Atilla
Beta member
- Messages
- 4
- Location
- Merrimack, NH
Hi,
THANK YOU for your generous help to everyone. It's too bad more people don't Pay It Forward like yourselves. I hope I have followed the instructions from spyware-asylum correctly, I would hate to waste your valuable time.
I've been fighting various viruses for over a year. I'm hoping this might be the last stand. After running ComboFix/Malawarebytes/HiJackThis, the computer is faster, but Malaware is still blocking malicious traffic.
Thank you, Csaba
----------------SIDE NOTE-------------------
I initially found Tech-forums and then the Spyware-Asylum instructions sent me to BleepingComputer to download the Combofix. I got confused (ADHD and all) and ended up posting there, only to realize that their average time to initial reply for malware was about 8-12 days! Realizing my mistake, and that your time to reply seems to be usually less than a day!! I came back. It's very interesting to note the difference in tools and techniques used and between the two sites.
----------COMPUTER-------------------------
IBM Laptop T-42 (from 2004!)
Windows XP Service Pack 3
Version 5.1 (Build 2600.xpsp_sp3_gdr.101209-1647)
Windows updates: has always been on. The only updates remaining to install (per Microsoft website) are 10 optional ones. I didn't install those because the system got so slow, especially with Internet Explorer. After using Combofix, Malawarebytes and HiJackThis, the system is speedy again and I could install them. But I haven't downloaded them yet.
---------DESCRIPTION OF THE PROBLEM------------
The system would slow to a crawl at random for 30-60 minutes and then eventually "recover" all by itself. Launching anything connecting to the internet also triggered the slow down. Several months ago, based on a different website I used Avast, AVG, Avira, and Malawarebytes to (sort of) successfully eliminate several viruses. Life was good.
The slow downs started again 3-4 weeks ago, but with a new symptom. Malawarebytes (trial of the paid product version, not the free version) keeps blocking incoming and outgoing communications (see below) to "potentially malicious website"s. These coincide with spikes in network activity (both incoming and outgoing) as displayed in mini icon for NewPerSec. The slow down (and corresponding spikes in network activity) happen at random, in other words, I may be using the computer actively or not at all.
Before I found your site, a full scan by Malawarebytes unfortunately only identified/deletes cookies, nothing else suspicious. Ad-Aware also did not identify anything. I purchased Webroot, on the advice of a (former) friend, and it also has not identified anything.
Now I admit I need help. The log files requested are posted below. But first here's a brief snapshot of the Malawarebytes Protection log for today. You'll see the activity it was blocking before and after it was turned off. Activity to and from Moldova/Korea does not make me feel safe.
...
11:13:49 Csaba.Nagy IP-BLOCK 222.70.98.99 (Type: outgoing)
11:25:59 Csaba.Nagy IP-BLOCK 89.28.112.81 (Type: incoming)
11:43:35 Csaba.Nagy IP-BLOCK 222.70.98.99 (Type: outgoing)
11:59:05 Csaba.Nagy IP-BLOCK 222.70.98.99 (Type: outgoing)
11:59:36 Csaba.Nagy IP-BLOCK 89.28.93.61 (Type: outgoing)
12:14:02 Csaba.Nagy IP-BLOCK 121.10.120.143 (Type: incoming)
12:29:29 Csaba.Nagy IP-BLOCK 79.135.130.25 (Type: outgoing)
12:29:31 Csaba.Nagy IP-BLOCK 79.135.130.25 (Type: outgoing)
12:29:38 Csaba.Nagy IP-BLOCK 83.128.105.173 (Type: outgoing)
12:38:35 Csaba.Nagy IP-BLOCK 121.10.120.182 (Type: incoming)
12:45:58 Csaba.Nagy IP-BLOCK 213.231.5.113 (Type: incoming)
13:30:42 Csaba.Nagy IP-BLOCK 222.70.148.146 (Type: outgoing)
13:33:31 Csaba.Nagy IP-BLOCK 77.78.240.233 (Type: incoming)
13:34:26 Csaba.Nagy IP-BLOCK 194.165.0.3 (Type: incoming)
13:47:53 Csaba.Nagy IP-BLOCK 89.28.22.19 (Type: incoming)
14:01:41 Csaba.Nagy IP-BLOCK 85.234.175.141 (Type: outgoing)
14:18:14 Csaba.Nagy IP-BLOCK 89.28.74.218 (Type: incoming)
14:46:47 Csaba.Nagy IP-BLOCK 62.45.65.12 (Type: outgoing)
15:00:14 Csaba.Nagy IP-BLOCK 213.231.5.113 (Type: incoming)
19:55:01 Csaba.Nagy MESSAGE Protection started successfully
19:55:08 Csaba.Nagy MESSAGE IP Protection started successfully
19:55:08 Csaba.Nagy MESSAGE IP Protection stopped
19:55:15 Csaba.Nagy MESSAGE Database updated successfully
19:55:19 Csaba.Nagy MESSAGE IP Protection started successfully
20:02:18 Csaba.Nagy IP-BLOCK 62.45.147.227 (Type: outgoing)
20:03:01 Csaba.Nagy IP-BLOCK 89.28.101.9 (Type: outgoing)
20:03:10 Csaba.Nagy IP-BLOCK 121.125.131.91 (Type: outgoing)
20:31:06 Csaba.Nagy IP-BLOCK 89.28.69.167 (Type: outgoing)
-------COMBOFIX, AVG 2011, and WINDOWS FIREWALL------------------
I disabled all active protections (WebRoot, AdAware, Malawarebytes), but Combofix complained that AVG 2011 was installed.
I was sure I had uninstalled it months ago, and log file from avg_remover_stf_x86_2011_1322.exe (ran today) includes pages and pages of "not installed", "empty", "not found", etc. (I could post the log, it's a 208kb text file.)
HOWEVER, Control Panel Security Center still says that AVG firewall is protecting the system, and Windows Firewall is off. So I turned Windows Firewall on and kept it on despite Security Center's caution that it might not be a good idea to have two firewalls on at once. (I was worried Windows was being tricked into thinking AVG was there.) Interestingly, Window Firewall was turned off without my intervention a few hours later. Suspicious.
-----------------RUNNING COMBOFIX ISSUE------------------
In any case, no matter what I did, Combofix kept complaining that AVG was there. Despite the risks I ran Combofix anyway.
It took 16 minutes to get to Stage 4 (which apparently is very slow), and then while I was in a different room the computer went to blue screen with "Plug and Play detected an error most likely caused by a faulty driver". After I re-started it it was much faster and made it all the way through.
-------------CURRENT STATUS------------------
After running all three programs, the computer is faster and does not slow down as much. But MalawareBytes still blocks suspicious activity (see log above).
Here are the three log files requested. (I also have the AVG remover log file available.)
Thanks again. Csaba
-------------------------------
ComboFix 11-07-24.01 - Csaba.Nagy 07/24/2011 16:57:43.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.528 [GMT -4:00]
Running from: c:\documents and settings\Csaba.Nagy.TUCKNT\My Documents\Downloads\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Csaba.Nagy.TUCKNT\WINDOWS
c:\documents and settings\Csaba.Nagy\WINDOWS
c:\documents and settings\Default User\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_uacFlt
-------\Service_uacFlt
.
.
((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 02:13 . 2011-07-24 02:13 -------- d-----w- c:\documents and settings\Csaba.Nagy.TUCKNT\Local Settings\Application Data\Webroot
2011-07-24 02:12 . 2011-07-24 02:12 -------- d-----w- c:\documents and settings\Csaba.Nagy.TUCKNT\Application Data\webroot
2011-07-23 20:28 . 2011-07-22 12:19 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-07-22 12:19 . 2011-07-22 12:19 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-22 04:23 . 2011-07-22 04:23 -------- dc----w- c:\windows\system32\DRVSTORE
2011-07-22 04:23 . 2011-06-20 14:31 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-07-22 04:22 . 2011-07-22 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-07-19 02:59 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-19 02:58 . 2011-07-19 02:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-19 02:58 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-17 21:32 . 2011-05-23 17:09 45584 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2011-07-17 21:32 . 2011-05-23 17:09 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-07-17 21:32 . 2011-05-23 17:09 181008 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-07-17 21:31 . 2011-05-26 15:22 122696 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2011-07-17 21:30 . 2011-07-17 21:30 6202608 ----a-w- c:\program files\Common Files\wruninstall.exe
2011-07-17 21:29 . 2011-07-18 03:34 -------- d-----w- c:\program files\Microsoft Silverlight
2011-07-17 21:16 . 2011-07-17 21:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{24F72050-686C-4A15-B137-09FEB449D545}
2011-07-17 21:07 . 2011-07-17 21:07 -------- d-----w- c:\program files\Webroot
2011-07-17 21:05 . 2011-07-24 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2011-07-17 21:05 . 2011-07-17 21:05 -------- d-----w- c:\documents and settings\Csaba.Nagy.TUCKNT\Local Settings\Application Data\PackageAware
2011-06-27 12:15 . 2011-06-27 12:15 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 12:15 . 2011-06-27 12:15 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-30 12:13 . 2011-05-30 20:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2004-06-23 12:14 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2004-06-07 18:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-06-23 12:14 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-06-23 12:14 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-06-23 12:14 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2004-06-23 12:13 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-06-27 12:15 . 2011-05-29 16:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{6B78A880-15CA-468f-8422-A7960AD6FBB9}"
[HKEY_CLASSES_ROOT\CLSID\{6B78A880-15CA-468f-8422-A7960AD6FBB9}]
2011-05-26 15:51 326928 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{4EE7A346-5845-471e-9FAB-002EAF83F8B0}"
[HKEY_CLASSES_ROOT\CLSID\{4EE7A346-5845-471e-9FAB-002EAF83F8B0}]
2011-05-26 15:51 326928 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}"
[HKEY_CLASSES_ROOT\CLSID\{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}]
2011-05-26 15:51 326928 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{493FC96E-B938-4924-9B38-C4088E9B8AC2}"
[HKEY_CLASSES_ROOT\CLSID\{493FC96E-B938-4924-9B38-C4088E9B8AC2}]
2011-05-26 15:51 326928 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-22 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-15 323392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808]
"TpShocks"="TpShocks.exe" [2005-11-07 106496]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 864256]
"TPKBDLED"="c:\windows\system32\TpScrLk.exe" [2002-10-09 40960]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-05-10 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 14:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 237568]
"EPSON Stylus CX5400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-26 99840]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-10-22 114741]
"CoolSwitch"="c:\windows\System32\taskswitch.exe" [2002-03-20 45632]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-10 66680]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-26 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-12 229952]
"VerizonServicepoint.exe"="c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 1880064]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2011-07-17 1383496]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install Webroot FF RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2011-7-17 6202608]
Install Webroot IE RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2011-7-17 6202608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NetPerSec.lnk - c:\program files\NetPerSec\NetPerSec.exe [2004-6-23 192512]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 03:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-02-01 20:09 24576 ------w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SideCar\\SideCar.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 EFlashAssist;EFlashAssist;c:\windows\system32\drivers\EFLASHAS.SYS [10/20/2005 2:41 PM 8476]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/22/2011 12:23 AM 64512]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [7/17/2011 5:31 PM 122696]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [6/19/2004 5:05 AM 16384]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [9/3/2004 12:31 PM 35693]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/18/2011 10:59 PM 366640]
R2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [7/17/2011 5:32 PM 45584]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [7/17/2011 5:16 PM 3363168]
R3 Cpmt;Cisco Media Termination;c:\windows\system32\drivers\Cpmt.sys [9/3/2004 12:31 PM 1915837]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/18/2011 10:58 PM 22712]
S2 AutoExNT;ERU Autobackup;c:\windows\system32\AUTOEXNT.EXE [5/23/2005 2:25 PM 22528]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/21/2010 2:52 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/21/2010 2:52 AM 135664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/20/2011 10:31 AM 2151640]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 11:19]
.
2011-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 18:21]
.
2007-01-31 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2004-06-19 05:38]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 06:51]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 06:51]
.
.
------- Supplementary Scan -------
.
uStart Page = https://webmail.stillriversystems.c...bmail.stillriversystems.com/exchange&reason=0
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Csaba.Nagy.TUCKNT\Application Data\Mozilla\Firefox\Profiles\3x5xzgap.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.techist.com/pc/f51/virus-204611/|Google News
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2665e909-eb55-446c-9417-26c0ccf71961} - c:\windows\system32\yudegoku.dll
AddRemove-Active Ports - c:\windows\unvise32.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-24 19:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1348)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
.
- - - - - - - > 'explorer.exe'(9160)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\lenovo\system update\suservice.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\progra~1\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\TpShocks.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-07-24 19:10:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-24 23:10
.
Pre-Run: 18,342,543,360 bytes free
Post-Run: 18,264,252,416 bytes free
.
- - End Of File - - 3600B7061DC96B92AC281E644D548429
-----------------------------------
Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: 7266
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/24/2011 7:38:18 PM
mbam-log-2011-07-24 (19-38-18).txt
Scan type: Quick scan
Objects scanned: 187825
Time elapsed: 12 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-----------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:51:01 PM, on 7/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\NetPerSec\NetPerSec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Csaba.Nagy.TUCKNT\My Documents\Downloads\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.stillriversystems.c...bmail.stillriversystems.com/exchange&reason=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: WRCommonBHO - {D93EC24D-8741-4D41-B83D-A5793B998416} - C:\Program Files\Webroot\Security\current\plugins\browserextension\WebrootBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Webroot Browser Helper Object - {e08861fe-8847-4b2a-8ec2-08edb20e4020} - C:\Program Files\Webroot\Security\current\products\WISE\toolbar\LPBar.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Webroot Toolbar - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files\Webroot\Security\current\products\WISE\toolbar\LPBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TVT Scheduler Proxy] "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe"
O4 - HKLM\..\Run: [TpShocks] "TpShocks.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TPKBDLED] "C:\WINDOWS\system32\TpScrLk.exe"
O4 - HKLM\..\Run: [TPHOTKEY] "C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe"
O4 - HKLM\..\Run: [TP4EX] "tp4ex.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [S3TRAY2] "S3Tray2.exe"
O4 - HKLM\..\Run: [PRONoMgrWired] "C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Logitech\Video\InstallHelper.exe" /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Logitech\Video\CameraAssistant.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IBMPRC] "C:\IBMTOOLS\UTILS\ibmprc.exe"
O4 - HKLM\..\Run: [EZEJMNAP] "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [CoolSwitch] "C:\WINDOWS\System32\taskswitch.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BMMLREF] "C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE"
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BLOG] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: NetPerSec.lnk = C:\Program Files\NetPerSec\NetPerSec.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306708158673
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ERU Autobackup (AutoExNT) - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (Antivirus Software, Antispyware & Internet Security | Webroot) - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
--
End of file - 16434 bytes
THANK YOU for your generous help to everyone. It's too bad more people don't Pay It Forward like yourselves. I hope I have followed the instructions from spyware-asylum correctly, I would hate to waste your valuable time.
I've been fighting various viruses for over a year. I'm hoping this might be the last stand. After running ComboFix/Malawarebytes/HiJackThis, the computer is faster, but Malaware is still blocking malicious traffic.
Thank you, Csaba
----------------SIDE NOTE-------------------
I initially found Tech-forums and then the Spyware-Asylum instructions sent me to BleepingComputer to download the Combofix. I got confused (ADHD and all) and ended up posting there, only to realize that their average time to initial reply for malware was about 8-12 days! Realizing my mistake, and that your time to reply seems to be usually less than a day!! I came back. It's very interesting to note the difference in tools and techniques used and between the two sites.
----------COMPUTER-------------------------
IBM Laptop T-42 (from 2004!)
Windows XP Service Pack 3
Version 5.1 (Build 2600.xpsp_sp3_gdr.101209-1647)
Windows updates: has always been on. The only updates remaining to install (per Microsoft website) are 10 optional ones. I didn't install those because the system got so slow, especially with Internet Explorer. After using Combofix, Malawarebytes and HiJackThis, the system is speedy again and I could install them. But I haven't downloaded them yet.
---------DESCRIPTION OF THE PROBLEM------------
The system would slow to a crawl at random for 30-60 minutes and then eventually "recover" all by itself. Launching anything connecting to the internet also triggered the slow down. Several months ago, based on a different website I used Avast, AVG, Avira, and Malawarebytes to (sort of) successfully eliminate several viruses. Life was good.
The slow downs started again 3-4 weeks ago, but with a new symptom. Malawarebytes (trial of the paid product version, not the free version) keeps blocking incoming and outgoing communications (see below) to "potentially malicious website"s. These coincide with spikes in network activity (both incoming and outgoing) as displayed in mini icon for NewPerSec. The slow down (and corresponding spikes in network activity) happen at random, in other words, I may be using the computer actively or not at all.
Before I found your site, a full scan by Malawarebytes unfortunately only identified/deletes cookies, nothing else suspicious. Ad-Aware also did not identify anything. I purchased Webroot, on the advice of a (former) friend, and it also has not identified anything.
Now I admit I need help. The log files requested are posted below. But first here's a brief snapshot of the Malawarebytes Protection log for today. You'll see the activity it was blocking before and after it was turned off. Activity to and from Moldova/Korea does not make me feel safe.
...
11:13:49 Csaba.Nagy IP-BLOCK 222.70.98.99 (Type: outgoing)
11:25:59 Csaba.Nagy IP-BLOCK 89.28.112.81 (Type: incoming)
11:43:35 Csaba.Nagy IP-BLOCK 222.70.98.99 (Type: outgoing)
11:59:05 Csaba.Nagy IP-BLOCK 222.70.98.99 (Type: outgoing)
11:59:36 Csaba.Nagy IP-BLOCK 89.28.93.61 (Type: outgoing)
12:14:02 Csaba.Nagy IP-BLOCK 121.10.120.143 (Type: incoming)
12:29:29 Csaba.Nagy IP-BLOCK 79.135.130.25 (Type: outgoing)
12:29:31 Csaba.Nagy IP-BLOCK 79.135.130.25 (Type: outgoing)
12:29:38 Csaba.Nagy IP-BLOCK 83.128.105.173 (Type: outgoing)
12:38:35 Csaba.Nagy IP-BLOCK 121.10.120.182 (Type: incoming)
12:45:58 Csaba.Nagy IP-BLOCK 213.231.5.113 (Type: incoming)
13:30:42 Csaba.Nagy IP-BLOCK 222.70.148.146 (Type: outgoing)
13:33:31 Csaba.Nagy IP-BLOCK 77.78.240.233 (Type: incoming)
13:34:26 Csaba.Nagy IP-BLOCK 194.165.0.3 (Type: incoming)
13:47:53 Csaba.Nagy IP-BLOCK 89.28.22.19 (Type: incoming)
14:01:41 Csaba.Nagy IP-BLOCK 85.234.175.141 (Type: outgoing)
14:18:14 Csaba.Nagy IP-BLOCK 89.28.74.218 (Type: incoming)
14:46:47 Csaba.Nagy IP-BLOCK 62.45.65.12 (Type: outgoing)
15:00:14 Csaba.Nagy IP-BLOCK 213.231.5.113 (Type: incoming)
19:55:01 Csaba.Nagy MESSAGE Protection started successfully
19:55:08 Csaba.Nagy MESSAGE IP Protection started successfully
19:55:08 Csaba.Nagy MESSAGE IP Protection stopped
19:55:15 Csaba.Nagy MESSAGE Database updated successfully
19:55:19 Csaba.Nagy MESSAGE IP Protection started successfully
20:02:18 Csaba.Nagy IP-BLOCK 62.45.147.227 (Type: outgoing)
20:03:01 Csaba.Nagy IP-BLOCK 89.28.101.9 (Type: outgoing)
20:03:10 Csaba.Nagy IP-BLOCK 121.125.131.91 (Type: outgoing)
20:31:06 Csaba.Nagy IP-BLOCK 89.28.69.167 (Type: outgoing)
-------COMBOFIX, AVG 2011, and WINDOWS FIREWALL------------------
I disabled all active protections (WebRoot, AdAware, Malawarebytes), but Combofix complained that AVG 2011 was installed.
I was sure I had uninstalled it months ago, and log file from avg_remover_stf_x86_2011_1322.exe (ran today) includes pages and pages of "not installed", "empty", "not found", etc. (I could post the log, it's a 208kb text file.)
HOWEVER, Control Panel Security Center still says that AVG firewall is protecting the system, and Windows Firewall is off. So I turned Windows Firewall on and kept it on despite Security Center's caution that it might not be a good idea to have two firewalls on at once. (I was worried Windows was being tricked into thinking AVG was there.) Interestingly, Window Firewall was turned off without my intervention a few hours later. Suspicious.
-----------------RUNNING COMBOFIX ISSUE------------------
In any case, no matter what I did, Combofix kept complaining that AVG was there. Despite the risks I ran Combofix anyway.
It took 16 minutes to get to Stage 4 (which apparently is very slow), and then while I was in a different room the computer went to blue screen with "Plug and Play detected an error most likely caused by a faulty driver". After I re-started it it was much faster and made it all the way through.
-------------CURRENT STATUS------------------
After running all three programs, the computer is faster and does not slow down as much. But MalawareBytes still blocks suspicious activity (see log above).
Here are the three log files requested. (I also have the AVG remover log file available.)
Thanks again. Csaba
-------------------------------
ComboFix 11-07-24.01 - Csaba.Nagy 07/24/2011 16:57:43.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.528 [GMT -4:00]
Running from: c:\documents and settings\Csaba.Nagy.TUCKNT\My Documents\Downloads\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Csaba.Nagy.TUCKNT\WINDOWS
c:\documents and settings\Csaba.Nagy\WINDOWS
c:\documents and settings\Default User\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_uacFlt
-------\Service_uacFlt
.
.
((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 02:13 . 2011-07-24 02:13 -------- d-----w- c:\documents and settings\Csaba.Nagy.TUCKNT\Local Settings\Application Data\Webroot
2011-07-24 02:12 . 2011-07-24 02:12 -------- d-----w- c:\documents and settings\Csaba.Nagy.TUCKNT\Application Data\webroot
2011-07-23 20:28 . 2011-07-22 12:19 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-07-22 12:19 . 2011-07-22 12:19 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-22 04:23 . 2011-07-22 04:23 -------- dc----w- c:\windows\system32\DRVSTORE
2011-07-22 04:23 . 2011-06-20 14:31 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-07-22 04:22 . 2011-07-22 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-07-19 02:59 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-19 02:58 . 2011-07-19 02:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-19 02:58 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-17 21:32 . 2011-05-23 17:09 45584 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2011-07-17 21:32 . 2011-05-23 17:09 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-07-17 21:32 . 2011-05-23 17:09 181008 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-07-17 21:31 . 2011-05-26 15:22 122696 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2011-07-17 21:30 . 2011-07-17 21:30 6202608 ----a-w- c:\program files\Common Files\wruninstall.exe
2011-07-17 21:29 . 2011-07-18 03:34 -------- d-----w- c:\program files\Microsoft Silverlight
2011-07-17 21:16 . 2011-07-17 21:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{24F72050-686C-4A15-B137-09FEB449D545}
2011-07-17 21:07 . 2011-07-17 21:07 -------- d-----w- c:\program files\Webroot
2011-07-17 21:05 . 2011-07-24 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2011-07-17 21:05 . 2011-07-17 21:05 -------- d-----w- c:\documents and settings\Csaba.Nagy.TUCKNT\Local Settings\Application Data\PackageAware
2011-06-27 12:15 . 2011-06-27 12:15 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 12:15 . 2011-06-27 12:15 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-30 12:13 . 2011-05-30 20:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2004-06-23 12:14 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2004-06-07 18:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-06-23 12:14 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-06-23 12:14 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-06-23 12:14 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2004-06-23 12:13 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-06-27 12:15 . 2011-05-29 16:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{6B78A880-15CA-468f-8422-A7960AD6FBB9}"
[HKEY_CLASSES_ROOT\CLSID\{6B78A880-15CA-468f-8422-A7960AD6FBB9}]
2011-05-26 15:51 326928 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{4EE7A346-5845-471e-9FAB-002EAF83F8B0}"
[HKEY_CLASSES_ROOT\CLSID\{4EE7A346-5845-471e-9FAB-002EAF83F8B0}]
2011-05-26 15:51 326928 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}"
[HKEY_CLASSES_ROOT\CLSID\{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}]
2011-05-26 15:51 326928 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{493FC96E-B938-4924-9B38-C4088E9B8AC2}"
[HKEY_CLASSES_ROOT\CLSID\{493FC96E-B938-4924-9B38-C4088E9B8AC2}]
2011-05-26 15:51 326928 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-22 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-15 323392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808]
"TpShocks"="TpShocks.exe" [2005-11-07 106496]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 864256]
"TPKBDLED"="c:\windows\system32\TpScrLk.exe" [2002-10-09 40960]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-05-10 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 14:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 237568]
"EPSON Stylus CX5400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-26 99840]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-10-22 114741]
"CoolSwitch"="c:\windows\System32\taskswitch.exe" [2002-03-20 45632]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-10 66680]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-26 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-12 229952]
"VerizonServicepoint.exe"="c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 1880064]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2011-07-17 1383496]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install Webroot FF RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2011-7-17 6202608]
Install Webroot IE RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2011-7-17 6202608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NetPerSec.lnk - c:\program files\NetPerSec\NetPerSec.exe [2004-6-23 192512]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 03:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-02-01 20:09 24576 ------w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SideCar\\SideCar.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 EFlashAssist;EFlashAssist;c:\windows\system32\drivers\EFLASHAS.SYS [10/20/2005 2:41 PM 8476]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/22/2011 12:23 AM 64512]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [7/17/2011 5:31 PM 122696]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [6/19/2004 5:05 AM 16384]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [9/3/2004 12:31 PM 35693]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/18/2011 10:59 PM 366640]
R2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [7/17/2011 5:32 PM 45584]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [7/17/2011 5:16 PM 3363168]
R3 Cpmt;Cisco Media Termination;c:\windows\system32\drivers\Cpmt.sys [9/3/2004 12:31 PM 1915837]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/18/2011 10:58 PM 22712]
S2 AutoExNT;ERU Autobackup;c:\windows\system32\AUTOEXNT.EXE [5/23/2005 2:25 PM 22528]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/21/2010 2:52 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/21/2010 2:52 AM 135664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/20/2011 10:31 AM 2151640]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 11:19]
.
2011-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 18:21]
.
2007-01-31 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2004-06-19 05:38]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 06:51]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 06:51]
.
.
------- Supplementary Scan -------
.
uStart Page = https://webmail.stillriversystems.c...bmail.stillriversystems.com/exchange&reason=0
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Csaba.Nagy.TUCKNT\Application Data\Mozilla\Firefox\Profiles\3x5xzgap.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.techist.com/pc/f51/virus-204611/|Google News
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2665e909-eb55-446c-9417-26c0ccf71961} - c:\windows\system32\yudegoku.dll
AddRemove-Active Ports - c:\windows\unvise32.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-24 19:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1348)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
.
- - - - - - - > 'explorer.exe'(9160)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\lenovo\system update\suservice.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\progra~1\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\TpShocks.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-07-24 19:10:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-24 23:10
.
Pre-Run: 18,342,543,360 bytes free
Post-Run: 18,264,252,416 bytes free
.
- - End Of File - - 3600B7061DC96B92AC281E644D548429
-----------------------------------
Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: 7266
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/24/2011 7:38:18 PM
mbam-log-2011-07-24 (19-38-18).txt
Scan type: Quick scan
Objects scanned: 187825
Time elapsed: 12 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-----------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:51:01 PM, on 7/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\NetPerSec\NetPerSec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Csaba.Nagy.TUCKNT\My Documents\Downloads\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.stillriversystems.c...bmail.stillriversystems.com/exchange&reason=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: WRCommonBHO - {D93EC24D-8741-4D41-B83D-A5793B998416} - C:\Program Files\Webroot\Security\current\plugins\browserextension\WebrootBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Webroot Browser Helper Object - {e08861fe-8847-4b2a-8ec2-08edb20e4020} - C:\Program Files\Webroot\Security\current\products\WISE\toolbar\LPBar.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Webroot Toolbar - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files\Webroot\Security\current\products\WISE\toolbar\LPBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TVT Scheduler Proxy] "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe"
O4 - HKLM\..\Run: [TpShocks] "TpShocks.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TPKBDLED] "C:\WINDOWS\system32\TpScrLk.exe"
O4 - HKLM\..\Run: [TPHOTKEY] "C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe"
O4 - HKLM\..\Run: [TP4EX] "tp4ex.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [S3TRAY2] "S3Tray2.exe"
O4 - HKLM\..\Run: [PRONoMgrWired] "C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Logitech\Video\InstallHelper.exe" /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Logitech\Video\CameraAssistant.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IBMPRC] "C:\IBMTOOLS\UTILS\ibmprc.exe"
O4 - HKLM\..\Run: [EZEJMNAP] "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [CoolSwitch] "C:\WINDOWS\System32\taskswitch.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BMMLREF] "C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE"
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BLOG] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: NetPerSec.lnk = C:\Program Files\NetPerSec\NetPerSec.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306708158673
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ERU Autobackup (AutoExNT) - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (Antivirus Software, Antispyware & Internet Security | Webroot) - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
--
End of file - 16434 bytes