WiredWX Hobby Weather ToolsLog in

 


descriptionSecurity 2009 Virus/spyware- Please help! EmptySecurity 2009 Virus/spyware- Please help!

more_horiz
I have this virus and it has changed my desktop bg to a red warnign message and it also runs some Security 2009 software showing viruses on my system as well as trying to get me to purchase their software removal.
It is now to the point of me only being able to use the machine in Safemode /w/ networking.
I have tried so many times to download Malware bytes it never runs. I tried renaming it before I saved it no luck.
Please help if possible I have included my hijack log if needed.

descriptionSecurity 2009 Virus/spyware- Please help! EmptyRe: Security 2009 Virus/spyware- Please help!

more_horiz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:03 PM, on 6/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavGUIScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1206231979\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [19483614] C:\ProgramData\19483614\19483614.exe
O4 - HKLM\..\Run: [99493606] C:\ProgramData\99493606\99493606.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

descriptionSecurity 2009 Virus/spyware- Please help! EmptyRe: Security 2009 Virus/spyware- Please help!

more_horiz
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [aliim] C:\Program Files\trademanager\aliim.exe
O4 - HKCU\..\Run: [Lakeysha] C:\Users\Lakeysha\Lakeysha.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Lakeysha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: *.convergys.com
O15 - Trusted Zone: http://hoylegames.igl.net
O15 - Trusted Zone: http://*.taobao.com
O15 - Trusted Zone: *.west.com
O15 - Trusted Zone: *.westathome.net
O15 - Trusted IP range: http://8.5.0.53
O15 - Trusted IP range: http://8.5.0.58
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} -
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O20 - AppInit_DLLs: ,C:\Windows\System32\cic32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15378 bytes

descriptionSecurity 2009 Virus/spyware- Please help! EmptyRe: Security 2009 Virus/spyware- Please help!

more_horiz
This was the result of CA anti-virus but after doing this I could not load windows it said it was not authentic. SO I am back insafe mode.

Files Scanned: 704842
Files Infected: 23120
Files Cleaned \ Deleted: 23119
Files Quarantined: 1
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

Top infections found during scan (Limited to 10).
Win32/Fonhos.B
ASF/Wimad!generic
Win32/AntiVirus2008.Y
Win32/Benload!generic

descriptionSecurity 2009 Virus/spyware- Please help! EmptyRe: Security 2009 Virus/spyware- Please help!

more_horiz
I see you have Viewpoint software installed.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". Read this article: here and here

I suggest you remove the program now.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint Manager (remove only)
  • Viewpoint Media Player
  • Viewpoint Toolbar
Next, please download ViewpointKiller by Prm753 from here.
Save it to a permanent folder (such as C:\ViewpointKiller) and unzip it there.
Open ViewpointKiller, and press the Start button.
A log will be produced in the same folder where you unzipped it to. Please post the contents of that log in your reply.





  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)
    O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [19483614] C:\ProgramData\19483614\19483614.exe
    O4 - HKLM\..\Run: [99493606] C:\ProgramData\99493606\99493606.exe
    O15 - Trusted Zone: http://*.alipay.com
    O15 - Trusted Zone: http://*.alisoft.com
    O15 - Trusted Zone: *.convergys.com
    O15 - Trusted Zone: http://hoylegames.igl.net
    O15 - Trusted Zone: http://*.taobao.com
    O15 - Trusted Zone: *.west.com
    O15 - Trusted Zone: *.westathome.net
    O15 - Trusted IP range: http://8.5.0.53
    O15 - Trusted IP range: http://8.5.0.58
    O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} -
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



  • Press "Fix Checked"
  • Close Hijack This.






  • Download combofix from here
    Link 1
    Link 2
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

Security 2009 Virus/spyware- Please help! CF_download_FF

Security 2009 Virus/spyware- Please help! CF_download_rename

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV. (Mcafee)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.

descriptionSecurity 2009 Virus/spyware- Please help! Emptycombofix log

more_horiz
ComboFix 09-06-20.04 - Lakeysha 06/21/2009 21:21.1 - NTFSx86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.1.1033.18.3054.1671 [GMT -4:00]
Running from: c:\users\Lakeysha\Desktop\Combo-Fix.exe
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1265499254-1424330819-3022518915-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-833822272-2447228217-3246833282-500
c:\windows\system32\C9AifEMp4V3Ql8D.vbs
c:\windows\system32\DGGoqAIxZyfS92N.vbs
c:\windows\system32\lhopKMs.vbs
c:\windows\system32\RkKV28SMhpcQGTO.vbs
c:\windows\system32\RX5XoAl47VOBQ.vbs
c:\$recycle.bin\S-1-5-21-1265499254-1424330819-3022518915-500\desktop.ini
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500\desktop.ini
c:\$recycle.bin\S-1-5-21-833822272-2447228217-3246833282-500\desktop.ini
c:\program files\Internet Explorer\msimg32.dll
c:\users\Lakeysha\AppData\Roaming\02000000a08966cc609C.manifest
c:\users\Lakeysha\AppData\Roaming\02000000a08966cc609O.manifest
c:\users\Lakeysha\AppData\Roaming\02000000a08966cc609P.manifest
c:\users\Lakeysha\AppData\Roaming\02000000a08966cc609S.manifest
c:\users\Lakeysha\Lakeysha.exe
c:\windows\GnuHashes.ini
c:\windows\system32\drivers\SKYNETrftfmpxn.sys
c:\windows\system32\drivers\UACsicpjsgnkhhemxw.sys
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\SKYNETshxvcbrk.dll
c:\windows\system32\SKYNETtvdxytsp.dll
c:\windows\system32\SKYNETwhipxopm.dat
c:\windows\system32\UACchliqplsqixvxqi.dll
c:\windows\system32\UACcriqqybphiqqqau.db
c:\windows\system32\UACdbwotmbbrpfplnv.dll
c:\windows\system32\UACefxixcmdkbtxbtx.dll
c:\windows\system32\UAChchygjdbvxtxpeh.log
c:\windows\system32\UACradbfsrftuvnvof.dll
c:\windows\system32\UACribdosjfeqylwrs.dll
c:\windows\system32\UACsitpuyvkjptuyce.log
c:\windows\system32\UACtfponbvjevibmkx.dll
c:\windows\system32\UACwpgabvvtscipktv.dat
c:\windows\system32\UACywwnlhxgdnimexb.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETgcycyqju
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.

2009-06-22 01:05 . 2009-05-19 05:36 97072 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-06-22 01:05 . 2009-05-19 05:36 111920 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-06-22 01:05 . 2009-05-19 05:35 120368 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\aoldlmgr.exe
2009-06-22 01:05 . 2009-05-19 05:35 69104 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\amos.exe
2009-06-22 01:05 . 2009-05-19 05:35 95792 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLFirewallMgr.dll
2009-06-22 01:05 . 2007-08-17 13:34 107872 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\aolsetup.exe
2009-06-22 01:05 . 2009-05-19 05:36 142040 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-06-22 01:05 . 2009-05-19 05:35 37888 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\amoinst.exe
2009-06-22 01:05 . 2009-05-19 05:35 550024 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AIMLang.exe
2009-06-22 01:05 . 2009-05-19 05:35 2402104 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AIMinst.exe
2009-06-22 00:49 . 2009-06-22 00:49 24338 ----a-w- c:\program files\viewpointkiller.zip
2009-06-21 21:10 . 2009-06-21 21:10 -------- d-----w- c:\users\Lakeysha\AppData\Roaming\Malwarebytes
2009-06-21 21:04 . 2009-06-21 21:04 -------- d-----w- c:\program files\aaa
2009-06-21 20:55 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-21 20:55 . 2009-06-21 20:55 -------- d-----w- c:\programdata\Malwarebytes
2009-06-21 20:55 . 2009-06-21 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 20:55 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-21 20:29 . 2009-06-21 20:29 -------- dc----w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-21 19:05 . 2009-06-21 19:05 -------- d-----w- c:\program files\Trend Micro
2009-06-21 17:55 . 2009-06-21 17:55 -------- dc----w- C:\G
2009-06-21 17:54 . 2009-06-21 17:54 -------- d-----w- c:\users\Mica\AppData\Local\Microsoft
2009-06-21 17:51 . 2009-06-21 17:51 -------- d-----w- c:\program files\Common Files\Scanner
2009-06-21 17:51 . 2009-06-21 18:09 880560 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-06-21 17:51 . 2009-06-21 18:09 108368 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-06-21 17:51 . 2009-02-16 16:17 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-06-21 17:51 . 2009-02-16 16:17 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-06-21 17:51 . 2009-02-16 16:17 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-06-21 17:51 . 2009-02-16 16:17 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-06-21 17:51 . 2009-02-16 16:16 111856 ----a-w- c:\windows\system32\isafprod.dll
2009-06-21 17:51 . 2009-02-16 16:16 99568 ----a-w- c:\windows\system32\isafeif.dll
2009-06-21 17:51 . 2007-12-04 15:47 83256 ----a-w- c:\windows\system32\vetredir.dll
2009-06-21 17:42 . 2009-06-21 20:23 -------- d-sh--w- c:\windows\system32\SystemX86
2009-06-13 01:26 . 2009-06-21 18:44 -------- d-----w- c:\users\Lakeysha\AppData\Roaming\GetRightToGo
2009-06-12 22:31 . 2009-06-21 19:14 -------- d-----w- c:\programdata\19483614
2009-06-12 03:36 . 2009-06-12 03:36 -------- dc----w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-06-12 02:25 . 2009-06-12 02:25 -------- d-----w- c:\program files\Incomplete
2009-06-12 02:23 . 2009-06-21 19:44 -------- d-sh--w- c:\users\Lakeysha\'
2009-06-12 02:23 . 2009-06-13 01:26 147456 ----a-w- c:\users\Lakeysha\vbzip10.dll
2009-06-06 16:04 . 2009-06-06 16:04 -------- d-----w- c:\windows\system32\aliedit
2009-06-06 16:04 . 2009-06-06 16:04 -------- d-----w- c:\program files\trademanager
2009-05-30 01:49 . 2009-05-30 01:49 -------- dc----w- C:\F

descriptionSecurity 2009 Virus/spyware- Please help! EmptyRe: Security 2009 Virus/spyware- Please help!

more_horiz
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 01:35 . 2008-03-29 15:56 -------- d-----w- c:\program files\Curse
2009-06-22 01:35 . 2009-01-17 13:22 28124 ----a-w- c:\programdata\nvModes.dat
2009-06-19 23:05 . 2009-04-16 05:01 -------- d-----w- c:\program files\Virtual Hypnotist
2009-06-19 23:04 . 2009-04-24 22:39 -------- d-----w- c:\program files\Plan It Green
2009-06-19 23:04 . 2009-03-04 22:05 -------- d-----w- c:\program files\Party Down
2009-06-19 23:04 . 2009-01-17 19:28 -------- d-----w- c:\program files\Mushroom Age
2009-06-13 01:40 . 2009-03-06 02:23 451824 ----a-w- c:\windows\system32\cavrep.exe
2009-06-13 01:40 . 2009-03-06 02:23 435440 ----a-w- c:\windows\system32\caav.exe
2009-06-13 01:40 . 2009-03-06 02:23 292080 ----a-w- c:\windows\system32\vetmsg.exe
2009-06-13 01:40 . 2009-03-06 02:23 279792 ----a-w- c:\windows\system32\caavguiscan.exe
2009-06-13 01:40 . 2009-03-06 02:23 271600 ----a-w- c:\windows\system32\driverif.dll
2009-06-13 01:40 . 2009-03-06 02:23 271600 ----a-w- c:\windows\system32\cavrid.exe
2009-06-13 01:40 . 2009-03-06 02:23 259312 ----a-w- c:\windows\system32\caavscan.dll
2009-06-13 01:40 . 2009-03-06 02:23 181488 ----a-w- c:\windows\system32\caavcmdscan.exe
2009-06-13 01:39 . 2009-03-06 02:23 320752 ----a-w- c:\windows\system32\arclib.dll
2009-06-13 01:27 . 2008-01-20 16:26 -------- d-----w- c:\users\Lakeysha\AppData\Roaming\LimeWire
2009-06-12 02:47 . 2008-11-29 23:55 -------- d-----w- c:\program files\LimeWire
2009-06-12 02:32 . 2008-01-19 16:10 -------- d-----w- c:\programdata\Microsoft Help
2009-05-19 11:50 . 2008-01-18 21:28 74344 ----a-w- c:\users\Lakeysha\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-19 05:36 . 2009-06-22 01:06 2884832 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-05-19 05:36 . 2009-06-22 01:06 28 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-05-19 05:36 . 2009-06-22 01:06 25 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 05:36 . 2009-06-22 01:06 1484856 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-05-19 05:36 . 2009-06-22 01:06 30512 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-05-19 02:10 . 2008-01-19 16:13 -------- d-----w- c:\program files\Microsoft Works
2009-05-19 01:49 . 2009-05-19 01:49 -------- d-----w- c:\program files\MFInstall
2009-05-16 21:43 . 2008-01-18 21:25 2032 ----a-w- c:\users\Lakeysha\AppData\Local\d3d9caps.dat
2009-04-21 23:34 . 2009-04-21 23:34 34062 ------w- c:\users\Lakeysha\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
2009-04-04 04:00 . 2009-04-04 04:00 19131752 ------w- c:\users\Lakeysha\AppData\Roaming\TomTom\HOME\Profiles\6bl6les5.default\Updates\v2_6_1_1549_win.exe
2009-01-26 04:46 . 2008-01-22 00:16 67696 ------w- c:\program files\mozilla firefox\components\jar50.dll
2009-01-26 04:46 . 2008-01-22 00:16 54376 ------w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-26 04:46 . 2008-01-22 00:16 34952 ------w- c:\program files\mozilla firefox\components\myspell.dll
2009-01-26 04:46 . 2008-01-22 00:16 46720 ------w- c:\program files\mozilla firefox\components\spellchk.dll
2009-01-26 04:46 . 2008-01-22 00:16 172144 ------w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-02-08 01:46 . 2008-02-08 01:46 13624 ------w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 01:46 . 2008-02-08 01:46 87360 ------w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 01:46 . 2008-02-08 01:46 91448 ------w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 01:46 . 2008-02-08 01:46 21824 ------w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 01:46 . 2008-02-08 01:46 206136 ------w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 01:46 . 2008-02-08 01:46 31544 ------w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 01:46 . 2008-02-08 01:46 40248 ------w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 21:27 . 2007-03-16 21:27 479232 ------w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 21:27 . 2007-03-16 21:27 548864 ------w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 21:27 . 2007-03-16 21:27 626688 ------w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 16:47 . 2007-07-20 16:47 981170 ------w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 01:46 . 2008-02-08 01:46 24384 ------w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2008-01-18 19:58 . 2008-01-18 19:54 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-06-08 1934336]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"aliim"="c:\program files\trademanager\aliim.exe" [2009-03-03 214416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-21 820520]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 66928]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 28672]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-06-06 487424]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 217176]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-06-09 165208]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2007-02-02 419376]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-07 431392]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2008-08-01 33304]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"HostManager"="c:\program files\Common Files\AOL\1206231979\ee\AOLSoftware.exe" [2006-09-26 50736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-06-09 124248]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-12-07 1282048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-08-07 148768]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-02-18 374000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"PC Pitstop Optimize Reminder"="c:\program files\PCPitstop\Optimize2\Reminder.exe" [2008-08-27 203504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-02-16 271600]
"TpShocks"="TpShocks.exe" - c:\windows\System32\TpShocks.exe [2008-06-06 181536]

c:\users\Lakeysha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-7 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 20:54 89600 ------w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 21:46 79368 ------w- c:\windows\System32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

descriptionSecurity 2009 Virus/spyware- Please help! EmptyRe: Security 2009 Virus/spyware- Please help!

more_horiz
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FlippenMenu.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FlippenMenu.lnk
backup=c:\windows\pss\FlippenMenu.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Lakeysha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LivePerson Expert Messenger.lnk]
path=c:\users\Lakeysha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LivePerson Expert Messenger.lnk
backup=c:\windows\pss\LivePerson Expert Messenger.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1265499254-1424330819-3022518915-1002]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2453F066-DF24-45C3-9D46-A556744AA55D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0620BC7D-B8CA-4ECF-945B-7C277ED584A2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2577681C-1B93-48AF-8600-DC865F394199}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D0B437AE-ABE5-4360-A458-1958D9CAF818}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4DFB9BD7-CF35-44F3-887F-CC15DED77863}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{021E80BD-FF35-4223-AE59-42301094A72C}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{718C4638-147D-44B3-BB95-F832D38B3190}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{677BF585-B222-45FE-916A-43C350E7B9CD}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{76A93A39-7E29-4492-A10D-62CDEDCABB2D}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{89DEC56C-9648-400F-8E13-1498432B8DA4}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{F672484D-B38C-4FAE-88C1-499475ACC9D3}c:\\users\\lakeysha\\program files\\dna\\btdna.exe"= UDP:c:\users\lakeysha\program files\dna\btdna.exe:btdna.exe
"UDP Query User{53FB5206-E392-4A56-B63E-ECBE53A9233D}c:\\users\\lakeysha\\program files\\dna\\btdna.exe"= TCP:c:\users\lakeysha\program files\dna\btdna.exe:btdna.exe
"TCP Query User{5A1DFFC5-A6D8-4C48-B5A4-928E998DBE9A}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3426F69B-94FB-43B7-82AE-ED1331C3EF46}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{BCABF91E-E56A-48FE-9600-F7D4C114CDCC}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{49368AE5-C50F-4AE5-BE96-03FEAC590BB7}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{9F920A95-DF4E-45D6-A72A-B26F55027C7D}c:\\program files\\spacialaudio\\sambc\\sambc.exe"= UDP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"UDP Query User{CACB8CD7-F6BE-4E58-8B42-8107C0FE6A2F}c:\\program files\\spacialaudio\\sambc\\sambc.exe"= TCP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"TCP Query User{9F5CA40F-12D2-4B20-BBB7-4E44F382D08F}c:\\program files\\secondlifewindlight\\slvoice.exe"= UDP:c:\program files\secondlifewindlight\slvoice.exe:SLVoice
"UDP Query User{3B58B883-8015-4C92-934B-544979887D75}c:\\program files\\secondlifewindlight\\slvoice.exe"= TCP:c:\program files\secondlifewindlight\slvoice.exe:SLVoice
"TCP Query User{E9E415D2-A647-4CAC-8049-0F6E2EEF8D65}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{255164AD-4DE0-47FF-9B7C-B4CDFBFC053C}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{E8473DFF-ABEE-45E9-B3E2-2ED4FACE9139}c:\\program files\\vibestreamer\\vibestreamer.exe"= UDP:c:\program files\vibestreamer\vibestreamer.exe:vibestreamer
"UDP Query User{DA525F3B-D594-471F-A410-927E08C8F4AD}c:\\program files\\vibestreamer\\vibestreamer.exe"= TCP:c:\program files\vibestreamer\vibestreamer.exe:vibestreamer
"TCP Query User{01CAAAE3-6BF4-4891-9832-8718F15FF3F0}c:\\users\\lakeysha\\saved games\\wow-2.0.0-enus-installer-downloader.exe"= UDP:c:\users\lakeysha\saved games\wow-2.0.0-enus-installer-downloader.exe:wow-2.0.0-enus-installer-downloader.exe
"UDP Query User{556F5C1A-5338-466D-900A-B0CAFFEDF69E}c:\\users\\lakeysha\\saved games\\wow-2.0.0-enus-installer-downloader.exe"= TCP:c:\users\lakeysha\saved games\wow-2.0.0-enus-installer-downloader.exe:wow-2.0.0-enus-installer-downloader.exe
"{CACAAF93-4FCA-49C2-BEF8-36CCF52F9EB4}"= UDP:3274:Blizzaerd Fownloader
"{40ABCA7B-D577-4981-8FB6-243DFC99124F}"= UDP:6112:Blizzard Downloader
"{1E429E34-C717-45DB-94FC-5339A7D67288}"= UDP:c:\users\Public\wonplay.exe:wonplay
"{504ED2FD-B236-44F5-B14A-4F21F799AEED}"= TCP:c:\users\Public\wonplay.exe:wonplay
"{3EEBEA0E-A101-4CF1-8799-C9496E378B21}"= UDP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{3DA60F94-40A3-4F72-8BF8-9160209822F8}"= TCP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{E81D05F1-6930-401F-992F-E5D6E3F875D1}"= UDP:3724:Blizzard Downloader: 3724
"{E5743B17-30C8-4BDC-B25C-22C7869FFF82}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{037FC703-9BA7-42B2-AC3E-329E62A0A653}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{D29D8789-9A18-4D83-BF86-4B5CDB4A307F}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{32F40A1D-6163-4994-B9C1-E50ECC549D49}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{B8C68856-F9B9-4064-8973-1944BFC6D61A}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{11EA379D-6782-4340-B7A1-DA16644282AC}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{7D0B7049-F147-443F-9D3D-8657FA5BB2B8}"= UDP:c:\program files\Common Files\AOL\1206231979\ee\aolsoftware.exe:AOL Services
"{28E24847-FC0B-4DBD-9BB7-65AA3C607F35}"= TCP:c:\program files\Common Files\AOL\1206231979\ee\aolsoftware.exe:AOL Services
"TCP Query User{F09BA464-6F6F-4174-841C-2207B545AA85}c:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_02\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{6C52771B-2FDF-4FCA-B21D-ED6F072D2DF7}c:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_02\bin\javaw.exe:Java(TM) Platform SE binary
"{7550E215-2B32-4631-95A7-4FC48A8E6CB1}"= UDP:c:\program files\World of Warcraft\WoW-2.4.0-enUS-downloader.exe:Blizzard Downloader
"{B655E8BB-EC44-48C3-96FD-7ED189174BA4}"= TCP:c:\program files\World of Warcraft\WoW-2.4.0-enUS-downloader.exe:Blizzard Downloader
"{FB84A6BD-3E9A-4954-BEB8-76B2ECED6414}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{AD4808E9-BD08-45FC-94F5-48CD562E745F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{D8A53A89-41B9-4344-820B-683C138409F4}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{4476815D-0086-4256-A751-572E61070DA2}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{11D866C9-69BB-4219-8FC0-28A89FAD6F5A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{207B09BC-5EAD-494F-9D49-D1EEC034047B}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5C8F14CF-19D5-457A-B340-D35480D2191E}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{0E8E6CB0-A098-40E6-A02A-2CA1C8C5486E}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5CFE23BF-483F-4937-8DB6-C6E21E18B215}"= UDP:c:\program files\InternetCalls.com\InternetCalls\InternetCalls.exe:InternetCalls
"{8463E5A2-DF0D-4CBC-9158-D6DC32C6AFA4}"= TCP:c:\program files\InternetCalls.com\InternetCalls\InternetCalls.exe:InternetCalls
"{8B496C73-4340-40BF-809C-6087ABFB433F}"= UDP:c:\users\Lakeysha\AppData\Roaming\mjusbsp\magicJack.exe:magicJack
"{BE1C6AB6-5E94-4DBF-BABC-6D6C615CCBA1}"= TCP:c:\users\Lakeysha\AppData\Roaming\mjusbsp\magicJack.exe:magicJack
"{A88C67EF-3CA3-4DD4-9AF6-51DD6943B58D}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{92805AC7-5CC3-437B-80D3-004A84C844FE}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{7EF92193-05C2-4B9B-8541-561E09D006CC}"= UDP:c:\program files\InternetCalls.com\InternetCalls\InternetCalls.exe:InternetCalls
"{89AEC8DA-72EC-4582-B273-27A47A57191A}"= TCP:c:\program files\InternetCalls.com\InternetCalls\InternetCalls.exe:InternetCalls
"TCP Query User{DDED8539-06E3-458D-AEE7-F417B2C530AC}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{D2359E03-61C5-42EF-962D-8CFE12A82958}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{C4282131-9D08-4D58-8EB1-68F3A23CCEC6}"= UDP:c:\users\Lakeysha\AppData\Roaming\mjusbsp\magicJack.exe:magicJack
"{36205DA8-A3A8-433E-84F3-083F2B619BB9}"= TCP:c:\users\Lakeysha\AppData\Roaming\mjusbsp\magicJack.exe:magicJack
"{57A71665-3E38-4250-B0D3-4780B163C1D2}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{6586A259-0FE5-421A-8EF6-A7D0864A009F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{4D8DBFF2-B8C9-434F-8FB6-CB2CD6FED711}"= UDP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{09A73790-FE3B-467F-B109-9D1A2D1FDF54}"= TCP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{BAE671F7-C22E-463D-BF2E-FB87707543B5}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{2705BBA2-82DE-4FE8-A86A-81B218F232ED}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{1DE95044-E0B0-47F8-AB06-FA4C28BC4653}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"{33315B83-2546-49C1-BE93-B3D252FED3F1}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{2CF2844A-466D-4F20-8C0E-9EDF011B2498}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"{72E1CC0B-793C-4992-BFB4-1ECA24F8B723}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3A665CC5-3862-4484-B4B0-5BF415D74B80}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A4753BAF-8651-418F-81D5-FCC40AC79E73}"= UDP:c:\program files\Common Files\AOL\1206231979\ee\aolsoftware.exe:AOL Services
"{0906F230-A10C-44BF-AE94-435809105313}"= TCP:c:\program files\Common Files\AOL\1206231979\ee\aolsoftware.exe:AOL Services
"{49372B29-7961-4519-BB96-8854D52B5549}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{0844AC17-8310-4C11-80AF-7685A3C4F170}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{E7E2A1DC-3F24-4473-ADD8-2EAACDC39C06}c:\\program files\\paltalk messenger\\paltalk.exe"= UDP:c:\program files\paltalk messenger\paltalk.exe:PaltalkScene
"UDP Query User{8CC92C41-D733-4283-9A72-C055736F31FF}c:\\program files\\paltalk messenger\\paltalk.exe"= TCP:c:\program files\paltalk messenger\paltalk.exe:PaltalkScene
"TCP Query User{DCF0D916-BA53-45E1-BD2D-4AD7C44265FA}c:\\program files\\yahoo!\\messenger\\yserver.exe"= UDP:c:\program files\yahoo!\messenger\yserver.exe:YServer Module
"UDP Query User{23F3084C-5B69-4374-BD65-D813E264EBBE}c:\\program files\\yahoo!\\messenger\\yserver.exe"= TCP:c:\program files\yahoo!\messenger\yserver.exe:YServer Module
"TCP Query User{D0407B47-54D8-4BCC-8CB4-688107E314C4}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B17B44F1-3BF0-4F97-8248-F6E66BE9E9B7}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{3F54F81F-DBB7-4BF7-8E9A-41119B9244A0}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{06C40C86-737A-4425-9C53-30F9E2692177}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{C1DB34F5-8614-4A2B-A33E-C7D962FD32F8}"= UDP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{7AA1D2F2-204A-45FF-9E40-F69038197691}"= TCP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{20E492A4-D763-413D-B3D2-0FA2570AC28D}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{5D2EDC7E-02E0-4093-BBA2-31614B3C17A2}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"{E418F1C8-7661-4CFB-BDAE-ECC29C6D22BD}"= UDP:c:\program files\trademanager\AliIM.exe:AliIM
"{65BFA5E6-BC6A-4246-9C8D-87F2E7B970EA}"= TCP:c:\program files\trademanager\AliIM.exe:AliIM

descriptionSecurity 2009 Virus/spyware- Please help! EmptyRe: Security 2009 Virus/spyware- Please help!

more_horiz
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [7/21/2008 7:05 PM 222232]
R0 Shockprf;Shockprf;c:\windows\System32\drivers\ApsX86.sys [5/14/2008 5:21 PM 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [5/14/2008 5:21 PM 19496]
R1 KmxAgent;KmxAgent;c:\windows\System32\drivers\KmxAgent.sys [1/9/2009 5:25 PM 72696]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [5/12/2008 7:04 PM 13480]
R1 TPPWRIF;TPPWRIF;c:\windows\System32\drivers\TPPWR32V.SYS [1/18/2008 4:17 PM 12080]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [1/11/2009 10:38 AM 128240]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [11/25/2008 8:39 PM 66848]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [8/14/2007 4:46 PM 10896]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [12/14/2007 4:37 PM 58224]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [6/6/2008 6:26 PM 520192]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [1/9/2009 5:25 PM 1153528]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [1/9/2009 5:25 PM 797176]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [11/4/2008 5:32 PM 289272]
R3 KmxCfg;KmxCfg;c:\windows\System32\drivers\KmxCfg.sys [1/9/2009 5:25 PM 205304]
R3 LenovoRd;LenovoRd;c:\windows\System32\drivers\LenovoRd.sys [1/18/2008 3:54 PM 81280]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\System32\drivers\tvti2c.sys [2/22/2008 4:54 PM 37312]
S1 tvtumon;tvtumon;c:\windows\System32\drivers\tvtumon.sys [5/28/2008 3:15 PM 48192]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [12/5/2007 6:06 PM 260672]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [11/2/2006 6:25 AM 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
ShellExecuteHooks-{1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.att.net
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Lakeysha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: igl.net\hoylegames
Trusted Zone: sierra.com\hoylegames
Trusted Zone: taobao.com
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-21 21:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

descriptionSecurity 2009 Virus/spyware- Please help! EmptyRe: Security 2009 Virus/spyware- Please help!

more_horiz
**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 4.1\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETgcycyqju]
"imagepath"="\systemroot\system32\drivers\SKYNETrftfmpxn.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1265499254-1424330819-3022518915-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8E476236-92F5-9578-8FEF-6F367D20AA22}*]
@Allowed: (Read) (RestrictedCode)
"iaikcmekehoflklnpp"=hex:6a,61,6a,62,63,64,62,6c,64,61,6c,63,69,6c,6b,64,61,65,
63,64,00,00
"haojmfidbkdipjdo"=hex:6a,61,6a,62,63,64,62,6c,64,61,6c,63,69,6c,6b,64,61,65,
63,64,00,00
"iamdpamondmlfoebkl"=hex:63,61,66,62,67,65,00,00

[HKEY_USERS\S-1-5-21-1265499254-1424330819-3022518915-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A64D7317-8E33-358E-1EC5-37BC47158C22}*]
"haoklefgedefnejb"=hex:69,61,6d,67,65,6e,66,62,6c,64,67,6f,65,6e,6d,65,66,65,
00,00
"iamebeaakjhfjefklf"=hex:63,61,66,67,6b,63,00,00
"iaidbheilghhdekble"=hex:6a,61,6c,67,6d,6f,64,64,65,6c,67,6c,65,6d,6d,6d,62,61,
65,66,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETgcycyqju]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\SKYNETrftfmpxn.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll

- - - - - - - > 'Explorer.exe'(2220)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
c:\program files\ThinkVantage\AMSG\Amsg.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\ThinkVantage\PrdCtr\LPMLCHK.EXE
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\windows\System32\spool\drivers\w32x86\3\WrtProc.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\trademanager\AliUpdate.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\System32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\System32\AEADISRV.EXE
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\ThinkPad\Bluetooth Software\BTStackServer.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
.
**************************************************************************
.
Completion time: 2009-06-22 21:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-22 01:44

Pre-Run: 22,129,389,568 bytes free
Post-Run: 23,618,461,696 bytes free

495 --- E O F --- 2009-06-22 00:54

descriptionSecurity 2009 Virus/spyware- Please help! EmptyRe: Security 2009 Virus/spyware- Please help!

more_horiz
View point killer log
----------------------------------
ViewpointKiller Version 1.30 (beta)

The removal process was started on Sun Jun 21 20:49:48 2009

Preparing to remove Viewpoint Media Player...



Warning accepted, beginning removal process....



ViewpointKiller determined that "aim.exe" was not running.

ViewpointKiller was able to close "aim6.exe" successfully.

ViewpointKiller was able to close "aolsoftware.exe" successfully.

ViewpointKiller determined that "aol.exe" was not running.

ViewpointKiller determined that "MtsAxInstaller.exe" was not running.



Preparing to close the Viewpoint Manager Service if it is running...

Closing "Viewpoint Manager Service" failed, or the service is not running.





Searching for all known Viewpoint Media Player registry values and keys...

Found and removed: SOFTWARE\Viewpoint

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Found and removed: SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Found and removed: CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Found and removed: CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Found and removed: SYSTEM\CurrentControlSet\Services\Viewpoint Manager Service

Finished searching for and removing all known Viewpoint Media Player registry values and keys.



Searching for all known Viewpoint Media Player files and folders...

Could not delete: C:\ProgramData\Application Data\Viewpoint

There was an error removing C:\ProgramData.WINDOWS\Application Data\Viewpoint. The error returned was 124.

Found and removed: C:\Program Files\Viewpoint\Common

Found and removed: C:\Program Files\Viewpoint

Finished searching for and removing all known Viewpoint Media Player files and folders.



Finished reporting.

----------------------------------
----------------------------------
ViewpointKiller Version 1.30 (beta)

The removal process was started on Sun Jun 21 20:49:54 2009

Preparing to remove Viewpoint Manager...



ViewpointKiller determined that "viewmgr.exe" was not running.

Searching for all known Viewpoint Manager registry values and keys...

Finished searching for and removing all known Viewpoint Manager registry values and keys.



Searching for all known Viewpoint Manager files and folders...

There was an error removing C:\Program Files\Viewpoint\Viewpoint Manager. The error returned was 124.

Could not delete: C:\ProgramData\Application Data\Viewpoint

Finished searching for and removing all known Viewpoint Manager files and folders.



Finished reporting.

----------------------------------
----------------------------------
ViewpointKiller Version 1.30 (beta)

The removal process was started on Sun Jun 21 20:49:56 2009

Preparing to remove Viewpoint Toolbar...



ViewpointKiller determined that "FotomatDeviceConnect.exe" was not running.

ViewpointKiller was able to close "iexplore.exe" successfully.



Searming for all known Viewpoint Toolbar registry values and keys...

Finished searching for and removing all known Viewpoint Toolbar registry values and keys.



Searching for all known Viewpoint Toolbar files and folders...

There was an error removing C:\Program Files\Viewpoint\Viewpoint Toolbar V35. The error returned was 124.

Could not delete: C:\Users\Lakeysha\Local Settings\Application Data\Viewpoint

Could not delete: C:\ProgramData\Desktop\Fotomat.lnk

There was an error removing C:\Program Files\Viewpoint\Viewpoint Toolbar. The error returned was 124.

Could not delete: C:\ProgramData\Application Data\Viewpoint

There was an error removing C:\Program Files\Common Files\Viewpoint\Toolbar Runtime. The error returned was 124.

Finished searching for and removing all known Viewpoint Toolbar files and folders.



Finished reporting.

----------------------------------

descriptionSecurity 2009 Virus/spyware- Please help! EmptyRe: Security 2009 Virus/spyware- Please help!

more_horiz
Now open a new notepad file.
Input this into the notepad file:

Folder::
c:\programdata\19483614
c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
c:\program files\LimeWire

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=-
"InternetSettingsDisableNotify"=-
"AutoUpdateDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4DFB9BD7-CF35-44F3-887F-CC15DED77863}"=-
"{021E80BD-FF35-4223-AE59-42301094A72C}"=-
"{718C4638-147D-44B3-BB95-F832D38B3190}"=-
"{677BF585-B222-45FE-916A-43C350E7B9CD}"=-
"{76A93A39-7E29-4492-A10D-62CDEDCABB2D}"=-
"{89DEC56C-9648-400F-8E13-1498432B8DA4}"=-
"TCP Query User{F672484D-B38C-4FAE-88C1-499475ACC9D3}c:\\users\\lakeysha\\program files\\dna\\btdna.exe"=-
"UDP Query User{53FB5206-E392-4A56-B63E-ECBE53A9233D}c:\\users\\lakeysha\\program files\\dna\\btdna.exe"=-
"TCP Query User{E9E415D2-A647-4CAC-8049-0F6E2EEF8D65}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"=-
"UDP Query User{255164AD-4DE0-47FF-9B7C-B4CDFBFC053C}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"=-
"{A88C67EF-3CA3-4DD4-9AF6-51DD6943B58D}"=-
"{92805AC7-5CC3-437B-80D3-004A84C844FE}"=-
"{57A71665-3E38-4250-B0D3-4780B163C1D2}"=-
"{6586A259-0FE5-421A-8EF6-A7D0864A009F}"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Security 2009 Virus/spyware- Please help! Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

descriptionSecurity 2009 Virus/spyware- Please help! EmptyRe: Security 2009 Virus/spyware- Please help!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum