartupSvc.exe [2008-1-11 30312]

=============== Created Last 30 ================

2009-10-28 03:43:24 0 d-----w- c:program filesMicrosoft Windows 7 Upgrade Advisor
2009-10-28 03:41:04 2687 ----a-w- c:windowsdiagwrn.xml
2009-10-28 03:41:04 1908 ----a-w- c:windowsdiagerr.xml
2009-10-28 03:24:43 722416 ----a-w- c:windowssystem32driverssptd.sys
2009-10-28 03:24:36 0 d-----w- c:docume~1alexapplic~1DAEMON Tools Pro
2009-10-28 03:13:03 0 d-----w- c:tempWindows 7 Professional (x86) - DVD (English)
2009-10-27 05:06:42 0 d-----w- c:program filesTrend Micro
2009-10-26 15:56:22 0 d-----w- c:documents and settingsalex.housecall6.6
2009-10-26 04:50:22 15688 ----a-w- c:windowssystem32lsdelete.exe
2009-10-26 04:31:30 64288 ----a-w- c:windowssystem32driversLbd.sys
2009-10-26 04:30:19 0 dc-h--w- c:docume~1alluse~1applic~1{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-26 04:30:06 0 d-----w- c:program filesLavasoft
2009-10-21 00:30:34 0 d-----w- c:program filesUnity
2009-10-03 02:28:07 0 d-sh--w- c:windowssystem32lowsec

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:windowssystem32msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:windowssystem32dllcachemsv1_0.dll
2009-09-08 12:21:36 411368 ----a-w- c:windowssystem32deploytk.dll
2009-09-04 21:03:36 58880 ----a-w- c:windowssystem32msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:windowssystem32dllcachemsasn1.dll
2009-08-28 10:35:52 173056 ------w- c:windowssystem32dllcacheie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:windowssystem32strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:windowssystem32dllcachestrmdll.dll
2009-08-23 09:06:44 11952 ----a-w- c:windowssystem32avgrsstx.dll
2009-08-06 23:24:18 327896 ----a-w- c:windowssystem32dllcachewucltui.dll
2009-08-06 23:24:18 209632 ----a-w- c:windowssystem32dllcachewuweb.dll
2009-08-06 23:24:10 35552 ----a-w- c:windowssystem32dllcachewups.dll
2009-08-06 23:24:06 53472 ----a-w- c:windowssystem32dllcachewuauclt.exe
2009-08-06 23:24:04 96480 ----a-w- c:windowssystem32dllcachecdm.dll
2009-08-06 23:23:54 575704 ----a-w- c:windowssystem32dllcachewuapi.dll
2009-08-06 23:23:46 1929952 ----a-w- c:windowssystem32dllcachewuaueng.dll
2009-08-05 09:01:48 204800 ----a-w- c:windowssystem32mswebdvd.dll
2009-08-05 09:01:48 204800 ------w- c:windowssystem32dllcachemswebdvd.dll
2009-08-05 00:44:46 2189184 ------w- c:windowssystem32dllcachentoskrnl.exe
2009-08-04 15:13:08 2145280 ----a-w- c:windowssystem32ntoskrnl.exe
2009-08-04 15:13:08 2145280 ------w- c:windowssystem32dllcachentkrnlmp.exe
2009-08-04 14:20:09 2023936 ----a-w- c:windowssystem32ntkrnlpa.exe
2009-08-04 14:20:09 2023936 ------w- c:windowssystem32dllcachentkrpamp.exe
2009-08-04 14:20:08 2066048 ------w- c:windowssystem32dllcachentkrnlpa.exe
2009-07-28 01:08:38 37888 --sha-w- c:windowssystem32duwiwuse.dll
2009-07-29 01:08:56 38912 --sha-w- c:windowssystem32fitaporo.dll
2009-07-28 13:08:50 89088 --sha-w- c:windowssystem32juzeziwi.dll
2009-07-29 01:08:56 89600 --sha-w- c:windowssystem32kebulovo.dll
2009-07-28 13:08:50 38400 --sha-w- c:windowssystem32kemifave.dll
2009-07-27 01:08:18 51712 --sha-w- c:windowssystem32meleyuli.dll
2009-07-28 01:08:38 90112 --sha-w- c:windowssystem32nuyuviju.dll
2009-07-28 13:08:50 60928 --sha-w- c:windowssystem32vahuwodi.dll
2009-07-27 01:09:53 51712 --sha-w- c:windowssystem32webogori.dll
2009-07-27 01:09:53 51712 --sha-w- c:windowssystem32yeluriya.dll
2009-07-27 01:09:53 51712 --sha-w- c:windowssystem32yonugese.dll
2009-07-27 13:08:22 90112 --sha-w- c:windowssystem32zabivesi.dll
2009-06-04 20:06:38 32768 --sha-w- c:windowssystem32configsystemprofilelocal settingsapplication datamicrosoftfeeds cacheindex.dat

