Infected Laptop AVG and Spybot corrupted need help

[Lunchmeat]

Hey Blade, :beerbeerb::beerbeerb:

1. Win32diag

Running from: C:\Documents and Settings\Anonymous\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Anonymous\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!



2. ComboFix

On the first run of ComboFix the following driver cause BSOD stating there was a problem with stopping the diver

2009-10-30 17:12:35 319000 -c--a-w- c:\windows\system32\drivers\iaStor_2.sys


2nd run results below:

ComboFix 09-10-28.08 - Anonymous 10/30/2009 10:18.3.2 - NTFSx86
Running from: c:\documents and settings\Anonymous\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Anonymous\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-30 17:12 . 2008-07-22 22:33 319000 -c--a-w- c:\windows\system32\drivers\iaStor_2.sys
2009-09-30 18:20 . 2009-09-30 18:34 -------- dc----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 16:57 . 2007-09-18 22:53 -------- dc----w- c:\program files\Palm
2009-10-30 02:10 . 2008-08-10 06:05 -------- dc--a-w- c:\documents and settings\Anonymous\Application Data\Juniper Networks
2009-10-28 20:15 . 2008-06-20 04:39 1324 -c--a-w- c:\windows\system32\d3d9caps.dat
2009-10-28 18:16 . 2008-10-31 15:36 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-28 00:29 . 2009-07-04 16:51 -------- dc----w- c:\program files\PeerGuardian2
2009-10-28 00:23 . 2009-10-28 00:23 0 -c--a-w- c:\documents and settings\Anonymous\ntuser.tmp
2009-10-25 21:04 . 2007-08-19 18:19 5427 -c--a-w- c:\windows\system32\EGATHDRV.SYS
2009-10-02 17:00 . 2007-12-13 07:49 -------- dc--a-w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-30 18:02 . 2007-12-13 07:49 -------- dc-ha-w- c:\program files\Junk
2009-09-30 17:23 . 2007-08-19 18:05 -------- dc----w- c:\program files\Google
2009-09-28 22:37 . 2007-08-21 04:10 -------- dc----w- c:\program files\Microsoft ActiveSync
2009-09-28 00:38 . 2009-09-28 00:38 -------- dc----w- c:\documents and settings\DipSnatcher\Application Data\Lenovo
2009-09-20 04:44 . 2009-09-14 23:53 -------- dc----w- c:\program files\MyDefrag v4.1.2
2009-09-13 19:18 . 2007-08-19 22:30 20080 -c--a-w- c:\documents and settings\Anonymous\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-13 17:23 . 2009-09-13 17:23 -------- dc----w- c:\program files\MSBuild
2009-09-13 17:23 . 2009-09-13 17:23 -------- dc----w- c:\program files\Reference Assemblies
2009-09-10 21:24 . 2009-09-10 21:24 -------- dc----w- c:\documents and settings\Anonymous\Application Data\JonDo
2009-09-10 19:38 . 2008-05-16 15:55 -------- dc----w- c:\program files\eBahn
2009-09-09 23:15 . 2008-07-28 06:23 -------- dc--a-w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-08 20:57 . 2008-07-28 06:24 -------- dc--a-w- c:\documents and settings\Anonymous\Application Data\RipIt4Me
2009-09-05 22:46 . 2009-09-05 22:46 -------- dc----w- c:\program files\MSXML 6.0
2009-09-01 01:01 . 2009-09-01 01:01 -------- dc----w- c:\documents and settings\Anonymous\Application Data\Foxit
2009-09-01 01:01 . 2009-09-01 01:01 -------- dc----w- c:\program files\Foxit Software
2009-08-05 09:11 . 2006-04-30 05:11 204800 -c----w- c:\windows\system32\mswebdvd.dll
2009-08-02 21:26 . 2009-09-14 23:53 95232 -c--a-w- c:\windows\system32\MyDefragScreenSaver.scr
2009-08-02 21:26 . 2009-09-14 23:53 861184 -c--a-w- c:\windows\system32\MyDefragScreenSaver.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-10 58416]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-06 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-06 512000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-09-25 331776]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-08 91688]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-06-09 124248]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2008-06-07 181536]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 22:54 89600 ------w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 23:37 34344 -c--a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-09 02:14 28672 -c--a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2008-10-27 16:57 32768 -c--a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0ACSBoot.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina psqlpwd

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Anonymous^Start Menu^Programs^Startup^CCC.lnk]
backup=c:\windows\pss\CCC.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Anonymous^Start Menu^Programs^Startup^TimeLeft.lnk]
backup=c:\windows\pss\TimeLeft.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ADVService"=3 (0x3)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"ThinkVantage Registry Monitor Service"=2 (0x2)
"IntuitUpdateService"=2 (0x2)
"Diskeeper"=2 (0x2)
"BITS"=2 (0x2)
"avg8wd"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 FileObjInfo;STFileDriver;c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [x]
R3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\Drivers\FTD2XX.sys [2004-10-16 29292]
R3 WipeFile;WipeFile;c:\windows\system32\DRIVERS\WipeFile.sys [2007-03-04 57472]
R4 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2008-05-14 19496]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-09-25 94208]
S2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-13 58368]
S2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 10896]


--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2009-10-30 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-08-19 08:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lenovo.com/welcome/thinkpad
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=5VW93E07qT2G4ACJ8JT4vWSUgro
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Anonymous\Application Data\Mozilla\Firefox\Profiles\za7bsvmd.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1240)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll

- - - - - - - > 'lsass.exe'(1296)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\windows\system32\WININET.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll

- - - - - - - > 'explorer.exe'(2252)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
.
**************************************************************************
.
Completion time: 2009-10-30 10:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-30 17:27
ComboFix2.txt 2009-10-29 19:02

Pre-Run: 25,009,065,984 bytes free
Post-Run: 24,975,982,592 bytes free

- - End Of File - - ED8B6A18BF5C3E1E3CC7096CB5A43797

 

[Lunchmeat]

3. Kapersky

KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, October 30, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, October 30, 2009 18:10:42
Records in database: 3105130
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 73331
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:55:19


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir Infected: Trojan.Win32.Sirefef.a 1
C:\System Volume Information\_restore{3BEEC17C-D923-47C4-8980-270374C47ECD}\RP1\A0002097.dll Infected: Trojan.Win32.Sirefef.a 1

Selected area has been scanned.


DDS

DDS (Ver_09-10-26.01) - NTFSx86
Run by Anonymous at 17:18:26.12 on Fri 10/30/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.lenovo.com/welcome/thinkpad
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=5VW93E07qT2G4ACJ8JT4vWSUgro
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TP4EX] tp4ex.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPMailChecker] c:\progra~1\thinkv~2\prdctr\LPMLCHK.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: turbotax.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187563956625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: ebahn - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-ebahn - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - c:\program files\ebahn\eztoolslib2.dll
Handler: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ACGina psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\anonym~1\applic~1\mozilla\firefox\profiles\za7bsvmd.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-30 18:09:57 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2009-10-30 18:09:57 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-10-30 17:17:15 0 dc----w- C:\ComboFix
2009-10-30 17:12:35 319000 -c--a-w- c:\windows\system32\drivers\iaStor_2.sys
2009-10-29 18:51:30 0 dcsha-r- C:\cmdcons
2009-10-29 18:10:01 98816 -c--a-w- c:\windows\sed.exe
2009-10-29 18:10:01 77312 -c--a-w- c:\windows\MBR.exe
2009-10-29 18:10:01 236544 -c--a-w- c:\windows\PEV.exe
2009-10-29 18:10:01 161792 -c--a-w- c:\windows\SWREG.exe
2009-10-28 00:23:50 0 -c--a-w- c:\documents and settings\anonymous\ntuser.tmp
2009-10-10 03:44:18 0 -c--a-w- c:\documents and settings\anonymous\LOG

==================== Find3M ====================

2009-10-25 21:04:23 5427 -c--a-w- c:\windows\system32\EGATHDRV.SYS
2009-08-05 09:11:47 204800 -c----w- c:\windows\system32\mswebdvd.dll
2009-08-02 21:26:56 95232 -c--a-w- c:\windows\system32\MyDefragScreenSaver.scr
2009-08-02 21:26:54 861184 -c--a-w- c:\windows\system32\MyDefragScreenSaver.exe

============= FINISH: 17:18:39.93 ===============

 

[Lunchmeat]

Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)


==== Disk Partitions =========================


==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


Access Help
Acrobat.com
Active@ KillDisk FREE Suite
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
Bluetooth® Wireless Technology Synchronization Plug-in
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-Branding
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
CCleaner (remove only)
Client Security Solution
Convert MOV to AVI 1.0
Diskeeper Lite
Disney Pirates of the Caribbean Online
DivX Content Uploader
DivX Web Player
DriverAgent Plugin for Netscape by TouchStone Software
DVD Decrypter (Remove Only)
DVD Shrink 3.2
eBahn - Volkswagen Multi-Vehicle
eBahn® Reader

File Shredder 2.0
FMS
FTDI FTD2XX USB Drivers
GearDrivers
Google Earth
HD Tune 2.54
Help Center
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
HITACHI Storage Power Booster (remove only)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB889816)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894686)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB898456)
Hotfix for Windows XP (KB903250)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB909667)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB918005)
Hotfix for Windows XP (KB918837)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
iISystem Wiper 2.4.1
ImgBurn
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD
iPod for Windows 2006-01-10
IrfanView (remove only)
ISO Recorder
iTunes
Java(TM) 6 Update 16
Lizardtech DjVu Control
Maintenance Manager
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft Primary Interoperability Assemblies 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
MyDefrag v4.1.2
Netflix Movie Viewer
OmniGSoft Mini-Jetfight 2.0
On Screen Display
PC-Doctor 5 for Windows
PCMark05
PeerGuardian 2.0
Presentation Director
Productivity Center Supplement for ThinkPad
Q-Loader Console 3.20
Quicken 2006
QuickTime
QuickTime Alternative 1.39
RAD Video Tools
Registry Mechanic 7.0
Rescue and Recovery
Rescue and Recovery Critical Patch for Windows Update (KB917422)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Skins
SoundMAX
Sprite Backup
Spybot - Search & Destroy
System Migration Assistant
System Update
The KMPlayer (remove only)
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad Configuration
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkPad UltraNav Wizard
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 5.6
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
TrackPoint Accessibility Features
TurboTax 2008
TurboTax 2008 waziper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
Undelete Plus 2.94
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB912945)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Wallpaper Master v2.16
Wallpapers
WCreator3
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB883517
Windows XP Hotfix - KB883523
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB884868
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885894
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889315
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB896613
XBCD 1.07
Xilisoft DVD Creator
XP Themes

==== End Of File ===========================

 

[Lunchmeat]

Peerguardian activity while using KAS on-line scanner

Looks Dubious...

2009-10-30 14:47:45;PSI FAKES PHOTOBKT Split_A;myip:1323;38.117.107.188:80;TCP;Blocked
2009-10-30 14:47:48;PSI FAKES PHOTOBKT Split_A;myip:1323;38.117.107.188:80;TCP;Blocked
2009-10-30 14:47:54;PSI FAKES PHOTOBKT Split_A;myip:1323;38.117.107.188:80;TCP;Blocked

 

[Blade81]

Hi,

I made a quick search around PSI FAKES PHOTOBKT and it seems to be related to P2P. Not sure why it would show up with Kaspersky online scan though.

How's the system running?

 

[Lunchmeat]

Hello Blade, my concern with the Peer log was it was sourced from my IP, just wanted to inform you in case you recognized something. (Thanks for looking)

I followed your instructions in the order written.

The Kapersky scan reported Trojan.sirefef.a in two locations, but it didnt indicate that it had healed or quarantined either, or I missed it ??

ATF indicated it had removed no files for Firefox... not a surprise to me; the system has not been online and I use CCleaner.

The laptop is booting normally, quicklaunch is back, but the finger print software is requesting a scan (after logon) and if you kill the popup 2X it goes away. This is one of the behaviors that tipped me off to infection; its been turned off for a long time. I also noticed that there are 7 processes of svchost running.

Shall I start reloading AVG and ZoneAlarm or ?

Thanks

 

[Blade81]

I'm not familiar with fingerprint software but you might want to reinstall it to see if that corrects it.

 

[Lunchmeat]

Hello Blade, I uninstalled the Fingerprint software, problem solved.

I attempted to install AVG 8.5 and that failed. I then was able to successfully install AVG 8.0 and run a system scan (W/O virusDB update) nothing was found.

I then reinstalled AVG 8.5 sucessfully and updated.

Next I ran the Kapersky online scanner results below; AND

While the online scan was at 50% AVG Resident Shield popup indicated it detected the following so I moved it to the vault.:flame:


"Infection";"Trojan horse Agent2.TJA";"C:\System Volume Information\_restore{3BEEC17C-D923-47C4-8980-270374C47ECD}\RP1\A0002097.dll";"";"11/2/2009, 4:47:21 AM"



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, November 2, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, November 02, 2009 07:42:05
Records in database: 3114191
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 73708
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 01:53:07


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir Infected: Trojan.Win32.Sirefef.a 1

Selected area has been scanned.


After which I have downloaded Malwarebytes and ran scans with both AVG 8.5 and Malwarebytes with nothing found.

Malwarebytes' Anti-Malware 1.41
Database version: 3089
Windows 5.1.2600 Service Pack 2

11/2/2009 2:00:35 PM
mbam-log-2009-11-02 (13-59-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 187562
Time elapsed: 51 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir (Trojan.Sirefef) -> No action taken.


The system appears to be running ok, do I need any further steps?

 

[Blade81]

Hi,

I think there're only the final steps left now


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:

• Click START then RUN
• Now copy-paste Combofix /uninstall in the runbox and click OK

Next we remove all used tools.

Please download OTC and save it to desktop.

• Double-click OTC.exe.
• Click the CleanUp! button.
• Select Yes when the
  Begin cleanup Process?
  prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

• hosts file:
  • Every version of windows has a hosts file as part of them.
  • In a very basic sense, they are used to locate webpages.
  • We can customize a hosts file so that it blocks certain webpages.
  • However, it can slow down certain computers.
  • This is why using a hosts file is optional!!
  Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
  If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
  1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

 

[Lunchmeat]

Hello Blade, I still seem to have some issues although I'm not sure if its system related or Malware.

Combo Fix uninstalled, OTC did'nt work, restore off then on

I attempted to install Spybot and I got a popup with an error msg stating the file was a read only after acknowledging it appears to install. However, the links in start menu are invalid and if you find and execute the file it opens a cmd box and immediately goes away similar to before.

Windows auto-update indicates I need service pack 3 but when I exe the download nothing happens. When I used the link you provided IE shows a progress bar but nothing is happening (packets, hard drive activity are all null). Also my start menu/taskbar changed colors and fonts ?

Scans with Malware, AVG and Kapersky still showing no malware, I'm going to see if the system disks I have will help with repairing the system unless you feel something else is required.

A BIG THANKS for all your help, its very gracious of you folks to offer your time and expertise :wav:

 

[Blade81]

Hi,

Download this file and then drag 'n' drop c:\program files\spybot - search & destroy folder to it. See if that helps.

How is your start menu changed?

You may try to download service pack 3 here (remember change the language option if your OS language is other than English).

 

[Lunchmeat]

Hey Blade, sorry for the delay. I used the file you suggested and that cured the problem for Spybot.

I returned to the MS update site and let things run and after a lengthy wait I was prompted to update the update program and since I have downloaded SP3 and several other updates.

When had problems earlier the start menu changed from blue to tan in color and the icons lost the smoothing effect and the font changed. After two reboots it went back to normal, and has been normal since. Just a fluke...

The system has been normal since, and I have several AV's running AVG, Avast, spybot teatimer and I run peergardian as a port guard (catches what firewall allows). Eventually i will settle on one program.

:thanks:

 

[Blade81]

I have several AV's running AVG, Avast, spybot teatimer and I run peergardian as a port guard (catches what firewall allows). Eventually i will settle on one program.

Yes, it's recommended to use only one antivirus program (either AVG or Avast in your case) running in the system.

 

[Blade81]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.