Search Redirect Virus- Please Help! - Page 2

Question

crunchie 990 Most Valuable Poster

14 Years Ago

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

You will need to use Internet Explorer to complete this scan.
You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner • Panda Active Scan • Trend Micro HouseCall • F-Secure Online Virus Scanner

crunchie 990 Most Valuable Poster

14 Years Ago

Ok. You can do another scan and have ESET remove those files by selecting the removal option before starting the scan.

==

You can also remove some programs from the startup menu by going to the start button the the Run command and type in msconfig and hit OK.
Under the startup Tab, uncheck any unnecessary programs. Apply the settings and then OK.

You will get a message on your next boot that you have made changes to your startup programs. Check the little box on the left and then hit OK.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Conquis7dor 0 Newbie Poster · Answer 1 · 2010-09-01T06:42:20+00:00

Ok, here's the new log:

ComboFix 10-08-31.01 - Mike 08/31/2010 20:29:55.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3050.2183 [GMT -4:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mike\Local Settings\Application Data\glkgoimob
c:\documents and settings\NetworkService\Local Settings\Application Data\axqbjeygp

.
((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.

2010-08-26 01:18 . 2010-08-26 01:18 62976 ----a-w- c:\windows\system32\drivers\CDROM.SYS
2010-08-25 21:57 . 2010-08-26 01:18 -------- d-----w- C:\307137e8611adc0fa2
2010-08-25 21:13 . 2010-08-25 21:14 -------- d-----w- C:\378b06ccd1bb829a2ef0734bf682c12f
2010-08-25 19:04 . 2010-08-26 01:18 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-25 19:03 . 2010-08-25 19:03 -------- d-----w- C:\7f92aca2e475c172e28d683678375b55
2010-08-23 19:42 . 2010-08-23 19:42 195584 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\Deployment\cache\6.0\5\27706285-2f5ca65c-n\WMINative.dll
2010-08-22 00:27 . 2010-07-06 14:44 221184 ----a-w- c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\3vmnpk7v.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
2010-08-12 16:48 . 2010-07-23 21:22 43008 ----a-w- c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\3vmnpk7v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-12 16:48 . 2010-07-23 21:22 1496064 ----a-w- c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\3vmnpk7v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-12 16:48 . 2010-07-23 21:22 338944 ----a-w- c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\3vmnpk7v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-12 16:48 . 2010-07-23 21:22 346112 ----a-w- c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\3vmnpk7v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 23:21 . 2009-07-14 16:26 7792 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-29 18:26 . 2009-06-13 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-19 19:28 . 2009-09-15 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-08-12 15:38 . 2010-08-13 16:59 182566 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-08-07 21:01 . 2009-10-14 18:45 -------- d-----w- c:\program files\LimeWire
2010-07-29 18:26 . 2010-07-28 03:55 99 ----a-w- c:\documents and settings\Mike\jagex_runescape_preferences2.dat
2010-07-29 18:25 . 2010-07-28 03:53 46 ----a-w- c:\documents and settings\Mike\jagex_runescape_preferences.dat
2010-07-28 22:25 . 2010-06-17 18:45 -------- d-----w- c:\program files\iTunes
2010-07-28 22:23 . 2010-07-28 22:23 -------- d-----w- c:\program files\iPod
2010-07-28 22:23 . 2009-06-23 15:55 -------- d-----w- c:\program files\Common Files\Apple
2010-07-28 22:15 . 2010-07-28 22:15 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-28 03:55 . 2010-07-28 03:55 0 ----a-w- c:\documents and settings\Mike\jagex__preferences3.dat
2010-07-21 17:56 . 2010-07-16 00:57 24868 ----a-w- c:\windows\Urufu.dat
2010-07-21 00:36 . 2010-07-21 00:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-18 13:26 . 2010-07-16 00:57 0 ----a-w- c:\windows\Mbocequwamo.bin
2010-07-17 03:50 . 2010-07-17 03:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-14 21:17 . 2010-01-23 01:00 -------- d-----w- c:\documents and settings\Mike\Application Data\vlc
2010-07-12 08:56 . 2010-07-17 03:50 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2009-08-17 03:25 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2009-08-18 01:27 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-30 12:31 . 2006-04-30 06:55 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2006-04-30 06:56 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2006-04-30 06:55 78336 ------w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2006-04-30 06:55 17408 ------w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2006-04-30 06:55 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-22 20:14 . 2010-06-22 20:14 222856 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-21 15:27 . 2006-04-30 06:55 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-04-30 06:55 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-04-30 07:10 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-04-30 06:55 1172480 ----a-w- c:\windows\system32\msxml3.dll
2008-09-29 12:07 . 2009-08-20 00:40 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-31_05.54.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-31 14:56 . 2010-08-31 14:56 16384 c:\windows\Temp\Perflib_Perfdata_9f4.dat
+ 2010-08-31 15:17 . 2010-08-31 15:17 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-08-31 15:17 . 2010-08-31 15:17 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2010-08-31 15:18 . 2010-08-31 15:18 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-08-31 15:17 . 2010-08-31 15:17 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2010-08-31 15:17 . 2010-08-31 15:17 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2010-08-31 15:17 . 2010-08-31 15:17 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2010-08-31 15:17 . 2010-08-31 15:17 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2010-08-31 15:17 . 2010-08-31 15:17 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2010-08-31 15:17 . 2010-08-31 15:17 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2010-08-31 15:16 . 2010-08-31 15:16 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-08-31 15:18 . 2010-08-31 15:18 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\97bd2a5d946aa3a824e4cfe5b6ef95aa\System.Messaging.ni.dll
+ 2010-08-31 15:16 . 2010-08-31 15:16 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-08-31 15:16 . 2010-08-31 15:16 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-31 15:16 . 2010-08-31 15:16 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-08-31 15:16 . 2010-08-31 15:16 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-08-31 15:16 . 2010-08-31 15:16 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2010-08-31 15:18 . 2010-08-31 15:18 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
+ 2010-08-31 15:18 . 2010-08-31 15:18 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
+ 2010-08-31 15:18 . 2010-08-31 15:18 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2010-08-31 15:17 . 2010-08-31 15:17 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2010-08-31 15:17 . 2010-08-31 15:17 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2010-08-31 15:17 . 2010-08-31 15:17 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2010-08-31 15:17 . 2010-08-31 15:17 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2010-08-31 15:16 . 2010-08-31 15:16 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2010-08-31 15:16 . 2010-08-31 15:16 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-01-14 389120]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2007-02-01 18:00 419376 ------w- c:\program files\ThinkVantage\AMSG\Amsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2009-01-14 16:52 208896 ------w- c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraApplicationLauncher]
2008-08-12 21:47 16384 ------w- c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-18 01:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateLMBCShortCut]
2009-04-13 15:58 40960 ------w- c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2008-06-14 03:08 3073336 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
2008-06-04 17:36 242976 ------w- c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
2008-08-31 18:02 124248 ------w- c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2008-08-31 18:02 165208 ------w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]
2008-05-29 08:12 367128 ------w- c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-09-02 19:27 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 19:17 61440 ------w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 09:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-10-06 02:06 1323008 ------w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
2009-04-15 19:04 61728 ------w- c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2008-11-24 22:42 487424 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 18:31 81920 ----a-w- c:\windows\system32\PCLECoInst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Mike\\My Documents\\Downloads\\utorrent(4).exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/16/2009 11:25 PM 64288]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 7:21 PM 19496]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [9/29/2008 8:07 AM 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/19/2009 8:40 PM 67904]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [6/13/2009 6:47 PM 53248]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [4/17/2009 12:05 AM 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 6:34 PM 520192]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [6/13/2009 6:24 PM 2058776]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [6/13/2009 6:28 PM 72448]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/13/2009 5:53 PM 243856]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 6:54 PM 37312]
S0 ynwgy;ynwgy;c:\windows\system32\drivers\amgsypsm.sys --> c:\windows\system32\drivers\amgsypsm.sys [?]
S1 MpKslaa0f85b1;MpKslaa0f85b1;\??\c:\windows\system32\MpEngineStore\MpKslaa0f85b1.sys --> c:\windows\system32\MpEngineStore\MpKslaa0f85b1.sys [?]
S1 MpKslb98b1284;MpKslb98b1284;\??\c:\windows\system32\MpEngineStore\MpKslb98b1284.sys --> c:\windows\system32\MpEngineStore\MpKslb98b1284.sys [?]
S1 vftpqpdu;vftpqpdu;\??\c:\windows\system32\drivers\vftpqpdu.sys --> c:\windows\system32\drivers\vftpqpdu.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1355416]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [4/17/2009 12:05 AM 45424]
S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 8:50 PM 360448]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 12:37 PM 15008]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/19/2009 8:40 PM 64432]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 11:15 AM 1120752]
S4 0112271250475429mcinstcleanup;McAfee Application Installer Cleanup (0112271250475429);c:\docume~1\Mike\LOCALS~1\Temp\011227~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Mike\LOCALS~1\Temp\011227~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 16:36]

2010-08-31 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2010-08-31 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-06-13 16:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://lenovo.live.com
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\3vmnpk7v.default\
FF - prefs.js: browser.startup.homepage - hxxp://asulearn.appstate.edu/
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\3vmnpk7v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\3vmnpk7v.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Mike\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 20:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1140)
c:\windows\system32\Ati2evxx.dll
c:\program files\Lenovo\HOTKEY\notifyf2.dll

- - - - - - - > 'explorer.exe'(4968)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-31 20:39:09
ComboFix-quarantined-files.txt 2010-09-01 00:39
ComboFix2.txt 2010-08-31 05:56

Pre-Run: 48,992,022,528 bytes free
Post-Run: 48,985,649,152 bytes free

- - End Of File - - 395CFCEC05F8E2FE9F534AAF0536B92A

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 2 · 2010-09-01T07:23:57+00:00

crunchie 990 Most Valuable Poster

14 Years Ago

How is the computer now?

Conquis7dor 0 Newbie Poster · Answer 3 · 2010-09-01T07:40:54+00:00

The search links work well, I can't tell if it's running as fast as it used to since it's been so long. I think it's running a little slower right now, but I'm also running ad-aware at the moment.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 4 · 2010-09-01T10:16:31+00:00

So you should be good to go then :).

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

Conquis7dor 0 Newbie Poster · Answer 5 · 2010-09-02T02:09:02+00:00

It still doesn't seem to be as fast as before, like if I have a few tabs open, and I load something on 2 of them at a time, mozilla freezes up for a second sometimes like it's too much to load. Have idea of why this could be?

Conquis7dor 0 Newbie Poster · Answer 6 · 2010-09-02T10:34:00+00:00

So are you looking for the log of all multiple threats afterwards?

Here's the log of the threats:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoShoppingReport7.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\6.0\11\454f42cb-6d584a22 a variant of Java/Exploit.Agent.NAC trojan
C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\6.0\22\24265516-40809b7a multiple threats
C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\6.0\6\723bc386-5b92d552 multiple threats
C:\Documents and Settings\Mike\My Documents\FrostWire\Incomplete\Preview-T-4153306-[RMX] they live felix cartel(from iTunes).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Mike\My Documents\FrostWire\Incomplete\Preview-T-4506748-they live felix cartel-HQ.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Mike\My Documents\FrostWire\Saved\[RMX] they live felix cartel(from iTunes).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\1\46bcf501-11c45485 multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\13\3332d9cd-39213e21 multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\15\2ce4f5cf-42e1c197 multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\26\575401da-1aa5c9ed Java/TrojanDownloader.Agent.NBJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\4e84bf83-2c734803 multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\4e84bf83-493cc122 multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\44\34db286c-72faebc4 multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\5\2376bcc5-36381161 multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\8\73bbfa48-3cc7c1c2 multiple threats
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP391\A0178553.inf VBS/AutoRun.DN worm

Conquis7dor 0 Newbie Poster · Answer 7 · 2010-09-03T04:13:19+00:00

Alright, well I guess that's everything then. Thanks for all of your help!

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 8 · 2010-09-03T07:24:24+00:00

crunchie 990 Most Valuable Poster

14 Years Ago

No worries :)