WolfSW Posted October 16, 2010 ID:328183 Share Posted October 16, 2010 Hi, I recently registered to the Malwarebytes forum after reading a past forum entry about interpreting HT logs and i'm hoping someone here will be able to help me cause it looks like i'm not the only one that has had this issue before.Over the last few days i've been at war with a Trojan on my system. When i did some research it seemed to show similar behaviour descriptions as the Acebot if i member correctly. Orginally this started out as Dr.Watson Postmortum Debugger errors and freezes when i attempted to access anything on my quick launch. These errors have been dealt with when i learned this was only a mask for a trojan, but, since then, access to updates, for Malwarebytes in particular, have been met with failure: "Update Failed......Check to see if access to internet or firewall blocking." The Super AntiSpyware Program as well as The Shield Deluxe 2010 have managed to make some headway but i know Trojans don't just go away with one scan and a smile while in Windows Safe Mode.I obviously have access to the internet and firewall isn't blocking. My hope is i can get my system clean without a complete wipe.The HijackThis and Bytes Logs are as followed:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:23:17 PM, on 10/16/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\DTS.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\AtService.exeC:\WINDOWS\system32\FpLogonServ.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exeC:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\WiFi\bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exeC:\WINDOWS\system32\TpShocks.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exeC:\Program Files\Lenovo\HOTKEY\TPFNF6R.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeC:\WINDOWS\system32\igfxsrvc.exeC:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exeC:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exeC:\Program Files\Lenovo\HOTKEY\TPONSCR.exeC:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exeC:\Program Files\Apoint2K\ApMsgFwd.exeC:\Program Files\Lenovo\Zoom\TpScrex.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeC:\Program Files\Lenovo\Client Security Solution\cssauth.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exeC:\Program Files\Vidalia Bundle\Vidalia\vidalia.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeC:\WINDOWS\System32\TPHDEXLG.exeC:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exeC:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\seccenter.exeC:\Program Files\Lenovo\Rescue and Recovery\rrservice.exec:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeC:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXEC:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exec:\program files\lenovo\system update\suservice.exeC:\Program Files\Vidalia Bundle\Tor\tor.exeC:\Program Files\Vidalia Bundle\Polipo\polipo.exeC:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exeC:\Documents and Settings\Evan\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Evan\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Evan\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Evan\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Evan\Desktop\HijackThis.exeC:\Program Files\Microsoft Office\Office12\WINWORD.EXEC:\Documents and Settings\Evan\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Evan\Local Settings\Application Data\Google\Chrome\Application\chrome.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.inspiration.com/onlinereg/index...=InspirationIE8O2 - BHO: txthlpBHO Class - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\PROGRA~1\TEXTHE~1\READAN~1\TE3219~1.DLLO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO3 - Toolbar: The Shield Deluxe 2010 Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\IEToolbar.dllO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeO4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /rO4 - HKLM\..\Run: [TpShocks] TpShocks.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exeO4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \sO4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeO4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exeO4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exeO4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /startO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitorO4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLogO4 - HKLM\..\Run: [CreateLMBCShortCut] "C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe"O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeO4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeO4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silentO4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonO4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logonO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\IEShow.exe"O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Evan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exeO4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Google Sidewiki... - blankO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dllO9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLO20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dllO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeO23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeO23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exeO23 - Service: The Shield Deluxe Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\bin\arrakis3.exeO23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exeO23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exeO23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exeO23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exeO23 - Service: The Shield Deluxe Desktop Update Service (LIVESRV) - PCSecurityShield - C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exeO23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXEO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeO23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exeO23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exeO23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exeO23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeO23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exeO23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeO23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exeO23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exeO23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exeO23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeO23 - Service: The Shield Deluxe Virus Shield (VSSERV) - PCSecurityShield - C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe--End of file - 14711 bytesMalwarebytes' Anti-Malware 1.34Database version: 1749Windows 5.1.2600 Service Pack 310/16/2010 12:14:36 PMmbam-log-2010-10-16 (12-14-36).txtScan type: Quick ScanObjects scanned: 69834Time elapsed: 3 minute(s), 56 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Any help from anyone at this point would be greatly appreciated. If any other information is needed don't hestiate to ask for it.Thank you for your time. Link to post Share on other sites More sharing options...
Kenny94 Posted October 16, 2010 ID:328310 Share Posted October 16, 2010 Hi WolfSW and Welcome to Malwarebytes Forum!DeFoggerDownload DeFogger by jpshortstuff from here & save it to your desktop.Right click DeFogger then choose Run as Administrator Or you can double-click to run the tool The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A Finished! message will appear Click OK DeFogger will now ask to reboot the machine - click OK. If not reboot your PCIMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Do not re-enable these drivers until otherwise instructed.Next Download ComboFix from below:Combofix download* IMPORTANT !!! Place combofix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on combofix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:The Recovery Console was successfully installed.Click on Yes, to continue scanning for malware.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.--------------------------------------------------------------------------------------------- Link to post Share on other sites More sharing options...
WolfSW Posted October 19, 2010 Author ID:329577 Share Posted October 19, 2010 Hi Kenny94,thanks for the welcome and sorry for not getting back to the forum sooner. Unfortunately I've gotten in from work pretty late on this end the last few days and late shifts are taking their toll.Anyways, I've downloaded both Defogger and ComboFix. Tomorrow i'll post the result/update once I've gotten a chance to revisit the issue and get the programs installed so they can do their thing.Thank you though for pointing me in a direction. I was running out of ideas. Link to post Share on other sites More sharing options...
WolfSW Posted October 19, 2010 Author ID:329853 Share Posted October 19, 2010 The ComboFix Log is as followed:ComboFix 10-10-18.06 - Evan 10/19/2010 12:58:03.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2395 [GMT -4:00]Running from: c:\documents and settings\Evan\Desktop\ComboFix.exeAV: The Shield Deluxe Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\PC-Doctor\Downloads\283cdc40-c633-4749-b3ad-8eb5e8b11b5c.dllc:\program files\PC-Doctor\Downloads\434b795d-fe06-4495-801e-fa92d93babbc.dllc:\program files\PC-Doctor\Downloads\4506fabd-988f-4627-a1de-44b2f1093b08.dllc:\program files\PC-Doctor\Downloads\562ad818-216b-4d77-8b40-834630104d2c.dllc:\program files\PC-Doctor\Downloads\66bbef27-6ec5-4052-9cf4-64182300a42d.dllc:\program files\PC-Doctor\Downloads\6ee7f7ed-6bec-487e-b4a5-1430639ef900.dllc:\program files\PC-Doctor\Downloads\746b3523-df66-4ed9-beaa-88464b84933f.dllc:\program files\PC-Doctor\Downloads\7e69d673-ea6c-4910-b8f4-a802b4632ccb.dllc:\program files\PC-Doctor\Downloads\83db0f34-4452-4946-92c2-31dcd99767dd.dllc:\program files\PC-Doctor\Downloads\90110d4d-0aa3-42f8-b48a-92aebd9d59f3.dllc:\program files\PC-Doctor\Downloads\b34a10f6-a592-424f-af97-b051783f9dd2.dllc:\program files\PC-Doctor\Downloads\bead45d2-b2dc-44e3-94f8-c7de6979be60.dllc:\program files\PC-Doctor\Downloads\d754c4cc-ae68-4d17-afb7-55002296e1e2.dllc:\program files\PC-Doctor\Downloads\deb3a078-d61f-432f-954b-2bdea6e53e8e.dllc:\program files\PC-Doctor\Downloads\ec6735a3-9204-4734-bb0f-5859e58b13b2.dllc:\program files\PC-Doctor\Downloads\f1d18230-9731-47f0-b9f4-b537abcbb39c.dllc:\program files\PC-Doctor\Downloads\f57085f1-e4a7-4072-a879-29e4616a720a.dllc:\program files\PC-Doctor\Downloads\f64109b2-74cc-4638-ae17-228b7886774b.dllc:\program files\PC-Doctor\Downloads\fd85aea7-408e-4ff8-bdca-73b1320e8b27.dllc:\windows\system32\Thumbs.db.((((((((((((((((((((((((( Files Created from 2010-09-19 to 2010-10-19 ))))))))))))))))))))))))))))))).2010-10-18 14:52 . 2010-10-18 14:52 -------- d-----w- C:\AuthLog2010-10-16 18:02 . 2010-10-16 18:05 -------- d-----w- c:\documents and settings\Evan\Application Data\Update2010-10-15 23:28 . 2010-10-15 23:28 -------- d-----w- c:\documents and settings\Evan\Application Data\SUPERAntiSpyware.com2010-10-15 23:28 . 2010-10-15 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2010-10-15 23:27 . 2010-10-15 23:28 -------- d-----w- c:\program files\SUPERAntiSpyware2010-10-15 20:58 . 2010-10-15 20:58 -------- d-----w- c:\documents and settings\Evan\Application Data\DriverCure2010-10-15 20:58 . 2010-10-15 20:58 -------- d-----w- c:\documents and settings\Evan\Application Data\ParetoLogic2010-10-15 20:58 . 2010-10-15 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic2010-10-15 18:09 . 2010-10-15 22:11 -------- d-----w- c:\program files\Steam2010-10-15 18:07 . 2010-10-15 18:07 -------- d-----w- c:\program files\EA Games2010-10-15 18:00 . 2005-04-04 03:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll2010-10-15 18:00 . 2005-04-04 03:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll2010-10-15 18:00 . 2005-04-04 03:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll2010-10-15 18:00 . 2005-04-04 02:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe2010-10-15 18:00 . 2005-04-04 03:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll2010-10-15 18:00 . 2010-10-15 18:00 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll2010-10-15 18:00 . 2010-10-15 18:00 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll2010-10-15 16:41 . 2010-10-15 16:41 -------- d-----w- c:\documents and settings\Evan\Application Data\BitDefender2010-10-15 16:34 . 2008-03-05 20:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll2010-10-15 16:34 . 2008-03-05 19:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll2010-10-15 16:34 . 2008-03-05 19:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll2010-10-15 16:34 . 2008-02-06 03:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll2010-10-15 16:33 . 2010-10-15 16:33 -------- d-----w- c:\windows\Logs2010-10-15 16:25 . 2010-10-15 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters2010-10-14 20:23 . 2010-10-14 20:23 -------- d-----w- c:\documents and settings\Evan\Application Data\springlobby2010-10-14 20:16 . 2010-10-15 21:02 -------- d-----w- c:\documents and settings\Evan\Application Data\springsettings2010-10-14 14:21 . 2010-10-14 14:21 -------- d-----w- c:\program files\Common Files\Adobe2010-10-13 21:59 . 2010-10-13 21:59 -------- d-----w- C:\CAVEDOG2010-10-13 20:12 . 2010-10-13 20:12 -------- d-----w- c:\documents and settings\Evan\Application Data\Texthelp Systems2010-10-13 20:12 . 2010-10-14 14:21 -------- d-----w- c:\documents and settings\Evan\Local Settings\Application Data\Adobe2010-10-13 14:41 . 2010-10-13 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender2010-10-13 14:38 . 2010-10-13 14:38 -------- d-----w- c:\documents and settings\Evan\Application Data\The Shield Deluxe2010-10-13 14:37 . 2010-10-13 14:37 -------- d-----w- c:\program files\Common Files\The Shield Deluxe2010-10-13 14:37 . 2010-10-13 14:37 -------- d-----w- c:\program files\The Shield Deluxe2010-10-13 14:37 . 2010-10-13 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\The Shield Deluxe2010-10-12 23:36 . 2010-10-13 22:38 -------- d-----w- c:\documents and settings\Evan\Application Data\QuickScan2010-10-12 23:14 . 2001-08-17 17:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys2010-10-12 23:14 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys2010-10-12 23:14 . 2008-04-14 04:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys2010-10-12 23:14 . 