Jump to content

superfly75

Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by superfly75

  1. Hi Chris, I have followed all your steps, and I keep having the popups! It's happening both at home and in the office, so I repeated the same steps both on my office router (Tenda) and home router (Linksys) On my home router, in addition I have upgraded to the latest firmware. Of course, I have changed the admin console passwords for the routers both at home and in the office. Both routers Wifi are protected with strong passwords (also changed). Any idea? Alex
  2. Hi guys, Although my computer seems to be running OK, I noticed several symptoms that make me think that it could be infected by some malicious malware. Symptom 1: My router (Tenda) would go down intermittendly (sometimes as many as 5 times in the same day). When router was down, I cannot access internet, and any other computer in the network could not access it, I could not ping the router. Sometimes I could ping the router but I could not connect to the admin page of the router (web console). Tenda support told me that I may have an ARP virus (spoofing of IP address to redirect packets...) Symptom 2: Although MBAM did not spot any malware, it reported many times that it "has blocked access to some potentially malicious website", giving me some IP addresses located in Moldavia or Ukraine. I suspect that some rogue servers are trying to access our network and scan for loopholes and flows. Symptom 3: We repeatdly have IP address conflicts (although we are using a small router configured in DHCP mode and only 4 computers are connected to in automatic DHCP mode). Usually we never had IP conflicts before with such configuration. Tenda suggested that I should run an analysis of my network traffic which I did using Colasoft Capsa 7, but it did not report any ARP spoofing or so... Anyway, here are my logs, I hope you guys can help me find-out whether my computer is infected or not. Thanks, Alex DDS (Ver_2011-07-14.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by Alex at 17:52:06 on 2011-07-19 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1925 [GMT 6:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\DU Meter\DUMeterSvc.exe C:\Program Files\ICQ6Toolbar\ICQ Service.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\AMT\UNS.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Program Files\TeamViewer\Version6\tv_w32.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Intel\AMT\atchk.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\ICQ7.5\ICQ.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\DUMETE~1\DUMeter.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Documents and Settings\Alex\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\taskmgr.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.lemonde.fr/ uProxyServer = 192.168.0.131:3128 uURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll uURLSearchHooks: <No Name>: - LocalServer32 - <no file> BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\program files\spywareguard\dlprotect.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll EB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll uRun: [Google Update] "c:\documents and settings\alex\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [DU Meter] c:\program files\du meter\DUMeter.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [GoogleContactSync] c:\program files\webgear\go contact sync\GOContactSync.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [Facebook Update] "c:\documents and settings\alex\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver uRun: [iCQ] "c:\progra~1\icq7.5\ICQ.exe" silent loginmode=4 mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.exe mRun: [atchk] "c:\program files\intel\amt\atchk.exe" mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [sAOB Monitor] c:\program files\acronis\onlinebackupstandalone\TrueImageMonitor.exe mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe" mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe StartupFolder: c:\docume~1\alex\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\alex\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\alex\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech touch mouse server\iTouch-Server-Win.exe StartupFolder: c:\docume~1\alex\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\WINDOW~1.LNK - uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{AF2AF932-8107-43F0-8A67-E91CF47DD3A8} : DHCPNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: ipp - <Clsid value has no data> Handler: msdaipp - <Clsid value has no data> Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - c:\program files\spywareguard\spywareguard.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install IFEO: Your Image File Name Here without a path - ntsd -d . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\alex\application data\mozilla\firefox\profiles\74654nhv.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q= FF - prefs.js: network.proxy.ftp - 192.168.0.131 FF - prefs.js: network.proxy.ftp_port - 3128 FF - prefs.js: network.proxy.gopher - 192.168.0.131 FF - prefs.js: network.proxy.gopher_port - 3128 FF - prefs.js: network.proxy.http - 192.168.0.131 FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.socks - 192.168.0.131 FF - prefs.js: network.proxy.socks_port - 3128 FF - prefs.js: network.proxy.ssl - 192.168.0.131 FF - prefs.js: network.proxy.ssl_port - 3128 FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\alex\application data\mozilla\firefox\profiles\74654nhv.