Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack this log [RESOLVED]

Started by tameggo , Mar 31 2008 11:15 PM

  • This topic is locked This topic is locked

#1
tameggo
Posted 31 March 2008 - 11:15 PM

tameggo

    Member

  • Member
  • PipPip
  • 10 posts
I have read and complete the prerequisite procedures before posting this log. Any help is appreciated.

Summary of my problems:

1. Upon Startup I receive this error: "Error loading c:\windows\system32\hgGvSmKC.dll
The specified module could not be found. "

2. During normal computer use I received "trojan.downloader.xs popup" as well as yellow triangle in system tray.

3. Panda Scan indicates my computer is infected with "Trj/Rebooter.J "

4. Super Anti-spyware indicates my computer is infected with "
Trojan.Net-PhakeRU"

5. Computer is def slower than it used to be and have had several virus detections from AVG.
_______________________________________________________________________________

Logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:38 AM, on 4/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Users\timcooley\Downloads\HiJackThis.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67703A52-E544-4F23-A7A3-C697F6F58CE0} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AAF1195E-B98D-40B1-96E4-5CA2EFD47B88} - (no file)
O2 - BHO: (no name) - {B1258A78-3E7A-42D5-81C4-D26DACBB68F1} - (no file)
O2 - BHO: (no name) - {B4C046BC-3B93-4E9E-81B5-6EB3B30B8A87} - C:\Windows\system32\vtUmKEVp.dll (file missing)
O2 - BHO: (no name) - {B75E2A6A-75B7-42AD-898A-5F9112E98539} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - (no file)
O2 - BHO: (no name) - {C5C61E1D-2E66-4B27-A419-542192E0486A} - (no file)
O2 - BHO: (no name) - {CB6AEDA3-F338-4BB2-87F1-1BC947157448} - (no file)
O2 - BHO: (no name) - {E579E4D0-CA4E-47DF-90FD-8C4FA32B8CB8} - (no file)
O2 - BHO: (no name) - {EBABE9B7-3EFF-4226-BD12-FAD5939BFA5E} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGvSmKC.dll,#1
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ucvkpsuy] C:\Windows\system32\joxedsxm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [qqftwsim] C:\Windows\system32\ezanwpyp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [r1qogqQKPY] C:\ProgramData\fwbyrmzq\zwjefebu.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 16565 bytes
________________________________________________________________________________
__________________________________________________________

Log of Hijack this Uninstall:

Access Help
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
AI RoboForm (All Users)
AIM 6
Apple Software Update
AVG 7.5
AVG Anti-Spyware 7.5
Azureus Vuze
Business Contact Manager for Outlook 2007
Business Contact Manager for Outlook 2007
Client Security - Password Manager
ConvertXtoDVD 3.0.0.7
Diskeeper Home
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Drag-to-Disc
Help Center
HijackThis 2.0.2
IE7Pro
Integrated Camera
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
Intel® Turbo Memory and Intel® Matrix Storage Manager
InterVideo WinDVD
Java™ 6 Update 2
Java™ 6 Update 3
Lenovo Registration
Lenovo System Interface Driver
Maintenance Manager
mCorev32.ism_new
mCPlug
mDriver
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
mMHouse
Mozilla Firefox (2.0.0.13)
mPfMgr
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Multimedia Center For Think Offerings
NVIDIA Drivers
On Screen Display
Panda ActiveScan 2.0
PC-Doctor 5 for Windows
PdaNet for Windows Mobile 1.80
Picasa 2
Presentation Director
Productivity Center Supplement for ThinkPad
QuickTime
Registry patch for Windows Vista USB S3 PM Enablement
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
Registry patch to improve USB device detection on resume from sleep for Windows Vista
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Skype™ 3.6
Sonic Icons for Lenovo
SoundMAX
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
System Migration Assistant
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Keyboard Customizer Utility
ThinkPad Mobility Center Customization
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
VeohTV BETA
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
Wallpapers
Windows Driver Package - Intel (e1express) Net (04/26/2007 9.7.240.0)
Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)
Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)
Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)
Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)
Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)
Windows Driver Package - Ricoh Company MMC Host Controller (08/08/2007 6.00.03.02)
Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
Windows Live Toolbar
Windows Live Toolbar
Windows Media Player Firefox Plugin
Windows Mobile Device Center
WinRAR archiver
WinZip 11.1

________________________________________________________________________________
____________________________________________________

Log of SuperAnti-Spyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/31/2008 at 11:43 PM

Application Version : 4.0.1154

Core Rules Database Version : 3428
Trace Rules Database Version: 1420

Scan type : Complete Scan
Total Scan Time : 00:20:19

Memory items scanned : 853
Memory threats detected : 1
Registry items scanned : 8453
Registry threats detected : 19
File items scanned : 15940
File threats detected : 8

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\VTUMKEVP.DLL
C:\WINDOWS\SYSTEM32\VTUMKEVP.DLL

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{94BC3D1D-22E9-4744-8ED1-3E08A3B74078}
HKCR\CLSID\{94BC3D1D-22E9-4744-8ED1-3E08A3B74078}
HKCR\CLSID\{94BC3D1D-22E9-4744-8ED1-3E08A3B74078}\InprocServer32
HKCR\CLSID\{94BC3D1D-22E9-4744-8ED1-3E08A3B74078}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\YAYWVPND.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{94BC3D1D-22E9-4744-8ED1-3E08A3B74078}
HKCR\CLSID\{94BC3D1D-22E9-4744-8ED1-3E08A3B74078}

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4C046BC-3B93-4E9E-81B5-6EB3B30B8A87}
HKCR\CLSID\{B4C046BC-3B93-4E9E-81B5-6EB3B30B8A87}
HKCR\CLSID\{B4C046BC-3B93-4E9E-81B5-6EB3B30B8A87}\InprocServer32
HKCR\CLSID\{B4C046BC-3B93-4E9E-81B5-6EB3B30B8A87}\InprocServer32#ThreadingModel
C:\\\VTUMKEVP.DLL

Trojan.Net-PhakeRU
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}#AppID
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\InprocServer32
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\InprocServer32#InprocServer32
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\InprocServer32#ThreadingModel
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\ProgID
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\Programmable
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\TypeLib
HKCR\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\VersionIndependentProgID

Adware.Tracking Cookie
C:\\timcooley\AppData\Roaming\Microsoft\Windows\Cookies\timcooley@specificclick[2].txt
C:\\timcooley\AppData\Roaming\Microsoft\Windows\Cookies\Low\timcooley@atwola[1].txt
C:\\timcooley\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\\timcooley\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\\timcooley\AppData\Roaming\Microsoft\Windows\Cookies\timcooley@atwola[1].txt
________________________________________________________________________________
__________________________________________________

Log of Panda online Scan:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-01 00:38:11
PROTECTIONS: 2
MALWARE: 4
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.519 7.5.519 Yes Yes
Norton Internet Security 2007 Yes No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\timcooley\AppData\Roaming\Microsoft\Windows\Cookies\timcooley@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\timcooley\AppData\Roaming\Microsoft\Windows\Cookies\Low\timcooley@atwola[1].txt
00517584 Application/SuperFast HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location u�x�X�
3
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description u�x�X�
3
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
  • 0

Advertisements

#2
tameggo
Posted 01 April 2008 - 10:59 AM

tameggo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
bump
  • 0

#3
tameggo
Posted 02 April 2008 - 07:36 PM

tameggo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
another bump, whenever any of the experts get time I'd like someone to check my logs please.
  • 0

#4
BHowett
Posted 04 April 2008 - 12:41 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hello and welcome to Geeks To Go! My name is BHowett and I will be helping you to get sorted.

Sorry for the delay, as you can tell we are very busy here :) .


ComboFix

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#5
tameggo
Posted 04 April 2008 - 02:21 AM

tameggo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ComboFix 08-04-03.3 - timcooley 2008-04-04 4:08:48.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1331 [GMT -4:00]
Running from: C:\Users\timcooley\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\timcooley\AppData\Roaming\inst.exe
C:\Windows\a.bat
C:\Windows\base64.tmp
C:\Windows\FVProtect.exe
C:\Windows\System32\BceNonnn.ini
C:\Windows\System32\BceNonnn.ini2
C:\Windows\System32\pVEKmUtv.ini
C:\Windows\System32\pVEKmUtv.ini2
C:\Windows\system32akttzn.exe
C:\Windows\system32anticipator.dll
C:\Windows\system32awtoolb.dll
C:\Windows\system32bdn.com
C:\Windows\system32bsva-egihsg52.exe
C:\Windows\system32dpcproxy.exe
C:\Windows\system32emesx.dll
C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32hoproxy.dll
C:\Windows\system32hxiwlgpm.dat
C:\Windows\system32hxiwlgpm.exe
C:\Windows\system32medup012.dll
C:\Windows\system32medup020.dll
C:\Windows\system32msgp.exe
C:\Windows\system32msnbho.dll
C:\Windows\system32mssecu.exe
C:\Windows\system32msvchost.exe
C:\Windows\system32mtr2.exe
C:\Windows\system32mwin32.exe
C:\Windows\system32netode.exe
C:\Windows\system32newsd32.exe
C:\Windows\system32ps1.exe
C:\Windows\system32psof1.exe
C:\Windows\system32psoft1.exe
C:\Windows\system32regc64.dll
C:\Windows\system32regm64.dll
C:\Windows\system32Rundl1.exe
C:\Windows\system32sncntr.exe
C:\Windows\system32ssurf022.dll
C:\Windows\system32ssvchost.com
C:\Windows\system32ssvchost.exe
C:\Windows\system32sysreq.exe
C:\Windows\system32taack.dat
C:\Windows\system32taack.exe
C:\Windows\system32temp#01.exe
C:\Windows\system32thun.dll
C:\Windows\system32thun32.dll
C:\Windows\system32VBIEWER.OCX
C:\Windows\system32vbsys2.dll
C:\Windows\system32vcatchpi.dll
C:\Windows\system32winlogonpc.exe
C:\Windows\system32winsystem.exe
C:\Windows\system32WINWGPX.EXE
C:\Windows\userconfig9x.dll
C:\Windows\winsystem.exe
C:\Windows\zip1.tmp
C:\Windows\zip2.tmp
C:\Windows\zip3.tmp
C:\Windows\zipped.tmp

.
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-01 23:05 . 2008-04-01 23:05 <DIR> d-------- C:\Users\timcooley\AppData\Roaming\Malwarebytes
2008-04-01 23:05 . 2008-04-01 23:05 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-01 23:05 . 2008-04-01 23:05 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-01 23:05 . 2008-04-01 23:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-01 20:25 . 2008-04-01 20:26 <DIR> d-------- C:\Users\timcooley\TV Shows
2008-03-31 23:50 . 2008-03-31 23:51 <DIR> d-------- C:\Program Files\Panda Security
2008-03-31 23:50 . 2008-03-31 23:50 1,871 --a------ C:\Windows\mozver.dat
2008-03-31 21:43 . 2008-03-31 21:43 <DIR> d-------- C:\Users\timcooley\AppData\Roaming\SUPERAntiSpyware.com
2008-03-31 21:43 . 2008-03-31 21:43 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-03-31 21:43 . 2008-03-31 21:43 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-03-31 21:43 . 2008-03-31 23:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-31 21:39 . 2008-03-31 21:39 <DIR> d-------- C:\Users\timcooley\AppData\Roaming\Grisoft
2008-03-31 21:38 . 2007-05-30 08:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-31 21:30 . 2008-03-31 21:30 <DIR> d-------- C:\VundoFix Backups
2008-03-31 01:15 . 2008-03-31 01:15 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-03-31 01:15 . 2008-03-31 01:15 <DIR> d-------- C:\ProgramData\Lavasoft
2008-03-31 01:15 . 2008-03-31 01:15 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-31 01:14 . 2008-03-31 21:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 20:05 . 2008-03-29 20:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-28 13:25 . 2008-03-28 13:25 691 --a------ C:\Users\timcooley\AppData\Roaming\GetValue.vbs
2008-03-28 13:25 . 2008-03-28 13:25 35 --a------ C:\Users\timcooley\AppData\Roaming\SetValue.bat
2008-03-28 12:53 . 2008-03-28 13:26 5,778 --a------ C:\Windows\System32\tmp.reg
2008-03-28 12:36 . 2008-03-28 20:59 <DIR> d-------- C:\Users\timcooley\AppData\Roaming\AVG7
2008-03-28 12:35 . 2008-03-31 21:38 <DIR> d-------- C:\Users\All Users\Grisoft
2008-03-28 12:35 . 2008-03-28 12:40 <DIR> d-------- C:\Users\All Users\avg7
2008-03-28 12:35 . 2008-03-31 21:38 <DIR> d-------- C:\ProgramData\Grisoft
2008-03-28 12:35 . 2008-03-28 12:40 <DIR> d-------- C:\ProgramData\avg7
2008-03-28 12:35 . 2008-03-28 12:35 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-03-28 12:24 . 2008-03-28 12:24 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-28 12:01 . 2008-03-28 12:01 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-03-28 12:00 . 2008-03-28 12:00 <DIR> d-------- C:\Users\timcooley\AppData\Roaming\DAEMON Tools
2008-03-28 11:58 . 2008-03-28 11:58 <DIR> d-------- C:\Users\timcooley\AppData\Roaming\vlc
2008-03-28 11:36 . 2008-03-31 22:05 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-28 11:36 . 2008-03-31 22:05 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-03-28 11:36 . 2008-03-28 11:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-28 11:27 . 2008-03-28 11:27 <DIR> d-------- C:\Program Files\VideoLAN
2008-03-28 11:11 . 2008-03-31 13:27 <DIR> d-------- C:\Users\All Users\fwbyrmzq
2008-03-28 11:11 . 2008-03-31 13:27 <DIR> d-------- C:\ProgramData\fwbyrmzq
2008-03-28 08:50 . 2008-04-01 19:54 <DIR> d-------- C:\Users\timcooley\AppData\Roaming\Vso
2008-03-28 08:50 . 2008-03-28 08:50 <DIR> d-------- C:\Program Files\VSO
2008-03-28 08:50 . 2004-05-04 11:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-03-28 08:50 . 2006-05-20 16:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-03-28 08:50 . 2006-05-11 19:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-03-28 08:50 . 2006-09-29 12:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-03-28 08:50 . 2006-09-29 12:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-03-28 08:50 . 2006-09-29 12:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-03-28 08:50 . 2007-03-18 20:37 65,602 --a------ C:\Windows\System32\cook3260.dll
2008-03-28 08:50 . 2008-03-28 08:50 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-03-28 08:50 . 2008-03-28 08:50 47,360 --a------ C:\Users\timcooley\AppData\Roaming\pcouffin.sys
2008-03-28 08:41 . 2008-03-28 08:42 <DIR> d-------- C:\Users\All Users\WinZip
2008-03-28 08:41 . 2008-03-28 08:42 <DIR> d-------- C:\ProgramData\WinZip
2008-03-27 23:00 . 2008-03-27 23:00 <DIR> d-------- C:\{96229774-D3A0-4410-8400-09B79865B300}
2008-03-27 16:43 . 2008-03-27 16:44 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-17 19:19 . 2008-03-17 19:19 <DIR> d-------- C:\Windows\Sun
2008-03-12 17:45 . 2008-04-03 22:53 54,156 --ah----- C:\Windows\QTFont.qfn
2008-03-12 17:45 . 2008-03-12 17:45 1,409 --a------ C:\Windows\QTFont.for
2008-03-12 03:47 . 2007-12-16 18:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-04 18:25 . 2008-03-10 23:06 <DIR> d-------- C:\Program Files\PdaNet for Windows Mobile

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 08:11 --------- d-----w C:\Users\timcooley\AppData\Roaming\Azureus
2008-04-01 06:37 28,219 ----a-w C:\Users\timcooley\AppData\Roaming\nvModes.dat
2008-03-29 23:47 --------- d-----w C:\Users\timcooley\AppData\Roaming\skypePM
2008-03-17 20:38 --------- d-----w C:\ProgramData\Apple Computer
2008-03-12 15:33 --------- d-----w C:\Program Files\Windows Mail
2008-03-09 05:14 --------- d-----w C:\Program Files\Azureus
2008-02-29 19:12 --------- d-----w C:\Users\timcooley\AppData\Roaming\Skype
2008-02-29 12:08 --------- d-----w C:\Users\timcooley\AppData\Roaming\DivX
2008-02-29 08:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 08:05 --------- d-----w C:\Program Files\Veoh Networks
2008-02-22 04:58 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-22 04:56 --------- d-----w C:\Program Files\MSBuild
2008-02-22 04:56 --------- d-----w C:\Program Files\Microsoft Works
2008-02-22 04:53 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-13 19:19 --------- d-----w C:\ProgramData\RoboForm
2008-02-13 19:17 --------- d-----w C:\Program Files\Siber Systems
2008-02-13 08:06 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 08:05 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 08:05 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 08:05 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 08:05 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 08:05 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 08:05 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 08:05 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 08:05 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-13 08:03 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 08:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 08:03 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 08:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 08:03 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 08:03 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 08:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 08:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 08:03 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-13 08:03 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 08:03 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 08:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-29 09:39 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-29 09:39 32 ----a-w C:\ProgramData\ezsid.dat
2007-12-22 16:00 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4C046BC-3B93-4E9E-81B5-6EB3B30B8A87}]
C:\Windows\system32\vtUmKEVp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:34 125440]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 04:02 1232896]
"ucvkpsuy"="C:\Windows\system32\joxedsxm.exe" [ ]
"qqftwsim"="C:\Windows\system32\ezanwpyp.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-31 23:20 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-22 11:42 1006264]
"TPFNF7"="C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-12-20 04:04 60704]
"PWMTRV"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-12-07 03:11 324896]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2007-12-07 03:11 214576]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-13 21:53 820520]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 01:49 66176]
"TpShocks"="TpShocks.exe" [2007-11-22 16:09 181536 C:\Windows\System32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 03:33 243248]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-11-19 15:23 487424]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 06:51 91688]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 13:10 120368]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 14:00 419376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 19:48 419112]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 19:49 124200]
"IaNvSrv"="C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 04:45 33048]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-10 22:03 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-10 22:03 8501792]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-10 22:03 81920]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-30 10:45 286720]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 19:45 992816]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-12-07 11:13 1282048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-28 12:37 579072]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-28 12:35 219136]

C:\Users\timcooley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]
PdaNet Desktop.lnk - C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe [2008-03-04 18:25:24 222424]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-03-29 17:11:50 719664]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-12-22 12:15:38 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"r1qogqQKPY"= C:\ProgramData\fwbyrmzq\zwjefebu.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-31 23:20 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-03-28 12:35 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"Aim6"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
"LenovoOobeOffers"=c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2722524923-2545694548-2666467445-1005]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{0EF93AD0-A885-4C95-BCDA-CA99449EC62B}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{7F49E00B-C611-48D6-BAD7-7948CC3F5EB7}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{072EDB11-EFE4-4FCF-A12A-44B90630FF5B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{020A9023-BE1C-45E0-8FA1-6FF17D3FAB7E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{8499A337-E77A-4AB6-B264-36709A0E0DBB}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{9C0A92B4-45DA-4C65-A75D-9A20DA79F24D}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{9C3425C6-135E-49A9-874E-7FB595FE3F61}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{AD378D94-B896-40CA-BCEF-174D12B92929}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"{EBC8992A-76D9-4234-8EE4-DD2089F36361}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CB5D4031-D73A-4380-89CF-AA95C606ABA1}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{8F218BD9-1008-4A2C-9E82-E13682D02C94}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F462504E-84C3-448D-9509-6CB0151CABF2}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D4D08411-0019-462E-8B62-06B3F5F3DAC5}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8E54AE76-F0A2-40DC-B1AB-C880E10FD3F2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{392AC3EC-09A8-447E-9A1C-0CD6A4E0CA23}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys [2007-05-03 22:21]
R0 Shockprf;Shockprf;C:\Windows\system32\DRIVERS\Apsx86.sys [2007-10-16 19:33]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM86.sys [2007-10-16 19:32]
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-09 00:05]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 06:04]
R1 TPPWRIF;TPPWRIF;C:\Windows\system32\drivers\Tppwr32v.sys [2007-12-07 03:11]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-05 18:44]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 05:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 TPHKSVC;On Screen Display;C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 01:07]
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-01-09 00:03]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 05:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 03:44]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 14:46]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 01:20]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 01:20]
R3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 15:32]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 19:59]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 03:30]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 14:04]
S3 vmcam325av;Lenovo USB WebCam;C:\Windows\system32\Drivers\vmcam325av.sys [2007-03-14 05:35]
S3 vvftav;325 Primax filter service name, vista ver;C:\Windows\system32\drivers\vvftav.sys [2007-02-03 02:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef17a56b-ef0e-11dc-846a-001e4cf806ac}]
\shell\AutoRun\command - D:\wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 08:15:07 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- c:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-04 05:39:12 C:\Windows\Tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 04:13:32
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

folder error: C:\Windows\system32
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\DLAAPI_W.DLL
-> C:\PROGRA~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\system32\ibmpmsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2008-04-04 4:18:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-04 08:17:06
The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 99,670,953,984 bytes free
.
2008-04-04 03:40:53 --- E O F ---
________________________________________________________________________________
_______________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:39 AM, on 4/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\timcooley\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B4C046BC-3B93-4E9E-81B5-6EB3B30B8A87} - C:\Windows\system32\vtUmKEVp.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ucvkpsuy] C:\Windows\system32\joxedsxm.exe
O4 - HKCU\..\Run: [qqftwsim] C:\Windows\system32\ezanwpyp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [r1qogqQKPY] C:\ProgramData\fwbyrmzq\zwjefebu.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15478 bytes
  • 0

#6
BHowett
Posted 04 April 2008 - 03:14 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi tameggo,


Got a quick question for you… I see in your log you are using AVG for your antivirus, however I also see that you have Symantec AntiVirus on your system that’s showing disabled in the registry. I just want to make sure that you set Symantec as disabled?


Let continue with the fix :)


Fix with HJT

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {B4C046BC-3B93-4E9E-81B5-6EB3B30B8A87} - C:\Windows\system32\vtUmKEVp.dll (file missing)
O4 - HKCU\..\Run: [ucvkpsuy] C:\Windows\system32\joxedsxm.exe
O4 - HKCU\..\Run: [qqftwsim] C:\Windows\system32\ezanwpyp.exe


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.


Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\Windows\system32\joxedsxm.exe
C:\Windows\system32\ezanwpyp.exe


After that, Reboot.


========================================================


Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\ProgramData\fwbyrmzq\zwjefebu.exe
  • Click on the submit button
  • Please post the results in your next reply.

========================================================


Update Java:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 5 and save it to your desktop.
  • Scroll down to where it says "JJava Runtime Environment (JRE) 6 Update 5...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.

========================================================

Needed in your next reply:

Results from Jotti File Submission, and a fresh HijackThis log. Also let me know how your system is running.
  • 0

#7
tameggo
Posted 05 April 2008 - 07:36 PM

tameggo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Symantec in the registry was from a version I tried to install, it turned out the version I tried to install was not vista compatible.

On with the fix:

Jotti Scan: The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:48 PM, on 4/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\timcooley\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [r1qogqQKPY] C:\ProgramData\fwbyrmzq\zwjefebu.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15110 bytes


My system seems to be running good, startup is slow but I believe this is from all the programs are set to run on startup. Also there isn't a missing .dll error anymore so thank u for that.
  • 0

#8
BHowett
Posted 06 April 2008 - 08:36 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi tameggo,


Lets try uploading that file to another site:

Upload a File to Virustotal

Please visit Virustotal
  • Click the Browse... button
  • Navigate to the file C:\ProgramData\fwbyrmzq\zwjefebu.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results back here please.

===============================================


Next please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

===============================================


Please post both the Virustotal, and Kaspersky results in your next reply
  • 0

#9
tameggo
Posted 06 April 2008 - 12:34 PM

tameggo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The directory for " C:\ProgramData\fwbyrmzq\zwjefebu.exe" exist on my computer but the "zwjefebu.exe" file does not. I have my computer set to show hidden files too.

KASPERSKY ONLINE SCANNER REPORT
Sunday, April 06, 2008 2:29:21 PM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/04/2008
Kaspersky Anti-Virus database records: 686761


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
E:\

Scan Statistics
Total number of scanned objects 98197
Number of viruses found 1
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 00:49:53

Infected Object Name Virus Name Last Action
C:\Boot\BCD Object is locked skipped

C:\Boot\BCD.LOG Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_135.trc Object is locked skipped

C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\ProgramData\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\ProgramData\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1253ebc64e4f0635cd0d86d65294e015_909f10f9-5910-4b03-85fd-e6fc144c70d7 Object is locked skipped

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\df54c4c03aa33211917a2bf346d9a5a5_909f10f9-5910-4b03-85fd-e6fc144c70d7 Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.95.Crwl Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.95.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.ci Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wsb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy278.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf4420.tmp Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf448F.tmp Object is locked skipped

C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050107.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\SystemRestore\FRStaging\Windows\bthservsdp.dat Object is locked skipped

C:\Users\timcooley\AppData\Local\Microsoft\Business Contact Manager\MSSmallBusiness.ldf Object is locked skipped

C:\Users\timcooley\AppData\Local\Microsoft\Business Contact Manager\MSSmallBusiness.mdf Object is locked skipped

C:\Users\timcooley\AppData\Local\Microsoft\CardSpace\CardSpace.db Object is locked skipped

C:\Users\timcooley\AppData\Local\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped

C:\Users\timcooley\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\Users\timcooley\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

C:\Users\timcooley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Users\timcooley\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Users\timcooley\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped

C:\Users\timcooley\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped

C:\Users\timcooley\AppData\Local\Microsoft\Windows\UsrClass.dat{015a2fcd-6a72-11db-b60e-0014220ec8bb}.TM.blf Object is locked skipped

C:\Users\timcooley\AppData\Local\Microsoft\Windows\UsrClass.dat{015a2fcd-6a72-11db-b60e-0014220ec8bb}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\timcooley\AppData\Local\Microsoft\Windows\UsrClass.dat{015a2fcd-6a72-11db-b60e-0014220ec8bb}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\timcooley\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped

C:\Users\timcooley\AppData\Local\Mozilla\Firefox\Profiles\whu7jgtp.default\Cache\_CACHE_001_ Object is locked skipped

C:\Users\timcooley\AppData\Local\Mozilla\Firefox\Profiles\whu7jgtp.default\Cache\_CACHE_002_ Object is locked skipped

C:\Users\timcooley\AppData\Local\Mozilla\Firefox\Profiles\whu7jgtp.default\Cache\_CACHE_003_ Object is locked skipped

C:\Users\timcooley\AppData\Local\Mozilla\Firefox\Profiles\whu7jgtp.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Users\timcooley\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped

C:\Users\timcooley\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

C:\Users\timcooley\AppData\Roaming\Mozilla\Firefox\Profiles\whu7jgtp.default\cert8.db Object is locked skipped

C:\Users\timcooley\AppData\Roaming\Mozilla\Firefox\Profiles\whu7jgtp.default\formhistory.dat Object is locked skipped

C:\Users\timcooley\AppData\Roaming\Mozilla\Firefox\Profiles\whu7jgtp.default\history.dat Object is locked skipped

C:\Users\timcooley\AppData\Roaming\Mozilla\Firefox\Profiles\whu7jgtp.default\key3.db Object is locked skipped

C:\Users\timcooley\AppData\Roaming\Mozilla\Firefox\Profiles\whu7jgtp.default\parent.lock Object is locked skipped

C:\Users\timcooley\AppData\Roaming\Mozilla\Firefox\Profiles\whu7jgtp.default\search.sqlite Object is locked skipped

C:\Users\timcooley\AppData\Roaming\Mozilla\Firefox\Profiles\whu7jgtp.default\urlclassifier2.sqlite Object is locked skipped

C:\Users\timcooley\Desktop\SmitfraudFix(2).exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Users\timcooley\Desktop\SmitfraudFix(2).exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Users\timcooley\Desktop\SmitfraudFix(2).exe RarSFX: infected - 2 skipped

C:\Users\timcooley\ntuser.dat Object is locked skipped

C:\Users\timcooley\ntuser.dat.LOG1 Object is locked skipped

C:\Users\timcooley\ntuser.dat.LOG2 Object is locked skipped

C:\Users\timcooley\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped

C:\Users\timcooley\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\timcooley\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\bthservsdp.dat Object is locked skipped

C:\Windows\CSC\v2.0.6\pq Object is locked skipped

C:\Windows\Debug\PASSWD.LOG Object is locked skipped

C:\Windows\Debug\sam.log Object is locked skipped

C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\catroot2\edb.log Object is locked skipped

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\config\COMPONENTS Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped

C:\Windows\System32\config\DEFAULT Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped

C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped

C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped

C:\Windows\System32\config\RegBack\SAM Object is locked skipped

C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped

C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped

C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped

C:\Windows\System32\config\SAM Object is locked skipped

C:\Windows\System32\config\SAM.LOG1 Object is locked skipped

C:\Windows\System32\config\SAM.LOG2 Object is locked skipped

C:\Windows\System32\config\SECURITY Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped

C:\Windows\System32\config\SOFTWARE Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped

C:\Windows\System32\config\SYSTEM Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped

C:\Windows\System32\config\TxR\{14f385a8-ff84-11dc-8ade-001e4cf806ac}.TxR.0.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{14f385a8-ff84-11dc-8ade-001e4cf806ac}.TxR.1.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{14f385a8-ff84-11dc-8ade-001e4cf806ac}.TxR.2.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{14f385a8-ff84-11dc-8ade-001e4cf806ac}.TxR.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped

C:\Windows\System32\drivers\sptd.sys Object is locked skipped

C:\Windows\System32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped

C:\Windows\System32\LogFiles\WindowsMobile\WcesLog.etl.001 Object is locked skipped

C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped

C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped

C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped

C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped

C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped

C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped

C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped

C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped

C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped

C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped

C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped

C:\Windows\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#10
BHowett
Posted 06 April 2008 - 06:22 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
hello again,

Fix with HijackThis


(You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.)

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Policies\Explorer\Run: [r1qogqQKPY] C:\ProgramData\fwbyrmzq\zwjefebu.exe

Now close all windows other than HiJackThis (especially Internet Explorer!), then click Fix Checked. Close HiJackThis. Reboot into safe mode..(Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.)


Using Windows Explorer (to get there right-click your Start button and go to "My Computer", or Hold down the Windows Key + E ), please delete these folders (if present):

C:\ProgramData\fwbyrmzq


After that, Reboot, and post a new HijackThis log here in your reply.


===============================================


ComboFix Removal
  • Follow these steps to uninstall Combofix and tools used in the removal of malware
    [List]
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image


===============================================

Please post a fresh HijackThis log in your next reply
  • 0

Advertisements

#11
tameggo
Posted 06 April 2008 - 06:55 PM

tameggo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
did you want me to uninstall combofix after I delete the file in safe mode?
  • 0

#12
BHowett
Posted 06 April 2008 - 07:09 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
no don't do it in safe mode... just reboot first then delete ComboFix. And of course don't forget to post a new HijackThis log :)
  • 0

#13
tameggo
Posted 06 April 2008 - 07:24 PM

tameggo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:45 PM, on 4/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\timcooley\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15266 bytes
  • 0

#14
BHowett
Posted 06 April 2008 - 08:06 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
nice work you log is clean....

This is my standard post for when you are clear - which you now are - or seem to be. Please advise me of any problems you still have.

I know you already have some of the programs like Antivirus, or 3rd party firewall, but I still like to share the information incase you ever need it, or want to change them.

  • First
  • Disable and Enable System Restore.

    b]Disable and Enable System Restore.[/b] - You should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    For Vista

    1. Click Start
    2. Right click Computer > Properties > Choose Advanced System Settings option in left menu listing.
    3. If UAC is enabled you will get a UAC prompt > click Continue
    4. Click System Protection tab
    5. Then Untick any Drive Listed ( see pic below ) and in the popup window click Turn Off System Restore
    6. Click Apply > OK


    Posted Image


    To re-enable System Restore, follow steps 1-4 then Tick the Drives you wish to enable System Restore on and click Apply and OK



    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

    Posted Image 1.) Watch what you download!
    Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read This Article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.

    Posted Image 2.) Go to Intenet Explorer > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed. If you're running Windows XP, that of course includes the Service Pack 2! If you suspect your computer is infected with Malware of any type, we advise you to not install SP2 if you don't already have it. You can post a HijackThis log on our Forums to get free Expert help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.

    It's important to always keep current with the latest security fixes from Microsoft.
    Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

    Posted Image 3.) Open Intenet Explorer and go to Internet Options > Security > Internet, then press "Default Level", then OK. Now press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".

    Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
    Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.

    So why is ActiveX so dangerous that you have to increase the security for it?
    When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
    Would you run just any random file downloaded off a web site without knowing what it is and what it does?

    Posted Image 4.) Install Javacool's SpywareBlaster

    It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.

    Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer) Press "Enable All Protection", and you're done.
    The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
    Don't forget to check for updates every week or so.

    Posted Image 5.) Let's also not forget that Spybot Search & Destroy has the Immunize feature which works roughly the same way. Another feature within Spybot is the TeaTimer option. This option immediately detects known malicious processes wanting to start and terminates them. TeaTimer also detects when something wants to change some critical registry keys and gives you an option to allow them or not.

    Posted Image 6.) Microsoft now offers their own free malicious software blocking tool. Windows Defender improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC.

    Posted Image 7.) Another excellent program by Javacool we recommend is SpywareGuard.
    It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

    Posted Image 8.) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.

    *It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer. However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.*

    Posted Image 9.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware to boot are ZoneAlarm, Kerio and Sygate

    Posted Image 10.) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are AVG, Avast, and AntiVir. It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats.
    NOTE: DO NOT install more than one anti-virus program. They will conflict, and provide less protection, not more.

    Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.


Thanks for letting us help you!
  • 0

#15
tameggo
Posted 06 April 2008 - 09:21 PM

tameggo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you very much, I appreciate you taking the time helping me out. Your instructions were very clear and easy to understand. I am glad you were able to help me clean my system from all the junk. I will be donating some money as soon as I get more funds in my paypal account which shouldn't take too long. once again thank you for everything BHowett
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP