Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

sameshitasiteverwas.com virus i believe

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

sameshitasiteverwas.com virus i believe

Unread postby periodictable123 » July 11th, 2009, 8:57 pm

Hello, my thread has been closed (on Jul.7) because I was too slow to respond. As per admin/teacher blade81's request, I replaced Firefox 3 Beta with Firefox 3.5. I also ran DDS. The following consists of a new HijackThis log, DDS.txt, and Attach.txt in succession. Thank you.

1) HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:33 PM, on 6/30/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [googletalk] C:\Users\Dan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {C3C304ED-7599-4A9D-8AD3-2F8648AFBD1A} (BLWebSlideNetViewerX Control) - http://www.bacuslabs.com/plugin/WEBSLIDE.EXE
O20 - AppInit_DLLs: C:\Windows\System32\btosif_ol32.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: System Update (SUService) - - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11198 bytes

2) DDS.txt

DDS (Ver_09-06-26.01) - NTFSx86
Run by Dan at 20:42:38.80 on Sat 07/11/2009
Internet Explorer: 7.0.6000.16851 BrowserJavaVersion: 1.6.0_02
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.2006.885 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Dan\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://lenovo.live.com
mDefault_Page_URL = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Aim6]
uRun: [googletalk] c:\users\dan\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [LenovoOobeOffers] c:\swtools\lenovowelcome\lenovooobeoffers.exe /filepath="c:\swshare\firstrun.txt"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C3C304ED-7599-4A9D-8AD3-2F8648AFBD1A} - hxxp://www.bacuslabs.com/plugin/WEBSLIDE.EXE
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\btosif_ol32.dll
LSA: Notification Packages = scecli ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\users\dan\appdata\roaming\mozilla\firefox\profiles\z0zjqknm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\dan\appdata\roaming\mozilla\firefox\profiles\z0zjqknm.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071302000002.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-3-2 100656]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2007-2-19 13744]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWR32V.SYS [2007-7-11 12080]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-5 835208]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-3-30 55936]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-1-8 569344]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-8 24652]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]

=============== Created Last 30 ================

2009-06-30 20:43 <DIR> --d----- c:\program files\Trend Micro
2009-06-29 22:17 <DIR> --d----- c:\programdata\SecTaskMan
2009-06-29 22:17 <DIR> --d----- c:\progra~2\SecTaskMan
2009-06-29 22:17 <DIR> --d----- c:\program files\Security Task Manager
2009-06-29 21:23 654,208 a------- C:\autoruns.exe
2009-06-29 21:23 546,688 a------- C:\autorunsc.exe
2009-06-27 23:50 <DIR> --d----- c:\programdata\Lavasoft
2009-06-27 23:50 <DIR> --d----- c:\program files\Lavasoft
2009-06-23 00:25 <DIR> --d----- c:\users\dan\appdata\roaming\HNC
2009-06-23 00:23 <DIR> --d----- c:\program files\Daum
2009-06-23 00:15 143,360 a------- c:\windows\system32\btosif_ol32.dll
2009-06-23 00:15 1,372 a------- c:\windows\system32\XVpMtgNvU4x2D.vbs

==================== Find3M ====================

2009-06-05 01:06 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-05 01:06 86,016 a------- c:\windows\inf\infstor.dat
2009-06-05 01:06 51,200 a------- c:\windows\inf\infpub.dat
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-04-24 12:22 827,392 a------- c:\windows\system32\wininet.dll
2009-04-24 12:14 56,320 a------- c:\windows\system32\iesetup.dll
2009-04-24 12:14 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 12:14 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-24 12:11 72,704 a------- c:\windows\system32\admparse.dll
2009-04-24 09:53 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-24 08:25 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-23 09:01 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:56 696,832 a------- c:\windows\system32\localspl.dll
2009-04-21 08:04 2,028,032 a------- c:\windows\system32\win32k.sys
2008-12-13 16:23 174 a--sh--- c:\program files\desktop.ini
2008-06-11 08:11 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-01-25 16:39 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-01-25 16:39 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-01-25 16:39 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-07-11 02:42 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:45:42.88 ===============

3) Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 7/11/2007 2:58:57 AM
System Uptime: 7/11/2009 6:06:23 PM (2 hours ago)

Motherboard: LENOVO | | 6465CTO
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | None | 1200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 87 GiB total, 27.203 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP555: 7/6/2009 10:02:23 PM - Windows Update
RP556: 7/9/2009 7:40:21 PM - Windows Update
RP557: 7/11/2009 6:53:30 PM - Scheduled Checkpoint

==== Installed Programs ======================


2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
AIM 6
Apple Mobile Device Support
Apple Software Update
Client Security Solution
Compass Step 1 Exam
Diskeeper Home
Drag-to-Disc
GOM Player
Google Talk (remove only)
Help Center
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6
K-Lite Codec Pack 3.2.0 Full
Korean Fonts Support For Adobe Reader 8
Lenovo Registration
Lenovo System Interface Driver
LimeWire 4.18.6
Maintenance Manager
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NMS Review for the USMLE Step 1, 6th Ed. with Tutor Testing Software
On Screen Display
OpenCASE Media Agent
PC-Doctor 5 for Windows
Picasa 2
Presentation Director
Productivity Center Supplement for ThinkPad
QuickTime
Registry patch for Windows Vista USB S3 PM Enablement
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Safari
Security Task Manager 1.7h
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Visio 2007 (KB947590)
Sonic Icons for Lenovo
SoundMAX
System Migration Assistant
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Mobility Center Customization
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb970012)
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wallpapers
WebSlide Finder
WebSlide Net Viewer ActiveX Control
Windows Driver Package - Intel (e1express) Net (02/27/2007 9.7.37.0)
Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)
Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)
Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)
Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)
Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (02/16/2007 6.00.01.10)
Windows Driver Package - Ricoh Company MMC Host Controller (02/24/2007 6.00.02.03)
Windows Driver Package - Ricoh Company xD Host Controller (03/21/2007 6.00.01.12)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Media Player Firefox Plugin
WinRAR archiver

==== Event Viewer Messages From Past Week ========

7/9/2009 7:45:41 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JEREMY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{47A6F976-5E8E-4F03-AF8C-83A46E2ED40. The master browser is stopping or an election is being forced.
7/7/2009 7:25:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the OpenCASE Media Agent service to connect.
7/7/2009 7:25:55 AM, Error: Service Control Manager [7000] - The OpenCASE Media Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/5/2009 12:50:37 AM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
7/5/2009 12:50:37 AM, Error: Service Control Manager [7022] - The SQL Server VSS Writer service hung on starting.
7/5/2009 12:49:50 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================
periodictable123
Active Member
 
Posts: 8
Joined: June 30th, 2009, 8:47 pm
Top
Advertisement
Register to Remove

Re: sameshitasiteverwas.com virus i believe

Unread postby MWR 3 day Mod » July 15th, 2009, 5:22 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am
Top

Re: sameshitasiteverwas.com virus i believe

Unread postby Cyborg » July 17th, 2009, 1:42 am

Hello and welcome to Malware Removal. My nickname is Cyborg, and I will be helping you in removing the malware infections in your computer.
Before we start disinfecting your computer, please note all the following points :
  • Please note that it is important that you following all my instructions carefully.
  • Please do not fix anything prior to notifying me as it could render your system in an unstable state.
  • Please make sure that you are the administrator of the system which I am going to disinfect.
  • If you are receiving help from elsewhere, please notify me about it.
  • Please inform me if you need more time to respond, otherwise this thread will also be closed if you don't respond for more than 3 days.

I am currently going through your log, and will get back to you as soon as I can.

Please note that I am currently under training, and all my fixes are being checked by an expert to confirm that they are in order, so there may be slight delays in replies due to this, please bear with us.
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm
Top

Re: sameshitasiteverwas.com virus i believe

Unread postby periodictable123 » July 17th, 2009, 2:52 am

I am ready to proceed. Thank you in advance for your help and looking forward to hearing from you.
periodictable123
Active Member
 
Posts: 8
Joined: June 30th, 2009, 8:47 pm
Top

Re: sameshitasiteverwas.com virus i believe

Unread postby Cyborg » July 19th, 2009, 2:44 am

With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

  • Click on Start and select Control Panel and double click on Programs and Features.
  • Locate LimeWire 4.12.6 and click on the Uninstall/Change button to uninstall it.
  • Close Programs and Features and Control Panel when done.

IF you have uninstalled Limewire, then continue with the following :

Please go to Jotti and upload the following file for scanning :

C:\Windows\System32\btosif_ol32.dll

Using Jotti
  • Please copy and paste C:\Windows\System32\btosif_ol32.dll in the text box next to the Browse button.
  • Click on Submit..button.
  • The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  • When all scans have completed... Highlight the results text, beginning with "File...and select all text down to the last scan result.
  • Copy the selected text... Open Notepad... Paste the contents into Notepad... Save the file to a convenient place.
  • Please repeat this procedure c:\windows\system32\XVpMtgNvU4x2D.vbs.
  • Paste the contents of all the Jotti scan results in your next reply.

However, if Jotti is too busy, then please go to Virus Total and upload the file(s) as mentioned for Jotti.
The file will be queued and uploaded for scanning by various scanners.
At the end of the scan, click on Compact and the results will be shown in a grid like window...please Select and Copy the entire contents and post it in your reply.
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm
Top

Re: sameshitasiteverwas.com virus i believe

Unread postby periodictable123 » July 20th, 2009, 3:41 pm

The following are the Jotti scan results for btosif_ol32.dll and XVpMtgNvU4x2D.vbs

(1)
Filename: btosif_ol32.dll
Status:
Scan finished. 18 out of 21 scanners reported malware.
Scan taken on: Mon 20 Jul 2009 21:16:24 (CET) Permalink



Additional info
File size: 143360 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: 8aa685758bbe8b93339a59aa9dae8f2a
SHA1: dc70643dea6186d463f8878bcbb641687c108051




Scanners

2009-07-20 Trojan.Downloader

2009-07-20 Trojan.Generic.2052795

2009-07-20 Trojan-Downloader.Win32.Tracur!IK

2009-07-20 Trojan-Downloader.Win32.Tracur

2009-07-20 Win32:Trojan-gen {Other}

2009-07-20 P2P-Worm.Win32.Nugg.bk

2009-07-20 Agent2.LJF

2009-07-20 Win32/Agent.OAF

2009-07-20 TR/Hijacker.Gen

2009-07-20 W32/Agent.NDXH

2009-07-20 Trojan.Generic.2052795

2009-07-20 W32/P2PWorm.AK.worm

2009-07-20 Found nothing

2009-07-20 Trojan.Agent.ATV

2009-07-20 Found nothing

2009-07-20 Troj/Agent-INP

2009-07-20 Trojan.DownLoad.38948

2009-07-18 P2P-Worm.Win32.Nugg.bk

2009-07-20 Found nothing

2009-07-20 Worm.P2P.Nugg.DB

2009-07-20 P2P-Worm.Win32.Nugg.bk



(2)
Filename: XVpMtgNvU4x2D.vbs
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Mon 20 Jul 2009 21:29:45 (CET) Permalink



Additional info
File size: 1372 bytes
Filetype: ASCII text, with CRLF line terminators
MD5: 26d4fea8f96fcdcbcc629e7c68d52139
SHA1: 8de80904ded589f3a08045a8009c44f4f50884c2




Scanners

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-18 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing

2009-07-20 Found nothing
periodictable123
Active Member
 
Posts: 8
Joined: June 30th, 2009, 8:47 pm
Top

Re: sameshitasiteverwas.com virus i believe

Unread postby Cyborg » July 24th, 2009, 2:05 pm

Hiya periodictable123,

I am very sorry to not have replied in 4 days. I have had to shift my place of residence, and I trust you know the hardships of doing so. It has been very difficult for me to adjust to the new place, and also I haven't been granted access to the internet by my ISP (even though I subscribed for it 2 days back), I am still using my cousin's laptop to access the internet for emergency issues. I hope I have your forgivance.

I am currently preparing a fix for you. Please ensure that you do NOT make any change to the system while I'm at it.

Thanks for being so patient and understanding.

Cyborg.
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm
Top

Re: sameshitasiteverwas.com virus i believe

Unread postby NonSuch » July 24th, 2009, 3:15 pm

Pardon the interruption...

periodictable123,

The Yahoo e-mail address with which you registered here at MalWareRemoval.com is not accepting the e-mail notifications that we are sending to inform you when you have received a reply to your topic; therefore, it is possible you may not know when you have received a reply.

You should either find out why your e-mail address is failing to accept our notifications and correct the problem, or you should return here daily to check for replies; otherwise, if you do not reply within three days of receiving a response to this topic, the topic will be closed for inactivity.

Thank you for your attention to this matter.

NonSuch
MWR Administrator
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top

Re: sameshitasiteverwas.com virus i believe

Unread postby periodictable123 » July 24th, 2009, 8:16 pm

Cyborg, No problem. Looking forward to hearing from you...

NonSuch, Yeah I don't know why my yahoo email is not working. I do check here daily, so there's no problem.
periodictable123
Active Member
 
Posts: 8
Joined: June 30th, 2009, 8:47 pm
Top

Re: sameshitasiteverwas.com virus i believe

Unread postby Cyborg » July 28th, 2009, 7:12 am

I am SO very sorry for the late reply! I know it must have frustrated you, I truly apologize for the inconvenience caused. I have finally managed to get my own internet connection.


Upload to UploadMalware

  • Please go to Upload Malware and upload this file for further analysis.
  • In the Name box, type in your name.
  • In the Email box, type in your email address.
  • In Topic where your file was requested box, copy and paste this link:
    Code: Select all
    http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=44257
  • In the first File(s) to Submit box, copy and paste this file in: c:\windows\system32\XVpMtgNvU4x2D.vbs
  • Click on Send File(s).

Please re-use the following instructions to post log.txt from RSIT :
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, a log will open:
  • log.txt will be opened maximized
  • Please post the contents of log.txt

Please download gmer.zip from Gmer and save it to your desktop.

  • Right click on gmer.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Click Next. It will start extracting.
  • Once done, check (tick) the Show extracted files box and click Finish.
  • Double click on gmer.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the Gmer scan log and post it in your next reply.
  • Close Gmer.
  • Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
  • In Command Prompt, type in net stop gmer. Press Enter.
  • Type in exit to close Command Prompt.

Note: Do not run any programs while Gmer is running.
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm
Top

Re: sameshitasiteverwas.com virus i believe

Unread postby periodictable123 » July 28th, 2009, 9:59 pm

1) I uploaded the file to "Upload Malware"
2) I did not understand your directions for RSIT, so I did not do any of it.
"Please re-use the following instructions to post log.txt from RSIT :
* Double click on RSIT.exe to run RSIT.
* Click Continue at the disclaimer screen.
* Once it has finished, a log will open:
* log.txt will be opened maximized
* Please post the contents of log.txt"


3) I ran the Gmer scan. The following is the log:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-28 21:53:16
Windows 6.0.6000


---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1632] kernel32.dll!CreateProcessW 762E1D27 5 Bytes JMP 1000E78F C:\Windows\System32\btosif_ol32.dll
.text C:\Windows\Explorer.EXE[1632] kernel32.dll!CreateProcessA 762E1D5C 5 Bytes JMP 1000E737 C:\Windows\System32\btosif_ol32.dll
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!CreateProcessAsUserW 76700544 5 Bytes JMP 1000E876 C:\Windows\System32\btosif_ol32.dll
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!CreateProcessAsUserA 76742420 5 Bytes JMP 1000E801 C:\Windows\System32\btosif_ol32.dll
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!CreateProcessWithLogonW 76746231 5 Bytes JMP 1000E8EB C:\Windows\System32\btosif_ol32.dll
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!CreateProcessWithTokenW 76746267 5 Bytes JMP 1000E960 C:\Windows\System32\btosif_ol32.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ef71a93
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197ef71a93

---- Files - GMER 1.0.15 ----

File C:\RRbackups\C 0 bytes
File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\backups.dat 8192 bytes
File C:\RRbackups\common\bmgrmode.dat 29 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 353763 bytes
File C:\RRbackups\common\rr_bcdenum.dat 3544 bytes
File C:\RRbackups\common\SAM 262144 bytes
File C:\RRbackups\common\secpolicy.dat 24576 bytes
File C:\RRbackups\common\settings.dat 32768 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 13520 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-821773168-3645052380-411947362-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-821773168-3645052380-411947362-500\a077ead69703e3bf1fd373a3c9376faa_d5c85120-8ec2-4912-a757-33eab62efb7e 77 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-821773168-3645052380-411947362-500\a18ca4003deb042bbee7a40f15e1970b_d5c85120-8ec2-4912-a757-33eab62efb7e 54 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2365545147-1999384947-2466353664-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2365545147-1999384947-2466353664-500\24cc6214-2e04-4747-84ae-32c6cc4ef7a0 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2365545147-1999384947-2466353664-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-821773168-3645052380-411947362-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-821773168-3645052380-411947362-500\3791e0a7-6a00-4f06-abbc-d51c1dedc48f 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-821773168-3645052380-411947362-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Dan 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Lenovo\Client Security Solution\config.ini 61 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Lenovo\Client Security Solution\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Lenovo\Client Security Solution\Dan.pwm 14496 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Lenovo\Client Security Solution\Dan.pwm.bak 13574 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Lenovo\Client Security Solution\encobject.dat 11256 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Lenovo\Client Security Solution\hwkeys.dat 6372 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Lenovo\Client Security Solution\pwmaction.dat 900 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Lenovo\Client Security Solution\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-821773168-3645052380-411947362-1005 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-821773168-3645052380-411947362-1005\146482325737612d5fbcd71839d49d49_d5c85120-8ec2-4912-a757-33eab62efb7e 50 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-821773168-3645052380-411947362-1005\4d5cf35b3be75d95787bfe58c1e56375_d5c85120-8ec2-4912-a757-33eab62efb7e 1305 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-821773168-3645052380-411947362-1005\533145ef011ddf5ca3983e2545a902b4_d5c85120-8ec2-4912-a757-33eab62efb7e 2075 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-821773168-3645052380-411947362-1005\6b29ae44e85efac3c72ff4d1865d73f1_d5c85120-8ec2-4912-a757-33eab62efb7e 53 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-821773168-3645052380-411947362-1005\83aa4cc77f591dfc2374580bbd95f6ba_d5c85120-8ec2-4912-a757-33eab62efb7e 45 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-821773168-3645052380-411947362-1005\8f71098770f72c7a67cd8f1151619865_d5c85120-8ec2-4912-a757-33eab62efb7e 54 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-2365545147-1999384947-2466353664-500 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-2365545147-1999384947-2466353664-500\24cc6214-2e04-4747-84ae-32c6cc4ef7a0 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-2365545147-1999384947-2466353664-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-821773168-3645052380-411947362-1005 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-821773168-3645052380-411947362-1005\0458b491-e6a8-4d02-b40e-445a7e46af57 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-821773168-3645052380-411947362-1005\14ed2def-51b3-4e52-a03d-049b2210d89e 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-821773168-3645052380-411947362-1005\16bc3b75-40a4-4d09-926b-77de41dff849 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-821773168-3645052380-411947362-1005\33d2b9af-6684-47fc-a84d-c2ad6eaf696e 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-821773168-3645052380-411947362-1005\5608da6d-43c8-41c7-b7aa-82de9ee47e3f 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-821773168-3645052380-411947362-1005\73537b83-279c-4264-95e6-d144e19e3744 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-821773168-3645052380-411947362-1005\c02bd955-bf32-4779-9179-d167a1265e93 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-821773168-3645052380-411947362-1005\e176bc7b-d7d3-4c3b-aa5f-b57dd8103418 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-821773168-3645052380-411947362-1005\fc631627-686a-4a6c-9ea7-ba32efeef70a 388 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\Protect\S-1-5-21-821773168-3645052380-411947362-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\F0DE1F8B908A51B60DD34D0D9A173FCB8B61984B 921 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\SystemCertificates\My\Keys 0 bytes
File C:\RRbackups\Documents and Settings\Dan\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\A365F731FB597B7B3249B26A66B28E91AF92E5EF 152 bytes
File C:\RRbackups\Documents and Settings\Default 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-2365545147-1999384947-2466353664-500 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-2365545147-1999384947-2466353664-500\24cc6214-2e04-4747-84ae-32c6cc4ef7a0 388 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-2365545147-1999384947-2466353664-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-2365545147-1999384947-2466353664-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-2365545147-1999384947-2466353664-500\24cc6214-2e04-4747-84ae-32c6cc4ef7a0 388 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-2365545147-1999384947-2466353664-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\ProgramData 0 bytes
File C:\RRbackups\ProgramData\Lenovo 0 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\encobject.dat 1608 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\hwkeys.dat 4248 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\symkeys.dat 656 bytes
File C:\RRbackups\ProgramData\Microsoft 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a077ead69703e3bf1fd373a3c9376faa_d5c85120-8ec2-4912-a757-33eab62efb7e 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat 8 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_d5c85120-8ec2-4912-a757-33eab62efb7e 52 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_d5c85120-8ec2-4912-a757-33eab62efb7e 47 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_d5c85120-8ec2-4912-a757-33eab62efb7e 54 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\b973ec0ff915c48a18fe09064ce3a22d_d5c85120-8ec2-4912-a757-33eab62efb7e 56 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_d5c85120-8ec2-4912-a757-33eab62efb7e 893 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\e52f73ea1e6d8fb5afd750e25de6c8fa_d5c85120-8ec2-4912-a757-33eab62efb7e 46 bytes

---- EOF - GMER 1.0.15 ----
periodictable123
Active Member
 
Posts: 8
Joined: June 30th, 2009, 8:47 pm
Top

Re: sameshitasiteverwas.com virus i believe

Unread postby Cyborg » July 31st, 2009, 4:56 am

Hiya periodictable123,

I'm sorry, it was a problem with my instructions. I first had to ask you to download RSIT so that you could run a scan.
I apologise for the mishap.

Download and run Combofix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

Please use these instructions to post a RSIT log :
RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm
Top

Re: sameshitasiteverwas.com virus i believe

Unread postby periodictable123 » July 31st, 2009, 6:49 pm

Cyborg, I will be away for the weekend and will have no access to my computer. I will get back to you as soon as I can.
periodictable123
Active Member
 
Posts: 8
Joined: June 30th, 2009, 8:47 pm
Top

Re: sameshitasiteverwas.com virus i believe

Unread postby Cyborg » July 31st, 2009, 11:21 pm

Noted, thanks for letting me know :)
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm
Top

Re: sameshitasiteverwas.com virus i believe

Unread postby NonSuch » August 6th, 2009, 5:53 am

Due to a lack of activity, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 440 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index