Solved Windows Recovery FakeAV: Deleted icons & My Document files locked

[Bobbye]

What happened here? Are these related? What are they for?

2011-05-19 18:41 . 2011-05-19 18:48 -------- d-----w- c:\users\Brandley\AppData\Local\temp
2011-05-19 18:41 . 2011-05-19 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-19 18:41 . 2011-05-19 18:41 -------- d-----w- c:\users\Admin\AppData\Local\temp
2011-05-19 00:49 . 2011-05-19 00:49 -------- d-----w- c:\windows\system32\tr
2011-05-19 00:49 . 2011-05-19 00:49 -------- d-----w- c:\windows\system32\sv
2011-05-19 00:49 . 2011-05-19 00:49 -------- d-----w- c:\windows\system32\ru
2011-05-19 00:49 . 2011-05-19 00:49 -------- d-----w- c:\windows\system32\no
2011-05-19 00:49 . 2011-05-19 00:49 -------- d-----w- c:\windows\system32\da
2011-05-19 00:49 . 2011-05-19 00:49 -------- d-----w- c:\windows\system32\ko
2011-05-19 00:49 . 2011-05-19 00:49 -------- d-----w- c:\windows\system32\ja
2011-05-19 00:49 . 2011-05-19 00:49 -------- d-----w- c:\windows\system32\it
2011-05-19 00:49 . 2011-05-19 00:49 -------- d-----w- c:\windows\system32\fr
2011-05-19 00:49 . 2011-05-19 00:49 -------- d-----w- c:\windows\system32\es
2011-05-19 00:49 . 2011-05-19 00:49 -------- d-----w- c:\windows\system32\de
2011-05-19 00:44 . 2011-05-19 00:44 -------- d-----w- c:\programdata\Downloaded Installations
2011-05-19 00:48 . 2011-05-19 00:49 -------- d-----w- c:\windows\DPDrv
(Dpdrv.sys is DP Filter Driver is a driver file from company International Business Machines Corporation belonging to product Data Protection Filter Driver.)

Obviously these are languages, but where did they come from?
========================================
There's only one entry in the HijackThis log I'd like to remove, but instead of running a scan again, handle it in 'manage add-ons:' Looks like this came with the DP Filer Driver.

Click on Tools> Manage Add-ons> look in both sections of the dialogue box: addons currently being used and addons previously use> find DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab> Highlight and remove or disable. Its a bundle of junk. May show as Kiwi Toolbar.

How is the system running now?

 

[G4SnAK]

Hmmm. Those entries must have came from an update of the DigitalPersona Fingerprint software... Sorry. I forgot I wasn't suppose to be updating programs during this process - it wasn't working properly and offered me an update so I took it without thinking, it updated from version 3 to 4.01.3765
The only other thing I did on the 19th was to save RKill and FixNCR to a flash drive to use on another laptop - didn't save or run the programs on this one.

 

[G4SnAK]

Didn't find an entry for DPF: CabBuilder or for kiwitool bar in any of the browser extensions. Kiwi toolbar was uninstalled a long time ago. like over a year ago so I don't know why it is still showing up in the hijack list, pretty sure it is gone... came bundled with that smileycentral crap that I had a horrible time getting rid of... anyway,

I did find a extension for Yahoo/fileserve still enabled in Chrome, so went ahead and disabled that as well.

System is running very well now - haven't noticed any other issues, and it's back up to speed as well. Even FF is working and it hasn't worked right in ages. I want to thank-you again for all your help

 

[G4SnAK]

I know you are busy, but it has been a couple of days so I am just wondering if we are finished. Thanks again.

 

[Bobbye]

Sorry for delay- I had about 5 active threads that went missing in me!

Since the problems have been resolved, you can remove all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
============================

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Let me know if you have any more questions.

 

[G4SnAK]

No questions Bobbye... thanks again for all your help

 

[Bobbye]

You're very welcome. Look over the following and add what you want to enhance security:

Tips for added security and safer browsing: (Links are in Bold Blue)

1. Browser Security
   [o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
   [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
   [o] Replace the Host Files
   [o] Google Toolbar Pop Up Blocker
   [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
   
2. Have layered Security:
   [o]Antivirus :(only one):Both of the following programs are free and known to be good:
   [o]Avira-AntiVir-Personal-Free-Antivirus
   [o] [o]Avast-Free Antivirus
   [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
   [o]Comodo
   [o]Zone Alarm
   
3. Antimalware: I recommend all of the following:
   [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
   [o]Spybot Search & Destroy
   
4. Updates: Stay current:
   [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
   [o]Adobe Reader Install current, uninstall old.
   [o]Java Updates Install current, uninstall old.
   
5. Tracking Cookies
   Reset Cookie:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
   
6. Do regular Maintenance
   [o] Temporary File Cleaner
7. Restore Points:
   [o]See System Restore Guide
8. Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Please let me know if you find any bad link.