2008-04-14 04:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys2010-10-12 21:08 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll2010-10-12 21:08 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll2010-10-12 21:08 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll2010-10-12 21:08 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll2010-10-12 03:25 . 2010-10-12 03:25 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2010-10-12 03:18 . 2010-10-12 03:18 -------- d-----w- c:\windows\SQL9_KB970892_ENU2010-10-12 03:15 . 2010-10-12 03:15 -------- d-sh--w- c:\documents and settings\Default User\IETldCache2010-10-12 03:09 . 2010-10-15 22:20 -------- d-----w- c:\documents and settings\Evan\Local Settings\Application Data\Deployment2010-10-12 03:06 . 2010-10-12 03:06 -------- d-----w- c:\documents and settings\Evan\Application Data\Malwarebytes2010-10-12 03:06 . 2009-02-11 14:19 15504 ----a-w- c:\windows\system32\drivers\mbam.sys2010-10-12 03:06 . 2009-02-11 14:19 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-10-12 03:06 . 2010-10-12 03:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-10-12 03:06 . 2010-10-12 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-10-12 03:00 . 2010-10-12 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-10-12 03:00 . 2010-10-12 03:03 -------- d-----w- c:\program files\Spybot - Search & Destroy2010-10-12 02:53 . 2010-10-19 16:50 -------- d-----w- c:\documents and settings\Evan\Application Data\LimeWire2010-10-12 02:52 . 2010-10-12 02:56 -------- d-----w- c:\program files\LimeWire2010-10-12 02:50 . 2010-10-12 02:50 -------- d-----w- c:\program files\uTorrent2010-10-12 02:50 . 2010-10-19 14:38 -------- d-----w- c:\documents and settings\Evan\Application Data\uTorrent2010-10-12 02:49 . 2007-09-21 00:52 118784 ----a-w- c:\windows\system32\ac3acm.acm2010-10-12 02:49 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll2010-10-12 02:49 . 2006-09-24 15:11 389120 ----a-w- c:\windows\system32\lameACM.acm2010-10-12 02:49 . 2008-03-31 21:25 682496 ----a-w- c:\windows\system32\divx.dll2010-10-12 02:49 . 2008-03-21 20:30 3596288 ----a-w- c:\windows\system32\qt-dx331.dll2010-10-12 02:49 . 2008-03-21 20:28 81920 ----a-w- c:\windows\system32\dpl100.dll2010-10-12 02:49 . 2008-01-10 12:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll2010-10-12 02:49 . 2008-01-10 12:15 755027 ----a-w- c:\windows\system32\xvidcore.dll2010-10-12 02:49 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll2010-10-12 02:49 . 2008-03-28 17:41 7680 ----a-w- c:\windows\system32\ff_vfw.dll2010-10-12 02:49 . 2010-10-12 02:49 -------- d-----w- c:\program files\K-Lite Codec Pack2010-10-12 02:46 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll2010-10-12 02:45 . 2010-10-18 01:04 -------- d-----w- c:\windows\system32\LogFiles2010-10-12 02:45 . 2010-10-12 02:45 -------- d-----w- c:\windows\system32\drivers\UMDF2010-10-12 02:42 . 2010-10-19 16:51 -------- d-----w- c:\documents and settings\Evan\Application Data\Tor2010-10-12 02:42 . 2010-10-19 17:03 -------- d-----w- c:\documents and settings\Evan\Application Data\Vidalia2010-10-12 02:42 . 2010-10-12 02:42 -------- d-----w- c:\program files\Vidalia Bundle2010-10-12 02:41 . 2010-10-12 02:41 -------- d-----w- c:\program files\Common Files\Java2010-10-12 02:40 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll2010-10-12 02:35 . 2010-10-12 02:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2010-10-11 03:32 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe2010-10-11 03:30 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2010-10-11 03:20 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll2010-10-11 03:20 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll2010-10-11 03:18 . 2010-10-11 03:18 -------- d-----w- c:\documents and settings\Evan\Application Data\Creative2010-10-11 02:55 . 1999-10-10 17:00 41984 ------w- c:\windows\Ctregrun.exe2010-10-11 02:54 . 2010-10-11 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative2010-10-11 02:53 . 2010-10-11 02:55 -------- d-----w- c:\program files\Creative2010-10-11 02:51 . 2003-11-10 22:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll2010-10-11 02:51 . 2003-11-10 22:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll2010-10-11 02:51 . 2003-11-10 22:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll2010-10-11 02:51 . 2003-11-10 22:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll2010-10-11 02:51 . 2003-11-10 22:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe2010-10-11 02:51 . 2010-10-11 02:51 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll2010-10-11 02:51 . 2010-10-11 02:51 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-04-28 692224]"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2010-08-23 5636136]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]"Google Update"="c:\documents and settings\Evan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-12 136176]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-05-28 61728]"TpShocks"="TpShocks.exe" [2009-02-03 181536]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-07 167936]"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-07-14 417792]"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2009-07-14 208896]"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-07-16 40960]"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"BitDefender Antiphishing Helper"="c:\program files\The Shield Deluxe\The Shield Deluxe 2010\IEShow.exe" [2009-09-14 71152]"BDAgent"="c:\program files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe" [2009-09-24 1114536]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]c:\documents and settings\Evan\Start Menu\Programs\Startup\LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-9-30 503808]c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-9-26 50688][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]2008-10-27 01:41 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\Steam\\Steam.exe"=R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [1/28/2009 8:57 PM 20520]R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [10/23/2008 4:15 AM 13480]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [10/26/2008 9:33 PM 1676536]R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [10/26/2008 9:38 PM 98304]R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [10/26/2008 9:41 PM 118784]R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [9/26/2009 3:40 AM 53248]R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [6/12/2009 5:00 AM 62320]R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 6:34 PM 520192]R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [9/26/2009 3:30 AM 482176]R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [9/17/2009 4:12 PM 152328]R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 6:54 PM 37312]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [6/12/2009 5:00 AM 45424]S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [10/26/2008 9:38 PM 106496]S3 Arrakis3;The Shield Deluxe Arrakis Server;c:\program files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\bin\arrakis3.exe [9/13/2009 11:31 PM 183880]S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 11:15 AM 1120752]S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [3/28/2010 12:46 AM 23480]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bdx REG_MULTI_SZ scan.Contents of the 'Scheduled Tasks' folder2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4091918497-3424012843-2120533791-1008Core.job- c:\documents and settings\Evan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 03:10]2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4091918497-3424012843-2120533791-1008UA.job- c:\documents and settings\Evan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 03:10]2010-10-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\PC-Doctor\uaclauncher.exe [2010-09-08 21:08]2010-10-19 c:\windows\Tasks\PMTask.job- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-09-26 16:01]2010-10-16 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\PC-Doctor\pcdrcui.exe [2010-09-08 21:08]..------- Supplementary Scan -------.uStart Page = hxxp://lenovo.msn.comuInternet Connection Wizard,ShellNext = hxxp://www.inspiration.com/onlinereg/index.cfm?fuseaction=form&disnav=no&fromsoftware=yes&first_name=%22Evan%22&last_name=%22McKeever%22&organization=%22%20%22&serial_number=6530H3282N8571&product=InspirationIE8IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - blank.- - - - ORPHANS REMOVED - - - -Notify-ACNotify - ACNotify.dll.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(880)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dllc:\program files\ThinkPad\ConnectUtilities\ACNotify.dllc:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dllc:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dllc:\program files\ThinkPad\ConnectUtilities\ACHelper.dllc:\windows\system32\FpWinLogonNp.dllc:\program files\Lenovo Fingerprint Software\ATCSSINT.dllc:\program files\Lenovo Fingerprint Software\SharedResources.dllc:\program files\Lenovo Fingerprint Software\FPResource.dllc:\program files\Lenovo\Client Security Solution\CSS_Enroll.dllc:\program files\Lenovo\Client Security Solution\css_banner.dllc:\windows\system32\cssuserdatadispatcher.dllc:\windows\system32\tvttsp.dllc:\windows\system32\tcsrpc.dll- - - - - - - > 'explorer.exe'(4424)c:\windows\system32\WININET.dllc:\program files\Kurzweil Educational Systems\Kurzweil 3000\Apps\KESIBand.dllc:\program files\PC-Doctor\ATLPcdToolbar569208.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\program files\Lenovo\Drag-to-Disc\Shellex.dllc:\windows\system32\DLAAPI_W.DLLc:\program files\Lenovo\Drag-to-Disc\ShellRes.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\ibmpmsvc.exec:\program files\Intel\WiFi\bin\S24EvMon.exec:\windows\system32\TpShocks.exec:\windows\system32\igfxsrvc.exec:\windows\system32\rundll32.exec:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exec:\program files\Lenovo\HOTKEY\TPONSCR.exec:\program files\Apoint2K\ApMsgFwd.exec:\program files\Intel\WiFi\bin\EvtEng.exec:\program files\Lenovo\Zoom\TpScrex.exec:\program files\Apoint2K\Apntex.exec:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exec:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exec:\windows\System32\TPHDEXLG.exec:\program files\Lenovo\Client Security Solution\tvttcsd.exec:\program files\Lenovo\Rescue and Recovery\rrservice.exec:\program files\Common Files\Lenovo\Scheduler\tvtsched.exec:\program files\lenovo\system update\suservice.exec:\program files\Vidalia Bundle\Tor\tor.exec:\program files\Vidalia Bundle\Polipo\polipo.exec:\program files\Windows Media Player\WMPNetwk.exec:\program files\ThinkPad\ConnectUtilities\AcSvc.exec:\windows\system32\wscntfy.exec:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe.**************************************************************************.Completion time: 2010-10-19 13:07:01 - machine was rebootedComboFix-quarantined-files.txt 2010-10-19 17:07Pre-Run: 112,971,780,096 bytes freePost-Run: 112,913,272,832 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect- - End Of File - - 59303079DA8082FEA15E2B73D351826CThanks again Kenny for looking into this stuff. I'll check back later this evening to see if a reply has been posted to the ComboFix results. Link to post Share on other sites More sharing options...
Kenny94 Posted October 19, 2010 ID:329866 Share Posted October 19, 2010 Run CFScriptClose any open browsers.Open Notepad by click startClick RunType notepad into the box and click enterNotepad will openCopy and Paste everything from the Code box into Notepad:KILLALL::Folder::c:\documents and settings\Evan\Application Data\DriverCurec:\documents and settings\Evan\Application Data\DriverCurec:\documents and settings\Evan\Application Data\ParetoLogicc:\documents and settings\All Users\Application Data\ParetoLogicSave the file to your desktop and name it CFScript.txt Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.This will start ComboFix again. It may ask to reboot. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply. NextFollow these instructions please: 1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.2. Restart your computer (very important).3. Download and run this utility. http://www.malwarebytes.org/mbam-clean.exe4. It will ask to restart your computer (please allow it to).5. After the computer restarts, install the latest version 1.46 from here. http://www.malwarebytes.org/mbam-download.phpUpdate Run MalwarebytesLaunch Malwarebytes' Anti-MalwareIf an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.In your next reply, please include these log(s):CFScript.txt MBAM ReportAlso, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted. Link to post Share on other sites More sharing options...
WolfSW Posted October 20, 2010 Author ID:330233 Share Posted October 20, 2010 Everything went smoothly.Malwarebytes is reinstalled and working now and i actually noted that things are running a little smoother. I had absolutely no issues following your instructions Kenny.Surprisingly enough though Malwarebytes didn't pick anything up after the scan which i thought might be a little odd but i'll wait for you to say otherwise.ComboFix and Malwarebytes Logs are as followed:ComboFix 10-10-18.06 - Evan 10/19/2010 18:25:10.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2381 [GMT -4:00]Running from: c:\documents and settings\Evan\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Evan\Desktop\CFScript.txtAV: The Shield Deluxe Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\ParetoLogicc:\documents and settings\Evan\Application Data\DriverCurec:\documents and settings\Evan\Application Data\DriverCure\LogFile.txtc:\documents and settings\Evan\Application Data\ParetoLogicc:\documents and settings\Evan\Application Data\ParetoLogic\PC Health Advisor\Client.txtc:\documents and settings\Evan\Application Data\ParetoLogic\PC Health Advisor\Server.txt.((((((((((((((((((((((((( Files Created from 2010-09-19 to 2010-10-19 ))))))))))))))))))))))))))))))).2010-10-18 14:52 . 2010-10-18 14:52 -------- d-----w- C:\AuthLog2010-10-16 18:02 . 2010-10-16 18:05 -------- d-----w- c:\documents and settings\Evan\Application Data\Update2010-10-15 23:28 . 2010-10-15 23:28 -------- d-----w- c:\documents and settings\Evan\Application Data\SUPERAntiSpyware.com2010-10-15 23:28 . 2010-10-15 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2010-10-15 23:27 . 2010-10-15 23:28 -------- d-----w- c:\program files\SUPERAntiSpyware2010-10-15 18:09 . 2010-10-15 22:11 -------- d-----w- c:\program files\Steam2010-10-15 18:07 . 2010-10-15 18:07 -------- d-----w- c:\program files\EA Games2010-10-15 18:00 . 2005-04-04 03:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll2010-10-15 18:00 . 2005-04-04 03:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll2010-10-15 18:00 . 2005-04-04 03:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll2010-10-15 18:00 . 2005-04-04 02:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe2010-10-15 18:00 . 2005-04-04 03:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll2010-10-15 18:00 . 2010-10-15 18:00 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll2010-10-15 18:00 . 2010-10-15 18:00 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll2010-10-15 16:41 . 2010-10-15 16:41 -------- d-----w- c:\documents and settings\Evan\Application Data\BitDefender2010-10-15 16:34 . 2008-03-05 20:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll2010-10-15 16:34 . 2008-03-05 19:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll2010-10-15 16:34 . 2008-03-05 19:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll2010-10-15 16:34 . 2008-02-06 03:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll2010-10-15 16:33 . 2010-10-15 16:33 -------- d-----w- c:\windows\Logs2010-10-15 16:25 . 2010-10-15 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters2010-10-14 20:23 . 2010-10-14 20:23 -------- d-----w- c:\documents and settings\Evan\Application Data\springlobby2010-10-14 20:16 . 2010-10-15 21:02 -------- d-----w- c:\documents and settings\Evan\Application Data\springsettings2010-10-14 14:21 . 2010-10-14 14:21 -------- d-----w- c:\program files\Common Files\Adobe2010-10-13 21:59 . 2010-10-13 21:59 -------- d-----w- C:\CAVEDOG2010-10-13 20:12 . 2010-10-13 20:12 -------- d-----w- c:\documents and settings\Evan\Application Data\Texthelp Systems2010-10-13 20:12 . 2010-10-14 14:21 -------- d-----w- c:\documents and settings\Evan\Local Settings\Application Data\Adobe2010-10-13 14:41 . 2010-10-13 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender2010-10-13 14:38 . 2010-10-13 14:38 -------- d-----w- c:\documents and settings\Evan\Application Data\The Shield Deluxe2010-10-13 14:37 . 2010-10-13 14:37 -------- d-----w- c:\program files\Common Files\The Shield Deluxe2010-10-13 14:37 . 2010-10-13 14:37 -------- d-----w- c:\program files\The Shield Deluxe2010-10-13 14:37 . 2010-10-13 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\The Shield Deluxe2010-10-12 23:36 . 2010-10-13 22:38 -------- d-----w- c:\documents and settings\Evan\Application Data\QuickScan2010-10-12 23:14 . 2001-08-17 17:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys2010-10-12 23:14 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys2010-10-12 23:14 . 2008-04-14 04:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys2010-10-12 23:14 . 2008-04-14 04:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys2010-10-12 21:08 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll2010-10-12 21:08 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll2010-10-12 21:08 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll2010-10-12 21:08 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll2010-10-12 03:25 . 2010-10-12 03:25 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2010-10-12 03:18 . 2010-10-12 03:18 -------- d-----w- c:\windows\SQL9_KB970892_ENU2010-10-12 03:15 . 2010-10-12 03:15 -------- d-sh--w- c:\documents and settings\Default User\IETldCache2010-10-12 03:09 . 2010-10-15 22:20 -------- d-----w- c:\documents and settings\Evan\Local Settings\Application Data\Deployment2010-10-12 03:06 . 2010-10-12 03:06 -------- d-----w- c:\documents and settings\Evan\Application Data\Malwarebytes2010-10-12 03:06 . 2009-02-11 14:19 15504 ----a-w- c:\windows\system32\drivers\mbam.sys2010-10-12 03:06 . 2009-02-11 14:19 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-10-12 03:06 . 2010-10-12 03:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-10-12 03:06 . 2010-10-12 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-10-12 03:00 . 2010-10-12 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-10-12 03:00 . 2010-10-12 03:03 -------- d-----w- c:\program files\Spybot - Search & Destroy2010-10-12 02:53 . 2010-10-19 17:03 -------- d-----w- c:\documents and settings\Evan\Application Data\LimeWire2010-10-12 02:52 . 2010-10-12 02:56 -------- d-----w- c:\program files\LimeWire2010-10-12 02:50 . 2010-10-12 02:50 -------- d-----w- c:\program files\uTorrent2010-10-12 02:50 . 2010-10-19 14:38 -------- d-----w- c:\documents and settings\Evan\Application Data\uTorrent2010-10-12 02:49 . 2007-09-21 00:52 118784 ----a-w- c:\windows\system32\ac3acm.acm2010-10-12 02:49 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll2010-10-12 02:49 . 2006-09-24 15:11 389120 ----a-w- c:\windows\system32\lameACM.acm2010-10-12 02:49 . 2008-03-31 21:25 682496 ----a-w- c:\windows\system32\divx.dll2010-10-12 02:49 . 2008-03-21 20:30 3596288 ----a-w- c:\windows\system32\qt-dx331.dll2010-10-12 02:49 . 2008-03-21 20:28 81920 ----a-w- c:\windows\system32\dpl100.dll2010-10-12 02:49 . 2008-01-10 12:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll2010-10-12 02:49 . 2008-01-10 12:15 755027 ----a-w- c:\windows\system32\xvidcore.dll2010-10-12 02:49 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll2010-10-12 02:49 . 2008-03-28 17:41 7680 ----a-w- c:\windows\system32\ff_vfw.dll2010-10-12 02:49 . 2010-10-12 02:49 -------- d-----w- c:\program files\K-Lite Codec Pack2010-10-12 02:46 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll2010-10-12 02:45 . 2010-10-18 01:04 -------- d-----w- c:\windows\system32\LogFiles2010-10-12 02:45 . 2010-10-12 02:45 -------- d-----w- c:\windows\system32\drivers\UMDF2010-10-12 02:42 . 2010-10-19 17:12 -------- d-----w- c:\documents and settings\Evan\Application Data\Tor2010-10-12 02:42 . 2010-10-19 17:12 -------- d-----w- c:\documents and settings\Evan\Application Data\Vidalia2010-10-12 02:42 . 2010-10-12 02:42 -------- d-----w- c:\program files\Vidalia Bundle2010-10-12 02:41 . 2010-10-12 02:41 -------- d-----w- c:\program files\Common Files\Java2010-10-12 02:40 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll2010-10-12 02:35 . 2010-10-12 02:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2010-10-11 03:32 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe2010-10-11 03:30 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2010-10-11 03:20 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll2010-10-11 03:20 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll2010-10-11 03:18 . 2010-10-11 03:18 -------- d-----w- c:\documents and settings\Evan\Application Data\Creative2010-10-11 02:55 . 1999-10-10 17:00 41984 ------w- c:\windows\Ctregrun.exe2010-10-11 02:54 . 2010-10-11 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative2010-10-11 02:53 . 2010-10-11 02:55 -------- d-----w- c:\program files\Creative2010-10-11 02:51 . 2003-11-10 22:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll2010-10-11 02:51 . 2003-11-10 22:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll2010-10-11 02:51 . 2003-11-10 22:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll2010-10-11 02:51 . 2003-11-10 22:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll2010-10-11 02:51 . 2003-11-10 22:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe2010-10-11 02:51 . 2010-10-11 02:51 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll2010-10-11 02:51 . 2010-10-11 02:51 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-04-28 692224]"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2010-08-23 5636136]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]"Google Update"="c:\documents and settings\Evan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-12 136176]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-05-28 61728]"TpShocks"="TpShocks.exe" [2009-02-03 181536]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-07 167936]"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-07-14 417792]"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2009-07-14 208896]"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-07-16 40960]"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"BitDefender Antiphishing Helper"="c:\program files\The Shield Deluxe\The Shield Deluxe 2010\IEShow.exe" [2009-09-14 71152]"BDAgent"="c:\program files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe" [2009-09-24 1114536]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]c:\documents and settings\Evan\Start Menu\Programs\Startup\LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-9-30 503808]c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-9-26 50688][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]2008-10-27 01:41 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\Steam\\Steam.exe"=R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [1/28/2009 8:57 PM 20520]R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [10/23/2008 4:15 AM 13480]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [10/26/2008 9:33 PM 1676536]R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [10/26/2008 9:38 PM 98304]R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [10/26/2008 9:41 PM 118784]R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [9/26/2009 3:40 AM 53248]R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [6/12/2009 5:00 AM 62320]R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 6:34 PM 520192]R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [9/26/2009 3:30 AM 482176]R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [9/17/2009 4:12 PM 152328]R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 6:54 PM 37312]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [6/12/2009 5:00 AM 45424]S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [10/26/2008 9:38 PM 106496]S3 Arrakis3;The Shield Deluxe Arrakis Server;c:\program files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\bin\arrakis3.exe [9/13/2009 11:31 PM 183880]S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 11:15 AM 1120752]S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [3/28/2010 12:46 AM 23480]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bdx REG_MULTI_SZ scan.Contents of the 'Scheduled Tasks' folder2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4091918497-3424012843-2120533791-1008Core.job- c:\documents and settings\Evan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 03:10]2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4091918497-3424012843-2120533791-1008UA.job- c:\documents and settings\Evan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 03:10]2010-10-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\PC-Doctor\uaclauncher.exe [2010-09-08 21:08]2010-10-19 c:\windows\Tasks\PMTask.job- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-09-26 16:01]2010-10-16 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\PC-Doctor\pcdrcui.exe [2010-09-08 21:08]..------- Supplementary Scan -------.uStart Page = hxxp://lenovo.msn.comuInternet Connection Wizard,ShellNext = hxxp://www.inspiration.com/onlinereg/index.cfm?fuseaction=form&disnav=no&fromsoftware=yes&first_name=%22Evan%22&last_name=%22McKeever%22&organization=%22%20%22&serial_number=6530H3282N8571&product=InspirationIE8IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - blank..--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(880)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dllc:\windows\system32\FpWinLogonNp.dllc:\program files\Lenovo Fingerprint Software\ATCSSINT.dllc:\program files\Lenovo Fingerprint Software\SharedResources.dllc:\program files\Lenovo Fingerprint Software\FPResource.dllc:\program files\Lenovo\Client Security Solution\CSS_Enroll.dllc:\program files\Lenovo\Client Security Solution\css_banner.dllc:\windows\system32\cssuserdatadispatcher.dllc:\windows\system32\tvttsp.dllc:\windows\system32\tcsrpc.dll- - - - - - - > 'explorer.exe'(5548)c:\windows\system32\WININET.dllc:\program files\Kurzweil Educational Systems\Kurzweil 3000\Apps\KESIBand.dllc:\program files\PC-Doctor\ATLPcdToolbar569208.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\program files\Lenovo\Drag-to-Disc\Shellex.dllc:\windows\system32\DLAAPI_W.DLLc:\program files\Lenovo\Drag-to-Disc\ShellRes.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\program files\Lenovo\HOTKEY\hkvolkey.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\ibmpmsvc.exec:\program files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exec:\program files\Intel\WiFi\bin\S24EvMon.exec:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exec:\windows\system32\TpShocks.exec:\program files\Intel\WiFi\bin\EvtEng.exec:\program files\Lenovo\HOTKEY\TPONSCR.exec:\windows\system32\igfxsrvc.exec:\program files\Apoint2K\ApMsgFwd.exec:\program files\Lenovo\Zoom\TpScrex.exec:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exec:\windows\system32\rundll32.exec:\program files\Apoint2K\Apntex.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exec:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exec:\windows\System32\TPHDEXLG.exec:\program files\Lenovo\Client Security Solution\tvttcsd.exec:\program files\Lenovo\Rescue and Recovery\rrservice.exec:\program files\Common Files\Lenovo\Scheduler\tvtsched.exec:\program files\lenovo\system update\suservice.exec:\program files\Windows Media Player\WMPNetwk.exec:\program files\ThinkPad\ConnectUtilities\AcSvc.exec:\windows\system32\wscntfy.exec:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe.**************************************************************************.Completion time: 2010-10-19 18:35:42 - machine was rebootedComboFix-quarantined-files.txt 2010-10-19 22:35ComboFix2.txt 2010-10-19 17:07Pre-Run: 112,915,652,608 bytes freePost-Run: 112,901,971,968 bytes free- - End Of File - - 166BF2965AF66442928BE8BDDEEEA4C7Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4887Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870210/19/2010 10:43:06 PMmbam-log-2010-10-19 (22-43-06).txtScan type: Quick scanObjects scanned: 149634Time elapsed: 5 minute(s), 36 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Kenny94 Posted October 20, 2010 ID:330343 Share Posted October 20, 2010 Smile we are getting closer. Good job you done there!!!Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.Click Exit on the Main menu to close the program. NextESET Online ScannerNote: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.Please go here then click on: Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install.Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.Now click on Advanced Settings and select the following:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.[*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first![*]Now click on: [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.[*]Copy and paste that log as a reply to this topic.Note: Do not forget to re-enable your Anti-Virus application after running the above scan! Link to post Share on other sites More sharing options...
WolfSW Posted October 20, 2010 Author ID:330471 Share Posted October 20, 2010 ESETSmartInstaller@High as downloader log:all ok# version=7# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6211# api_version=3.0.2# EOSSerial=db5bf66d7a75774b8dcdc85aca22b77e# end=finished# remove_checked=false# archives_checked=false# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2010-10-20 04:08:49# local_time=2010-10-20 12:08:49 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=512 16777215 100 0 0 0 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=74427# found=2# cleaned=0# scan_time=1995C:\Documents and Settings\Evan\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0008d7 a variant of Win32/Adware.SpywareCease application 00000000000000000000000000000000 IC:\Documents and Settings\Evan\My Documents\Downloads\Programs For The War With Trojan\BestSpywareScanner_Setup.exe a variant of Win32/Adware.SpywareCease application 00000000000000000000000000000000 IHere's the results of the ESET Scan. Not sure why though the scan picked out these above in particular as supposed Trojans, but the first one i can see possibly being so, but a scanner i used to cleanse the system when i got the trojan?The ATF was able to clean everything that was checked though with no difficulty.P.S: Not sure if this matters but i figure i'll mention it: When i was dloading the ESET Scanner, at first m web browser (Google Chrome) had issues trying to access the link u posted for it, but after i'd gone and attempted to access it with Internet Explorer, even though it connected but with errors on page making it inaccessible, when i came band to it with Google Chrome it connected to the link just fine. It had me dload the Scanner manually when it saw i wasn't using Explorer. Link to post Share on other sites More sharing options...
Kenny94 Posted October 20, 2010 ID:330473 Share Posted October 20, 2010 We are almost done......... Please download the OTM by OldTimer. Save it to your desktop. Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)::Processes:Services:Reg:FilesC:\Documents and Settings\Evan\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0008d7 C:\Documents and Settings\Evan\My Documents\Downloads\Programs For The War With Trojan\BestSpywareScanner_Setup.exe:Commands[purity][resethosts][emptytemp][CREATERESTOREPOINT][EMPTYFLASH][Reboot] Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.Click the red Moveit! button.A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.Close OTMIf a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. Link to post Share on other sites More sharing options...
WolfSW Posted October 20, 2010 Author ID:330591 Share Posted October 20, 2010 Here are the results of the OTM:All processes killed========== PROCESSES ==================== SERVICES/DRIVERS ==================== REGISTRY ==================== FILES ==========C:\Documents and Settings\Evan\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0008d7 moved successfully.C:\Documents and Settings\Evan\My Documents\Downloads\Programs For The War With Trojan\BestSpywareScanner_Setup.exe moved successfully.========== COMMANDS ==========C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfully[EMPTYTEMP]User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 321 bytesUser: All UsersUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes->Flash cache emptied: 321 bytesUser: Evan->Temp folder emptied: 94273 bytes->Temporary Internet Files folder emptied: 220574 bytes->Java cache emptied: 12114737 bytes->Google Chrome cache emptied: 338356934 bytes->Flash cache emptied: 44189 bytesUser: LocalService->Temp folder emptied: 66016 bytes->Temporary Internet Files folder emptied: 32902 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 3244049 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 483 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytesRecycleBin emptied: 1453016 bytesTotal Files Cleaned = 339.00 mbRestore point Set: OTM Restore Point (0)OTM by OldTimer - Version 3.1.16.1 log created on 10202010_175906Files moved on Reboot...Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
Kenny94 Posted October 20, 2010 ID:330616 Share Posted October 20, 2010 Be sure to use Secunia software inspector & update checker WolfSW.Your Computer is CleanSome final items:To remove all of the tools we used and the files and folders they created, please do the following:Please download OTC.exe by OldTimer:Save it to your Desktop.Double click OTC.exe.Click the CleanUp! button.If you are prompted to Reboot during the cleanup, select Yes.The tool will delete itself once it finishes.Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.Here are some additional links for you to check out to help you with your computer security. BrowsersJust because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE. If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.Make your Internet Explorer more secure - This can be done by following these simple instructions:From within Internet Explorer click on the Tools menu and then click on Options.Click once on the Security tabClick once on the Internet icon so it becomes highlighted.Click once on the Custom Level button.Change the Download signed ActiveX controls to PromptChange the Download unsigned ActiveX controls to DisableChange the Initialize and script ActiveX controls not marked as safe to DisableChange the Installation of desktop items to PromptChange the Launching programs and files in an IFRAME to PromptChange the Navigate sub-frames across different domains to PromptWhen all these settings have been made, click on the OK buttonIf it prompts you as to whether or not you want to save the settings, press the Yes button.Next press the Apply button and then the OK to exit the Internet Properties page.Additional Security MeasuresVisit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.Secunia software inspector & update checker Visit My Blog for Malware and Spyware Tips Link to post Share on other sites More sharing options...
WolfSW Posted October 20, 2010 Author ID:330649 Share Posted October 20, 2010 It's over. Finally i can rest easy now lol. Thanks loads Kenny for your help. You saved me a lot of trouble and time. Think i'll hang on to a good portion of this stuff we worked with for future reference and experience. If i have any other questions is it alright to contact you?P.S: What's your opinion of Google Chrome? And what do u consider to be the top AntiVirus software and secure browser? Link to post Share on other sites More sharing options...
Kenny94 Posted October 21, 2010 ID:330703 Share Posted October 21, 2010 If i have any other questions is it alright to contact you?Were all here to help you.What's your opinion of Google Chrome? And what do u consider to be the top AntiVirus software and secure browser?I like Google Chrome a lot. I use Avira AntiVir and Google Chrome and Safari. Link to post Share on other sites More sharing options...
Staff screen317 Posted October 21, 2010 Staff ID:331194 Share Posted October 21, 2010 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts