1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Computer infected after "XP Deluxe Protector" was found

Discussion in 'Malware and Virus Removal Archive' started by Laker4Life, 2009/06/17.

Page 1 of 2
  1. 2009/06/17
    Laker4Life

    Laker4Life Inactive Thread Starter

    Joined:
    2009/06/17
    Messages:
    25
    Likes Received:
    0
    [Resolved] Computer infected after "XP Deluxe Protector" was found

    I have a Lenovo Thinkpad runnning Win XP SP 3. Everything was working fine until a couple of days a go when I found out that I had some kind of scareware called XP Deluxe Protector. I suspect that at the same time as I got infected with XPDP, I got a whole bunch of other viruses because since then my computer has been crashing for no apparent reason and freezing on startup as well. Sometimes, I need to reboot several times before I can actually get into Windows. I have run AVG antivirus several times and several files were healed and/or quarantined, but many were unabled to be cleaned. Also, I have tried to do a system restore to the point when my computer was working fine but the system restore feature seems to have been affected as well because I can select the date of the restore point but when I click next, nothing happens.

    I have therefore attached the contents of the DDS.txt and Attach.txt for some help.

    Thanks.




    DDS (Ver_09-05-14.01) - NTFSx86
    Run by Igal Corcos at 21:39:18.48 on Wed 06/17/2009
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1.#QNAN.977 [GMT -4:00]

    AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
    C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    E:\temp\dds.scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/webhp
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
    mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
    mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
    mRun: [<NO NAME>]
    mRun: [TpShocks] TpShocks.exe
    mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
    mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
    mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
    mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
    mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
    mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
    mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
    mRun: [LPMailChecker] c:\progra~1\thinkv~2\prdctr\LPMLCHK.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe "
    dRun: [xpprotect] c:\windows\system32\config\systemprofile\xp deluxe protector\xpdeluxe.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    TCP: NameServer = 85.255.112.195,85.255.112.14
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: ACNotify - ACNotify.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
    Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
    Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    LSA: Notification Packages = scecli psqlpwd ACGina c:\program files\thinkvantage fingerprint software\psqlpwd.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\igalco~1\applic~1\mozilla\firefox\profiles\noz8qn7o.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp
    FF - component: c:\program files\lenovo\client security solution\pwm firefox extension\components\tvtpwm_moz_xpcom.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll

    ============= SERVICES / DRIVERS ===============

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-6-7 12552]
    R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2009-1-28 117800]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-1-28 20520]
    R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2009-6-5 11520]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-7 327688]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-7 27784]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-7 108552]
    R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2009-6-5 6016]
    R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2009-6-5 4442]
    R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-7 906520]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-7 298776]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
    R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2008-11-21 12560]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]
    R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 30336]
    S2 tdbcjtx;tdbcjtx;\??\c:\windows\system32\drivers\pojuunaumvkgr.sys --> c:\windows\system32\drivers\pojuunaumvkgr.sys [?]

    =============== Created Last 30 ================

    2009-06-15 23:18 <DIR> --d----- c:\program files\Windows Media Components
    2009-06-15 15:25 <DIR> --d----- c:\docume~1\igalco~1\applic~1\mjusbsp
    2009-06-15 01:43 <DIR> --d----- c:\program files\uTorrent
    2009-06-15 01:42 <DIR> --d----- c:\docume~1\igalco~1\applic~1\uTorrent
    2009-06-11 18:00 <DIR> --d----- c:\program files\Xvid
    2009-06-11 00:13 <DIR> --d----- c:\program files\GPLGS
    2009-06-11 00:12 <DIR> --d----- c:\program files\Acro Software
    2009-06-10 21:54 <DIR> --dsh--- c:\documents and settings\igal corcos\IECompatCache
    2009-06-09 14:50 <DIR> --d----- c:\program files\common files\InterVideo
    2009-06-09 09:32 <DIR> --d----- c:\docume~1\igalco~1\applic~1\Helios
    2009-06-08 19:35 <DIR> --d----- c:\program files\MediaMonkey
    2009-06-08 14:39 <DIR> --d----- c:\program files\Jewish Calendar
    2009-06-08 00:26 <DIR> --d----- c:\docume~1\igalco~1\applic~1\Windows Search
    2009-06-07 17:55 <DIR> --d----- c:\program files\Unlocker
    2009-06-07 17:14 <DIR> --d----- c:\program files\Seagate
    2009-06-07 17:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Seagate
    2009-06-07 13:38 <DIR> --d----- c:\program files\common files\ThinkVantage Fingerprint Software
    2009-06-07 13:38 <DIR> --d----- c:\program files\common files\SPBA
    2009-06-07 13:36 <DIR> --d----- c:\program files\Digital Line Detect
    2009-06-07 13:36 <DIR> --d----- c:\program files\NetWaiting
    2009-06-07 13:33 <DIR> --d----- c:\docume~1\igalco~1\applic~1\Intel
    2009-06-07 13:33 <DIR> --d----- c:\program files\common files\Intel
    2009-06-07 13:02 <DIR> --d----- c:\docume~1\igalco~1\applic~1\Downloaded Installations
    2009-06-07 04:09 <DIR> --d----- c:\docume~1\igalco~1\applic~1\Auslogics
    2009-06-07 03:35 <DIR> --d----- c:\docume~1\igalco~1\applic~1\Windows Desktop Search
    2009-06-07 03:34 <DIR> --d----- c:\program files\Windows Desktop Search
    2009-06-07 03:29 <DIR> --d----- c:\program files\Auslogics
    2009-06-07 03:28 <DIR> --d----- c:\program files\CCleaner
    2009-06-07 03:10 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
    2009-06-07 02:14 <DIR> --d----- c:\program files\ZipItFree
    2009-06-07 02:01 <DIR> --dsh--- c:\documents and settings\igal corcos\PrivacIE
    2009-06-07 02:01 <DIR> --d----- c:\program files\TextPad 5
    2009-06-07 01:56 <DIR> --dsh--- c:\documents and settings\igal corcos\IETldCache
    2009-06-07 01:35 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-06-07 00:30 <DIR> --d----- c:\program files\AVG
    2009-06-07 00:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
    2009-06-05 18:30 <DIR> --d----- c:\program files\Windows Live Toolbar
    2009-06-05 18:30 <DIR> --d----- c:\docume~1\igalco~1\applic~1\Lenovo
    2009-06-05 18:30 <DIR> --d----- c:\documents and settings\igal corcos\Bluetooth Software
    2009-06-05 18:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
    2009-06-05 18:15 <DIR> --d----- c:\program files\common files\Symantec Shared
    2009-06-05 18:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC-Doctor
    2009-06-05 18:07 <DIR> --d----- c:\program files\PCDR5
    2009-06-05 18:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lenovo
    2009-06-05 18:06 <DIR> --d----- c:\program files\ThinkVantage
    2009-06-05 18:05 <DIR> --d----- c:\program files\Sonic Icons for Lenovo
    2009-06-05 18:05 <DIR> --d----- c:\program files\Sonic
    2009-06-05 18:05 <DIR> --d----- c:\program files\common files\SureThing Shared
    2009-06-05 18:05 <DIR> --d----- c:\program files\Multimedia Center for Think Offerings
    2009-06-05 18:05 <DIR> --d----- c:\program files\common files\Sonic Shared
    2009-06-05 18:05 <DIR> --d----- c:\program files\InterVideo
    2009-06-05 18:04 <DIR> --d----- c:\program files\common files\Lenovo
    2009-06-05 17:59 <DIR> --d----- c:\program files\CONEXANT
    2009-06-05 17:58 <DIR> --d----- c:\program files\Analog Devices
    2009-06-05 17:56 <DIR> --d----- c:\program files\ThinkVantage Fingerprint Software
    2009-06-05 17:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\UIB
    2009-06-05 17:54 <DIR> --d----- c:\program files\Lenovo
    2009-06-05 17:53 <DIR> --d----- c:\program files\ThinkPad
    2009-06-05 17:51 <DIR> --d----- c:\program files\Synaptics
    2009-06-05 17:50 <DIR> --d----- c:\program files\MSXML 4.0
    2009-06-05 17:42 <DIR> --d----- c:\program files\Windows Media Connect 2

    ==================== Find3M ====================

    2009-06-16 01:27 0 a------- C:\pcwr.exe
    2009-06-16 01:27 0 a------- C:\tqlyamn.exe
    2009-06-16 01:27 10,240 a------- C:\ddxkfhqb.exe
    2009-06-16 01:27 206 a------- C:\x345.bat
    2009-06-16 01:27 0 a------- c:\windows\system32\drivers\str.sys
    2009-06-15 15:23 90,709 a------- c:\windows\system32\nvModes.dat
    2009-06-11 09:43 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
    2009-06-09 14:43 33,536 a------- c:\windows\system32\drivers\tvtfilter.sys
    2009-06-07 13:42 129,784 -------- c:\windows\system32\pxafs.dll
    2009-06-07 13:42 118,520 -------- c:\windows\system32\pxinsi64.exe
    2009-06-07 13:42 116,472 -------- c:\windows\system32\pxcpyi64.exe
    2009-06-07 13:02 30,144 a------- c:\windows\system32\drivers\psadd.sys
    2009-06-07 11:07 64,400 a------- c:\windows\BricoPackUninst.cmd
    2009-06-07 11:07 6,120 a------- c:\windows\BricoPackFoldersDelete.cmd
    2009-06-07 11:07 218,624 a------- c:\windows\system32\uxtheme-old.dll
    2009-06-07 10:33 11,952 a------- c:\windows\system32\avgrsstx.dll
    2009-06-07 10:33 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
    2009-06-07 10:33 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
    2009-06-07 01:11 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2009-06-05 18:30 50 a------- c:\windows\system32\drivers\LENOVO_8891_CTO.MRK
    2009-06-05 18:11 7,012 a------- c:\windows\system32\drivers\pmemnt.sys
    2009-05-25 00:24 350,208 a------- c:\windows\system32\mssph.dll
    2009-05-21 14:46 268,288 -------- c:\windows\system32\dllcache\httpext.dll
    2009-05-13 01:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
    2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
    2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
    2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
    2009-05-12 01:11 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
    2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
    2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
    2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
    2009-04-30 17:22 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
    2009-04-30 17:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
    2009-04-30 17:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
    2009-04-30 17:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
    2009-04-30 17:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
    2009-04-30 17:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
    2009-04-30 17:22 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
    2009-04-30 07:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
    2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
    2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
    2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
    2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
    2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll

    ============= FINISH: 21:41:48.73 ===============

    I am posting the contents of Attach.txt as well as per Arie's post here:http://www.windowsbbs.com/malware-virus-removal/announcements.html



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-05-14.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12:00:00 AM
    System Uptime: 6/17/2009 9:13:28 PM (0 hours ago)

    Motherboard: LENOVO | | 8891CTO
    Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | None | 2194/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 67 GiB total, 44.688 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 20 GiB total, 0.84 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================


    ==== Event Viewer Messages From Past Week ========

    6/17/2009 3:45:32 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running.
    6/17/2009 3:45:01 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    6/17/2009 12:49:01 AM, error: Service Control Manager [7028] - The tdbcjtx Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
    6/16/2009 9:47:13 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    6/16/2009 8:40:59 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    6/16/2009 8:40:59 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/16/2009 3:03:21 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/16/2009 10:51:28 AM, error: Service Control Manager [7034] - The AVG8 E-mail Scanner service terminated unexpectedly. It has done this 2 time(s).
    6/16/2009 10:51:22 AM, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
    6/16/2009 10:51:22 AM, error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s).
    6/16/2009 10:51:22 AM, error: Service Control Manager [7034] - The AVG8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
    6/15/2009 10:17:02 PM, error: Dhcp [1002] - The IP address lease 10.20.7.102 for the Network Card with network address 001DE04B9CDD has been denied by the DHCP server 10.71.0.1 (The DHCP Server sent a DHCPNACK message).
    6/12/2009 8:34:37 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg8wd service.
    6/10/2009 11:15:14 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'pda_base.exe' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

    ==== End Of File ===========================
     
    Laker4Life,
    #1
  2. 2009/06/18
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Hi and welcome



    Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.


    If you need to do so because of being blocked to the web site for the download
    Transfer all files via Flash/USB drive you just downloaded, to the desktop of the infected computer.


    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2
    Link 3



    Example:

    * IamNotMalware.exe
    * PleaseDontEatMe.exe

    [​IMG]


    [​IMG]
    --------------------------------------------------------------------
    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    (Click on this link to see a list of programs that should be disabled.)
    http://www.bleepingcomputer.com/forums/topic114351.html

    Please leave the flash drive plugged in while completing the following.

    Double click on Combo-Fix.exe & follow the prompts.

    Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

    No Validation is Required.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



    ** Please Note:
    At times ComboFix may appear to stall, please be patient.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

    Please only run the tool once, ty.

    Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
    Don't select to run the Recovery Console as we don't need it.
    By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

    You may need several replies to post the requested logs, otherwise they might get cut off.
     
    Juliet,
    #2


  3. to hide this advert.

  4. 2009/06/18
    Laker4Life

    Laker4Life Inactive Thread Starter

    Joined:
    2009/06/17
    Messages:
    25
    Likes Received:
    0
    Malware removed and computer restored

    Thank you so much for your help. The process worked exactly as described. I did get some errors at one point regarding some sort dll file, but nevertheless the cleanup worked and my computer is now back in business.

    Can you also recommend a good/free Adware/Malware proteciton program? I want to prevent this from happening again in the future.
     
    Laker4Life,
    #3
  5. 2009/06/19
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    It's music to my ears.

    So that I can ensure all the malicious files have been removed we actually need to continue.
    If you can please post
    the C:\ComboFix.txt along with a new DDS log.

    Later I can recommend Malware scanners.
     
    Juliet,
    #4
  6. 2009/06/19
    Laker4Life

    Laker4Life Inactive Thread Starter

    Joined:
    2009/06/17
    Messages:
    25
    Likes Received:
    0
    Here you go. I am posting each file in a separate post because the text for both files is too long for a single post.

    ===================== ComboFix ============================

    ComboFix 09-06-17.04 - Igal Corcos 06/18/2009 9:04.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1496 [GMT -4:00]
    Running from: c:\documents and settings\Igal Corcos\Desktop\ThisIsNotADrill.exe
    AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ADS - netcfgx.dll: deleted 49152 bytes in 1 streams.

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\ddxkfhqb.exe
    c:\windows\system32\Cache
    c:\windows\system32\config\systemprofile\XP Deluxe Protector
    c:\windows\system32\drivers\MSIVXbmbsuxufqnnrxtlfxonwfrmusqxlndpn.sys
    c:\windows\system32\drivers\UACacwooynmtoytpqo.sys
    c:\windows\system32\lowsec
    c:\windows\system32\sdra64.exe
    c:\windows\system32\UACbxdktaivmlamnkl.dll
    c:\windows\system32\UACibkwwkvndjoerbo.db
    c:\windows\system32\UACislujpbjctnlbpu.dll
    c:\windows\system32\UACjrdrormisfeotso.dll
    c:\windows\system32\UACltvacaryrsrsolq.log
    c:\windows\system32\UACmjyjbwdjdsswtei.dll
    c:\windows\system32\UACnxuprxmkmhdqjnc.dll
    c:\windows\system32\UACtrvwcucuwpokyen.dll
    c:\windows\system32\UACtvloycyrbrnrcai.dat
    c:\windows\system32\UACuoadkxtqabvtaeg.log
    c:\windows\system32\UACyotvgoekbyxdddd.log
    C:\pcwr.exe
    C:\tqlyamn.exe
    c:\windows\system32\drivers\MSIVXbmbsuxufqnnrxtlfxonwfrmusqxlndpn.sys
    c:\windows\system32\drivers\str.sys
    c:\windows\system32\drivers\UACacwooynmtoytpqo.sys
    c:\windows\system32\iehostcx32.dll
    c:\windows\system32\lowsec\local.ds
    c:\windows\system32\lowsec\user.ds
    c:\windows\system32\MSIVXcount
    c:\windows\system32\MSIVXdgeiuaieqodqlaayrdojuxjowrkdduvu.dll
    c:\windows\system32\MSIVXqpbksmxrmmygnksosfuwqikyadhcxngy.dll
    c:\windows\system32\sdra64.exe
    c:\windows\system32\UACbxdktaivmlamnkl.dll
    c:\windows\system32\UACibkwwkvndjoerbo.db
    c:\windows\system32\uacinit.dll
    c:\windows\system32\UACislujpbjctnlbpu.dll
    c:\windows\system32\UACjrdrormisfeotso.dll
    c:\windows\system32\UACltvacaryrsrsolq.log
    c:\windows\system32\UACmjyjbwdjdsswtei.dll
    c:\windows\system32\UACnxuprxmkmhdqjnc.dll
    c:\windows\system32\uactmp.db
    c:\windows\system32\UACtrvwcucuwpokyen.dll
    c:\windows\system32\UACtvloycyrbrnrcai.dat
    c:\windows\system32\UACuoadkxtqabvtaeg.log
    c:\windows\system32\UACyotvgoekbyxdddd.log
    c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
    c:\windows\zaponce53652.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_UACd.sys
    -------\Service_MSIVXserv.sys


    ((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
    .

    2009-06-17 13:45 . 2009-06-17 13:45 -------- d-----w- c:\documents and settings\Igal Corcos\Local Settings\Application Data\WMTools Downloaded Files
    2009-06-17 04:35 . 2009-06-18 04:35 -------- d--h--w- C:\$AVG8.VAULT$
    2009-06-16 19:04 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\in00000\setup.exe
    2009-06-16 19:04 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\ar00000\install.exe
    2009-06-16 19:04 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\ar00000\magicJackSplash.exe
    2009-06-16 13:55 . 2009-06-07 14:33 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
    2009-06-16 13:55 . 2009-06-07 14:33 908568 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
    2009-06-16 13:55 . 2009-06-07 14:33 352024 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
    2009-06-16 12:41 . 2009-06-16 12:41 -------- d-----w- c:\documents and settings\Igal Corcos\Local Settings\Application Data\tjnet
    2009-06-16 05:29 . 2009-06-16 05:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
    2009-06-16 05:28 . 2009-06-16 05:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-06-16 05:27 . 2009-06-16 05:27 206 ----a-w- C:\x345.bat
    2009-06-16 03:18 . 2009-06-16 03:18 -------- d-----w- c:\windows\system32\windows media
    2009-06-16 03:18 . 2009-06-16 03:18 -------- d--h--w- c:\windows\msdownld.tmp
    2009-06-16 03:18 . 2009-06-16 03:18 -------- d-----w- c:\program files\Windows Media Components
    2009-06-15 19:26 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\Upgrade\setup1.exe
    2009-06-15 19:26 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\Upgrade\install1.exe
    2009-06-15 19:25 . 2009-06-16 19:04 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp
    2009-06-15 19:25 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2009-06-15 19:25 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
    2009-06-15 05:43 . 2009-06-15 05:43 -------- d-----w- c:\program files\uTorrent
    2009-06-15 05:42 . 2009-06-16 12:43 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\uTorrent
    2009-06-11 22:36 . 2007-10-23 13:27 110592 ----a-w- c:\documents and settings\Igal Corcos\Application Data\U3\temp\cleanup.exe
    2009-06-11 22:00 . 2009-06-11 22:00 -------- d-----w- c:\program files\Xvid
    2009-06-11 22:00 . 2008-12-05 01:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
    2009-06-11 22:00 . 2008-12-05 01:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
    2009-06-11 21:55 . 2009-06-11 21:55 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\InterVideo
    2009-06-11 21:53 . 2008-05-02 14:41 3493888 ---ha-w- c:\documents and settings\Igal Corcos\Application Data\U3\temp\Launchpad Removal.exe
    2009-06-11 21:53 . 2009-06-11 22:36 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\U3
    2009-06-11 13:43 . 2009-06-07 14:33 3401496 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
    2009-06-11 13:43 . 2009-06-07 14:33 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
    2009-06-11 13:43 . 2009-06-07 14:33 1947928 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
    2009-06-11 13:43 . 2009-06-07 14:33 1217816 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgfrw.exe
    2009-06-11 13:43 . 2009-06-07 14:33 1205528 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
    2009-06-11 13:43 . 2009-06-11 13:43 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
    2009-06-11 13:43 . 2009-06-11 13:43 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
    2009-06-11 13:43 . 2009-06-11 13:43 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
    2009-06-11 13:43 . 2009-06-07 14:33 681752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgsrmx.dll
    2009-06-11 13:43 . 2009-06-07 14:33 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgsrmax.exe
    2009-06-11 13:43 . 2009-06-07 14:33 761112 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgscanx.exe
    2009-06-11 04:13 . 2009-06-11 04:13 -------- d-----w- c:\program files\GPLGS
    2009-06-11 04:12 . 2007-07-13 02:33 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
    2009-06-11 04:12 . 2009-06-11 04:12 -------- d-----w- c:\program files\Acro Software
    2009-06-11 01:57 . 2009-06-11 01:58 -------- d-----w- c:\windows\system32\drivers\UMDF
    2009-06-11 01:54 . 2009-06-11 01:54 -------- d-sh--w- c:\documents and settings\Igal Corcos\IECompatCache
    2009-06-10 05:15 . 2009-06-10 05:15 -------- d-----w- C:\_SMA
    2009-06-09 19:06 . 2009-05-21 18:46 268288 ------w- c:\windows\system32\dllcache\httpext.dll
    2009-06-09 19:06 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2009-06-09 19:06 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2009-06-09 18:50 . 2009-06-09 18:50 -------- d-----w- c:\program files\Common Files\InterVideo
    2009-06-09 18:00 . 2009-06-09 18:00 -------- d-----w- c:\documents and settings\Igal Corcos\Local Settings\Application Data\Google
    2009-06-09 13:32 . 2009-06-09 13:32 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\Helios
    2009-06-08 23:35 . 2009-06-15 17:11 -------- d-----w- c:\documents and settings\Igal Corcos\Local Settings\Application Data\MediaMonkey
    2009-06-08 23:35 . 2009-06-08 23:35 -------- d-----w- c:\program files\MediaMonkey
    2009-06-08 18:39 . 2009-06-08 18:39 -------- d-----w- c:\program files\Jewish Calendar
    2009-06-08 04:26 . 2009-06-08 04:26 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\Windows Search
    2009-06-07 22:51 . 2009-06-07 22:51 -------- d-----w- c:\program files\7-Zip
    2009-06-07 21:55 . 2009-06-07 21:56 -------- d-----w- c:\program files\Unlocker
    2009-06-07 21:14 . 2009-06-07 21:14 -------- d-----w- c:\program files\Seagate
    2009-06-07 21:14 . 2009-06-07 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
    2009-06-07 20:09 . 2009-06-07 20:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2009-06-07 19:53 . 2008-10-06 15:26 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
    2009-06-07 17:41 . 2009-06-15 19:23 90709 ----a-w- c:\windows\system32\nvModes.dat
    2009-06-07 17:38 . 2009-06-07 17:38 -------- d-----w- c:\program files\Common Files\ThinkVantage Fingerprint Software
    2009-06-07 17:38 . 2009-06-07 17:38 -------- d-----w- c:\program files\Common Files\SPBA
    2009-06-07 17:36 . 2009-06-07 17:36 -------- d-----w- c:\program files\Digital Line Detect
    2009-06-07 17:36 . 2009-06-07 17:36 -------- d-----w- c:\program files\NetWaiting
    2009-06-07 17:33 . 2009-06-07 17:33 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\Intel
    2009-06-07 17:33 . 2009-06-07 17:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
    2009-06-07 17:33 . 2009-03-04 14:31 4202496 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
    2009-06-07 17:33 . 2008-06-20 14:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
    2009-06-07 17:33 . 2008-06-20 14:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
    2009-06-07 17:33 . 2009-06-07 17:33 -------- d-----w- c:\program files\Common Files\Intel
    2009-06-07 17:33 . 2009-06-07 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
    2009-06-07 17:03 . 2009-05-28 02:11 47416 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\PoorBayBattery\BHProxy64.exe
    2009-06-07 17:03 . 2009-05-28 02:11 45368 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\PoorBayBattery\BHProxy32.exe
    2009-06-07 17:03 . 2009-05-28 02:11 10552 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\LowMemory\MemoryCheck.exe
    2009-06-07 17:03 . 2009-05-28 02:11 11064 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\InternalHDDBackup\BackupCheck.exe
    2009-06-07 17:03 . 2009-05-28 02:11 47416 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\PoorMainBattery\BHProxy64.exe
    2009-06-07 17:03 . 2009-05-28 02:11 47416 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\FairMainBattery\BHProxy64.exe
    2009-06-07 17:03 . 2009-05-28 02:11 45368 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\PoorMainBattery\BHProxy32.exe
    2009-06-07 17:03 . 2009-05-28 02:11 45368 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\FairMainBattery\BHProxy32.exe
    2009-06-07 17:03 . 2009-05-28 02:11 12600 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\PoorMainBattery\BatteryCheck.exe
    2009-06-07 17:03 . 2009-05-28 02:11 12600 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\PoorBayBattery\BatteryCheck.exe
    2009-06-07 17:03 . 2009-05-28 02:11 12600 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\FairMainBattery\BatteryCheck.exe
    2009-06-07 17:02 . 2009-06-07 17:02 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\Downloaded Installations
    2009-06-07 15:07 . 2009-06-07 15:07 64400 ----a-w- c:\windows\BricoPackUninst.cmd
    2009-06-07 15:05 . 2009-06-07 15:07 6120 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
    2009-06-07 15:05 . 2009-06-07 15:05 -------- d-----w- c:\windows\BricoPacks
    2009-06-07 14:33 . 2009-06-07 14:33 325896 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
    2009-06-07 14:33 . 2009-06-07 04:30 75272 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys
    2009-06-07 14:33 . 2009-06-07 04:30 12424 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrkx86.sys
    2009-06-07 14:33 . 2009-06-07 04:30 10520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
    2009-06-07 14:33 . 2009-06-07 14:33 27784 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
    2009-06-07 14:33 . 2009-06-07 04:30 311576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
    2009-06-07 14:32 . 2009-06-11 13:43 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
    2009-06-07 14:32 . 2009-06-07 14:33 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
    2009-06-07 14:32 . 2009-06-07 04:30 697088 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
    2009-06-07 14:32 . 2009-06-07 04:30 488728 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
    2009-06-07 08:09 . 2009-06-07 08:09 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\Auslogics
    2009-06-07 07:35 . 2009-06-07 07:35 -------- d-----w- c:\documents and settings\Igal Corcos\Local Settings\Application Data\Identities
    2009-06-07 07:35 . 2009-06-07 07:35 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\Windows Desktop Search
    2009-06-07 07:34 . 2009-06-09 19:19 -------- d-----w- c:\program files\Windows Desktop Search
    2009-06-07 07:34 . 2009-06-07 07:34 -------- d-----w- c:\windows\system32\GroupPolicy
    2009-06-07 07:33 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
    2009-06-07 07:33 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
    2009-06-07 07:33 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
    2009-06-07 07:29 . 2009-06-07 07:29 -------- d-----w- c:\program files\Auslogics
    2009-06-07 07:28 . 2009-06-07 07:28 -------- d-----w- c:\program files\CCleaner
    2009-06-07 07:14 . 2008-11-10 15:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
    2009-06-07 07:13 . 2009-06-07 07:48 -------- d-----w- c:\program files\Microsoft Works
    2009-06-07 07:12 . 2009-06-07 07:12 -------- d-----w- c:\program files\Microsoft.NET
    2009-06-07 07:10 . 2009-06-07 07:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2009-06-07 07:09 . 2009-06-07 07:19 -------- d-----w- c:\windows\SHELLNEW
    2009-06-07 07:09 . 2009-06-07 07:09 -------- d-----w- c:\documents and settings\Igal Corcos\Local Settings\Application Data\Microsoft Help
    2009-06-07 07:09 . 2009-06-09 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-06-07 07:09 . 2009-06-07 07:09 -------- d--h--r- C:\MSOCache
    2009-06-07 06:14 . 2009-06-07 06:14 -------- d-----w- c:\program files\ZipItFree
    2009-06-07 06:14 . 2009-06-07 06:14 -------- d-----w- c:\windows\ZipItFree
    2009-06-07 06:08 . 2003-06-25 20:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
    2009-06-07 06:04 . 2009-06-07 06:04 0 ----a-w- c:\windows\nsreg.dat
    2009-06-07 06:03 . 2009-06-07 06:03 -------- d-----w- c:\documents and settings\Igal Corcos\Local Settings\Application Data\Mozilla
    2009-06-07 06:01 . 2009-06-07 06:01 -------- d-sh--w- c:\documents and settings\Igal Corcos\PrivacIE
    2009-06-07 06:01 . 2009-06-07 06:01 -------- d-----w- c:\program files\TextPad 5
    2009-06-07 05:56 . 2009-06-07 05:56 -------- d-sh--w- c:\documents and settings\Igal Corcos\IETldCache

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-09 18:50 . 2009-06-05 22:05 -------- d-----w- c:\program files\InterVideo
    2009-06-07 20:01 . 2009-06-05 22:30 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\Lenovo
    2009-06-07 15:07 . 2006-04-30 06:56 218624 ----a-w- c:\windows\system32\uxtheme-old.dll
    2009-06-07 05:11 . 2006-04-30 07:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-06-07 04:13 . 2009-06-05 22:30 -------- d-----w- c:\program files\Windows Live Toolbar
    2009-06-05 22:30 . 2009-06-05 22:30 50 ----a-w- c:\windows\system32\drivers\LENOVO_8891_CTO.MRK
    2009-06-05 22:05 . 2009-06-05 22:05 -------- d-----w- c:\program files\Sonic Icons for Lenovo
    2009-06-05 22:05 . 2009-06-05 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
    2009-06-05 22:05 . 2009-06-05 22:05 -------- d-----w- c:\program files\Sonic
    2009-06-05 22:05 . 2009-06-05 22:05 -------- d-----w- c:\program files\Common Files\SureThing Shared
    2009-06-05 22:05 . 2009-06-05 22:05 -------- d-----w- c:\program files\Multimedia Center for Think Offerings
    2009-06-05 22:05 . 2009-06-05 22:05 -------- d-----w- c:\program files\Common Files\Sonic Shared
    2009-06-05 21:59 . 2009-06-05 21:59 -------- d-----w- c:\program files\CONEXANT
    2009-06-05 21:52 . 2009-06-05 22:30 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\InstallShield
    2009-05-25 04:24 . 2008-05-27 02:18 350208 ----a-w- c:\windows\system32\mssph.dll
    2009-05-13 05:15 . 2006-04-30 06:56 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-05-12 19:12 . 2006-04-30 07:28 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2009-05-07 15:32 . 2006-04-30 06:55 345600 ----a-w- c:\windows\system32\localspl.dll
    2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
    2009-04-17 12:26 . 2006-04-30 06:55 1847168 ----a-w- c:\windows\system32\win32k.sys
    2009-04-15 14:51 . 2006-04-30 06:55 585216 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-04-10 13:58 . 2009-04-10 13:58 86360 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\ug00000\magicJack.dll
    2009-04-10 13:58 . 2009-04-10 13:58 6327408 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\ug00000\setup.exe
    2009-04-10 13:58 . 2009-04-10 13:58 412784 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\magicJackLoader.exe
    2009-04-10 13:58 . 2009-04-10 13:58 480608 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\octvqe1_apiw.dll
    2009-04-10 13:58 . 2009-04-10 13:58 214360 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\TjVista.dll
    2009-04-10 13:58 . 2009-04-10 13:58 325040 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\TjIpSys.dll
    2009-04-10 13:57 . 2009-04-10 13:57 398696 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\SJHandsetTigerJet.dll
    2009-04-10 13:57 . 2009-04-10 13:57 87384 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\st00000\mjsetup.exe
    2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\st00000\magicJack.dll
    2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\magicJack.dll
    2009-04-10 13:56 . 2009-04-10 13:56 11871576 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\magicJack.exe
    2009-04-10 13:55 . 2009-04-10 13:55 725296 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\ug00000\install.exe
    2009-04-10 13:55 . 2009-04-10 13:55 87384 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\in00000\mjsetup.exe
    2009-04-10 13:55 . 2009-04-10 13:55 86360 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\in00000\magicJack.dll
    2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\ug00000\magicJackSplash.exe
    2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\st00000\magicJackSplash.exe
    2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\magicJackSplash.exe
    2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\in00000\magicJackSplash.exe
    2009-04-10 13:53 . 2009-04-10 13:53 50520 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\cdloader2.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-10-06 118784]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
    "PWRMGRTR "= "c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-19 159744]
    "BLOG "= "c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-19 208896]
    "TPFNF7 "= "c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-03-28 58416]
    "TPHOTKEY "= "c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
    "EZEJMNAP "= "c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-07 243248]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-01-14 13549568]
    "TVT Scheduler Proxy "= "c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
    "DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "AwaySch "= "c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
    "LPManager "= "c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-01-29 185688]
    "ACTray "= "c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-03-28 413696]
    "ACWLIcon "= "c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-03-28 126976]
    "AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
    "GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Message Center Plus "= "c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
    "LPMailChecker "= "c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-01-29 124248]
    "SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-01-14 86016]
    "cssauth "= "c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
    "MaxMenuMgr "= "c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
    "TpShocks "= "TpShocks.exe" - c:\windows\system32\TpShocks.exe [2009-02-03 181536]
    "nwiz "= "nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-14 1630208]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-6-7 50688]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2008-11-21 04:35 95496 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
    2007-03-28 02:51 32768 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-06-07 14:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli ACGina

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001
    "UpdatesDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Documents and Settings\\Igal Corcos\\Application Data\\mjusbsp\\magicJack.exe "=

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [6/7/2009 12:30 AM 12552]
    R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [1/28/2009 5:58 PM 117800]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [1/28/2009 5:57 PM 20520]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/7/2009 12:30 AM 327688]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/7/2009 12:30 AM 108552]
    R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [6/5/2009 5:53 PM 4442]
    R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 5:50 AM 46144]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/7/2009 10:33 AM 906520]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/7/2009 10:33 AM 298776]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968]
    R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [11/21/2008 12:11 AM 12560]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/14/2008 4:25 PM 520192]
    R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 5:50 AM 360448]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/13/2006 3:42 PM 30336]
    S2 tdbcjtx;tdbcjtx;\??\c:\windows\system32\drivers\pojuunaumvkgr.sys --> c:\windows\system32\drivers\pojuunaumvkgr.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-18 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-06-05 16:14]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/webhp
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-18 09:09
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,73,dd,f2,8f,39,87,47,8d,8f,91,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,73,dd,f2,8f,39,87,47,8d,8f,91,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(924)
    c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infql2.dll
    c:\program files\ThinkVantage Fingerprint Software\homepass.dll
    c:\program files\ThinkVantage Fingerprint Software\bio.dll
    c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
    c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
    c:\program files\Lenovo\HOTKEY\tphklock.dll
    c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
    c:\program files\ThinkVantage Fingerprint Software\vti.dll

    - - - - - - - > 'lsass.exe'(980)
    c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACON.dll
    c:\windows\system32\WININET.dll
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
    c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
    c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
    c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll

    - - - - - - - > 'explorer.exe'(5668)
    c:\windows\system32\WININET.dll
    c:\windows\system32\nview.dll
    c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
    c:\program files\Lenovo\Client Security Solution\tvtpwm_interface.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ibmpmsvc.exe
    c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    c:\program files\Intel\WiFi\bin\S24EvMon.exe
    c:\windows\system32\IPSSVC.EXE
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\windows\system32\nvsvc32.exe
    c:\progra~1\AVG\AVG8\avgam.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    c:\windows\system32\TPHDEXLG.exe
    c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
    c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
    c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    c:\windows\system32\searchindexer.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\program files\Lenovo\System Update\SUService.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\ZOOM\TpScrex.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\searchprotocolhost.exe
    c:\windows\system32\searchfilterhost.exe
    c:\program files\Lenovo\Client Security Solution\password_manager.exe
    .
    **************************************************************************
    .
    Completion time: 2009-06-18 9:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-18 13:11

    Pre-Run: 47,913,357,312 bytes free
    Post-Run: 47,957,528,576 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    444 --- E O F --- 2009-06-16 14:54
     
    Laker4Life,
    #5
  7. 2009/06/19
    Laker4Life

    Laker4Life Inactive Thread Starter

    Joined:
    2009/06/17
    Messages:
    25
    Likes Received:
    0
    the new DDS log...


    ==================== DDS ===============================

    DDS (Ver_09-05-14.01) - NTFSx86
    Run by Igal Corcos at 9:15:53.39 on Fri 06/19/2009
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1251 [GMT -4:00]

    AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
    C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\scripts\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/webhp
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
    mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
    mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
    mRun: [TpShocks] TpShocks.exe
    mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
    mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
    mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
    mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
    mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
    mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
    mRun: [LPMailChecker] c:\progra~1\thinkv~2\prdctr\LPMLCHK.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe "
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: ACNotify - ACNotify.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
    Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
    Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    LSA: Notification Packages = scecli ACGina

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\igalco~1\applic~1\mozilla\firefox\profiles\noz8qn7o.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp
    FF - component: c:\program files\lenovo\client security solution\pwm firefox extension\components\tvtpwm_moz_xpcom.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll

    ============= SERVICES / DRIVERS ===============

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-6-7 12552]
    R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2009-1-28 117800]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-1-28 20520]
    R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2009-6-5 11520]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-7 327688]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-7 27784]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-7 108552]
    R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2009-6-5 6016]
    R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2009-6-5 4442]
    R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-7 906520]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-7 298776]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
    R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2008-11-21 12560]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]
    R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 30336]
    S2 tdbcjtx;tdbcjtx;\??\c:\windows\system32\drivers\pojuunaumvkgr.sys --> c:\windows\system32\drivers\pojuunaumvkgr.sys [?]

    =============== Created Last 30 ================

    2009-06-18 08:58 <DIR> a-dshr-- C:\cmdcons
    2009-06-18 08:53 161,792 a------- c:\windows\SWREG.exe
    2009-06-18 08:53 155,136 a------- c:\windows\PEV.exe
    2009-06-18 08:53 98,816 a------- c:\windows\sed.exe
    2009-06-18 08:53 <DIR> --ds---- C:\ThisIsNotADrill
    2009-06-17 00:35 <DIR> --d-h--- C:\$AVG8.VAULT$
    2009-06-16 01:27 2 a------- C:\-398175381
    2009-06-16 01:27 206 a------- C:\x345.bat
    2009-06-15 23:18 <DIR> --d----- c:\windows\system32\windows media
    2009-06-15 23:18 <DIR> --d-h--- c:\windows\msdownld.tmp
    2009-06-15 23:18 <DIR> --d----- c:\program files\Windows Media Components
    2009-06-15 15:25 <DIR> --d----- c:\docume~1\igalco~1\applic~1\mjusbsp
    2009-06-15 15:25 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
    2009-06-15 15:25 60,032 a------- c:\windows\system32\dllcache\usbaudio.sys
    2009-06-15 01:43 <DIR> --d----- c:\program files\uTorrent
    2009-06-15 01:42 <DIR> --d----- c:\docume~1\igalco~1\applic~1\uTorrent
    2009-06-11 18:00 815,104 a------- c:\windows\system32\xvidcore.dll
    2009-06-11 18:00 180,224 a------- c:\windows\system32\xvidvfw.dll
    2009-06-11 18:00 77,824 a------- c:\windows\system32\xvid.ax
    2009-06-11 18:00 <DIR> --d----- c:\program files\Xvid
    2009-06-11 00:13 <DIR> --d----- c:\program files\GPLGS
    2009-06-11 00:12 87,552 a------- c:\windows\system32\cpwmon2k.dll
    2009-06-11 00:12 <DIR> --d----- c:\program files\Acro Software
    2009-06-10 23:52 40 a------- c:\windows\opt_1230.ini
    2009-06-10 23:52 410 a------- c:\windows\BRWMARK.INI
    2009-06-10 23:52 26 a------- c:\windows\BRPP2KA.INI
    2009-06-10 21:54 <DIR> --dsh--- c:\documents and settings\igal corcos\IECompatCache
    2009-06-10 01:15 <DIR> --d----- C:\_SMA
    2009-06-09 15:06 268,288 -------- c:\windows\system32\dllcache\httpext.dll
    2009-06-09 15:06 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
    2009-06-09 15:06 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
    2009-06-09 14:59 2,600 a------- c:\windows\system32\ICAutoUpdate.log.bak
    2009-06-09 14:50 <DIR> --d----- c:\program files\common files\InterVideo
    2009-06-09 09:32 <DIR> --d----- c:\docume~1\igalco~1\applic~1\Helios
    2009-06-08 19:35 <DIR> --d----- c:\program files\MediaMonkey
    2009-06-08 14:39 <DIR> --d----- c:\program files\Jewish Calendar
    2009-06-08 00:26 <DIR> --d----- c:\docume~1\igalco~1\applic~1\Windows Search
    2009-06-07 17:55 <DIR> --d----- c:\program files\Unlocker
    2009-06-07 17:14 <DIR> --d----- c:\program files\Seagate
    2009-06-07 17:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Seagate
    2009-06-07 15:53 110,592 a------- c:\windows\system32\SynTPCo4.dll
    2009-06-07 13:41 90,709 a------- c:\windows\system32\nvModes.dat
    2009-06-07 13:41 90,709 a------- c:\windows\system32\nvModes.001
    2009-06-07 13:41 190,706 a------- c:\windows\system32\nvapps.nvb
    2009-06-07 13:38 <DIR> --d----- c:\program files\common files\ThinkVantage Fingerprint Software
    2009-06-07 13:38 <DIR> --d----- c:\program files\common files\SPBA
    2009-06-07 13:36 <DIR> --d----- c:\program files\Digital Line Detect
    2009-06-07 13:36 <DIR> --d----- c:\program files\NetWaiting
    2009-06-07 13:33 <DIR> --d----- c:\docume~1\igalco~1\applic~1\Intel
    2009-06-07 13:33 4,202,496 a------- c:\windows\system32\drivers\NETw5x32.sys
    2009-06-07 13:33 2,756,608 a------- c:\windows\system32\NETw5r32.dll
    2009-06-07 13:33 663,552 a------- c:\windows\system32\NETw5c32.dll
    2009-06-07 13:33 <DIR> --d----- c:\program files\common files\Intel
    2009-06-07 13:02 <DIR> --d----- c:\docume~1\igalco~1\applic~1\Downloaded Installations
    2009-06-07 11:07 64,400 a------- c:\windows\BricoPackUninst.cmd
    2009-06-07 11:07 4,410,054 a------- c:\windows\BricoPack Wallpaper.bmp
    2009-06-07 11:05 6,120 a------- c:\windows\BricoPackFoldersDelete.cmd
    2009-06-07 11:05 <DIR> --d----- c:\windows\BricoPacks
    2009-06-07 04:09 <DIR> --d----- c:\docume~1\igalco~1\applic~1\Auslogics
    2009-06-07 03:35 <DIR> --d----- c:\docume~1\igalco~1\applic~1\Windows Desktop Search
    2009-06-07 03:34 <DIR> --d----- c:\windows\system32\GroupPolicy
    2009-06-07 03:34 <DIR> --d----- c:\program files\Windows Desktop Search
    2009-06-07 03:33 192,000 -------- c:\windows\system32\dllcache\offfilt.dll
    2009-06-07 03:33 98,304 -------- c:\windows\system32\dllcache\nlhtml.dll
    2009-06-07 03:33 29,696 -------- c:\windows\system32\dllcache\mimefilt.dll
    2009-06-07 03:32 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
    2009-06-07 03:30 3,251 a------- c:\windows\system32\wbem\Outlook_01c9e741c6a3c2a2.mof
    2009-06-07 03:29 <DIR> --d----- c:\program files\Auslogics
    2009-06-07 03:28 <DIR> --d----- c:\program files\CCleaner
    2009-06-07 03:24 <DIR> --d----- c:\windows\system32\appmgmt
    2009-06-07 03:16 162 a------- c:\windows\ODBC.INI
    2009-06-07 03:14 32,656 a------- c:\windows\system32\msonpmon.dll
    2009-06-07 03:10 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
    2009-06-07 03:09 <DIR> --d----- c:\windows\SHELLNEW
    2009-06-07 02:14 <DIR> --d----- c:\windows\ZipItFree
    2009-06-07 02:14 <DIR> --d----- c:\program files\ZipItFree
    2009-06-07 02:08 266,360 a------- c:\windows\system32\TweakUI.exe
    2009-06-07 02:08 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
    2009-06-07 02:01 <DIR> --dsh--- c:\documents and settings\igal corcos\PrivacIE
    2009-06-07 02:01 <DIR> --d----- c:\program files\TextPad 5
    2009-06-07 01:56 <DIR> --dsh--- c:\documents and settings\igal corcos\IETldCache
    2009-06-07 01:48 <DIR> --d----- c:\windows\system32\XPSViewer
    2009-06-07 01:47 1,676,288 -------- c:\windows\system32\xpssvcs.dll
    2009-06-07 01:47 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
    2009-06-07 01:47 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-06-07 01:47 575,488 -------- c:\windows\system32\xpsshhdr.dll
    2009-06-07 01:47 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-06-07 01:47 117,760 -------- c:\windows\system32\prntvpt.dll
    2009-06-07 01:47 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-06-07 01:43 <DIR> --d----- c:\windows\ie8updates
    2009-06-07 01:43 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
    2009-06-07 01:42 <DIR> -cd-h--- c:\windows\ie8
    2009-06-07 01:35 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-06-07 01:07 <DIR> --d----- c:\windows\ServicePackFiles
    2009-06-07 01:05 19,569 a------- c:\windows\002840_.tmp
    2009-06-07 00:41 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
    2009-06-07 00:35 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
    2009-06-07 00:35 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
    2009-06-07 00:35 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
    2009-06-07 00:35 2,560 -------- c:\windows\system32\xpsp4res.dll
    2009-06-07 00:34 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
    2009-06-07 00:34 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
    2009-06-07 00:34 <DIR> --d----- c:\windows\system32\PreInstall
    2009-06-07 00:30 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
    2009-06-07 00:30 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
    2009-06-07 00:30 11,952 a------- c:\windows\system32\avgrsstx.dll
    2009-06-07 00:30 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
    2009-06-07 00:30 <DIR> --d----- c:\windows\system32\drivers\Avg
    2009-06-07 00:30 <DIR> --d----- c:\program files\AVG
    2009-06-07 00:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
    2009-06-07 00:22 73,728 a------- c:\windows\system32\dllcache\w3ext.dll
    2009-06-07 00:12 <DIR> --d----- c:\windows\WLTB Custom Button Feeds
    2009-06-07 00:06 21,504 a------- c:\windows\system32\hidserv.dll
    2009-06-07 00:06 12,160 a------- c:\windows\system32\drivers\mouhid.sys
    2009-06-07 00:06 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
    2009-06-07 00:06 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
    2009-06-07 00:06 10,368 a------- c:\windows\system32\drivers\hidusb.sys
    2009-06-07 00:06 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
    2009-06-07 00:03 354,304 -------- c:\windows\system32\dllcache\winhttp.dll
    2009-06-06 23:47 208,744 a------- c:\windows\system32\muweb.dll
    2009-06-06 23:47 27,496 a------- c:\windows\system32\mucltui.dll.mui
    2009-06-06 23:47 268,648 a------- c:\windows\system32\mucltui.dll
    2009-06-05 20:33 10,240 a------- c:\windows\system32\drivers\compbatt.sys
    2009-06-05 20:33 14,208 a------- c:\windows\system32\drivers\battc.sys
    2009-06-05 20:33 13,952 a------- c:\windows\system32\drivers\cmbatt.sys
    2009-06-05 20:33 30,208 a------- c:\windows\system32\drivers\usbehci.sys
    2009-06-05 20:33 7,168 a------- c:\windows\system32\hccoin.dll
    2009-06-05 20:32 8,832 a------- c:\windows\system32\drivers\wmiacpi.sys
    2009-06-05 20:27 <DIR> --d----- C:\SWTOOLS
    2009-06-05 20:25 <DIR> a-d----- C:\I386
    2009-06-05 18:35 <DIR> --d----- c:\windows\system32\Client Security Solution
    2009-06-05 18:30 221,184 a------- c:\windows\system32\wmpns.dll
    2009-06-05 18:30 <DIR> --d----- c:\program files\Windows Live Toolbar
    2009-06-05 18:30 50 a------- c:\windows\system32\drivers\LENOVO_8891_CTO.MRK
    2009-06-05 18:30 10 a------- c:\windows\system32\firstboot.lgl
    2009-06-05 18:30 <DIR> --d----- c:\docume~1\igalco~1\applic~1\Lenovo
    2009-06-05 18:30 <DIR> --d----- c:\documents and settings\igal corcos\Bluetooth Software
    2009-06-05 18:30 <DIR> --d----- c:\documents and settings\Igal Corcos
    2009-06-05 18:28 <DIR> --d----- c:\windows\system32\SoftwareDistribution
    2009-06-05 18:22 8,192 a------- c:\windows\REGLOCS.OLD
    2009-06-05 18:19 61 a------- c:\windows\smscfg.ini
    2009-06-05 18:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
    2009-06-05 18:15 <DIR> --d----- c:\program files\common files\Symantec Shared
    2009-06-05 18:15 <DIR> --dshr-- C:\RRbackups
    2009-06-05 18:12 <DIR> --d----- c:\windows\system32\(null)
    2009-06-05 18:12 129,784 -------- c:\windows\system32\pxafs.dll
    2009-06-05 18:12 118,520 -------- c:\windows\system32\pxinsi64.exe
    2009-06-05 18:12 116,472 -------- c:\windows\system32\pxcpyi64.exe
    2009-06-05 18:12 <DIR> --d----- C:\SWSHARE
    2009-06-05 18:12 33,536 a------- c:\windows\system32\drivers\tvtfilter.sys
    2009-06-05 18:11 7,012 a------- c:\windows\system32\drivers\pmemnt.sys
    2009-06-05 18:11 <DIR> --d----- c:\windows\system32\IOSUBSYS
    2009-06-05 18:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC-Doctor
    2009-06-05 18:07 <DIR> --d----- c:\program files\PCDR5
    2009-06-05 18:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lenovo
    2009-06-05 18:06 44,544 a------- c:\windows\system32\msxml4a.dll
    2009-06-05 18:06 9,679 a------- c:\windows\system32\msxml4r.cat
    2009-06-05 18:06 9,675 a------- c:\windows\system32\msxml4.cat
    2009-06-05 18:06 3,489 a------- c:\windows\system32\msxml4.Manifest
    2009-06-05 18:06 500 a------- c:\windows\system32\msxml4r.Manifest
    2009-06-05 18:06 <DIR> --d----- c:\program files\ThinkVantage
    2009-06-05 18:06 <DIR> --d----- C:\Icons
    2009-06-05 18:06 922,920 -------- c:\windows\system32\ahlprun.exe
    2009-06-05 18:05 <DIR> --d----- c:\program files\Sonic Icons for Lenovo
    2009-06-05 18:05 <DIR> --d----- c:\program files\Sonic
    2009-06-05 18:05 <DIR> --d----- c:\program files\common files\SureThing Shared
    2009-06-05 18:05 <DIR> --d----- c:\program files\Multimedia Center for Think Offerings
    2009-06-05 18:05 <DIR> --d----- c:\program files\common files\Sonic Shared
    2009-06-05 18:05 <DIR> --d----- c:\program files\InterVideo
    2009-06-05 18:04 49,265 a------- c:\windows\system32\jpicpl32.cpl
    2009-06-05 18:04 <DIR> --d----- c:\program files\common files\Lenovo
    2009-06-05 18:03 30,144 a------- c:\windows\system32\drivers\psadd.sys
    2009-06-05 18:00 333 a------- c:\windows\system32\$ncsp$.inf
    2009-06-05 17:59 <DIR> --d----- c:\program files\CONEXANT
    2009-06-05 17:58 49,152 a------- c:\windows\system32\DSndUp.exe
    2009-06-05 17:58 <DIR> --d----- c:\program files\Analog Devices
    2009-06-05 17:58 1,285,632 -------- c:\windows\system32\SMMedia.dll
    2009-06-05 17:58 53,248 -------- c:\windows\system32\wdmioctl.dll
    2009-06-05 17:58 45,056 -------- c:\windows\system32\CleanUp.exe
    2009-06-05 17:56 <DIR> --d----- c:\program files\ThinkVantage Fingerprint Software
    2009-06-05 17:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\UIB
    2009-06-05 17:54 12,848 a------- c:\windows\system32\drivers\TSMAPIP.SYS
    2009-06-05 17:54 <DIR> --d----- c:\program files\Lenovo
    2009-06-05 17:53 106,557 a------- c:\windows\system32\btw_ci.dll
    2009-06-05 17:53 67,960 a------- c:\windows\system32\drivers\btwusb.sys
    2009-06-05 17:53 868,042 a------- c:\windows\system32\drivers\btkrnl.sys
    2009-06-05 17:53 16,384 a------- c:\windows\PWMBTHLP.EXE
    2009-06-05 17:53 4,442 a------- c:\windows\system32\drivers\TPPWRIF.SYS
    2009-06-05 17:53 <DIR> --d----- c:\program files\ThinkPad
    2009-06-05 17:51 2,756,608 a------- c:\windows\system32\NETw4r32.dll
    2009-06-05 17:51 2,204,672 a------- c:\windows\system32\drivers\NETw4x32.sys
    2009-06-05 17:51 679,936 a------- c:\windows\system32\NETw4c32.dll
    2009-06-05 17:51 <DIR> --d----- c:\windows\system32\ReinstallBackups
    2009-06-05 17:51 225,696 a------- c:\windows\system32\drivers\SynTP.sys
    2009-06-05 17:51 200,704 a------- c:\windows\system32\SynCtrl.dll
    2009-06-05 17:51 163,840 a------- c:\windows\system32\SynCOM.dll
    2009-06-05 17:51 147,456 a------- c:\windows\system32\SynTPAPI.dll
    2009-06-05 17:51 65,536 a------- c:\windows\system32\SynTPFcs.dll
    2009-06-05 17:51 <DIR> --d----- c:\program files\Synaptics
    2009-06-05 17:50 <DIR> --d----- c:\program files\MSXML 4.0
    2009-06-05 17:47 28,672 a------- c:\windows\system32\verclsid.exe
    2009-06-05 17:42 <DIR> --d----- c:\program files\Windows Media Connect 2
    2009-06-05 17:41 138 a------- c:\windows\system32\Softkbd.exe.config
    2009-06-05 17:38 <DIR> --d----- c:\windows\RegisteredPackages
    2009-06-05 17:36 10,240 a------- c:\windows\system32\drivers\sffp_mmc.sys

    ==================== Find3M ====================

    2009-06-07 11:07 218,624 a------- c:\windows\system32\uxtheme-old.dll
    2009-06-07 01:11 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2009-05-25 00:24 350,208 a------- c:\windows\system32\mssph.dll
    2009-05-13 01:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
    2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
    2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
    2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
    2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
    2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
    2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
    2009-04-30 17:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
    2009-04-30 17:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
    2009-04-30 17:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
    2009-04-30 17:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
    2009-04-30 17:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
    2009-04-30 07:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
    2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
    2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
    2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
    2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
    2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll

    ============= FINISH: 9:16:16.01 ===============
     
    Laker4Life,
    #6
  8. 2009/06/19
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Welcome back


    We have a little work to do.

    Locate the Worksnow/ComboFix icon on your desktop > Right click and select delete.

    We'll get an updated version.

    Download Combofix from any of the links below.

    Save it to your desktop.

    Link 1
    Link 2
    Link 3



    Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
    This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

    Click on this link Here to see a list of programs that should be disabled.
    The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.
    Code:
    Reglock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
File:: 
C:\x345.bat
c:\windows\system32\drivers\pojuunaumvkgr.sys
Driver::
tdbcjtx
    [​IMG]

    Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    If there are internet issues afterward:

    *In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.








    NEXT**
    • Download the latest version of Java SE Runtime Environment 6 Update 14 (JRE)
    • Second install down listed on the page

      *** be sure that when you update Java, to uncheck any toolbars for OpenOffice.org if you don't want those added to you computer***

      Click on the Accept License Agreement button Next Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment License Agreement. ".
      Download Now! Windows Offline Installation, Multi-language

      Now close all windows, including your browser.
      Double click on the Java installation that you downloaded and follow the prompts.

      NEXT-remove all older versions of Java Go to Start > Control Panel double-click on the Software icon > add/remove programs.
      Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... ) Select it and click Remove.
    • Close any programs you may have running - especially your web browser.
    • Repeat as many times as necessary to remove each older Java versions.
    • Reboot your computer once all Java components are removed.


    NEXT**
    Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
    Follow the instructions for the browser you use.
    Read the instructions about the cookies. Delete what you do not need.

    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:
    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Java Cache
    The rest are optional - if you want to remove the lot, check "Select All ".
    Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
    If you use the Firefox or Opera browsers, you can use this program
    as a quick way to tidy those up as well.
    When you have finished, click on the Exit button in the Main menu.
    ========================



    NEXT**
    I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
    The below scan can take up to an hour or longer, please be patient.

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.



    Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

    Ensure your external and/or USB/Flash or Pen drives are inserted during the scan.


    Other available links
    Kaspersky Online Scanner or from here
    http://www.kaspersky.com/virusscanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.

    • The program will install and then begin downloading the latest definition
      files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run. (At times it may appear to stall)
      * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
      * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
      * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Once the scan is complete, click on View scan report To obtain the report:
    Click on: Save Report As
    Next, in the Save as prompt, Save in area, select: Desktop
    In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
    Text file [*.txt]
    Then, click: Save
    Please post the Kaspersky Online Scanner Report in
    your reply.

    Animated tutorial
    http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

    (Note.. for Internet Explorer 7 users:
    If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%    .)
    Or use Firefox with IE-Tab plugin
    https://addons.mozilla.org/en-US/firefox/addon/1419


    In your next reply post:
    ComboFix.txt
    Kaspersky log
    New HJT log taken after the above scans have run


    You may need several replies to post the requested logs, otherwise they might get cut off.



    How's your computer now?
     
    Juliet,
    #7
  9. 2009/06/20
    Laker4Life

    Laker4Life Inactive Thread Starter

    Joined:
    2009/06/17
    Messages:
    25
    Likes Received:
    0
    Hi,

    My computer seems to be fine but I'm running the Kapersky scan as you suggested. I had to run the scan in Firefox because IE wasn't detecting that I had the latest version of Java. Maybe it's because I have IE 8....

    The scan has found two threats (Trojans) so far but I will let it complete and post the full results along with the new ComboFix.txt

    Could you remind me what an HJT log is?
     
    Laker4Life,
    #8
  10. 2009/06/20
    Laker4Life

    Laker4Life Inactive Thread Starter

    Joined:
    2009/06/17
    Messages:
    25
    Likes Received:
    0
    scan logs

    Here are the requested logs.

    ======================= ComboFix ========================

    ComboFix 09-06-20.02 - Igal Corcos 06/21/2009 0:18.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1240 [GMT -4:00]
    Running from: e:\scripts\SuperComboFix.exe
    AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2009-05-21 to 2009-06-21 )))))))))))))))))))))))))))))))
    .

    2009-06-19 23:35 . 2009-06-19 23:35 -------- d-----w- c:\windows\Sun
    2009-06-19 23:32 . 2009-06-19 23:32 -------- d-----w- c:\program files\Java
    2009-06-19 23:31 . 2009-06-19 23:31 152576 ----a-w- c:\documents and settings\Igal Corcos\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
    2009-06-19 23:18 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\in00000\setup.exe
    2009-06-19 23:18 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\ar00000\install.exe
    2009-06-19 23:18 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\ar00000\magicJackSplash.exe
    2009-06-19 18:42 . 2009-06-19 23:32 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-06-19 17:13 . 2009-06-19 17:22 -------- d-s---w- C:\ComboFix
    2009-06-18 12:53 . 2009-06-18 13:11 -------- d-s---w- C:\ThisIsNotADrill
    2009-06-17 13:45 . 2009-06-17 13:45 -------- d-----w- c:\documents and settings\Igal Corcos\Local Settings\Application Data\WMTools Downloaded Files
    2009-06-17 04:35 . 2009-06-19 23:10 -------- d--h--w- C:\$AVG8.VAULT$
    2009-06-16 13:55 . 2009-06-16 13:55 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
    2009-06-16 13:55 . 2009-06-07 14:33 908568 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
    2009-06-16 13:55 . 2009-06-07 14:33 352024 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
    2009-06-16 12:41 . 2009-06-16 12:41 -------- d-----w- c:\documents and settings\Igal Corcos\Local Settings\Application Data\tjnet
    2009-06-16 05:29 . 2009-06-16 05:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
    2009-06-16 05:28 . 2009-06-16 05:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-06-16 03:18 . 2009-06-16 03:18 -------- d-----w- c:\windows\system32\windows media
    2009-06-16 03:18 . 2009-06-16 03:18 -------- d--h--w- c:\windows\msdownld.tmp
    2009-06-16 03:18 . 2009-06-16 03:18 -------- d-----w- c:\program files\Windows Media Components
    2009-06-15 19:26 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\Upgrade\setup1.exe
    2009-06-15 19:26 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\Upgrade\install1.exe
    2009-06-15 19:25 . 2009-06-19 23:18 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp
    2009-06-15 19:25 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2009-06-15 19:25 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
    2009-06-15 05:43 . 2009-06-15 05:43 -------- d-----w- c:\program files\uTorrent
    2009-06-15 05:42 . 2009-06-16 12:43 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\uTorrent
    2009-06-11 22:36 . 2007-10-23 13:27 110592 ----a-w- c:\documents and settings\Igal Corcos\Application Data\U3\temp\cleanup.exe
    2009-06-11 22:00 . 2009-06-11 22:00 -------- d-----w- c:\program files\Xvid
    2009-06-11 22:00 . 2008-12-05 01:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
    2009-06-11 22:00 . 2008-12-05 01:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
    2009-06-11 21:55 . 2009-06-11 21:55 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\InterVideo
    2009-06-11 21:53 . 2008-05-02 14:41 3493888 ---ha-w- c:\documents and settings\Igal Corcos\Application Data\U3\temp\Launchpad Removal.exe
    2009-06-11 21:53 . 2009-06-11 22:36 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\U3
    2009-06-11 13:43 . 2009-06-07 14:33 3401496 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
    2009-06-11 13:43 . 2009-06-07 14:33 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
    2009-06-11 13:43 . 2009-06-07 14:33 1947928 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
    2009-06-11 13:43 . 2009-06-07 14:33 1217816 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgfrw.exe
    2009-06-11 13:43 . 2009-06-07 14:33 1205528 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
    2009-06-11 13:43 . 2009-06-11 13:43 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
    2009-06-11 13:43 . 2009-06-11 13:43 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
    2009-06-11 13:43 . 2009-06-11 13:43 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
    2009-06-11 13:43 . 2009-06-07 14:33 681752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgsrmx.dll
    2009-06-11 13:43 . 2009-06-07 14:33 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgsrmax.exe
    2009-06-11 13:43 . 2009-06-07 14:33 761112 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgscanx.exe
    2009-06-11 04:13 . 2009-06-11 04:13 -------- d-----w- c:\program files\GPLGS
    2009-06-11 04:12 . 2007-07-13 02:33 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
    2009-06-11 04:12 . 2009-06-11 04:12 -------- d-----w- c:\program files\Acro Software
    2009-06-11 01:57 . 2009-06-11 01:58 -------- d-----w- c:\windows\system32\drivers\UMDF
    2009-06-11 01:54 . 2009-06-11 01:54 -------- d-sh--w- c:\documents and settings\Igal Corcos\IECompatCache
    2009-06-10 05:15 . 2009-06-10 05:15 -------- d-----w- C:\_SMA
    2009-06-09 19:06 . 2009-05-21 18:46 268288 ------w- c:\windows\system32\dllcache\httpext.dll
    2009-06-09 19:06 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2009-06-09 19:06 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2009-06-09 18:50 . 2009-06-09 18:50 -------- d-----w- c:\program files\Common Files\InterVideo
    2009-06-09 18:00 . 2009-06-09 18:00 -------- d-----w- c:\documents and settings\Igal Corcos\Local Settings\Application Data\Google
    2009-06-09 13:32 . 2009-06-09 13:32 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\Helios
    2009-06-08 23:35 . 2009-06-15 17:11 -------- d-----w- c:\documents and settings\Igal Corcos\Local Settings\Application Data\MediaMonkey
    2009-06-08 23:35 . 2009-06-08 23:35 -------- d-----w- c:\program files\MediaMonkey
    2009-06-08 18:39 . 2009-06-08 18:39 -------- d-----w- c:\program files\Jewish Calendar
    2009-06-08 04:26 . 2009-06-08 04:26 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\Windows Search
    2009-06-07 22:51 . 2009-06-07 22:51 -------- d-----w- c:\program files\7-Zip
    2009-06-07 21:55 . 2009-06-19 03:48 -------- d-----w- c:\program files\Unlocker
    2009-06-07 21:14 . 2009-06-07 21:14 -------- d-----w- c:\program files\Seagate
    2009-06-07 21:14 . 2009-06-07 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
    2009-06-07 19:53 . 2008-10-06 15:26 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
    2009-06-07 17:41 . 2009-06-15 19:23 90709 ----a-w- c:\windows\system32\nvModes.dat
    2009-06-07 17:38 . 2009-06-07 17:38 -------- d-----w- c:\program files\Common Files\ThinkVantage Fingerprint Software
    2009-06-07 17:38 . 2009-06-07 17:38 -------- d-----w- c:\program files\Common Files\SPBA
    2009-06-07 17:36 . 2009-06-07 17:36 -------- d-----w- c:\program files\Digital Line Detect
    2009-06-07 17:36 . 2009-06-07 17:36 -------- d-----w- c:\program files\NetWaiting
    2009-06-07 17:33 . 2009-06-07 17:33 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
    2009-06-07 17:33 . 2009-06-07 17:33 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\Intel
    2009-06-07 17:33 . 2009-06-07 17:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
    2009-06-07 17:33 . 2009-03-04 14:31 4202496 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
    2009-06-07 17:33 . 2008-06-20 14:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
    2009-06-07 17:33 . 2008-06-20 14:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
    2009-06-07 17:33 . 2009-06-07 17:33 -------- d-----w- c:\program files\Common Files\Intel
    2009-06-07 17:33 . 2009-06-07 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
    2009-06-07 17:03 . 2009-05-28 02:11 47416 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\PoorBayBattery\BHProxy64.exe
    2009-06-07 17:03 . 2009-05-28 02:11 45368 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\PoorBayBattery\BHProxy32.exe
    2009-06-07 17:03 . 2009-05-28 02:11 10552 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\LowMemory\MemoryCheck.exe
    2009-06-07 17:03 . 2009-05-28 02:11 11064 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\InternalHDDBackup\BackupCheck.exe
    2009-06-07 17:03 . 2009-05-28 02:11 47416 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\PoorMainBattery\BHProxy64.exe
    2009-06-07 17:03 . 2009-05-28 02:11 47416 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\FairMainBattery\BHProxy64.exe
    2009-06-07 17:03 . 2009-05-28 02:11 45368 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\PoorMainBattery\BHProxy32.exe
    2009-06-07 17:03 . 2009-05-28 02:11 45368 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\FairMainBattery\BHProxy32.exe
    2009-06-07 17:03 . 2009-05-28 02:11 12600 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\PoorMainBattery\BatteryCheck.exe
    2009-06-07 17:03 . 2009-05-28 02:11 12600 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\PoorBayBattery\BatteryCheck.exe
    2009-06-07 17:03 . 2009-05-28 02:11 12600 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\FairMainBattery\BatteryCheck.exe
    2009-06-07 17:02 . 2009-06-07 17:02 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\Downloaded Installations
    2009-06-07 15:07 . 2009-06-07 15:07 64400 ----a-w- c:\windows\BricoPackUninst.cmd
    2009-06-07 15:05 . 2009-06-07 15:07 6120 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
    2009-06-07 15:05 . 2009-06-07 15:05 -------- d-----w- c:\windows\BricoPacks
    2009-06-07 14:33 . 2009-06-07 14:33 325896 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
    2009-06-07 14:33 . 2009-06-07 04:30 75272 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys
    2009-06-07 14:33 . 2009-06-07 04:30 12424 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrkx86.sys
    2009-06-07 14:33 . 2009-06-07 04:30 10520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
    2009-06-07 14:33 . 2009-06-07 14:33 27784 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
    2009-06-07 14:33 . 2009-06-07 04:30 311576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
    2009-06-07 14:32 . 2009-06-11 13:43 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
    2009-06-07 14:32 . 2009-06-07 14:33 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
    2009-06-07 14:32 . 2009-06-07 04:30 697088 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
    2009-06-07 14:32 . 2009-06-07 04:30 488728 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
    2009-06-07 08:09 . 2009-06-07 08:09 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\Auslogics
    2009-06-07 07:35 . 2009-06-07 07:35 -------- d-----w- c:\documents and settings\Igal Corcos\Local Settings\Application Data\Identities
    2009-06-07 07:35 . 2009-06-07 07:35 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\Windows Desktop Search
    2009-06-07 07:34 . 2009-06-09 19:19 -------- d-----w- c:\program files\Windows Desktop Search
    2009-06-07 07:34 . 2009-06-07 07:34 -------- d-----w- c:\windows\system32\GroupPolicy
    2009-06-07 07:33 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
    2009-06-07 07:33 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
    2009-06-07 07:33 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
    2009-06-07 07:29 . 2009-06-07 07:29 -------- d-----w- c:\program files\Auslogics
    2009-06-07 07:28 . 2009-06-07 07:28 -------- d-----w- c:\program files\CCleaner
    2009-06-07 07:14 . 2008-11-10 15:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
    2009-06-07 07:13 . 2009-06-07 07:48 -------- d-----w- c:\program files\Microsoft Works
    2009-06-07 07:12 . 2009-06-07 07:12 -------- d-----w- c:\program files\Microsoft.NET
    2009-06-07 07:10 . 2009-06-07 07:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2009-06-07 07:09 . 2009-06-07 07:19 -------- d-----w- c:\windows\SHELLNEW
    2009-06-07 07:09 . 2009-06-07 07:09 -------- d-----w- c:\documents and settings\Igal Corcos\Local Settings\Application Data\Microsoft Help
    2009-06-07 07:09 . 2009-06-09 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-06-07 07:09 . 2009-06-07 07:09 -------- d--h--r- C:\MSOCache
    2009-06-07 06:14 . 2009-06-19 03:48 -------- d-----w- c:\program files\ZipItFree
    2009-06-07 06:14 . 2009-06-07 06:14 -------- d-----w- c:\windows\ZipItFree
    2009-06-07 06:08 . 2003-06-25 20:05 266360 ----a-w- c:\windows\system32\TweakUI.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-09 18:50 . 2009-06-05 22:05 -------- d-----w- c:\program files\InterVideo
    2009-06-07 20:01 . 2009-06-05 22:30 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\Lenovo
    2009-06-07 15:07 . 2006-04-30 06:56 218624 ----a-w- c:\windows\system32\uxtheme-old.dll
    2009-06-07 05:11 . 2006-04-30 07:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-06-07 04:13 . 2009-06-05 22:30 -------- d-----w- c:\program files\Windows Live Toolbar
    2009-06-05 22:30 . 2009-06-05 22:30 50 ----a-w- c:\windows\system32\drivers\LENOVO_8891_CTO.MRK
    2009-06-05 22:05 . 2009-06-05 22:05 -------- d-----w- c:\program files\Sonic Icons for Lenovo
    2009-06-05 22:05 . 2009-06-05 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
    2009-06-05 22:05 . 2009-06-05 22:05 -------- d-----w- c:\program files\Sonic
    2009-06-05 22:05 . 2009-06-05 22:05 -------- d-----w- c:\program files\Common Files\SureThing Shared
    2009-06-05 22:05 . 2009-06-05 22:05 -------- d-----w- c:\program files\Multimedia Center for Think Offerings
    2009-06-05 22:05 . 2009-06-05 22:05 -------- d-----w- c:\program files\Common Files\Sonic Shared
    2009-06-05 21:59 . 2009-06-05 21:59 -------- d-----w- c:\program files\CONEXANT
    2009-06-05 21:52 . 2009-06-05 22:30 -------- d-----w- c:\documents and settings\Igal Corcos\Application Data\InstallShield
    2009-05-25 04:24 . 2008-05-27 02:18 350208 ----a-w- c:\windows\system32\mssph.dll
    2009-05-13 05:15 . 2006-04-30 06:56 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-05-12 19:12 . 2006-04-30 07:28 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2009-05-07 15:32 . 2006-04-30 06:55 345600 ----a-w- c:\windows\system32\localspl.dll
    2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
    2009-04-17 12:26 . 2006-04-30 06:55 1847168 ----a-w- c:\windows\system32\win32k.sys
    2009-04-15 14:51 . 2006-04-30 06:55 585216 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-04-10 13:58 . 2009-04-10 13:58 86360 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\ug00000\magicJack.dll
    2009-04-10 13:58 . 2009-04-10 13:58 6327408 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\ug00000\setup.exe
    2009-04-10 13:58 . 2009-04-10 13:58 412784 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\magicJackLoader.exe
    2009-04-10 13:58 . 2009-04-10 13:58 480608 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\octvqe1_apiw.dll
    2009-04-10 13:58 . 2009-04-10 13:58 214360 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\TjVista.dll
    2009-04-10 13:58 . 2009-04-10 13:58 325040 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\TjIpSys.dll
    2009-04-10 13:57 . 2009-04-10 13:57 398696 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\SJHandsetTigerJet.dll
    2009-04-10 13:57 . 2009-04-10 13:57 87384 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\st00000\mjsetup.exe
    2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\st00000\magicJack.dll
    2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\magicJack.dll
    2009-04-10 13:56 . 2009-04-10 13:56 11871576 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\magicJack.exe
    2009-04-10 13:55 . 2009-04-10 13:55 725296 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\ug00000\install.exe
    2009-04-10 13:55 . 2009-04-10 13:55 87384 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\in00000\mjsetup.exe
    2009-04-10 13:55 . 2009-04-10 13:55 86360 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\in00000\magicJack.dll
    2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\ug00000\magicJackSplash.exe
    2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\st00000\magicJackSplash.exe
    2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\magicJackSplash.exe
    2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\in00000\magicJackSplash.exe
    2009-04-10 13:53 . 2009-04-10 13:53 50520 ----a-w- c:\documents and settings\Igal Corcos\Application Data\mjusbsp\cdloader2.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-06-18_13.10.00 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-06-19 23:32 . 2009-06-19 23:32 16384 c:\windows\temp\Perflib_Perfdata_10f8.dat
    + 2006-04-30 06:55 . 2009-06-19 18:54 97156 c:\windows\system32\perfc009.dat
    - 2006-04-30 06:55 . 2009-06-18 12:52 97156 c:\windows\system32\perfc009.dat
    + 2006-04-30 06:55 . 2009-06-19 18:54 518666 c:\windows\system32\perfh009.dat
    - 2006-04-30 06:55 . 2009-06-18 12:52 518666 c:\windows\system32\perfh009.dat
    + 2009-06-19 23:32 . 2009-06-19 23:32 148888 c:\windows\system32\javaws.exe
    + 2009-06-19 23:32 . 2009-06-19 23:32 144792 c:\windows\system32\javaw.exe
    + 2009-06-19 23:32 . 2009-06-19 23:32 144792 c:\windows\system32\java.exe
    + 2009-06-07 04:23 . 2009-06-19 18:54 226655 c:\windows\system32\inetsrv\MetaBase.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    "cdloader "= "c:\documents and settings\Igal Corcos\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-10-06 118784]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
    "PWRMGRTR "= "c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-19 159744]
    "BLOG "= "c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-19 208896]
    "TPFNF7 "= "c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-03-28 58416]
    "TPHOTKEY "= "c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
    "EZEJMNAP "= "c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-07 243248]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-01-14 13549568]
    "TVT Scheduler Proxy "= "c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
    "DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "AwaySch "= "c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
    "LPManager "= "c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-01-29 185688]
    "ACTray "= "c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-03-28 413696]
    "ACWLIcon "= "c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-03-28 126976]
    "AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
    "GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Message Center Plus "= "c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
    "LPMailChecker "= "c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-01-29 124248]
    "SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-01-14 86016]
    "cssauth "= "c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
    "MaxMenuMgr "= "c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-06-19 148888]
    "TpShocks "= "TpShocks.exe" - c:\windows\system32\TpShocks.exe [2009-02-03 181536]
    "nwiz "= "nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-14 1630208]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2008-11-21 04:35 95496 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
    2007-03-28 02:51 32768 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-06-07 14:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli ACGina

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001
    "UpdatesDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Documents and Settings\\Igal Corcos\\Application Data\\mjusbsp\\magicJack.exe "=

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [6/7/2009 12:30 AM 12552]
    R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [1/28/2009 5:58 PM 117800]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [1/28/2009 5:57 PM 20520]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/7/2009 12:30 AM 327688]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/7/2009 12:30 AM 108552]
    R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [6/5/2009 5:53 PM 4442]
    R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 5:50 AM 46144]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/7/2009 10:33 AM 906520]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/7/2009 10:33 AM 298776]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968]
    R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [11/21/2008 12:11 AM 12560]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/14/2008 4:25 PM 520192]
    R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 5:50 AM 360448]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/13/2006 3:42 PM 30336]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - JAVAQUICKSTARTERSERVICE

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-21 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-06-05 16:14]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/webhp
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-21 00:20
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(912)
    c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infql2.dll
    c:\program files\ThinkVantage Fingerprint Software\homepass.dll
    c:\program files\ThinkVantage Fingerprint Software\bio.dll
    c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
    c:\program files\Lenovo\HOTKEY\tphklock.dll
    c:\program files\Lenovo\HOTKEY\notifyf2.dll
    c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
    c:\program files\ThinkVantage Fingerprint Software\vti.dll

    - - - - - - - > 'lsass.exe'(968)
    c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACON.dll
    c:\windows\system32\WININET.dll
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
    c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
    c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
    c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll

    - - - - - - - > 'explorer.exe'(4800)
    c:\windows\system32\WININET.dll
    c:\windows\system32\nview.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2009-06-21 0:21
    ComboFix-quarantined-files.txt 2009-06-21 04:21
    ComboFix2.txt 2009-06-19 17:22

    Pre-Run: 47,793,946,624 bytes free
    Post-Run: 47,852,638,208 bytes free

    349 --- E O F --- 2009-06-16 14:54

    ====================== Kapersky Log ======================

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0 REPORT
    Sunday, June 21, 2009
    Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Program database last update: Sunday, June 21, 2009 00:48:48
    Records in database: 2371998
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Files scanned: 104191
    Threat name: 12
    Infected objects: 21
    Suspicious objects: 0
    Duration of the scan: 01:29:02


    File name / Threat name / Threats count
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACacwooynmtoytpqo.sys.vir Infected: Rootkit.Win32.Agent.lhm 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXdgeiuaieqodqlaayrdojuxjowrkdduvu.dll.vir Infected: Trojan.Win32.Agent.clxm 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\UACbxdktaivmlamnkl.dll.vir Infected: Packed.Win32.Tdss.m 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\UACislujpbjctnlbpu.dll.vir Infected: Trojan.Win32.TDSS.adzx 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\UACjrdrormisfeotso.dll.vir Infected: Trojan.Win32.TDSS.aekg 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\UACmjyjbwdjdsswtei.dll.vir Infected: Packed.Win32.Tdss.m 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\UACnxuprxmkmhdqjnc.dll.vir Infected: Trojan.Win32.TDSS.adzz 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\UACtrvwcucuwpokyen.dll.vir Infected: Trojan.Win32.TDSS.aegg 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\_sdra64_.exe.zip Infected: Trojan-Spy.Win32.Zbot.wti 1
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP53\A0015182.sys Infected: Rootkit.Win32.Agent.lhm 1
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP53\A0015183.dll Infected: Packed.Win32.Tdss.m 1
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP53\A0015184.dll Infected: Packed.Win32.Tdss.m 1
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP53\A0015185.dll Infected: Trojan.Win32.TDSS.adzx 1
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP53\A0015186.dll Infected: Trojan.Win32.TDSS.adzz 1
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP53\A0015187.dll Infected: Trojan.Win32.TDSS.aekg 1
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP53\A0015188.dll Infected: Trojan.Win32.TDSS.aegg 1
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP53\A0015191.sys Infected: Trojan.Win32.Agent2.kgp 1
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP53\A0015211.dll Infected: Rootkit.Win32.Agent.lrn 1
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP53\A0015231.dll Infected: Trojan.Win32.Agent.clxm 1
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B5I1IJH6\mars[1].htm Infected: Trojan-Downloader.JS.LuckySploit.q 1
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LOK01JAP\wait[1].htm Infected: Trojan-Downloader.JS.Iframe.bew 1

    The selected area was scanned.


    ========================= HJT Log =======================

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:24:14 AM, on 6/21/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
    O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Igal Corcos\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
    O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

    --
    End of file - 12302 bytes
     
    Laker4Life,
    #9
  11. 2009/06/21
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    This looks much better.


    I see you found HJT......


    Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.


    The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

    O4 - HKLM\..\Run: [ISUSScheduler] \ "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\" -start
    (Description: InstallShield updater - not needed at startup. Removing this may free up system resources.)

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    (Description: Nvidia system tray applet. Not necessary. Removing this entry will free up a small amount of system resources.)

    O4 - HKLM\..\Run: [SunJavaUpdateSched] \ "C:\Program Files\Java\jre6\bin\jusched.exe\ "
    (Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)







    Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.
    Example below


    [​IMG]






    Please download OTM
    • Save it to your desktop.
    • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below
      [*]Copy the lines in the codebox below to the clipboard       by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      . ( Make sure you include :processes )
    Code:
    :Processes
explorer.exe
:Files
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B5I1IJH6\mars[1].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LOK01JAP\wait[1].htm
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
    • Return to OTM, right click in the "Paste Instructions for Items to be Moved " window (under the yellow bar) and choose Paste.
    • - Close ALL open windows (especially Internet Explorer!)-
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.
    • Close OTM
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.
    Where mmddyyyy_hhmmss is the date of the tool run.



    In your next reply post:
    OTM log
    new HJT log

    How's your computer now?
     
    Juliet,
    #10
  12. 2009/06/21
    Laker4Life

    Laker4Life Inactive Thread Starter

    Joined:
    2009/06/17
    Messages:
    25
    Likes Received:
    0
    Are you sure I should checkmark everything that results after doing a system scan? Some of these entries seem like important things that I use...
     
    Laker4Life,
    #11
  13. 2009/06/21
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    It will be fine to just carry on with the Java entry for now.

    Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.


    The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

    O4 - HKLM\..\Run: [SunJavaUpdateSched] \ "C:\Program Files\Java\jre6\bin\jusched.exe\ "
    (Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)





    Then follow through with the Combofix /u and OTM instructions.
     
    Juliet,
    #12
  14. 2009/06/21
    Laker4Life

    Laker4Life Inactive Thread Starter

    Joined:
    2009/06/17
    Messages:
    25
    Likes Received:
    0
    Ok, I thought you wanted me to check all of the entries that appeared in the HJT scan. But I deleted the three you suggested and followed the rest of the procedure.

    Here are the requested logs:

    ===================== OTM Log ===========================

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B5I1IJH6\mars[1].htm moved successfully.
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LOK01JAP\wait[1].htm moved successfully.
    ========== COMMANDS ==========
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\Igal Corcos\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    User's Temporary Internet Files folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Network Service Temp folder emptied.
    Network Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\06eaa532-7e36-4a28-8c76-27b949335445.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\07fc77e6-2436-4e0e-a299-9145832cb577.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\08f53e64-5fdb-4398-adef-dc6b2a5b6d74.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\5e49e89a-c3bc-4ac1-8318-b8eb0ea3549e.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\5fe9c5b5-8895-4a48-ac5b-2adb9a5ad03e.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\69a09515-e72f-416b-8b10-0504e26d496b.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\7a0b4015-a968-48a0-bbd0-8ecf0d010d60.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\9db77837-6547-4e66-8525-ba52f47b8c95.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\cfc6ec4c-e659-4970-a941-1f4aa7636999.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\d0b289b8-81d6-47a8-897d-cc909f0be91a.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\d61bdd12-74fc-46f3-baad-f2fac956b3bc.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\ddfc69b4-4b8f-4733-b9cd-ca922eebb352.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\e2859c06-a94c-4fcd-9219-ec6cf281e04c.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\f0596324-362e-4650-90ca-a13cfc397789.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\faa6990f-2efd-41d0-bf0e-3a1cb8ceb8a5.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1fc.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTM by OldTimer - Version 2.1.0.1 log created on 06212009_173548

    Files moved on Reboot...
    C:\WINDOWS\temp\06eaa532-7e36-4a28-8c76-27b949335445.tmp moved successfully.
    C:\WINDOWS\temp\07fc77e6-2436-4e0e-a299-9145832cb577.tmp moved successfully.
    C:\WINDOWS\temp\08f53e64-5fdb-4398-adef-dc6b2a5b6d74.tmp moved successfully.
    C:\WINDOWS\temp\5e49e89a-c3bc-4ac1-8318-b8eb0ea3549e.tmp moved successfully.
    C:\WINDOWS\temp\5fe9c5b5-8895-4a48-ac5b-2adb9a5ad03e.tmp moved successfully.
    C:\WINDOWS\temp\69a09515-e72f-416b-8b10-0504e26d496b.tmp moved successfully.
    C:\WINDOWS\temp\7a0b4015-a968-48a0-bbd0-8ecf0d010d60.tmp moved successfully.
    C:\WINDOWS\temp\9db77837-6547-4e66-8525-ba52f47b8c95.tmp moved successfully.
    C:\WINDOWS\temp\cfc6ec4c-e659-4970-a941-1f4aa7636999.tmp moved successfully.
    C:\WINDOWS\temp\d0b289b8-81d6-47a8-897d-cc909f0be91a.tmp moved successfully.
    C:\WINDOWS\temp\d61bdd12-74fc-46f3-baad-f2fac956b3bc.tmp moved successfully.
    C:\WINDOWS\temp\ddfc69b4-4b8f-4733-b9cd-ca922eebb352.tmp moved successfully.
    C:\WINDOWS\temp\e2859c06-a94c-4fcd-9219-ec6cf281e04c.tmp moved successfully.
    C:\WINDOWS\temp\f0596324-362e-4650-90ca-a13cfc397789.tmp moved successfully.
    C:\WINDOWS\temp\faa6990f-2efd-41d0-bf0e-3a1cb8ceb8a5.tmp moved successfully.
    File C:\WINDOWS\temp\Perflib_Perfdata_1fc.dat not found!

    Registry entries deleted on Reboot...

    =========================== HJT Log ======================

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:40:46 PM, on 6/21/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
    O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

    --
    End of file - 11888 bytes
     
    Laker4Life,
    #13
  15. 2009/06/21
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Next open OTM, then click on "CleanUp! ". If you receive a warning from your Firewall please allow...In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present. They are not needed anymore, so OTMoveIt will delete them.
    Do not edit anything in that Window!
    Don't worry if it displays some tools you didn't download/use.
    Click Yes when it asks to Begin cleanup process.
    Then reboot your computer.


    Looking good on my end how about yours?

    I think we're ready for closing and preventive tips.
     
    Juliet,
    #14
  16. 2009/06/22
    Laker4Life

    Laker4Life Inactive Thread Starter

    Joined:
    2009/06/17
    Messages:
    25
    Likes Received:
    0
    things are looking good...

    Everything is looking pretty good on my end as well. Just ran another Kapersky scan and got a clean bill of health. Computer is running well just as before. I dare say we (you) have managed to completely rid my pc of its infection! Thank you so much for all your help.

    Do you have any final recommendations and/or tips for keeping my PC clean? Any software to recommend?
     
    Laker4Life,
    #15
  17. 2009/06/22
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Good deal


    Your good to go, good job!



    Please take the time to read over a few of my preventive tips.


    Please navigate to Microsoft Windows Updates and download all the "Critical Updates " for Windows.


    Firefox 3
    The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
    *NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

    WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

    How to prevent Malware: Created by Miekiemoes

    Here are some additional utilities that will further enhance your safety.
    # http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)


    Please read this article 'Safe Computing Practices'.
    So how did I get infected in the first place.

    Secure My Computer: A Layered Approach

    Strong passwords: How to create and use them

    Free Antivirus-AntiSpyware-Firewall Software

    Slow Computer May Not Be Malware Related, Help! My computer is slow!
    http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html


    PC Safety and Security--What Do I Need?
    http://www.techsupportforum.com/sec...115548-pc-safety-security-what-do-i-need.html

    Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
    This site offers people who have been (or are) victims of malware the opportunity to document their story.

    Extra note:
    Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/
     
    Juliet,
    #16
  18. 2009/06/24
    Laker4Life

    Laker4Life Inactive Thread Starter

    Joined:
    2009/06/17
    Messages:
    25
    Likes Received:
    0
    Hi there,

    Following your last post, I decided to fully secure my computer by installing Windows Defender and Comodo Firewall. So basically, I now have the following:

    Antivirus: AVG
    Firewall: Comodo
    Anti-malware: Windows Defender

    That being said however, I have an annoying problem with Comodo as it continously detects virus in files that I'm pretty sure are not infected. AVG does not detect anything when it does it's nightly scan, and I did another Kapersky scan a few days ago and everything was clean. Yet for some reason, Comodo keeps popping up with "Unclassified Malware" problems on many of my data files.

    So I was wondering if you had any experience using Comodo and whether you think this might be a glitch in the software or could my PC already be infected?!

    Thanks.
     
    Laker4Life,
    #17
  19. 2009/06/24
    Laker4Life

    Laker4Life Inactive Thread Starter

    Joined:
    2009/06/17
    Messages:
    25
    Likes Received:
    0
    I just realized that I have an external hard drive that was not connected to my PC when I performed all of the scans and cleans you prescribed last week, so perhaps there are files on there that are indeed infected! Do I need to start the process again to be make sure everything is clean?
     
    Laker4Life,
    #18
  20. 2009/06/25
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    No sorry, I'm not familiar with Comodo.
    Where does it say it's found the malware files?

    You could ensure the external is connected and run a Virus scan with AVG and follow up with online scan like Kaspersky.
    Typically this will take quite a while to complete depending on how full the drive is.
     
    Juliet,
    #19
  21. 2009/06/25
    Laker4Life

    Laker4Life Inactive Thread Starter

    Joined:
    2009/06/17
    Messages:
    25
    Likes Received:
    0
    The infected files it has detected are in different places. Most of them seem to be .exe files on my data partition or on my external drive. For instance, it flagged the ComboFix.exe file I had downloaded last week as an Unclassified Malware. Also, the DDS.scr file was flagged as "Heur.Suspicious ".

    I really doubt these files were actually infected and I think the problem is more with the way the program detects these files. Indeed, I just ran another Kapersky scan and everything came up clean...I guess I'm just a little paranoid and want to make sure I have been infected again.
     
    Laker4Life,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...