Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
New virus and can't remove 2
- Thread starter DigitelD
- Start date
-
2
- #3
goombawaho
MIS
Check your HOSTS file and clean it up if anything is in there that you didn't intentionally modify.
Try ComboFix per the following instructions. Run that. If no love after running it and rebooting - post HijackThis log.
Try ComboFix per the following instructions. Run that. If no love after running it and rebooting - post HijackThis log.
actually, this is easy to fix, it is a spyware/redirector application:
1. Uninstall the App... SaveTubeVideo... DO NOT REBOOT at this STAGE...
2. Uninstall WinPCap (actually a legit app, but this is used to spy on you), which gets installed along side of SaveTube... NOW REBOOT...
3. for ease of fixing the left overs, Download HiJackThis, run a scan with log, post the log here, I, or someone else will discern the log and tell you what to fix...
HiJackThis from TrendMicro
4. Download CCleaner, run it and have it clean your PC of unwanted trash, (logfiles and unwanted Temp files)...
CCleaner
waiting for your next post...
Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
1. Uninstall the App... SaveTubeVideo... DO NOT REBOOT at this STAGE...
2. Uninstall WinPCap (actually a legit app, but this is used to spy on you), which gets installed along side of SaveTube... NOW REBOOT...
3. for ease of fixing the left overs, Download HiJackThis, run a scan with log, post the log here, I, or someone else will discern the log and tell you what to fix...
HiJackThis from TrendMicro
4. Download CCleaner, run it and have it clean your PC of unwanted trash, (logfiles and unwanted Temp files)...
CCleaner
waiting for your next post...
Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
goombawaho
MIS
The reason I mentioned combofix is that this person probably has a lot of other baddies on there as well. Might as well whack 'em all at once.
Goom,
I am not nay-saying you, I took a close look at this piece of crap, on an install on VMWare...
and then went to town on it...
Combofix probably is not a bad idea, that is also the reason why I asked him to post a HiJackThis Log...
Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
I am not nay-saying you, I took a close look at this piece of crap, on an install on VMWare...
and then went to town on it...
Combofix probably is not a bad idea, that is also the reason why I asked him to post a HiJackThis Log...
Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
goombawaho
MIS
There is a slight risk with ComboFix, so your method would entail less risk as a first step.
- Thread starter
- #8
Here is my hijackthis file:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:53:26 AM, on 9/7/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\ID Vault\IDVault.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SFT\GuardedID\GIDD.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nortel Networks\ICSRT\Scheduler\scheduler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dwayne\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ipoffice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: GuardId.MSIEBrowser.BHO - {5b0a01d2-b8a0-4e56-9e6b-cba0ef4b4eb5} - mscoree.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ID Vault.lnk = C:\Program Files\ID Vault\IDVault.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norstar ICS Scheduler.lnk = C:\Program Files\Nortel Networks\ICSRT\Scheduler\scheduler.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DDNIMSGService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
O23 - Service: DDNIService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\DIBS\DDNIService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: IDVault Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files\ID Vault\IDVaultSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: Voicemail Pro Service (VoicemailProServer) - Avaya - C:\Program Files\Avaya\IP Office\Voicemail Pro\VM\vmprov5svc.exe
--
End of file - 10914 bytes
SHK Certified (School of Hard Knocks)
NCSS, ATSP/IP
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:53:26 AM, on 9/7/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\ID Vault\IDVault.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SFT\GuardedID\GIDD.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nortel Networks\ICSRT\Scheduler\scheduler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dwayne\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ipoffice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: GuardId.MSIEBrowser.BHO - {5b0a01d2-b8a0-4e56-9e6b-cba0ef4b4eb5} - mscoree.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ID Vault.lnk = C:\Program Files\ID Vault\IDVault.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norstar ICS Scheduler.lnk = C:\Program Files\Nortel Networks\ICSRT\Scheduler\scheduler.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DDNIMSGService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
O23 - Service: DDNIService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\DIBS\DDNIService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: IDVault Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files\ID Vault\IDVaultSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: Voicemail Pro Service (VoicemailProServer) - Avaya - C:\Program Files\Avaya\IP Office\Voicemail Pro\VM\vmprov5svc.exe
--
End of file - 10914 bytes
SHK Certified (School of Hard Knocks)
NCSS, ATSP/IP
Dwayne,
the good news:
I can't see anything detrimental in that LOG, a few unnecessary entries but no Malware (that is detected by HJT)...
but that is also the bad news, if it is still redirecting, then by all means attempt ComboFix, as outlined by Goom...
also worth a look at, for scanning against malwares:
MBAM - Malwarebytes AntiMalware
SuperAntiSpyware
keep us posted as to the situation...
Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
the good news:
I can't see anything detrimental in that LOG, a few unnecessary entries but no Malware (that is detected by HJT)...
but that is also the bad news, if it is still redirecting, then by all means attempt ComboFix, as outlined by Goom...
also worth a look at, for scanning against malwares:
MBAM - Malwarebytes AntiMalware
SuperAntiSpyware
keep us posted as to the situation...
Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
- Thread starter
- #10
Here is the Combofix log:
ComboFix 10-09-06.04 - Dwayne 09/07/2010 12:31:14.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2937.1628 [GMT -4:00]
Running from: c:\users\Dwayne\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\BIN\_desktop.ini
c:\windows\system32\IMSMfcSupport.0406.dll
c:\windows\system32\IMSMfcSupport.0407.dll
c:\windows\system32\IMSMfcSupport.0409.dll
c:\windows\system32\IMSMfcSupport.040a.dll
c:\windows\system32\IMSMfcSupport.040b.dll
c:\windows\system32\IMSMfcSupport.040c.dll
c:\windows\system32\IMSMfcSupport.0410.dll
c:\windows\system32\IMSMfcSupport.0411.dll
c:\windows\system32\IMSMfcSupport.0413.dll
c:\windows\system32\IMSMfcSupport.0414.dll
c:\windows\system32\IMSMfcSupport.0416.dll
c:\windows\system32\IMSMfcSupport.0419.dll
c:\windows\system32\IMSMfcSupport.041d.dll
c:\windows\system32\IMSMfcSupport.0804.dll
c:\windows\system32\IMSMfcSupport.0809.dll
c:\windows\system32\IMSMfcSupport.080a.dll
c:\windows\system32\IMSMfcSupport.0816.dll
c:\windows\system32\IMSMfcSupport.0c04.dll
c:\windows\system32\IMSMfcSupport.0c0c.dll
c:\windows\system32\IMSMfcSupport.240a.dll
c:\windows\system32\IMSMfcSupport.2c0a.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\UMSINST.0406.dll
c:\windows\system32\UMSINST.0407.dll
c:\windows\system32\UMSINST.0409.dll
c:\windows\system32\UMSINST.040a.dll
c:\windows\system32\UMSINST.040b.dll
c:\windows\system32\UMSINST.040c.dll
c:\windows\system32\UMSINST.0410.dll
c:\windows\system32\UMSINST.0411.dll
c:\windows\system32\UMSINST.0413.dll
c:\windows\system32\UMSINST.0414.dll
c:\windows\system32\UMSINST.0416.dll
c:\windows\system32\UMSINST.0419.dll
c:\windows\system32\UMSINST.041d.dll
c:\windows\system32\UMSINST.0804.dll
c:\windows\system32\UMSINST.0809.dll
c:\windows\system32\UMSINST.080a.dll
c:\windows\system32\UMSINST.0816.dll
c:\windows\system32\UMSINST.0c04.dll
c:\windows\system32\UMSINST.0c0c.dll
c:\windows\system32\UMSINST.240a.dll
c:\windows\system32\UMSINST.2c0a.dll
Q:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://dibs.ddni.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))))
.
2010-09-07 15:18 . 2010-09-07 16:25 63488 ----a-w- c:\users\Dwayne\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-07 15:18 . 2010-09-07 15:18 52224 ----a-w- c:\users\Dwayne\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-07 15:18 . 2010-09-07 16:25 117760 ----a-w- c:\users\Dwayne\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-07 15:18 . 2010-09-07 15:18 -------- d-----w- c:\users\Dwayne\AppData\Roaming\SUPERAntiSpyware.com
2010-09-07 15:18 . 2010-09-07 15:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-07 15:18 . 2010-09-07 15:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-25 17:18 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-08-25 17:18 . 2009-10-10 02:31 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-08-25 13:48 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\program files\QuickTime
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\programdata\Apple Computer
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\program files\Common Files\Apple
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\users\Dwayne\AppData\Local\Apple
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\programdata\Apple
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\program files\Apple Software Update
2010-08-13 18:07 . 2010-07-23 14:17 25360 ------w- c:\windows\system32\drivers\gidv2.sys
2010-08-13 18:07 . 2010-08-13 18:07 -------- d-----w- c:\programdata\GID
2010-08-13 18:07 . 2010-08-13 18:07 -------- d-----w- c:\program files\SFT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 16:26 . 2010-06-15 20:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-07 13:50 . 2010-06-15 20:51 -------- d-----w- c:\program files\SpywareBlaster
2010-09-05 13:48 . 2010-06-15 21:13 1 ----a-w- c:\users\Dwayne\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-26 19:37 . 2010-06-16 12:41 -------- d-----w- c:\program files\e-Sword
2010-08-25 17:19 . 2010-08-25 17:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-08-24 19:19 . 2010-06-15 20:04 81120 ----a-w- c:\users\Dwayne\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-16 12:41 . 2010-06-16 17:42 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-13 19:21 . 2010-06-15 20:08 -------- d-----w- c:\users\Dwayne\AppData\Roaming\ID Vault
2010-08-13 18:06 . 2010-06-15 20:08 -------- d-----w- c:\program files\ID Vault
2010-08-05 02:19 . 2010-06-15 20:14 1445120 ----a-w- c:\programdata\White Sky, Inc\ID Vault\BHO\IdVaultCore.dll
2010-08-05 02:19 . 2010-06-15 21:22 533248 ----a-w- c:\programdata\White Sky, Inc\ID Vault\XPCOM\Components\IdVault.XPCOM.dll
2010-08-05 02:19 . 2010-06-15 20:14 42240 ----a-w- c:\programdata\White Sky, Inc\ID Vault\BHO\IDVault.BHO.dll
2010-08-05 02:19 . 2010-06-15 20:14 84224 ----a-w- c:\programdata\White Sky, Inc\ID Vault\BHO\CommonDotNET.dll
2010-08-02 13:05 . 2010-06-15 21:30 -------- d-----w- c:\program files\CCleaner
2010-07-29 06:30 . 2010-08-13 12:08 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-13 12:08 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-23 14:18 . 2010-07-23 14:18 65816 ----a-w- c:\windows\system32\SysEventMenu.dll
2010-07-23 14:18 . 2010-07-23 14:18 388368 ----a-w- c:\windows\system32\GIDHook.dll
2010-07-23 14:17 . 2010-07-23 14:17 100624 ----a-w- c:\windows\system32\GIDBIN3.dll
2010-07-23 14:17 . 2010-07-23 14:17 171280 ----a-w- c:\windows\system32\GIDBIN1.dll
2010-07-19 19:11 . 2010-07-19 19:11 -------- d-----w- c:\program files\Firm Applications
2010-07-19 19:09 . 2010-07-19 19:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-15 13:26 . 2010-06-15 20:45 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:26 . 2010-07-15 13:26 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:25 . 2010-06-15 20:45 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 06:25 . 2010-08-13 12:08 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 17:05 . 2010-06-24 17:05 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-24 17:05 . 2010-06-24 17:05 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-24 17:05 . 2010-06-24 17:05 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-24 17:05 . 2010-06-24 17:05 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-24 17:05 . 2010-06-24 17:05 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-24 17:05 . 2010-06-24 17:05 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-24 17:05 . 2010-06-24 17:05 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-24 17:05 . 2010-06-24 17:05 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-24 17:05 . 2010-06-24 17:05 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-24 17:05 . 2009-09-04 21:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-24 17:05 . 2009-09-04 21:29 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-22 02:47 . 2010-08-13 12:08 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-13 12:08 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-13 12:08 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-13 12:08 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-13 12:08 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-13 12:08 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-13 12:08 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 18:24 . 2010-06-18 18:24 53632 ------w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\2010-06-18 18:23 . 2010-06-18 18:23 71680 ------w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-06-16 16:48 . 2010-06-16 16:48 0 ------w- c:\windows\nsreg.dat
2010-06-16 13:04 . 2010-06-15 20:45 29584 ------w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-16 05:48 . 2010-08-13 12:08 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-15 21:09 . 2010-06-15 21:09 411368 ------w- c:\windows\system32\deployJava1.dll
2010-06-15 20:25 . 2010-06-15 20:25 1444 ------w- c:\windows\MFGCLEAN.CMD
2010-06-15 20:13 . 2010-06-15 20:13 3678504 ------w- c:\users\Dwayne\AppData\Roaming\ID Vault\IDVaultUpdate.exe
2010-06-15 19:42 . 2010-06-15 19:42 118520 ------w- c:\windows\system32\pxinsi64.exe
2010-06-15 19:42 . 2010-06-15 19:42 33088 ------w- c:\windows\system32\drivers\psadd.sys
2010-06-15 19:42 . 2010-06-15 19:42 129784 ------w- c:\windows\system32\pxafs.dll
2010-06-15 19:42 . 2010-06-15 19:42 116472 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-15 19:37 . 2010-06-15 19:37 55072 ------w- c:\windows\system32\jureg.exe
2010-06-14 06:12 . 2010-08-13 12:08 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sh--r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sh--w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-25 2424560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-10 7612960]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-19 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-19 151064]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-08-23 709920]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-08-05 244208]
"IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-24 202256]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2010-07-23 389896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
c:\users\Dwayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ID Vault.lnk - c:\program files\ID Vault\IDVault.exe [2010-8-4 2880256]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Norstar ICS Scheduler.lnk - c:\program files\Nortel Networks\ICSRT\Scheduler\scheduler.exe [2010-6-16 290816]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-6-24 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-05 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-05 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-05 166384]
R3 NETw1v32;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw1v32.sys [2009-08-03 5958656]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-08-18 20848]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-05 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R3 ser2at;ATEN USB to Serial port driver;c:\windows\system32\DRIVERS\ser2at.sys [2009-10-15 80896]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1343400]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-15 243024]
S1 GIDv2;GIDv2; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 DDNIMSGService;DDNIMSGService;c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-01-21 172720]
S2 DDNIService;DDNIService;c:\program files\DDNI\DIBS\DDNIService.exe [2010-01-21 160432]
S2 IDVaultSvc;IDVault Service;c:\program files\ID Vault\IDVaultSvc.exe [2010-08-05 41728]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-27 316992]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-05-21 62320]
S2 VoicemailProServer;Voicemail Pro Service;c:\program files\Avaya\IP Office\Voicemail Pro\VM\vmprov5svc.exe [2010-02-11 6123520]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-06-18 125568]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 122368]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 119256]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2010-07-23 14:19 431368 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
2010-08-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-08-25 23:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uInternet Settings,ProxyOverride = ipoffice
FF - ProfilePath - c:\users\Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\4oqagv6f.default\
FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://FF - prefs.js: keyword.URL - hxxp://FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\White Sky, Inc\ID Vault\XPCOM\components\IdVault.XPCOM.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3400)
c:\windows\system32\GIDHook.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\EasyHook32.dll
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\taskhost.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\windows\system32\conhost.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-09-07 12:47:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-07 16:47
Pre-Run: 215,193,391,104 bytes free
Post-Run: 214,526,197,760 bytes free
- - End Of File - - 5AADCBBB9DA12CB4E01F9882A7ACE02A
SHK Certified (School of Hard Knocks)
NCSS, ATSP/IP
ComboFix 10-09-06.04 - Dwayne 09/07/2010 12:31:14.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2937.1628 [GMT -4:00]
Running from: c:\users\Dwayne\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\BIN\_desktop.ini
c:\windows\system32\IMSMfcSupport.0406.dll
c:\windows\system32\IMSMfcSupport.0407.dll
c:\windows\system32\IMSMfcSupport.0409.dll
c:\windows\system32\IMSMfcSupport.040a.dll
c:\windows\system32\IMSMfcSupport.040b.dll
c:\windows\system32\IMSMfcSupport.040c.dll
c:\windows\system32\IMSMfcSupport.0410.dll
c:\windows\system32\IMSMfcSupport.0411.dll
c:\windows\system32\IMSMfcSupport.0413.dll
c:\windows\system32\IMSMfcSupport.0414.dll
c:\windows\system32\IMSMfcSupport.0416.dll
c:\windows\system32\IMSMfcSupport.0419.dll
c:\windows\system32\IMSMfcSupport.041d.dll
c:\windows\system32\IMSMfcSupport.0804.dll
c:\windows\system32\IMSMfcSupport.0809.dll
c:\windows\system32\IMSMfcSupport.080a.dll
c:\windows\system32\IMSMfcSupport.0816.dll
c:\windows\system32\IMSMfcSupport.0c04.dll
c:\windows\system32\IMSMfcSupport.0c0c.dll
c:\windows\system32\IMSMfcSupport.240a.dll
c:\windows\system32\IMSMfcSupport.2c0a.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\UMSINST.0406.dll
c:\windows\system32\UMSINST.0407.dll
c:\windows\system32\UMSINST.0409.dll
c:\windows\system32\UMSINST.040a.dll
c:\windows\system32\UMSINST.040b.dll
c:\windows\system32\UMSINST.040c.dll
c:\windows\system32\UMSINST.0410.dll
c:\windows\system32\UMSINST.0411.dll
c:\windows\system32\UMSINST.0413.dll
c:\windows\system32\UMSINST.0414.dll
c:\windows\system32\UMSINST.0416.dll
c:\windows\system32\UMSINST.0419.dll
c:\windows\system32\UMSINST.041d.dll
c:\windows\system32\UMSINST.0804.dll
c:\windows\system32\UMSINST.0809.dll
c:\windows\system32\UMSINST.080a.dll
c:\windows\system32\UMSINST.0816.dll
c:\windows\system32\UMSINST.0c04.dll
c:\windows\system32\UMSINST.0c0c.dll
c:\windows\system32\UMSINST.240a.dll
c:\windows\system32\UMSINST.2c0a.dll
Q:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://dibs.ddni.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))))
.
2010-09-07 15:18 . 2010-09-07 16:25 63488 ----a-w- c:\users\Dwayne\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-07 15:18 . 2010-09-07 15:18 52224 ----a-w- c:\users\Dwayne\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-07 15:18 . 2010-09-07 16:25 117760 ----a-w- c:\users\Dwayne\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-07 15:18 . 2010-09-07 15:18 -------- d-----w- c:\users\Dwayne\AppData\Roaming\SUPERAntiSpyware.com
2010-09-07 15:18 . 2010-09-07 15:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-07 15:18 . 2010-09-07 15:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-25 17:18 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-08-25 17:18 . 2009-10-10 02:31 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-08-25 13:48 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\program files\QuickTime
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\programdata\Apple Computer
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\program files\Common Files\Apple
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\users\Dwayne\AppData\Local\Apple
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\programdata\Apple
2010-08-19 18:42 . 2010-08-19 18:42 -------- d-----w- c:\program files\Apple Software Update
2010-08-13 18:07 . 2010-07-23 14:17 25360 ------w- c:\windows\system32\drivers\gidv2.sys
2010-08-13 18:07 . 2010-08-13 18:07 -------- d-----w- c:\programdata\GID
2010-08-13 18:07 . 2010-08-13 18:07 -------- d-----w- c:\program files\SFT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 16:26 . 2010-06-15 20:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-07 13:50 . 2010-06-15 20:51 -------- d-----w- c:\program files\SpywareBlaster
2010-09-05 13:48 . 2010-06-15 21:13 1 ----a-w- c:\users\Dwayne\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-26 19:37 . 2010-06-16 12:41 -------- d-----w- c:\program files\e-Sword
2010-08-25 17:19 . 2010-08-25 17:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-08-24 19:19 . 2010-06-15 20:04 81120 ----a-w- c:\users\Dwayne\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-16 12:41 . 2010-06-16 17:42 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-13 19:21 . 2010-06-15 20:08 -------- d-----w- c:\users\Dwayne\AppData\Roaming\ID Vault
2010-08-13 18:06 . 2010-06-15 20:08 -------- d-----w- c:\program files\ID Vault
2010-08-05 02:19 . 2010-06-15 20:14 1445120 ----a-w- c:\programdata\White Sky, Inc\ID Vault\BHO\IdVaultCore.dll
2010-08-05 02:19 . 2010-06-15 21:22 533248 ----a-w- c:\programdata\White Sky, Inc\ID Vault\XPCOM\Components\IdVault.XPCOM.dll
2010-08-05 02:19 . 2010-06-15 20:14 42240 ----a-w- c:\programdata\White Sky, Inc\ID Vault\BHO\IDVault.BHO.dll
2010-08-05 02:19 . 2010-06-15 20:14 84224 ----a-w- c:\programdata\White Sky, Inc\ID Vault\BHO\CommonDotNET.dll
2010-08-02 13:05 . 2010-06-15 21:30 -------- d-----w- c:\program files\CCleaner
2010-07-29 06:30 . 2010-08-13 12:08 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-13 12:08 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-23 14:18 . 2010-07-23 14:18 65816 ----a-w- c:\windows\system32\SysEventMenu.dll
2010-07-23 14:18 . 2010-07-23 14:18 388368 ----a-w- c:\windows\system32\GIDHook.dll
2010-07-23 14:17 . 2010-07-23 14:17 100624 ----a-w- c:\windows\system32\GIDBIN3.dll
2010-07-23 14:17 . 2010-07-23 14:17 171280 ----a-w- c:\windows\system32\GIDBIN1.dll
2010-07-19 19:11 . 2010-07-19 19:11 -------- d-----w- c:\program files\Firm Applications
2010-07-19 19:09 . 2010-07-19 19:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-15 13:26 . 2010-06-15 20:45 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:26 . 2010-07-15 13:26 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:25 . 2010-06-15 20:45 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 06:25 . 2010-08-13 12:08 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 17:05 . 2010-06-24 17:05 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-24 17:05 . 2010-06-24 17:05 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-24 17:05 . 2010-06-24 17:05 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-24 17:05 . 2010-06-24 17:05 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-24 17:05 . 2010-06-24 17:05 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-24 17:05 . 2010-06-24 17:05 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-24 17:05 . 2010-06-24 17:05 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-24 17:05 . 2010-06-24 17:05 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-24 17:05 . 2010-06-24 17:05 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-24 17:05 . 2009-09-04 21:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-24 17:05 . 2009-09-04 21:29 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-22 02:47 . 2010-08-13 12:08 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-13 12:08 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-13 12:08 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-13 12:08 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-13 12:08 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-13 12:08 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-13 12:08 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 18:24 . 2010-06-18 18:24 53632 ------w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\2010-06-18 18:23 . 2010-06-18 18:23 71680 ------w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-06-16 16:48 . 2010-06-16 16:48 0 ------w- c:\windows\nsreg.dat
2010-06-16 13:04 . 2010-06-15 20:45 29584 ------w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-16 05:48 . 2010-08-13 12:08 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-15 21:09 . 2010-06-15 21:09 411368 ------w- c:\windows\system32\deployJava1.dll
2010-06-15 20:25 . 2010-06-15 20:25 1444 ------w- c:\windows\MFGCLEAN.CMD
2010-06-15 20:13 . 2010-06-15 20:13 3678504 ------w- c:\users\Dwayne\AppData\Roaming\ID Vault\IDVaultUpdate.exe
2010-06-15 19:42 . 2010-06-15 19:42 118520 ------w- c:\windows\system32\pxinsi64.exe
2010-06-15 19:42 . 2010-06-15 19:42 33088 ------w- c:\windows\system32\drivers\psadd.sys
2010-06-15 19:42 . 2010-06-15 19:42 129784 ------w- c:\windows\system32\pxafs.dll
2010-06-15 19:42 . 2010-06-15 19:42 116472 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-15 19:37 . 2010-06-15 19:37 55072 ------w- c:\windows\system32\jureg.exe
2010-06-14 06:12 . 2010-08-13 12:08 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sh--r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sh--w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-25 2424560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-10 7612960]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-19 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-19 151064]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-08-23 709920]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-08-05 244208]
"IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-24 202256]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2010-07-23 389896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
c:\users\Dwayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ID Vault.lnk - c:\program files\ID Vault\IDVault.exe [2010-8-4 2880256]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Norstar ICS Scheduler.lnk - c:\program files\Nortel Networks\ICSRT\Scheduler\scheduler.exe [2010-6-16 290816]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-6-24 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-05 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-05 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-05 166384]
R3 NETw1v32;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw1v32.sys [2009-08-03 5958656]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-08-18 20848]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-05 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R3 ser2at;ATEN USB to Serial port driver;c:\windows\system32\DRIVERS\ser2at.sys [2009-10-15 80896]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1343400]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-15 243024]
S1 GIDv2;GIDv2; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 DDNIMSGService;DDNIMSGService;c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-01-21 172720]
S2 DDNIService;DDNIService;c:\program files\DDNI\DIBS\DDNIService.exe [2010-01-21 160432]
S2 IDVaultSvc;IDVault Service;c:\program files\ID Vault\IDVaultSvc.exe [2010-08-05 41728]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-27 316992]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-05-21 62320]
S2 VoicemailProServer;Voicemail Pro Service;c:\program files\Avaya\IP Office\Voicemail Pro\VM\vmprov5svc.exe [2010-02-11 6123520]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-06-18 125568]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 122368]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 119256]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2010-07-23 14:19 431368 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
2010-08-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-08-25 23:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uInternet Settings,ProxyOverride = ipoffice
FF - ProfilePath - c:\users\Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\4oqagv6f.default\
FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://FF - prefs.js: keyword.URL - hxxp://FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\White Sky, Inc\ID Vault\XPCOM\components\IdVault.XPCOM.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3400)
c:\windows\system32\GIDHook.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\EasyHook32.dll
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\taskhost.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\windows\system32\conhost.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-09-07 12:47:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-07 16:47
Pre-Run: 215,193,391,104 bytes free
Post-Run: 214,526,197,760 bytes free
- - End Of File - - 5AADCBBB9DA12CB4E01F9882A7ACE02A
SHK Certified (School of Hard Knocks)
NCSS, ATSP/IP
goombawaho
MIS
BadBigBen - He had said originally "Malwarebytes, Spybot, nor AVG detects it." That's why I was already going towards ComboFix.
DigitelD But the question you didn't answer is "Is everything okay now?"
DigitelD But the question you didn't answer is "Is everything okay now?"
- Thread starter
- #12
DigitelD,
Did you try goombawaho's suggestion on checking your hosts file?
Also, have you checked your LAN/connection settings? Here's what I'm talking about....
Open Internet Explorer, go to Tools -> Internet Options..
On the Connections tab, click the LAN Settings button.. Do you have anything in the Proxy server box? If so, and you didn't put it there, take it out, and uncheck that box..
Also, try running a couple general clean-up tools after the other tools:
Advanced System care
Glary Utilities
CCleaner(mentioned by BadBigBen) - also use the registry cleaner option..
And I THINK that from your last post, you mean that nothing listed in this forum thread is working so far... but please specify what exactly it is you've tried. I see you posted logs from HJT and Combofix, but what have you actually DONE on your computer to try and fix the problem?
Did you try goombawaho's suggestion on checking your hosts file?
Also, have you checked your LAN/connection settings? Here's what I'm talking about....
Open Internet Explorer, go to Tools -> Internet Options..
On the Connections tab, click the LAN Settings button.. Do you have anything in the Proxy server box? If so, and you didn't put it there, take it out, and uncheck that box..
Also, try running a couple general clean-up tools after the other tools:
Advanced System care
Glary Utilities
CCleaner(mentioned by BadBigBen) - also use the registry cleaner option..
And I THINK that from your last post, you mean that nothing listed in this forum thread is working so far... but please specify what exactly it is you've tried. I see you posted logs from HJT and Combofix, but what have you actually DONE on your computer to try and fix the problem?
- Thread starter
- #15
I did check the Hosts file this morning after I read your replies. I can't find the proxy settings. I am running Windows 7. I haven't had the redirection happen so far after I replaced the Hosts file.
SHK Certified (School of Hard Knocks)
NCSS, ATSP/IP
SHK Certified (School of Hard Knocks)
NCSS, ATSP/IP
- Thread starter
- #16
- Thread starter
- #17
goombawaho
MIS
Goom, I missed that with MBAM...
and good find there on the Support Site, I guess when I installed it on the VM, it had not gotten nested in FF yet, although it was redirecting in IE and FF, and the cleanup on the VM went smooth...
have a star, for the find...
Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
and good find there on the Support Site, I guess when I installed it on the VM, it had not gotten nested in FF yet, although it was redirecting in IE and FF, and the cleanup on the VM went smooth...
have a star, for the find...
Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
goombawaho
MIS
I was ready to give up if that didn't work. Thanks for the star.
- Status