rogue antivirus

[premal20]

hi guys, i need some help with my laptop!

my comp has just been infected with a rogue antivirus, called Antivirus Action. Reading things off the internet yesterday, i went to safe mode with networking, changed internet settings so that i could use the net, downloaded SuperAntiSpyware and Malwarebytes, used both of them in safe mode and in normal mode with internet connected and disconnected, but the problem still persists after wasting 8 hours of scanning my computer.

i also thought if restoring my system, but the last restore point i have in my file is from 2009! as since then, i have not been able to do a restore back up, due to always getting the same error, saying that not enough space!

please help!!!!

 

[Lorien]

First, I'm not the expert at this but she (Jacee) will see this and respond. In the meantime, let's try to assist her by doing some initial steps she would probably recommend and that way she can be helping you that much quicker.

Do another FULL Malwarebytes scan (after updating malwarebytes to be sure it is current) and then post the report log as an attachment to your next reply.

Then download Hijack This HijackThis - Trend Micro USA (not the beta but the other free full version), install it, and run it. It will also produce a report which can be saved as a file. Do so and attach that file as well to your next reply.

Do not do a System Restore (especially not to 2009) as that often does not resolve the problem and may complicate things (and if it's that old, cause you a lot of headaches resetting configurations, reloading software, uninstalling old software, updating Vista and any other software that was updated in the meantime, etc. if it even works being that old - we'll deal with getting you able to create restore points again after the virus has been resolved) and don't try anything else at this point as I want the results from the scans to show her the true picture as it exists and not have it changed in the meantime. You can work on documents or check e-mails or surf the web, but download and/or install nothing but Hijack This and don't uninstall anything either for the time being. Also, if you have updates on automatic, change it to manual and do not install any until she has reviewed the situation and gives you the OK to do so (or whatever else she may suggest).

Post as soon as you're finished and await her review and response - it may be hours or a day or two, so be patient. Having her working on your situation is worth the wait.

Good luck!

 

[premal20]

Hi Lorien,

Thanks for below. Just to clarify, do I run the Malwarebyte Scan in the Safe Mode or in the normal mode with the virus warnings popping up?

Thanks,

 

[Lorien]

I don't think it matters, but why don't you run it in Safe Mode to avoid all those popups. I think it will provide the same results.

Good luck!

 

[Shadowjk]

Hi Lorien,

Thanks for below. Just to clarify, do I run the Malwarebyte Scan in the Safe Mode or in the normal mode with the virus warnings popping up?

Thanks,

Malwarebytes is an Anti malware Software you will need some Anti virus to help Destroy the Virus Most users on this Forum recommend Microsoft Security Essentials

Hope This Helps,
Josh

 

[Jacee]

What program says you are infected with "Antivirus Action"? I've never seen this rogue before Are you sure that's the correct name?

 

[premal20]

please see below log report from hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:45:08, on 06/10/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\The Devil Himself!!\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRXGFXVB\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN.com[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN.com[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:33921
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.220 intsecure.microsoft.com
O1 - Hosts: 91.212.127.220 intsecure-2009.com
O1 - Hosts: 91.212.127.220 [URL="http://www.intsecure-2009.com"]www.intsecure-2009.com[/URL]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\The Devil Himself!!\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [aspdadll] C:\Users\THEDEV~1\AppData\Local\Temp\nuwajjckx\vrlgljwagnz.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US;_rv:1.9.1.7)_Gecko/20091221_Firefox/3.5.7_(.NET_CLR_3.5.30729)" -"[URL="http://www.nationalexpress.com/coach/index.cfm?utm_source=Google&utm_medium=ppc"]National Express Coach // Coach & Bus Travel Tickets to Airports, Events & Destinations including London, Manchester & Birmingham[/URL]"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Logitech Touch Mouse Server.lnk = C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.3.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [URL]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/URL]
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision                                                     - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
--
End of file - 13361 bytes

 

[premal20]

What program says you are infected with "Antivirus Action"? I've never seen this rogue before Are you sure that's the correct name?

that is the name it keeps popping up the warnings with. I will try and take a screen shot if possible and save it here. when you click on link saying that you want to buy their security stuff, it takes me to a website, which is not found if i google it. let me see if i can get that info. i have to work on this from safe mode, as in my normal mode, it does not allow me to connect to the net as it keeps changing my connection settings.

 

[Shadowjk]

We need a Name of the Program?? If it doesn't provide one then be very Wary of it

 

[premal20]

We need a Name of the Program?? If it doesn't provide one then be very Wary of it

i dont know what the name is, or how to find out. but just that its very frustrating! it was all working fine until i went to a website onepoll.com, and it all started from there.

 

[Smurfyy]

I had something like this,
Way I got rid of it was to go to safe mode, right-click its short-cut and click "open file location".
Then I just deleted the folder it was in and emptied the recycle bin, re-booted and it was all okay after that...
The folder name on mine was some random numbers.

Hope this helps you!
Daniel

 

[premal20]

Please see log report from Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18943
06/10/2010 19:56:30
mbam-log-2010-10-06 (19-56-30).txt
Scan type: Full scan (C:\|)
Objects scanned: 293767
Time elapsed: 59 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

 

[premal20]

I don't think it matters, but why don't you run it in Safe Mode to avoid all those popups. I think it will provide the same results.

Good luck!

Please see log report from Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18943
06/10/2010 19:56:30
mbam-log-2010-10-06 (19-56-30).txt
Scan type: Full scan (C:\|)
Objects scanned: 293767
Time elapsed: 59 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

 

[premal20]

What program says you are infected with "Antivirus Action"? I've never seen this rogue before Are you sure that's the correct name?

that is the name it keeps popping up the warnings with. I will try and take a screen shot if possible and save it here. when you click on link saying that you want to buy their security stuff, it takes me to a website, which is not found if i google it. let me see if i can get that info. i have to work on this from safe mode, as in my normal mode, it does not allow me to connect to the net as it keeps changing my connection settings.

i found out the website it keeps directing me to to download the software to stop it, its Powerfull PC Protection !. i have taken 2 pics of the website, the way it looks, can email it out to anyone who wants to have a look at it..

 

[Jacee]

premal20, downloadthe HostsXpert 4.3 - Hosts File Manager.

• Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
• Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
• Click "Make Hosts Writable?" in the upper right corner (If available).
• Click Restore Microsoft's Hosts file and then click OK.
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Now, flush the DNS cache:
Open a command prompt....from the Start menu, select Run > In the box/"open field", enter cmd.exe
Type ipconfig /flushdns press 'enter'



Next, rescan with HJT, check these items:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:33921
O1 - Hosts: 91.212.127.220 intsecure.microsoft.com
O1 - Hosts: 91.212.127.220 intsecure-2009.com
O1 - Hosts: 91.212.127.220 www.intsecure-2009.com

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [aspdadll] C:\Users\THEDEV~1\AppData\Local\Temp\nuwajjckx\vrlgljwagnz.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\The Devil Himself!!\AppData\Local\Google\Update\GoogleUpdate.exe" /c

Close all windows except HJT, then press 'fix checked'. Exit HJT, DON'T reboot yet,

Now download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Once rebooted, please
Download DDS from one of these links:

Mirror 1 Mirror 2 Mirror 3

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt <-- this will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your next reply.

 

[premal20]

did everything as above. after running TFC, it did not ask me to reboot. please see the log report below:

DDS.txt


DDS (Ver_10-10-05.01) - NTFSx86 NETWORK
Run by The Devil Himself!! at 22:58:19.49 on 06/10/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.2511 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\The Devil Himself!!\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\The Devil Himself!!\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\The Devil Himself!!\Downloads\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [<NO NAME>]
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US;_rv:1.9.1.7)_Gecko/20091221_Firefox/3.5.7_(.NET_CLR_3.5.30729)" -"http://www.nationalexpress.com/coach/index.cfm?utm_source=Google&utm_medium=ppc"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PMHandler] c:\progra~1\lenovo\pmdriv~1\PMHandler.exe
mRun: [LenovoOobeOffers] c:\swtools\lenovowelcome\lenovooobeoffers.exe /filepath="c:\swshare\firstrun.txt"
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [MobileBroadband] c:\program files\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\thedev~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech touch mouse server\iTouch-Server-Win.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.3\CameraMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
LSA: Notification Packages = scecli ACGina

============= SERVICES / DRIVERS ===============

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-8-5 58984]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2007-2-19 13744]
S1 RapportCerberus_18130;RapportCerberus_18130;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\18130\RapportCerberus_18130.sys [2010-8-5 34536]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-8-5 168936]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FNF5SVC;Fn+F5 Service;c:\program files\lenovo\hotkey\FnF5svc.exe [2007-5-11 54832]
S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-8-5 763112]
S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-5-11 55936]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-1-9 569344]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-4-28 9216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-9-11 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2010-9-11 105856]

=============== Created Last 30 ================

2010-10-06 21:28:34 -------- d-----w- C:\hostsXpert
2010-10-05 18:11:11 -------- d-----w- c:\users\thedev~1\appdata\roaming\Malwarebytes
2010-10-05 18:10:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-05 18:10:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-05 18:10:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-05 18:10:32 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-05 16:55:54 -------- d-----w- c:\users\thedev~1\appdata\roaming\SUPERAntiSpyware.com
2010-10-05 16:55:54 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-10-05 16:55:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-05 15:54:35 -------- d-----w- C:\B
2010-10-05 15:43:47 716288 ----a-w- c:\users\thedev~1\appdata\local\syssvc.exe
2010-09-29 16:09:27 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-27 17:59:07 -------- d-----w- c:\program files\Logitech Touch Mouse Server
2010-09-21 17:26:18 -------- d-----w- c:\program files\iPod
2010-09-15 17:07:21 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 17:07:15 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 17:07:10 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 17:06:29 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-11 08:11:53 -------- d-----w- c:\users\thedev~1\appdata\roaming\FLEXnet
2010-09-11 07:56:24 -------- d-----w- c:\users\thedev~1\appdata\roaming\Vodafone
2010-09-11 07:56:13 105856 ----a-w- c:\windows\system32\drivers\zteusbvoice.sys
2010-09-11 07:56:09 105856 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-09-11 07:56:08 114688 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2010-09-11 07:56:05 105856 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-09-11 07:55:55 105856 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-09-11 07:55:25 -------- d-----w- c:\progra~2\Vodafone
2010-09-11 07:54:52 -------- d-----w- c:\program files\Vodafone
2010-09-11 07:54:08 -------- d-----w- c:\users\thedev~1\appdata\local\{FA6F1E64-A6BD-4822-A094-03171A37E8C6}
2010-09-10 14:55:55 -------- d-----w- c:\program files\common files\Symantec Shared

==================== Find3M ====================

2010-08-10 04:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 04:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 22:58:35.35 ===============


Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-05.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 07/06/2008 04:36:48
System Uptime: 10/06/2010 22:53:48 (2832 hours ago)

Motherboard: LENOVO | | IEL10
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1662/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 143 GiB total, 1.085 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================


7-Zip 4.57
Access Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BitTorrent
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Bonjour
Broadcom Gigabit Integrated Controller
Camera Center
CANON iMAGE GATEWAY Registration Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Client Security Solution
Compatibility Pack for the 2007 Office system
DivX Converter
DivX Setup
Google Chrome
Google Talk Plugin
Help Center
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImageMixer 3 SE Ver.3
InstallShield 11
InstallShield 2009
Integrated Camera
iTunes
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900
Lenovo Care
Lenovo Care Supplement
Lenovo Fingerprint Software
Lenovo Multimedia Center
Lenovo PM Driver
Lenovo Registration
Lenovo System Interface Driver
LimeWire 5.5.13
Logitech Touch Mouse Server 1.0
Maintenance Manager
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Magic
Norton Security Scan
NVIDIA Drivers
OGA Notifier 2.0.0048.0
On Screen Display
Picasa 3
PM Driver
Power Ux Customization
Presentation Director
QuickTime
Rapport
Realtek High Definition Audio Driver
Registry patch for Windows Vista USB S3 PM Enablement
Rescue and Recovery
Roxio Media Manager
Skype Toolbars
Skype™ 4.2
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Update
ThinkPad Hotkey Features Setup
ThinkVantage Access Connections
ThinkVantage Technologies Welcome Message
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Veoh Video Compass
VeohTV BETA
Virgin Broadband advisor 1.5.24
Vodafone Mobile Broadband Lite
Wallpapers
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Upload Tool

==== End Of File ===========================

 

[Jacee]

Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
New HJT log taken after the above scan has run
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix

 

[premal20]

hey, all done as requested..

combofix.txt


ComboFix 10-10-06.02 - The Devil Himself!! 06/10/2010 23:43:58.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.2425 [GMT 1:00]
Running from: c:\users\The Devil Himself!!\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\The Devil Himself!!\AppData\Local\syssvc.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-06 22:49 . 2010-10-06 22:52 -------- d-----w- c:\users\The Devil Himself!!\AppData\Local\temp
2010-10-06 22:49 . 2010-10-06 22:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-06 21:28 . 2010-10-06 21:28 -------- d-----w- C:\hostsXpert
2010-10-05 18:11 . 2010-10-05 18:11 -------- d-----w- c:\users\The Devil Himself!!\AppData\Roaming\Malwarebytes
2010-10-05 18:10 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-05 18:10 . 2010-10-05 18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-05 18:10 . 2010-10-05 18:10 -------- d-----w- c:\programdata\Malwarebytes
2010-10-05 18:10 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-05 16:56 . 2010-10-05 16:56 63488 ----a-w- c:\users\The Devil Himself!!\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-10-05 16:56 . 2010-10-05 16:56 52224 ----a-w- c:\users\The Devil Himself!!\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-10-05 16:56 . 2010-10-05 16:56 117760 ----a-w- c:\users\The Devil Himself!!\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-10-05 16:55 . 2010-10-05 16:55 -------- d-----w- c:\users\The Devil Himself!!\AppData\Roaming\SUPERAntiSpyware.com
2010-10-05 16:55 . 2010-10-05 16:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-05 16:55 . 2010-10-05 16:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-05 15:54 . 2010-10-05 15:54 -------- d-----w- C:\B
2010-09-29 16:09 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-27 17:59 . 2010-09-27 17:59 -------- d-----w- c:\program files\Logitech Touch Mouse Server
2010-09-21 17:26 . 2010-09-21 17:26 -------- d-----w- c:\program files\iPod
2010-09-21 17:21 . 2010-09-21 17:21 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-20 17:50 . 2010-09-20 17:51 -------- d-----w- c:\program files\QuickTime
2010-09-19 21:07 . 2010-09-19 21:07 353512 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\19514\RapportMS.dll
2010-09-19 21:07 . 2010-09-19 21:07 12544 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys
2010-09-15 17:07 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 17:07 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 17:07 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 17:06 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-11 08:11 . 2010-09-11 08:11 -------- d-----w- c:\users\The Devil Himself!!\AppData\Roaming\FLEXnet
2010-09-11 07:56 . 2010-09-11 07:56 -------- d-----w- c:\users\The Devil Himself!!\AppData\Roaming\Vodafone
2010-09-11 07:56 . 2010-04-19 14:42 105856 ----a-w- c:\windows\system32\drivers\zteusbvoice.sys
2010-09-11 07:56 . 2010-04-19 14:42 105856 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-09-11 07:56 . 2010-03-25 17:09 114688 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2010-09-11 07:56 . 2010-04-19 14:42 105856 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-09-11 07:55 . 2010-04-19 14:42 105856 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-09-11 07:55 . 2010-09-11 07:55 -------- d-----w- c:\programdata\Vodafone
2010-09-11 07:54 . 2010-09-11 07:54 -------- d-----w- c:\program files\Vodafone
2010-09-11 07:54 . 2010-09-11 07:54 -------- d-----w- c:\users\The Devil Himself!!\AppData\Local\{FA6F1E64-A6BD-4822-A094-03171A37E8C6}
2010-09-10 14:55 . 2010-09-10 14:55 -------- d-----w- c:\program files\Common Files\Symantec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 21:50 . 2008-06-07 03:35 836 ----a-w- c:\windows\bthservsdp.dat
2010-10-06 21:08 . 2010-08-09 21:33 -------- d-----w- c:\users\The Devil Himself!!\AppData\Roaming\LimeWire
2010-10-06 18:12 . 2008-06-06 11:59 8728 ----a-w- c:\users\The Devil Himself!!\AppData\Local\d3d9caps.dat
2010-10-04 08:20 . 2008-06-09 21:53 71907 ----a-w- c:\users\The Devil Himself!!\AppData\Roaming\nvModes.dat
2010-09-30 21:58 . 2008-09-28 18:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-30 21:56 . 2010-01-06 21:10 -------- d-----w- c:\users\The Devil Himself!!\AppData\Roaming\BitTorrent
2010-09-21 17:28 . 2010-08-01 21:21 -------- d-----w- c:\program files\iTunes
2010-09-21 17:26 . 2009-11-19 18:15 -------- d-----w- c:\program files\Common Files\Apple
2010-09-20 17:47 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-09-20 17:47 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-09-20 17:47 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-09-19 21:02 . 2010-06-14 17:43 -------- d-----w- c:\users\The Devil Himself!!\AppData\Roaming\Skype
2010-09-19 16:01 . 2009-01-05 21:58 -------- d-----w- c:\users\The Devil Himself!!\AppData\Roaming\skypePM
2010-09-19 11:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-15 20:13 . 2010-06-30 17:51 256 ----a-w- c:\windows\system32\pool.bin
2010-09-15 19:59 . 2010-07-15 22:04 -------- d-----w- c:\users\The Devil Himself!!\AppData\Roaming\Roxio
2010-09-11 07:54 . 2009-01-16 08:28 -------- d-----w- c:\programdata\FLEXnet
2010-09-04 17:47 . 2010-09-04 17:43 -------- d-----w- c:\programdata\Symantec
2010-09-04 17:43 . 2010-09-04 17:43 -------- d-----w- c:\programdata\Norton
2010-09-04 17:43 . 2010-09-04 17:43 -------- d-----w- c:\program files\Norton Security Scan
2010-09-04 17:43 . 2010-09-04 17:43 -------- d-----w- c:\programdata\NortonInstaller
2010-09-04 17:43 . 2010-09-04 17:43 -------- d-----w- c:\program files\NortonInstaller
2010-09-04 14:44 . 2010-06-08 18:28 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-04 14:44 . 2010-09-04 14:44 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-04 14:44 . 2010-04-16 16:12 -------- d-----w- c:\programdata\DivX
2010-09-04 14:44 . 2008-10-15 21:48 -------- d-----w- c:\program files\DivX
2010-09-04 14:44 . 2010-09-04 14:44 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-09-04 14:44 . 2010-09-04 14:44 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-09-04 14:44 . 2010-09-04 14:44 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-09-04 14:44 . 2010-09-04 14:44 84063 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-09-04 14:44 . 2010-09-04 14:44 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-09-04 14:43 . 2010-09-04 14:44 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-09-04 14:43 . 2010-09-04 14:43 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-04 14:43 . 2010-06-08 18:28 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-09-04 14:43 . 2010-06-08 18:28 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-08-31 11:11 . 2010-08-31 11:11 3401880 ----a-w- c:\users\The Devil Himself!!\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 10:55 . 2010-08-31 10:55 275096 ----a-w- c:\users\The Devil Himself!!\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-08-31 10:39 . 2010-08-31 10:39 3734536 ----a-w- c:\users\The Devil Himself!!\AppData\Roaming\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-22 08:14 . 2010-08-22 08:14 -------- d-----w- c:\users\The Devil Himself!!\AppData\Roaming\Trusteer
2010-08-22 08:14 . 2010-08-22 08:14 -------- d-----w- c:\program files\Trusteer
2010-08-22 08:12 . 2010-08-22 08:12 -------- d-----w- c:\programdata\Trusteer
2010-08-10 17:07 . 2008-10-15 21:48 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-08-05 18:29 . 2010-08-05 18:29 434176 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\18481\RapportMS.dll
2010-08-05 18:29 . 2010-08-05 18:29 468200 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\18130\RapportCerberus.dll
2010-08-05 18:29 . 2010-08-05 18:29 34536 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\18130\RapportCerberus_18130.sys
2010-08-05 18:19 . 2010-08-05 18:19 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-07-26 18:36 . 2010-07-26 18:36 69632 ----a-r- c:\users\The Devil Himself!!\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-07-26 18:36 . 2010-07-26 18:36 69632 ----a-r- c:\users\The Devil Himself!!\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-07-26 18:36 . 2010-07-26 18:36 69632 ----a-r- c:\users\The Devil Himself!!\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-07-26 18:36 . 2010-07-26 18:36 69632 ----a-r- c:\users\The Devil Himself!!\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-07-26 18:36 . 2010-07-26 18:36 69632 ----a-r- c:\users\The Devil Himself!!\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-07-26 18:36 . 2010-07-26 18:36 69632 ----a-r- c:\users\The Devil Himself!!\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-07-26 18:36 . 2010-07-26 18:36 69632 ----a-r- c:\users\The Devil Himself!!\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-07-26 18:36 . 2010-07-26 18:36 69632 ----a-r- c:\users\The Devil Himself!!\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\DesktopMgr.exe
2010-07-26 18:36 . 2010-07-26 18:36 49152 ----a-r- c:\users\The Devil Himself!!\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-07-26 18:36 . 2010-07-26 18:36 49152 ----a-r- c:\users\The Devil Himself!!\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-07-26 18:36 . 2010-07-26 18:36 49152 ----a-r- c:\users\The Devil Himself!!\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-07-15 13:45 . 2010-07-15 13:45 187128 ----a-w- c:\users\The Devil Himself!!\AppData\Roaming\Virgin Broadband\advisor\downloads\VirginDetectionScriptsBundle.41.zip.dir\tools\NetworkFinder.signed.exe
2008-06-07 03:28 . 2008-06-07 03:22 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-01-26 2633976]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-06-06 34352]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 28672]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2007-08-23 16384]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 419112]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 124200]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-28 569344]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-04-28 252928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\The Devil Himself!!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageMixer 3 SE Camera Monitor Ver.3.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe [2010-6-30 253952]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 07:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2008-10-24 08:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP]
2006-09-06 07:38 54824 ------w- c:\program files\Lenovo\HOTKEY\TpWAudAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ------w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-114898421-3378325204-2687448701-1000]
"EnableNotificationsRef"=dword:00000001

R0 spldr;Security Processor Loader Driver; [x]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744]
R1 RapportCerberus_18130;RapportCerberus_18130;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\18130\RapportCerberus_18130.sys [2010-08-05 34536]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-08-05 168936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2008-01-19 62464]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2008-01-19 21504]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2008-01-19 21504]
R2 EMDMgmt;ReadyBoost;c:\windows\system32\svchost.exe [2008-01-19 21504]
R2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2008-01-19 21504]
R2 FNF5SVC;Fn+F5 Service;c:\program files\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 54832]
R2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2008-01-19 21504]
R2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2008-01-19 21504]
R2 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2008-01-19 21504]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2008-01-19 47104]
R2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2008-01-19 84480]
R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2008-01-19 21504]
R2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2008-01-19 21504]
R2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2006-11-02 878080]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-08-05 763112]
R2 slsvc;Software Licensing;c:\windows\system32\SLsvc.exe [2008-01-19 2623488]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2008-01-19 21504]
R2 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2008-01-19 21504]
R2 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2008-01-19 21504]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2008-01-19 30208]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-09 569344]
R2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2008-01-19 21504]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-04-28 9216]
R2 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2008-01-19 21504]
R2 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\brfiltlo.sys [2006-11-02 13568]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\brfiltup.sys [2006-11-02 5248]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 DFSR;DFS Replication;c:\windows\system32\DFSR.exe [2008-01-19 2091520]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2008-08-02 625152]
R3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;c:\windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 117760]
R3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2008-01-19 27648]
R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2008-01-19 41984]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 MsRPC;MsRPC; [x]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 SessionEnv;Terminal Services Configuration;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2008-06-07 12800]
R3 SLUINotify;SL UI Notification Service;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 srv2;srv2;c:\windows\system32\DRIVERS\srv2.sys [2010-06-18 144896]
R3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2009-12-11 98304]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2008-01-19 39424]
R3 tssecsrv;Terminal Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2008-01-19 23552]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2008-01-19 35840]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2006-11-02 58472]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2008-01-19 21504]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2010-03-25 114688]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-04-19 105856]
R4 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [2006-11-02 420968]
R4 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys [2006-11-02 297576]
R4 arcsas;arcsas;c:\windows\system32\drivers\arcsas.sys [2006-11-02 67688]
R4 blbdrive;blbdrive;c:\windows\system32\drivers\blbdrive.sys [x]
R4 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\system32\drivers\brserid.sys [2006-11-02 71808]
R4 BrSerWdm;Brother WDM Serial driver;c:\windows\system32\drivers\brserwdm.sys [2006-11-02 62336]
R4 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\brusbmdm.sys [2006-11-02 12160]
R4 circlass;Consumer IR Devices;c:\windows\system32\drivers\circlass.sys [2006-11-02 35328]
R4 Crusoe;Transmeta Crusoe Processor Driver;c:\windows\system32\drivers\crusoe.sys [2006-11-02 38912]
R4 elxstor;elxstor;c:\windows\system32\drivers\elxstor.sys [2006-11-02 316520]
R4 HpCISSs;HpCISSs;c:\windows\system32\drivers\hpcisss.sys [2006-11-02 37480]
R4 iaStorV;Intel RAID Controller Vista;c:\windows\system32\drivers\iastorv.sys [2006-11-02 232040]
R4 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\ipmidrv.sys [2006-11-02 65536]
R4 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-11-02 35944]
R4 LSI_FC;LSI_FC;c:\windows\system32\drivers\lsi_fc.sys [2006-11-02 65640]
R4 LSI_SAS;LSI_SAS;c:\windows\system32\drivers\lsi_sas.sys [2006-11-02 65640]
R4 LSI_SCSI;LSI_SCSI;c:\windows\system32\drivers\lsi_scsi.sys [2006-11-02 65640]
R4 Mcx2Svc;Windows Media Center Extender Service;c:\windows\system32\svchost.exe [2008-01-19 21504]
R4 megasas;megasas;c:\windows\system32\drivers\megasas.sys [2006-11-02 28776]
R4 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2006-11-02 78952]
R4 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2006-11-02 80488]
R4 nfrd960;nfrd960;c:\windows\system32\drivers\nfrd960.sys [2006-11-02 45160]
R4 ntrigdigi;N-trig HID Tablet Driver;c:\windows\system32\drivers\ntrigdigi.sys [2006-11-02 20608]
R4 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2006-11-02 40040]
R4 ql2300;QLogic Fibre Channel Miniport Driver;c:\windows\system32\drivers\ql2300.sys [2006-11-02 900712]
R4 ql40xx;QLogic iSCSI Miniport Driver;c:\windows\system32\drivers\ql40xx.sys [2006-11-02 106088]
R4 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [2006-11-02 71784]
R4 uliahci;uliahci;c:\windows\system32\drivers\uliahci.sys [2006-11-02 235112]
R4 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2006-11-02 115816]
R4 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2006-11-02 68608]
R4 ViaC7;VIA C7 Processor Driver;c:\windows\system32\drivers\viac7.sys [2006-11-02 39424]
R4 vsmraid;vsmraid;c:\windows\system32\drivers\vsmraid.sys [2006-11-02 112232]
R4 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2006-11-02 20608]
R4 Wd;Microsoft Watchdog Timer Driver;c:\windows\system32\drivers\wd.sys [2006-11-02 19560]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2008-01-19 247352]
S0 Ecache;ReadyBoost Caching Driver;c:\windows\System32\drivers\ecache.sys [2008-01-19 143416]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2008-01-19 58936]
S0 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2006-11-02 23144]
S0 msisadrv;ISA/EISA Class Driver;c:\windows\system32\drivers\msisadrv.sys [2008-01-19 16440]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2010-08-05 58984]
S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2008-01-19 52792]
S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2008-01-19 294456]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2008-01-19 75264]
S1 nsiproxy;NSI proxy service;c:\windows\system32\drivers\nsiproxy.sys [2008-01-19 16384]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2008-01-19 6144]
S1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2008-01-19 66560]
S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2008-01-19 71680]
S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2008-01-19 21504]
S2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2008-01-19 21504]
S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2008-01-19 21504]
S2 netprofm;Network List Service;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2008-01-19 21504]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2008-01-19 21504]
S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2008-01-19 21504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 bowser;bowser;c:\windows\system32\DRIVERS\bowser.sys [2008-01-19 69632]
S3 iScsiPrt;iScsiPort Driver;c:\windows\system32\DRIVERS\msiscsi.sys [2008-01-19 181304]
S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-06-15 9728]
S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2008-01-19 64000]
S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-02-23 212992]
S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-02-23 78848]
S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2008-05-20 148480]
S3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-02-18 25088]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\DRIVERS\umbus.sys [2008-01-19 34816]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart
WerSvcGroup REG_MULTI_SZ wersvc
swprv REG_MULTI_SZ swprv
regsvc REG_MULTI_SZ RemoteRegistry
wcssvc REG_MULTI_SZ WcsPlugInService
DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch
wdisvc REG_MULTI_SZ WdiServiceHost
sdrsvc REG_MULTI_SZ sdrsvc
secsvcs REG_MULTI_SZ WinDefend
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-114898421-3378325204-2687448701-1000Core.job
- c:\users\The Devil Himself!!\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-12 16:49]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-114898421-3378325204-2687448701-1000UA.job
- c:\users\The Devil Himself!!\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-12 16:49]

2010-10-02 c:\windows\Tasks\Norton Security Scan for The Devil Himself!!.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-04 09:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-sacsvr


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(328)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Completion time: 2010-10-07 00:00:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-06 23:00

Pre-Run: 996,278,272 bytes free
Post-Run: 3,251,302,400 bytes free

- - End Of File - - 5E9B50F2FF4D5ED52CE563FBD2427EB4

hijack this log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:04:34, on 07/10/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\The Devil Himself!!\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\The Devil Himself!!\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\The Devil Himself!!\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\The Devil Himself!!\Downloads\HijackThis (1).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US;_rv:1.9.1.7)_Gecko/20091221_Firefox/3.5.7_(.NET_CLR_3.5.30729)" -"http://www.nationalexpress.com/coach/index.cfm?utm_source=Google&utm_medium=ppc"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Logitech Touch Mouse Server.lnk = C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.3.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--
End of file - 12495 bytes

 

[Jacee]

Please "reboot/restart" your compter!


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.


Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "Java Runtime Environment (JRE) 6u21 allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.

Next download Secunia PSI PSI - Consumer - Products (not the Beta) and scan your computer.
Update all vulnerable security issues.



After doing the above, I'd like you to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
    
11. Push
    
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the
    
    button.
13. Push
    

 

[premal20]

hi jacee,

firstly, i was doing all of the above steps from safe mode with networking. when i tried to uninstall all java programs, it did not allow me to. so i restarted in normal mode, and behold! the virus was gone. internet is working fine and so are other apps. i reinstalled the latest java version as you asked to, above. now my question is do you still want me to do the psi and eset scans?