============= FINISH: 0:47:33.78 ===============

Also, to add:

My gmail will only load occasionally. Sometimes web pages will transform from lets say npr.org to a false advertisement for anti-virus programs. Trend micro housecall will not work on any browser. I am very careful with everything I do on my computer, I have not downloaded anything suspicious so I am really not sure how this came about. I did notice my firewall was accidentally left off recently, so that might have been the source.

If I think of anything else I will add.

Attached Files


Edited by The weatherman, 29 October 2009 - 06:10 PM.
Merged posts to keep the member on "0" replies.~Tw


BC AdBot (Login to Remove)

 


#2 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:27 PM

Posted 04 November 2009 - 02:18 PM

Hello and welcome to Bleeping Computer.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh DDS Log

Edited by km2357, 04 November 2009 - 02:19 PM.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#3 exal85

exal85
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 04 November 2009 - 04:51 PM

Thanks for the reply.

I now also get a blue screen when I try to restart in safe mode, however it does not stay up long enough to see what the message is.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Alex at 16:48:44.23 on Wed 11/04/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2026.586 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Alex\My Documents\Downloads\dds (1).scr
C:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {59B16FCE-5149-4BDE-8DA8-C788DD73F7DE} = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
AppInit_DLLs: webogori.dll c:\windows\system32\sepoyije.dll c:\windows\system32\pefedamu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: nibafidul - {3a6aedbe-6aca-4992-9f63-8e300c99c39b} -
SSODL: javukadov - {5f3d6edb-0b3f-427c-8f7c-b49eb9d089ef} -
STS: {3a6aedbe-6aca-4992-9f63-8e300c99c39b}: gahurihor
STS: {5f3d6edb-0b3f-427c-8f7c-b49eb9d089ef}: tokatiluy
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli ACGina yeluriya.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\tn3qbeuk.default\
FF - plugin: c:\documents and settings\alex\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-25 64288]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-5-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2009-6-4 11520]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-23 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-23 108552]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2009-6-4 4224]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2009-6-4 4442]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\documents and settings\alex\desktop\VCdRom.sys [2001-12-19 8576]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-23 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-23 297752]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-20 12672]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-10-29 312592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-6-4 53248]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-4-16 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-6-4 2058776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-28 24652]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-6-4 239760]
R3 RTL8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2009-6-4 555520]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-4-16 45424]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]

=============== Created Last 30 ================

2009-11-02 05:31:42 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-31 06:46:21 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-31 05:33:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 05:33:45 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 03:47:08 0 d-----w- C:\VundoFix Backups
2009-10-31 03:46:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 03:46:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-31 03:45:14 0 d-----w- c:\docume~1\alex\applic~1\Malwarebytes
2009-10-30 04:25:54 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2009-10-30 04:23:04 0 d-----w- c:\docume~1\alex\applic~1\IObit
2009-10-30 04:23:03 0 d-----w- c:\program files\IObit
2009-10-28 03:43:24 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-28 03:41:04 2687 ----a-w- c:\windows\diagwrn.xml
2009-10-28 03:41:04 1908 ----a-w- c:\windows\diagerr.xml
2009-10-28 03:24:43 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-28 03:24:36 0 d-----w- c:\docume~1\alex\applic~1\DAEMON Tools Pro
2009-10-28 03:13:03 0 d-----w- c:\temp\Windows 7 Professional (x86) - DVD (English)
2009-10-27 05:06:42 0 d-----w- c:\program files\Trend Micro
2009-10-26 15:56:22 0 d-----w- c:\documents and settings\alex\.housecall6.6
2009-10-26 04:50:22 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-26 04:31:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-26 04:30:19 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-26 04:30:06 0 d-----w- c:\program files\Lavasoft
2009-10-21 00:30:34 0 d-----w- c:\program files\Unity

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-08 12:21:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-23 09:06:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-06 23:24:18 327896 ----a-w- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 23:24:18 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 23:24:10 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2009-08-06 23:24:06 53472 ----a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 23:24:04 96480 ----a-w- c:\windows\system32\dllcache\cdm.dll
2009-08-06 23:23:54 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 23:23:46 1929952 ----a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-06-04 20:06:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

============= FINISH: 16:50:17.09 ===============

Attached Files



#4 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:27 PM

Posted 04 November 2009 - 11:32 PM

Step # 1: Add/Remove Programs

Go to Start-Settings-Control Panel, click on Add Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

IObit Security 360

Reboot your Computer.



Step # 2: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please include C:\ComboFix.txt in your next reply.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#5 exal85

exal85
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 05 November 2009 - 12:28 AM

Here is my ComboFix Log:

ComboFix 09-11-04.02 - Alex 11/05/2009 0:03.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2026.1437 [GMT -5:00]
Running from: c:\documents and settings\Alex\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2831502157-3559094008-2580282161-500
c:\windows\Tasks\cnnyjvyc.job
c:\windows\Tasks\qwdrulcz.job

Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-05 04:58 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-05 04:58 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-02 05:31 . 2009-11-02 05:31 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-02 05:31 . 2009-11-02 05:31 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-02 05:31 . 2009-11-02 05:31 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-02 05:31 . 2009-11-02 05:31 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-02 05:31 . 2009-11-02 05:31 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-02 05:31 . 2009-11-02 05:31 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-02 05:31 . 2009-11-02 05:31 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-02 05:31 . 2009-11-02 05:31 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-02 05:31 . 2009-11-02 05:31 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-31 06:46 . 2009-10-26 15:56 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-31 05:33 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 05:33 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 03:47 . 2009-10-31 03:47 -------- d-----w- C:\VundoFix Backups
2009-10-31 03:46 . 2009-10-31 05:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 03:46 . 2009-10-31 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-31 03:45 . 2009-10-31 03:45 -------- d-----w- c:\documents and settings\Alex\Application Data\Malwarebytes
2009-10-30 04:25 . 2009-10-30 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-10-30 04:23 . 2009-10-31 05:54 -------- d-----w- c:\documents and settings\Alex\Application Data\IObit
2009-10-30 04:23 . 2009-10-30 04:25 -------- d-----w- c:\program files\IObit
2009-10-28 03:43 . 2009-10-28 03:43 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-28 03:24 . 2009-10-28 03:31 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-28 03:24 . 2009-10-28 03:24 -------- d-----w- c:\documents and settings\Alex\Application Data\DAEMON Tools Pro
2009-10-28 03:13 . 2009-10-28 03:13 -------- d-----w- c:\temp\Windows 7 Professional (x86) - DVD (English)
2009-10-27 05:08 . 2009-10-27 05:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-27 05:06 . 2009-10-27 05:06 -------- d-----w- c:\program files\Trend Micro
2009-10-27 04:08 . 2009-10-27 04:08 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-26 15:56 . 2009-10-31 06:47 -------- d-----w- c:\documents and settings\Alex\.housecall6.6
2009-10-26 04:50 . 2009-11-02 05:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-26 04:30 . 2009-10-26 16:27 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-26 04:30 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-26 04:30 . 2009-10-26 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-26 04:30 . 2009-10-26 04:30 -------- d-----w- c:\program files\Lavasoft
2009-10-21 00:30 . 2009-10-21 00:30 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\Unity
2009-10-21 00:30 . 2009-10-21 00:30 -------- d-----w- c:\program files\Unity
2009-10-17 12:30 . 2009-10-17 12:30 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-10-14 01:02 . 2006-04-05 23:38 110592 ----a-w- c:\documents and settings\Alex\Application Data\U3\temp\cleanup.exe
2009-10-14 01:01 . 2009-10-14 01:02 -------- d-----w- c:\documents and settings\Alex\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 13:38 . 2009-08-23 15:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-27 20:13 . 2009-08-23 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-26 16:27 . 2009-08-28 13:46 -------- d-----w- c:\program files\Common Files\AOL
2009-10-26 04:39 . 2009-08-26 14:55 718496 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-14 20:06 . 2009-06-04 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-01 20:58 . 2009-10-01 20:58 -------- d-----w- c:\documents and settings\Alex\Application Data\InterVideo
2009-09-30 02:30 . 2009-08-29 19:34 -------- d-----w- c:\documents and settings\Alex\Application Data\Apple Computer
2009-09-23 12:55 . 2009-10-26 04:31 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-20 16:34 . 2009-09-20 16:34 -------- d-----w- c:\program files\CPUID
2009-09-14 16:18 . 2009-09-14 16:17 -------- d-----w- c:\program files\iTunes
2009-09-14 16:18 . 2009-09-14 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-14 16:17 . 2009-09-14 16:17 -------- d-----w- c:\program files\iPod
2009-09-14 16:17 . 2009-08-29 19:33 -------- d-----w- c:\program files\Common Files\Apple
2009-09-14 16:16 . 2009-09-14 16:16 -------- d-----w- c:\program files\QuickTime
2009-09-14 16:13 . 2009-09-14 16:13 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-11 14:18 . 2006-04-30 06:55 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 01:02 . 2009-06-04 19:58 88856 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-09 00:18 . 2009-06-04 19:43 -------- d-----w- c:\program files\MSBuild
2009-09-09 00:16 . 2009-09-09 00:16 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-08 12:35 . 2009-09-08 12:21 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-08 12:24 . 2009-09-08 12:24 1 ----a-w- c:\documents and settings\Alex\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-09-08 12:23 . 2009-09-08 12:23 -------- d-----w- c:\documents and settings\Alex\Application Data\OpenOffice.org
2009-09-08 12:21 . 2009-08-30 01:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-08 12:21 . 2009-06-04 20:10 -------- d-----w- c:\program files\Java
2009-09-04 21:03 . 2006-04-30 06:55 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-30 01:46 . 2009-08-30 01:46 152576 ----a-w- c:\documents and settings\Alex\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-29 08:08 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 21:37 . 2009-08-27 21:37 0 ----a-w- c:\windows\nsreg.dat
2009-08-26 08:00 . 2006-04-30 06:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 09:15 . 2006-04-30 07:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-23 09:06 . 2009-08-23 09:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-23 09:06 . 2009-08-23 09:06 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-23 09:06 . 2009-08-23 09:06 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-23 09:06 . 2009-08-23 09:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 15:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-15 61728]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-08-31 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-08-31 124248]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-01-14 389120]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2009-01-14 208896]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-13 40960]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-08 149280]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2008-06-07 181536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2009-04-17 21:15 32768 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 09:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Alex\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Alex\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ThinkPad\\ConnectUtilities\\SvcGuiHlpr.exe"=
"c:\\Program Files\\Lenovo\\Rescue and Recovery\\rrpservice.exe"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\ThinkPad\\Utilities\\EZEJMNAP.EXE"=
"c:\\Program Files\\Digital Line Detect\\DLG.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"548:TCP"= 548:TCP:Share

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/25/2009 11:31 PM 64288]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 6:21 PM 19496]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/23/2009 4:06 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/23/2009 4:06 AM 108552]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\documents and settings\Alex\Desktop\VCdRom.sys [12/19/2001 10:45 AM 8576]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/23/2009 4:06 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/23/2009 4:06 AM 297752]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [9/20/2009 11:34 AM 12672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1179232]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [6/4/2009 3:17 PM 53248]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [4/16/2009 11:05 PM 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 5:34 PM 520192]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [6/4/2009 2:55 PM 2058776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/28/2009 8:47 AM 24652]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/4/2009 2:25 PM 239760]
R3 RTL8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [6/4/2009 2:53 PM 555520]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 5:54 PM 37312]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [4/16/2009 11:05 PM 45424]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 PM 360448]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 10:15 AM 1120752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 05:31]

2009-11-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1977181030-808233941-3996404931-1008Core.job
- c:\documents and settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-05 20:20]

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1977181030-808233941-3996404931-1008UA.job
- c:\documents and settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-05 20:20]

2009-09-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]

2009-11-05 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-06-04 16:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {59B16FCE-5149-4BDE-8DA8-C788DD73F7DE} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\tn3qbeuk.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{3a6aedbe-6aca-4992-9f63-8e300c99c39b} - (no file)
SharedTaskScheduler-{5f3d6edb-0b3f-427c-8f7c-b49eb9d089ef} - (no file)
SSODL-nibafidul-{3a6aedbe-6aca-4992-9f63-8e300c99c39b} - (no file)
SSODL-javukadov-{5f3d6edb-0b3f-427c-8f7c-b49eb9d089ef} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 00:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,82,c4,23,45,da,c5,49,a9,bf,01,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,82,c4,23,45,da,c5,49,a9,bf,01,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1112)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\windows\system32\WININET.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll

- - - - - - - > 'explorer.exe'(4980)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-11-05 0:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-05 05:22

Pre-Run: 90,992,144,384 bytes free
Post-Run: 90,576,441,344 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

Attached Files



#6 exal85

exal85
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 05 November 2009 - 12:29 AM

Not sure if this matters, but I do plan on updating to windows 7 after my computer is fully operational again.

#7 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:27 PM

Posted 05 November 2009 - 02:34 PM

Step # 1: Run CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    KILLALL::
    
    Folder::
    
    C:\VundoFix Backups
    
    DDS::
    
    uURLSearchHooks: H - No File
    BHO: 1 (0x1) - No File


  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




    Posted Image


    Note: This CFScript is for use on exal85's computer only! Do not use it on your computer.


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh DDS Log taken after Step 1 has been completed.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#8 exal85

exal85
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 05 November 2009 - 04:26 PM

So, on the restarting of the computer after the ComboFix ran my computer went blue screen, immediately restarted and combofix did not boot up on the second restart. So I have no record of the last scan.

what should I do from here?

#9 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:27 PM

Posted 06 November 2009 - 12:48 AM

Look in either the C:\ComboFix or c:\Qoobox folder(s) and see if you can find ComboFix.txt. If you do find the file, go ahead and post the contents of the ComboFix Log.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#10 exal85

exal85
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 06 November 2009 - 08:41 AM

The log is practically empty:

ComboFix 09-11-05.01 - Alex 11/05/2009 16:13:08.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2026.993 [GMT -5:00]
Running from: C:\Documents and Settings\Alex\My Documents\Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alex\My Documents\Downloads\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

#11 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:27 PM

Posted 06 November 2009 - 03:16 PM

Ok, go ahead and run ComboFix again (normally this time, no need to drag CFScript.txt onto it) and post back the log you get. Be sure to disable AVG before you run ComboFix.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#12 exal85

exal85
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 06 November 2009 - 04:49 PM

ComboFix 09-11-05.05 - Alex 11/06/2009 16:37.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2026.1077 [GMT -5:00]
Running from: c:\documents and settings\Alex\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.

2009-11-06 13:50 . 2009-10-21 12:30 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-05 04:58 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-05 04:58 . 2008-04-13 18:40 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-02 05:31 . 2009-11-02 05:31 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-02 05:31 . 2009-11-02 05:31 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-02 05:31 . 2009-11-02 05:31 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-02 05:31 . 2009-11-02 05:31 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-02 05:31 . 2009-11-02 05:31 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-02 05:31 . 2009-11-02 05:31 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-02 05:31 . 2009-11-02 05:31 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-02 05:31 . 2009-11-02 05:31 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-02 05:31 . 2009-11-02 05:31 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-31 06:46 . 2009-10-26 15:56 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-31 05:33 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 05:33 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 03:46 . 2009-10-31 05:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 03:46 . 2009-10-31 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-31 03:45 . 2009-10-31 03:45 -------- d-----w- c:\documents and settings\Alex\Application Data\Malwarebytes
2009-10-30 04:25 . 2009-10-30 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-10-30 04:23 . 2009-10-31 05:54 -------- d-----w- c:\documents and settings\Alex\Application Data\IObit
2009-10-30 04:23 . 2009-10-30 04:25 -------- d-----w- c:\program files\IObit
2009-10-28 03:43 . 2009-10-28 03:43 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-28 03:24 . 2009-10-28 03:31 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-28 03:24 . 2009-10-28 03:24 -------- d-----w- c:\documents and settings\Alex\Application Data\DAEMON Tools Pro
2009-10-28 03:13 . 2009-10-28 03:13 -------- d-----w- c:\temp\Windows 7 Professional (x86) - DVD (English)
2009-10-27 05:08 . 2009-10-27 05:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-27 05:06 . 2009-10-27 05:06 -------- d-----w- c:\program files\Trend Micro
2009-10-27 04:08 . 2009-10-27 04:08 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-26 15:56 . 2009-10-31 06:47 -------- d-----w- c:\documents and settings\Alex\.housecall6.6
2009-10-26 04:50 . 2009-11-02 05:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-26 04:30 . 2009-10-26 16:27 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-26 04:30 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-26 04:30 . 2009-10-26 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-26 04:30 . 2009-10-26 04:30 -------- d-----w- c:\program files\Lavasoft
2009-10-21 00:30 . 2009-10-21 00:30 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\Unity
2009-10-21 00:30 . 2009-10-21 00:30 -------- d-----w- c:\program files\Unity
2009-10-17 12:30 . 2009-10-17 12:30 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-10-14 01:02 . 2006-04-05 23:38 110592 ----a-w- c:\documents and settings\Alex\Application Data\U3\temp\cleanup.exe
2009-10-14 01:01 . 2009-10-14 01:02 -------- d-----w- c:\documents and settings\Alex\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 13:38 . 2009-08-23 15:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-27 20:13 . 2009-08-23 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-26 16:27 . 2009-08-28 13:46 -------- d-----w- c:\program files\Common Files\AOL
2009-10-26 04:39 . 2009-08-26 14:55 718496 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-14 20:06 . 2009-06-04 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-01 20:58 . 2009-10-01 20:58 -------- d-----w- c:\documents and settings\Alex\Application Data\InterVideo
2009-09-30 02:30 . 2009-08-29 19:34 -------- d-----w- c:\documents and settings\Alex\Application Data\Apple Computer
2009-09-23 12:55 . 2009-10-26 04:31 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-20 16:34 . 2009-09-20 16:34 -------- d-----w- c:\program files\CPUID
2009-09-14 16:18 . 2009-09-14 16:17 -------- d-----w- c:\program files\iTunes
2009-09-14 16:18 . 2009-09-14 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-14 16:17 . 2009-09-14 16:17 -------- d-----w- c:\program files\iPod
2009-09-14 16:17 . 2009-08-29 19:33 -------- d-----w- c:\program files\Common Files\Apple
2009-09-14 16:16 . 2009-09-14 16:16 -------- d-----w- c:\program files\QuickTime
2009-09-14 16:13 . 2009-09-14 16:13 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-11 14:18 . 2006-04-30 06:55 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 01:02 . 2009-06-04 19:58 88856 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-09 00:18 . 2009-06-04 19:43 -------- d-----w- c:\program files\MSBuild
2009-09-09 00:16 . 2009-09-09 00:16 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-08 12:35 . 2009-09-08 12:21 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-08 12:24 . 2009-09-08 12:24 1 ----a-w- c:\documents and settings\Alex\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-09-08 12:23 . 2009-09-08 12:23 -------- d-----w- c:\documents and settings\Alex\Application Data\OpenOffice.org
2009-09-08 12:21 . 2009-08-30 01:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-08 12:21 . 2009-06-04 20:10 -------- d-----w- c:\program files\Java
2009-09-04 21:03 . 2006-04-30 06:55 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-30 01:46 . 2009-08-30 01:46 152576 ----a-w- c:\documents and settings\Alex\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-29 08:08 . 2006-04-30 06:56 916480 ------w- c:\windows\system32\wininet.dll
2009-08-27 21:37 . 2009-08-27 21:37 0 ----a-w- c:\windows\nsreg.dat
2009-08-26 08:00 . 2006-04-30 06:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 09:15 . 2006-04-30 07:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-23 09:06 . 2009-08-23 09:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-23 09:06 . 2009-08-23 09:06 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-23 09:06 . 2009-08-23 09:06 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-23 09:06 . 2009-08-23 09:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-11-05_05.12.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-05 21:21 . 2009-11-05 21:21 16384 c:\windows\temp\Perflib_Perfdata_310.dat
+ 2006-04-30 06:55 . 2009-11-05 21:25 96882 c:\windows\system32\perfc009.dat
- 2006-04-30 06:55 . 2009-11-05 05:07 96882 c:\windows\system32\perfc009.dat
+ 2006-04-30 06:55 . 2009-11-05 21:25 512348 c:\windows\system32\perfh009.dat
- 2006-04-30 06:55 . 2009-11-05 05:07 512348 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 15:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-15 61728]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-08-31 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-08-31 124248]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-01-14 389120]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2009-01-14 208896]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-13 40960]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-08 149280]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2008-06-07 181536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2009-04-17 21:15 32768 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 09:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Alex\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Alex\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ThinkPad\\ConnectUtilities\\SvcGuiHlpr.exe"=
"c:\\Program Files\\Lenovo\\Rescue and Recovery\\rrpservice.exe"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\ThinkPad\\Utilities\\EZEJMNAP.EXE"=
"c:\\Program Files\\Digital Line Detect\\DLG.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"548:TCP"= 548:TCP:Share

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/25/2009 11:31 PM 64288]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 6:21 PM 19496]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/23/2009 4:06 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/23/2009 4:06 AM 108552]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\documents and settings\Alex\Desktop\VCdRom.sys [12/19/2001 10:45 AM 8576]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/23/2009 4:06 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/23/2009 4:06 AM 297752]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [9/20/2009 11:34 AM 12672]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [6/4/2009 3:17 PM 53248]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [4/16/2009 11:05 PM 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 5:34 PM 520192]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [6/4/2009 2:55 PM 2058776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/28/2009 8:47 AM 24652]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/4/2009 2:25 PM 239760]
R3 RTL8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [6/4/2009 2:53 PM 555520]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 5:54 PM 37312]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1179232]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [4/16/2009 11:05 PM 45424]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 PM 360448]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 10:15 AM 1120752]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 05:31]

2009-11-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1977181030-808233941-3996404931-1008Core.job
- c:\documents and settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-05 20:20]

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1977181030-808233941-3996404931-1008UA.job
- c:\documents and settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-05 20:20]

2009-09-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]

2009-11-06 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-06-04 16:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {59B16FCE-5149-4BDE-8DA8-C788DD73F7DE} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\tn3qbeuk.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 16:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,82,c4,23,45,da,c5,49,a9,bf,01,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,82,c4,23,45,da,c5,49,a9,bf,01,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1108)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\windows\system32\WININET.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll

- - - - - - - > 'explorer.exe'(3776)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-06 16:43
ComboFix-quarantined-files.txt 2009-11-06 21:43
ComboFix2.txt 2009-11-05 05:22

Pre-Run: 90,359,988,224 bytes free
Post-Run: 90,316,324,864 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F426857C49850D36B989DCCA22355E97

#13 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:27 PM

Posted 06 November 2009 - 11:16 PM

Step # 1 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u17.
  • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Remove the following old versions of Java:

  • J2SE Runtime Environment 5.0 Update 16

    Java™ 6 Update 16


  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • From your desktop double-click on the download to install the newest version.



Step # 2: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) CleanerŠ by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.




Step # 3 Run Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware.
  • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
  • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.


Post the MalwareBytes' Log in your next post/reply.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#14 exal85

exal85
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 08 November 2009 - 11:59 AM

Malwarebytes' Anti-Malware 1.41
Database version: 3126
Windows 5.1.2600 Service Pack 3

11/8/2009 11:56:20 AM
mbam-log-2009-11-08 (11-56-20).txt

Scan type: Quick Scan
Objects scanned: 113180
Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks for all the help.

#15 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:27 PM

Posted 08 November 2009 - 12:59 PM

Step # 1 Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available. (See Note below)
  • First, go to Add/Remove Programs and uninstall Adobe Reader 8.1.2.
  • Please go to this link Adobe Acrobat Reader Download Link
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts
Note: Adobe 9.2.0 is a large program and if you prefer a smaller program you can get Foxit 3.1 instead from http://www.foxitsoftware.com/pdf/rd_intro.php

If you decide to install Foxit 3.1.2 instead of Adobe, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes:

I accept the License Terms and want to install Foxit Toolbar

Make Ask.com my default search

Create desktop, quick launch and start menu icon to eBay




Step # 2: Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

In your next post/reply, I need to see the following:

1. Kaspersky Log
2. A fresh DDS Log
3. How is your computer doing, any problems?

MalWare Removal University Master

Member of ASAP
unite_Invision.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users