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll FF - plugin: c:\documents and settings\alex\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\alex\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\alex\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll FF - plugin: c:\documents and settings\alex\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-6-17 752128] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-16 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-16 309848] R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\CSN5PDTS82.sys [2011-7-15 28184] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-21 218688] R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-6-17 3975088] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-16 19544] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-16 42184] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-2-24 22504] R2 DUMeterSvc;DU Meter Service;c:\program files\du meter\DUMeterSvc.exe [2011-3-1 513536] R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2011-3-7 247096] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-27 366640] R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-1 2337144] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2010-11-8 1464856] R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-6-17 163232] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-8-24 227896] R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2011-7-10 38608] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-23 44800] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-27 22712] R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-8-24 49152] R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-3-24 25088] S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\drivers\csn5pdts82x64.sys --> c:\windows\system32\drivers\CSN5PDTS82x64.sys [?] S1 CsNdisLWF;CsNdisLWF NDIS Protocol Driver;c:\windows\system32\drivers\csndislwf.sys --> c:\windows\system32\drivers\CsNdisLWF.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-1 136176] S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\du meter\DUM_XP32.sys [2011-3-1 14992] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-1 136176] S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2007-7-16 35072] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-3-12 18432] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe" ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1" ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4" . =============== Created Last 30 ================ . 2011-07-18 14:10:00 -------- d-----w- c:\documents and settings\alex\local settings\application data\ApplicationHistory 2011-07-18 10:18:21 -------- d-----w- c:\windows\system32\winrm 2011-07-18 10:18:18 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2011-07-18 10:16:09 -------- d-----w- c:\program files\Windows Media Connect 2 2011-07-18 10:14:21 -------- d-----w- c:\windows\system32\LogFiles 2011-07-18 10:12:07 -------- d-----w- c:\windows\system32\URTTEMP 2011-07-15 11:16:06 -------- d-----w- c:\program files\common files\Colasoft Shared 2011-07-15 11:16:06 -------- d-----w- c:\documents and settings\alex\application data\Colasoft MAC Scanner 2011-07-15 11:16:02 -------- d-----w- c:\documents and settings\all users\application data\Colasoft Capsa 7.4 - Enterprise Edition Demo 2011-07-15 11:16:02 -------- d-----w- c:\documents and settings\alex\application data\Colasoft Capsa 7.4 - Enterprise Edition Demo 2011-07-15 11:14:38 28184 ----a-w- c:\windows\system32\drivers\CSN5PDTS82.sys 2011-07-15 11:14:32 -------- d-----w- c:\program files\Colasoft Capsa 7 Enterprise Demo Edition 2011-07-14 04:00:02 -------- d-----w- c:\documents and settings\alex\local settings\application data\MetaGeek,_LLC 2011-07-13 09:36:10 -------- d-----w- c:\program files\iCamSource 2011-07-13 08:23:11 -------- d-----w- c:\program files\MetaGeek 2011-07-13 07:59:59 -------- d-----w- c:\documents and settings\alex\application data\Hobbyist Software 2011-07-13 07:58:40 -------- d-----w- c:\program files\Hobbyist Software 2011-07-12 08:17:13 -------- d-sh--w- C:\Diskeeper 2011-07-10 13:29:01 38608 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys 2011-07-10 13:28:57 -------- d-----w- c:\program files\common files\Diskeeper Corporation 2011-07-10 13:28:56 -------- d-----w- c:\documents and settings\all users\application data\Diskeeper Corporation 2011-07-10 13:28:55 -------- d-----w- c:\program files\Windows Home Server 2011-07-10 13:28:55 -------- d-----w- c:\program files\Diskeeper Corporation 2011-07-10 06:54:36 -------- d-----w- c:\windows\system32\NtmsData 2011-07-06 18:53:28 -------- d-----w- c:\documents and settings\alex\local settings\application data\Facebook 2011-07-06 13:39:42 -------- d-----w- c:\program files\iPod 2011-07-06 13:39:20 -------- d-----w- c:\program files\iTunes 2011-07-05 00:00:16 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-07-05 00:00:15 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2011-07-03 20:30:25 -------- d-----w- c:\documents and settings\alex\.homeplayer 2011-07-03 20:28:45 -------- d-----w- c:\program files\HomePlayer 2011-07-03 20:08:12 -------- d-----w- c:\program files\FpTest 2011-06-20 13:18:06 -------- d-----w- c:\program files\EverythingAccess.com 2011-06-20 13:14:57 -------- d-----w- c:\program files\Access Password Recovery Master 2011-06-19 15:51:56 -------- d-----w- c:\windows\SxsCaPendDel . ==================== Find3M ==================== . 2011-07-18 07:22:34 60 ----a-w- c:\windows\wpd99.drv 2011-07-17 03:49:06 151552 ----a-w- c:\windows\KMSEmulator.exe 2011-07-06 13:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 13:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-06-16 21:29:22 163232 ----a-w- c:\windows\system32\drivers\afcdp.sys 2011-06-16 21:29:15 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys 2011-06-16 21:29:13 600928 ----a-w- c:\windows\system32\drivers\timntr.sys 2011-06-16 21:29:02 170464 ----a-w- c:\windows\system32\drivers\snapman.sys 2011-06-16 20:45:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-10 02:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-05-10 02:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-05-04 02:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 00:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07:50 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07:50 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys . ============= FINISH: 17:58:43.51 =============== ark.zip
  3. Hi ! I managed to remove mc afee and installed avast and updated. Did a full avast scan and found nothing. I also updated MBAM and did a full scan and found nothing... But i am still doubtfull whether my machine is clean or not... I am scared about password theft (changed all my passwords) How can I be sure? Anyway thanks a lot for your help! Alex
  4. Hi, This is very weird, tonight I started the computer, and Chrome was working. I uninstalled McAfee. I was able to update MBAM so I did update and scan and it did not find anything. I will install AVAST as soon as possible (limited connection to internet). Thanks, Alex
  5. Hi Borislav, I have bad news, it seems the virus is still present. I was going through you steps tonight and this is what happen: 1. Did the combofix uninstall 2. Uninstalled Hijackthis I updated my windows update, macafee and windows defender. I wanted to update MBAM but it did not connect (same error as earlier) I went to Chrome and bingo the same error cannot connect error 102... This is crazy man... Alex
  6. Hi Borislav, It seems OK now. Chrome is working and McAfee and MBAM are up to date. Do you know what was the issue? What kind of virus? Any chance that personal information has been compromised? Can you advise some tools for better protection? Thanks a lot for your help, Alex
  7. Hi Borislav, Update went well. Here is the report: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5919 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 02/03/2011 01:16:46 mbam-log-2011-03-02 (01-16-46).txt Scan type: Quick scan Objects scanned: 159306 Time elapsed: 4 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  8. Hi, Here is the reports: ComboFix 11-02-28.07 - Alex 02/03/2011 0:18.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.1184 [GMT 6:00] Running from: c:\documents and settings\Alex\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Alex\Desktop\CFScript.txt AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Created a new restore point file zipped: c:\windows\KMSEmulator.exe . ((((((((((((((((((((((((( Files Created from 2011-02-01 to 2011-03-01 ))))))))))))))))))))))))))))))) . 2011-03-01 17:49 . 2011-03-01 18:08 -------- d-----w- C:\Combo-Fix 2011-02-26 15:55 . 2011-02-26 15:55 388096 ----a-r- c:\documents and settings\Alex\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-02-26 15:55 . 2011-02-26 15:55 -------- d-----w- c:\program files\Trend Micro 2011-02-26 15:34 . 2011-02-26 15:34 -------- d-----w- c:\documents and settings\Alex\Application Data\Malwarebytes 2011-02-26 15:34 . 2010-12-20 12:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-26 15:34 . 2011-02-26 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-26 15:34 . 2011-02-28 08:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-26 15:34 . 2010-12-20 12:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-23 11:58 . 2011-02-27 05:45 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-02-23 11:58 . 2011-02-27 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-02-22 09:48 . 2011-02-23 13:30 -------- d-----w- c:\program files\Windows Defender 2011-02-22 07:24 . 2011-02-22 09:13 78848 ----a-w- c:\windows\KMSEmulator.exe 2011-02-22 07:06 . 2011-02-22 07:06 -------- d-----w- C:\share 2011-02-21 16:35 . 2011-02-21 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek 2011-02-21 14:40 . 2011-02-21 14:40 -------- d-----w- c:\program files\SoulseekNS 2011-02-18 07:06 . 2011-02-18 07:07 -------- d-----w- c:\documents and settings\Alex\Application Data\Update 2011-02-17 11:10 . 2011-02-17 11:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2011-02-17 06:09 . 2011-02-17 06:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2011-02-16 08:55 . 2011-02-16 08:55 -------- d-----w- c:\program files\WebGear 2011-02-16 06:42 . 2011-02-16 08:48 -------- d-----w- C:\My Movies 2011-02-16 06:27 . 2011-02-16 06:30 -------- d-----w- C:\Alex 2011-02-16 06:10 . 2011-02-21 08:26 -------- d-----w- C:\MP3 2011-02-15 22:15 . 2011-02-15 22:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2011-02-12 11:58 . 2001-08-17 14:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2011-02-12 11:58 . 2008-04-13 21:42 159232 ----a-w- c:\windows\system32\ptpusd.dll 2011-02-12 11:58 . 2008-04-13 16:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-02-12 11:58 . 2008-04-13 16:15 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys 2011-02-10 17:22 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll 2011-02-08 22:34 . 2011-02-08 22:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-02-08 21:32 . 2011-02-08 21:32 -------- d-----w- c:\documents and settings\Alex\Application Data\Windows Search 2011-02-08 21:26 . 2011-02-27 14:38 -------- d-----w- c:\program files\CoreCodec 2011-02-08 21:22 . 2011-02-22 07:24 -------- d-----w- C:\Downloads 2011-02-08 21:21 . 2011-02-22 08:23 -------- d-----w- c:\documents and settings\Alex\Application Data\BitComet 2011-02-08 16:37 . 2011-02-08 16:37 -------- d--h--w- c:\windows\PIF 2011-02-08 14:34 . 2011-02-08 18:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2011-02-08 02:47 . 2011-02-08 02:47 -------- d-----w- c:\program files\iPod 2011-02-08 02:41 . 2010-04-19 12:29 18432 ----a-w- c:\windows\system32\drivers\netaapl.sys 2011-02-08 02:41 . 2010-09-28 07:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-08 02:41 . 2010-09-28 07:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-07 17:02 . 2008-04-13 16:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2011-02-07 17:02 . 2008-04-13 16:09 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys 2011-02-07 17:02 . 2008-04-13 16:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2011-02-07 17:02 . 2008-04-13 16:16 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys 2011-02-07 13:51 . 2011-02-16 06:47 -------- d-----w- c:\documents and settings\Alex\Application Data\Apple Computer 2011-02-07 13:50 . 2009-05-18 05:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-02-07 13:50 . 2008-04-17 04:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2011-02-07 13:48 . 2011-02-08 02:50 -------- d-----w- c:\program files\iTunes 2011-02-07 13:48 . 2011-02-07 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2011-02-07 13:46 . 2011-02-07 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2011-02-07 13:46 . 2011-02-07 13:46 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\Apple 2011-02-07 13:46 . 2011-02-07 13:46 -------- d-----w- c:\program files\Apple Software Update 2011-02-07 13:34 . 2011-02-07 13:34 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\Identities 2011-02-07 13:34 . 2011-02-07 13:34 -------- d-----w- c:\documents and settings\Alex\Application Data\Windows Desktop Search 2011-02-07 13:29 . 2011-02-08 14:27 -------- d-----w- c:\program files\Windows Desktop Search 2011-02-07 13:29 . 2011-02-07 13:29 -------- d-----w- c:\windows\system32\GroupPolicy 2011-02-07 13:28 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll 2011-02-07 13:28 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll 2011-02-07 13:28 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll 2011-02-07 13:19 . 2011-02-07 13:20 -------- d-----w- c:\program files\Bonjour 2011-02-07 13:19 . 2011-02-12 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2011-02-07 13:19 . 2011-02-08 02:47 -------- d-----w- c:\program files\Common Files\Apple 2011-02-07 13:12 . 2011-03-01 16:50 -------- d-----w- c:\documents and settings\Alex\Application Data\skypePM 2011-02-07 13:12 . 2011-02-08 02:37 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\Apple Computer 2011-02-02 04:34 . 2011-02-02 04:34 -------- d-----w- c:\program files\Roadkil.Net . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-26 01:57 . 2011-01-25 18:29 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-01-25 18:03 . 2011-01-25 18:03 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-01-25 18:03 . 2011-01-25 18:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-01-25 14:42 . 2011-01-25 14:42 319488 ------w- c:\windows\system32\AegisI5Installer.exe 2011-01-25 13:46 . 2011-01-25 01:47 33088 ------w- c:\windows\system32\drivers\psadd.sys 2011-01-25 05:52 . 2011-01-25 05:52 391792 ------w- c:\windows\qfe8.tmp 2011-01-25 01:56 . 2011-01-25 01:56 33536 ------w- c:\windows\system32\drivers\tvtfilter.sys 2011-01-25 01:56 . 2011-01-25 01:57 129784 ------w- c:\windows\system32\pxafs.dll 2011-01-25 01:56 . 2011-01-25 01:57 118520 ------w- c:\windows\system32\pxinsi64.exe 2011-01-25 01:56 . 2011-01-25 01:57 115960 ------w- c:\windows\system32\pxcpyi64.exe 2011-01-25 01:56 . 2006-09-27 21:53 36624 ------w- c:\windows\system32\drivers\pxhelp20.sys 2011-01-25 01:55 . 2011-01-25 01:55 7012 ------w- c:\windows\system32\drivers\pmemnt.sys 2011-01-21 14:44 . 2006-04-30 06:56 439296 ------w- c:\windows\system32\shimgvw.dll 2011-01-14 05:13 . 2011-01-14 05:13 337256 ------w- c:\windows\system32\TpShocks.exe 2011-01-14 05:13 . 2011-01-14 05:13 279912 ------w- c:\windows\system32\TpShEvUI.exe 2011-01-14 05:13 . 2011-01-14 05:13 492904 ------w- c:\windows\system32\TpShCPL.dll 2011-01-14 05:13 . 2011-01-14 05:13 386408 ------w- c:\windows\system32\TpShCPL.cpl 2011-01-13 06:06 . 2011-01-13 06:06 20328 ------w- c:\windows\system32\Sensor.DLL 2011-01-13 06:05 . 2011-01-13 06:05 40048 ------w- c:\windows\system32\TPHDEXLG.exe 2011-01-13 06:04 . 2011-01-13 06:04 122992 ------w- c:\windows\system32\drivers\ApsX86.sys 2011-01-13 06:02 . 2011-01-13 06:02 20592 ------w- c:\windows\system32\drivers\ApsHM86.sys 2011-01-07 14:09 . 2006-04-30 06:55 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2006-04-30 06:55 1854976 ------w- c:\windows\system32\win32k.sys 2010-12-29 08:19 . 2010-12-29 08:19 734520 ------w- c:\windows\system32\tcsrpc.dll 2010-12-29 08:19 . 2010-12-29 08:19 427320 ------w- c:\windows\system32\tvttsp.dll 2010-12-22 12:34 . 2006-04-30 06:55 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2006-04-30 06:55 730112 ------w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2006-04-30 06:55 385024 ------w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2006-04-30 06:55 718336 ------w- c:\windows\system32\ntdll.dll 2010-12-09 14:30 . 2006-04-30 06:55 33280 ------w- c:\windows\system32\csrsrv.dll 2010-12-09 13:42 . 2006-04-30 06:55 2148864 ------w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07 . 2004-08-03 22:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((( SnapShot@2011-02-23_11.51.20 ))))))))))))))))))))))))))))))))))))))))) . + 2011-03-01 16:49 . 2011-03-01 16:49 16384 c:\windows\temp\Perflib_Perfdata_cc4.dat + 2006-04-30 06:55 . 2011-03-01 16:58 79360 c:\windows\system32\perfc009.dat - 2006-04-30 06:55 . 2011-02-23 11:23 79360 c:\windows\system32\perfc009.dat + 2011-02-21 17:11 . 2011-02-26 15:48 3987 c:\windows\system32\config\systemprofile\Application Data\Intel\Wireless\Settings\AlertHistory.bin + 2006-04-30 06:55 . 2011-03-01 16:58 465640 c:\windows\system32\perfh009.dat - 2006-04-30 06:55 . 2011-02-23 11:23 465640 c:\windows\system32\perfh009.dat + 2011-02-26 15:55 . 2011-02-26 15:55 1094656 c:\windows\Installer\11541b.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2009-03-13 1118720] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104] "Google Update"="c:\documents and settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-01-29 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-11-04 517480] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-11-04 208896] "TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-25 62312] "TpShocks"="TpShocks.exe" [2011-01-14 337256] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-11-30 256576] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152] "PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-07-21 55120] "LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-05 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-05 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-05 142360] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-10-22 124224] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\Alex\Start Menu\Programs\Startup\ SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-9-22 607584] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-1-25 50688] Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2010-7-27 546360] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2010-07-21 09:28 100176 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\SoulseekNS\\slsk.exe"= "c:\\WINDOWS\\KMSEmulator.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16654:TCP"= 16654:TCP:BitComet 16654 TCP "16654:UDP"= 16654:UDP:BitComet 16654 UDP R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [25/01/2011 15:42 24304] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [13/01/2011 12:02 20592] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [26/01/2011 00:29 218688] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [25/01/2011 20:10 13680] R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [25/01/2011 15:42 132456] R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [25/01/2011 23:09 513536] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [22/10/2010 18:07 22816] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [25/01/2011 23:01 69192] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [04/05/2010 10:07 503080] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [25/01/2011 15:42 53248] R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13/03/2009 12:47 12560] R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [25/01/2011 20:10 99328] R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [30/03/2007 14:39 64440] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [09/02/2007 03:11 569344] R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [25/01/2011 20:43 6609920] R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [25/01/2011 07:29 23152] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [14/09/2006 02:42 38336] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/02/2011 04:15 136176] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [25/01/2011 20:10 45496] S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [26/01/2011 11:33 44368] S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUM_XP32.sys [25/01/2011 23:09 14992] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [25/01/2011 23:01 66536] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 08:25 30969208] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [08/02/2011 08:41 18432] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 19:37 4640000] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 14:06 11520] . Contents of the 'Scheduled Tasks' folder 2011-03-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 23:54] 2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-15 14:57] 2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-15 14:57] 2011-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2238128139-3701080661-2959468671-1005Core.job - c:\documents and settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-29 14:57] 2011-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2238128139-3701080661-2959468671-1005UA.job - c:\documents and settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-29 14:57] 2011-02-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-01-27 22:29] 2011-03-01 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-01-25 17:29] 2011-03-01 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\pcdrcui.exe [2011-01-27 22:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www-307.ibm.com/pc/support/site.wss/migr-67971.html uInternet Settings,ProxyOverride = *.local IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\ycilvo5k.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.lemonde.fr FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-02 00:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc] "ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1392) c:\windows\system32\vrlogon.dll c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infql2.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\qlbase.dll c:\program files\ThinkVantage Fingerprint Software\ps2css.dll c:\windows\system32\igfxdev.dll - - - - - - - > 'lsass.exe'(1448) c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infql2.dll - - - - - - - > 'explorer.exe'(5556) c:\windows\system32\WININET.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll c:\windows\system32\btmmhook.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2011-03-02 00:33:58 ComboFix-quarantined-files.txt 2011-03-01 18:33 ComboFix2.txt 2011-02-28 18:02 ComboFix3.txt 2011-02-23 14:48 ComboFix4.txt 2011-02-23 11:53 ComboFix5.txt 2011-03-01 18:15 Pre-Run: 9,431,678,976 bytes free Post-Run: 9,412,591,616 bytes free - - End Of File - - F108B9B702EF3364255E1B6CCBBC8AA8 CF-Submit.htm
  9. Hi Borislav, Here is the result: VT Community Sign in ? My account ? Sign out Signing out... Languages ? VirusTotal's website has changed, we need new translations, do you feel like helping the community? info@virustotal.com Sign in to VT Community Safety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy. email password Keep me logged in Sign in Signing in, please wait... Login failed, please try again Forgot your password? Create an account Edit my profile View my profile Inbox Virus Total Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information... 5 VT Community user(s) with a total of 5 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: KMSEmulator.exe Submission date: 2011-02-27 22:21:49 (UTC) Current status: finished Result: 26 /42 (61.9%) VT Community goodware Safety score: 100.0% Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.02.28.00 2011.02.27 Trojan/Win32.Gen AntiVir 7.11.3.241 2011.02.27 SPR/Tool.Keygen.BI.38 Antiy-AVL 2.0.3.7 2011.02.27 - Avast 4.8.1351.0 2011.02.23 Win32:Malware-gen Avast5 5.0.677.0 2011.02.23 Win32:Malware-gen AVG 10.0.0.1190 2011.02.27 BackDoor.Hackdoor.R BitDefender 7.2 2011.02.27 - CAT-QuickHeal 11.00 2011.02.27 HackTool.Keygen.a (Not a Virus) ClamAV 0.96.4.0 2011.02.27 - Commtouch 5.2.11.5 2011.02.27 W32/MalwareF.RBHI Comodo 7823 2011.02.27 UnclassifiedMalware DrWeb 5.0.2.03300 2011.02.27 - Emsisoft 5.1.0.2 2011.02.27 possible-Threat.Crack.MSO!IK eSafe 7.0.17.0 2011.02.27 Win32.SPRTool.Keygen eTrust-Vet 36.1.8184 2011.02.25 - F-Prot 4.6.2.117 2011.02.27 W32/MalwareF.RBHI F-Secure 9.0.16160.0 2011.02.27 - Fortinet 4.2.254.0 2011.02.27 W32/Keygen.DX!tr GData 21 2011.02.27 Win32:Malware-gen Ikarus T3.1.1.97.0 2011.02.27 possible-Threat.Crack.MSO Jiangmin 13.0.900 2011.02.27 - K7AntiVirus 9.90.3967 2011.02.25 Riskware Kaspersky 7.0.0.125 2011.02.27 - McAfee 5.400.0.1158 2011.02.27 Generic.dx!uqo McAfee-GW-Edition 2010.1C 2011.02.27 Heuristic.LooksLike.Win32.Suspicious.C!89 Microsoft 1.6603 2011.02.27 HackTool:Win32/Keygen NOD32 5912 2011.02.27 a variant of Win32/HackKMS.A Norman 6.07.03 2011.02.27 W32/Suspicious_Gen2.FAHTA nProtect 2011-02-10.01 2011.02.15 - PCTools 7.0.3.5 2011.02.25 Trojan.Gen Prevx 3.0 2011.02.27 - Rising 23.46.05.03 2011.02.26 - Sophos 4.61.0 2011.02.27 Troj/Keygen-DX SUPERAntiSpyware 4.40.0.1006 2011.02.27 - Symantec 20101.3.0.103 2011.02.27 Trojan.Gen.2 TheHacker 6.7.0.1.140 2011.02.27 - TrendMicro 9.200.0.1012 2011.02.27 TROJ_GEN.R47C3LC TrendMicro-HouseCall 9.200.0.1012 2011.02.27 TROJ_GEN.R47C3LC VBA32 3.12.14.3 2011.02.25 - VIPRE 8557 2011.02.27 HackTool.Win32.Keygen ViRobot 2011.2.26.4331 2011.02.27 - VirusBuster 13.6.225.2 2011.02.27 - Additional information Show all MD5 : cf7498ada4ac2f50e5ca72205865d7ce SHA1 : b97d98cd50ea1c8d1d471043bc21bd95ff73b6d3 SHA256: a2ffd0bc5e055e519fd3006bfdae422327d8e01310eae528267014c54293bfa4 ssdeep: 1536:AmO/4ZLqopD6C+ZHGslB7MuNp+eudFew7WgPEXKOtnjuSGedEO:ABkLdpD6C+ZHGu7MuX+ eudHlPEaOJuSg File size : 78848 bytes First seen: 2010-11-12 03:27:22 Last seen : 2011-02-27 22:21:49 Magic: PE32 executable for MS Windows (console) Intel 80386 32-bit TrID: Win32 EXE Yoda's Crypter (56.9%) Win32 Executable Generic (18.2%) Win32 Dynamic Link Library (generic) (16.2%) Generic Win/DOS Executable (4.2%) DOS Executable Generic (4.2%) sigcheck: publisher....: n/a copyright....: n/a product......: localhost description..: Local KMS Host original name: localhost.dll internal name: localhost file version.: 6.0 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD: - packers (F-Prot): UPX packers (Kaspersky): UPX PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x28620 timedatestamp....: 0x4A7C1F70 (Fri Aug 07 12:34:56 2009) machinetype......: 0x14C (Intel I386) [[ 3 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 , 0x1000, 0x15000, 0x0, 0.0, d41d8cd98f00b204e9800998ecf8427e , 0x16000, 0x13000, 0x12800, 7.89, 2e83b76bbd4a03aa25824cb48c82fbcd .rsrc, 0x29000, 0x1000, 0x800, 4.84, e33a59a2f399b3862d15c19f9185c8fb [[ 3 import(s) ]] kernel32.dll: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess rpcrt4.dll: NdrServerCall2 user32.dll: wsprintfA ThreatExpert: http://www.threatexpert.com/report.aspx?md5=cf7498ada4ac2f50e5ca72205865d7ce ExifTool: - Symantec reputation:Suspicious.Insight VT Community 5 User: Anonymous Reputation: 1 credits Comment date: 2010-12-10 17:47:01 (UTC) This is just the file that reactivates office, if you happened to get office off your "friend". heh heh. Tags: Goodware, Was this comment helpful? Yes (4) | No (0) | Report abuse Reported as abuseful User: Anonymous Reputation: 1 credits Comment date: 2010-12-12 00:41:41 (UTC) Tags: Goodware, keygen, application, crack Was this comment helpful? Yes (3) | No (0) | Report abuse Reported as abuseful User: Anonymous Reputation: 1 credits Comment date: 2010-12-28 02:03:20 (UTC) Yep it's just used to activate Office, I didn't give it internet, but no harm so far. Tags: Goodware, keygen, application, crack Was this comment helpful? Yes (3) | No (0) | Report abuse Reported as abuseful User: Anonymous Reputation: 1 credits Comment date: 2011-01-19 17:02:47 (UTC) Tags: Goodware, Was this comment helpful? Yes (2) | No (0) | Report abuse Reported as abuseful User: Anonymous Reputation: 1 credits Comment date: 2011-02-27 19:40:27 (UTC) Tags: Goodware, Was this comment helpful? Yes (0) | No (0) | Report abuse Reported as abuseful User: Anonymous Reputation: 1 credits Comment date: 2010-12-10 17:47:01 (UTC) This is just the file that reactivates office, if you happened to get office off your "friend". heh heh. Tags: Goodware, Was this comment helpful? Yes (4) | No (0) | Report abuse Reported as abuseful User: Anonymous Reputation: 1 credits Comment date: 2010-12-12 00:41:41 (UTC) Tags: Goodware, keygen, application, crack Was this comment helpful? Yes (3) | No (0) | Report abuse Reported as abuseful User: Anonymous Reputation: 1 credits Comment date: 2010-12-28 02:03:20 (UTC) Yep it's just used to activate Office, I didn't give it internet, but no harm so far. Tags: Goodware, keygen, application, crack Was this comment helpful? Yes (3) | No (0) | Report abuse Reported as abuseful User: Anonymous Reputation: 1 credits Comment date: 2011-01-19 17:02:47 (UTC) Tags: Goodware, Was this comment helpful? Yes (2) | No (0) | Report abuse Reported as abuseful User: Anonymous Reputation: 1 credits Comment date: 2011-02-27 19:40:27 (UTC) Tags: Goodware, Was this comment helpful? Yes (0) | No (0) | Report abuse Reported as abuseful Loading... Prev1Next Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments? You can add basic styles to your comments using the following accepted bbcode tags: text -- bold text -- italics text -- underline text -- strikethrough text - preformatted text You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for. Goodware Malware Spam attachment/link P2P download Propagating via IM Network worm Drive-by-download Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review. Preview comment Edit comment Post comment Posting comment... Comment successfully posted ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. VirusTotal
  10. Hi Borislav, Thanks for your kind help. Here is the report from Combo-Fix: ComboFix 11-02-28.01 - Alex 28/02/2011 23:51:47.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.1083 [GMT 6:00] Running from: c:\documents and settings\Alex\My Documents\Downloads\Combo-Fix.exe AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((( Files Created from 2011-01-28 to 2011-02-28 ))))))))))))))))))))))))))))))) . 2011-02-28 17:10 . 2011-02-28 17:10 -------- d-----w- c:\windows\LastGood 2011-02-26 15:55 . 2011-02-26 15:55 388096 ----a-r- c:\documents and settings\Alex\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-02-26 15:55 . 2011-02-26 15:55 -------- d-----w- c:\program files\Trend Micro 2011-02-26 15:34 . 2011-02-26 15:34 -------- d-----w- c:\documents and settings\Alex\Application Data\Malwarebytes 2011-02-26 15:34 . 2010-12-20 12:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-26 15:34 . 2011-02-26 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-26 15:34 . 2011-02-28 08:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-26 15:34 . 2010-12-20 12:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-23 11:58 . 2011-02-27 05:45 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-02-23 11:58 . 2011-02-27 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-02-22 09:48 . 2011-02-23 13:30 -------- d-----w- c:\program files\Windows Defender 2011-02-22 07:24 . 2011-02-22 09:13 78848 ----a-w- c:\windows\KMSEmulator.exe 2011-02-22 07:06 . 2011-02-22 07:06 -------- d-----w- C:\share 2011-02-21 16:35 . 2011-02-21 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek 2011-02-21 14:40 . 2011-02-21 14:40 -------- d-----w- c:\program files\SoulseekNS 2011-02-18 07:06 . 2011-02-18 07:07 -------- d-----w- c:\documents and settings\Alex\Application Data\Update 2011-02-17 11:10 . 2011-02-17 11:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2011-02-17 06:09 . 2011-02-17 06:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2011-02-16 08:55 . 2011-02-16 08:55 -------- d-----w- c:\program files\WebGear 2011-02-16 06:42 . 2011-02-16 08:48 -------- d-----w- C:\My Movies 2011-02-16 06:27 . 2011-02-16 06:30 -------- d-----w- C:\Alex 2011-02-16 06:10 . 2011-02-21 08:26 -------- d-----w- C:\MP3 2011-02-15 22:15 . 2011-02-15 22:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2011-02-12 11:58 . 2001-08-17 14:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2011-02-12 11:58 . 2008-04-13 21:42 159232 ----a-w- c:\windows\system32\ptpusd.dll 2011-02-12 11:58 . 2008-04-13 16:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-02-12 11:58 . 2008-04-13 16:15 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys 2011-02-10 17:22 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll 2011-02-08 22:34 . 2011-02-08 22:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-02-08 21:32 . 2011-02-08 21:32 -------- d-----w- c:\documents and settings\Alex\Application Data\Windows Search 2011-02-08 21:26 . 2011-02-27 14:38 -------- d-----w- c:\program files\CoreCodec 2011-02-08 21:22 . 2011-02-22 07:24 -------- d-----w- C:\Downloads 2011-02-08 21:21 . 2011-02-22 08:23 -------- d-----w- c:\documents and settings\Alex\Application Data\BitComet 2011-02-08 16:37 . 2011-02-08 16:37 -------- d--h--w- c:\windows\PIF 2011-02-08 14:34 . 2011-02-08 18:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2011-02-08 02:47 . 2011-02-08 02:47 -------- d-----w- c:\program files\iPod 2011-02-08 02:41 . 2010-04-19 12:29 18432 ----a-w- c:\windows\system32\drivers\netaapl.sys 2011-02-08 02:41 . 2010-09-28 07:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-08 02:41 . 2010-09-28 07:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-07 17:02 . 2008-04-13 16:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2011-02-07 17:02 . 2008-04-13 16:09 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys 2011-02-07 17:02 . 2008-04-13 16:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2011-02-07 17:02 . 2008-04-13 16:16 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys 2011-02-07 13:51 . 2011-02-16 06:47 -------- d-----w- c:\documents and settings\Alex\Application Data\Apple Computer 2011-02-07 13:50 . 2009-05-18 05:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-02-07 13:50 . 2008-04-17 04:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2011-02-07 13:48 . 2011-02-08 02:50 -------- d-----w- c:\program files\iTunes 2011-02-07 13:48 . 2011-02-07 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2011-02-07 13:46 . 2011-02-07 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2011-02-07 13:46 . 2011-02-07 13:46 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\Apple 2011-02-07 13:46 . 2011-02-07 13:46 -------- d-----w- c:\program files\Apple Software Update 2011-02-07 13:34 . 2011-02-07 13:34 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\Identities 2011-02-07 13:34 . 2011-02-07 13:34 -------- d-----w- c:\documents and settings\Alex\Application Data\Windows Desktop Search 2011-02-07 13:29 . 2011-02-08 14:27 -------- d-----w- c:\program files\Windows Desktop Search 2011-02-07 13:29 . 2011-02-07 13:29 -------- d-----w- c:\windows\system32\GroupPolicy 2011-02-07 13:28 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll 2011-02-07 13:28 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll 2011-02-07 13:28 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll 2011-02-07 13:19 . 2011-02-07 13:20 -------- d-----w- c:\program files\Bonjour 2011-02-07 13:19 . 2011-02-12 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2011-02-07 13:19 . 2011-02-08 02:47 -------- d-----w- c:\program files\Common Files\Apple 2011-02-07 13:12 . 2011-02-28 17:07 -------- d-----w- c:\documents and settings\Alex\Application Data\skypePM 2011-02-07 13:12 . 2011-02-08 02:37 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\Apple Computer 2011-02-02 04:34 . 2011-02-02 04:34 -------- d-----w- c:\program files\Roadkil.Net . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-26 01:57 . 2011-01-25 18:29 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-01-25 18:03 . 2011-01-25 18:03 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-01-25 18:03 . 2011-01-25 18:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-01-25 14:42 . 2011-01-25 14:42 319488 ------w- c:\windows\system32\AegisI5Installer.exe 2011-01-25 13:46 . 2011-01-25 01:47 33088 ------w- c:\windows\system32\drivers\psadd.sys 2011-01-25 12:59 . 2011-01-25 12:59 45056 ------r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{90B5E602-1867-449D-86FD-FC9DEA4434BF}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe 2011-01-25 05:52 . 2011-01-25 05:52 391792 ------w- c:\windows\qfe8.tmp 2011-01-25 01:56 . 2011-01-25 01:56 33536 ------w- c:\windows\system32\drivers\tvtfilter.sys 2011-01-25 01:56 . 2011-01-25 01:57 129784 ------w- c:\windows\system32\pxafs.dll 2011-01-25 01:56 . 2011-01-25 01:57 118520 ------w- c:\windows\system32\pxinsi64.exe 2011-01-25 01:56 . 2011-01-25 01:57 115960 ------w- c:\windows\system32\pxcpyi64.exe 2011-01-25 01:56 . 2006-09-27 21:53 36624 ------w- c:\windows\system32\drivers\pxhelp20.sys 2011-01-25 01:55 . 2011-01-25 01:55 7012 ------w- c:\windows\system32\drivers\pmemnt.sys 2011-01-21 14:44 . 2006-04-30 06:56 439296 ------w- c:\windows\system32\shimgvw.dll 2011-01-14 05:13 . 2011-01-14 05:13 337256 ------w- c:\windows\system32\TpShocks.exe 2011-01-14 05:13 . 2011-01-14 05:13 279912 ------w- c:\windows\system32\TpShEvUI.exe 2011-01-14 05:13 . 2011-01-14 05:13 492904 ------w- c:\windows\system32\TpShCPL.dll 2011-01-14 05:13 . 2011-01-14 05:13 386408 ------w- c:\windows\system32\TpShCPL.cpl 2011-01-13 06:06 . 2011-01-13 06:06 20328 ------w- c:\windows\system32\Sensor.DLL 2011-01-13 06:05 . 2011-01-13 06:05 40048 ------w- c:\windows\system32\TPHDEXLG.exe 2011-01-13 06:04 . 2011-01-13 06:04 122992 ------w- c:\windows\system32\drivers\ApsX86.sys 2011-01-13 06:02 . 2011-01-13 06:02 20592 ------w- c:\windows\system32\drivers\ApsHM86.sys 2011-01-07 14:09 . 2006-04-30 06:55 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2006-04-30 06:55 1854976 ------w- c:\windows\system32\win32k.sys 2010-12-29 08:19 . 2010-12-29 08:19 734520 ------w- c:\windows\system32\tcsrpc.dll 2010-12-29 08:19 . 2010-12-29 08:19 427320 ------w- c:\windows\system32\tvttsp.dll 2010-12-22 12:34 . 2006-04-30 06:55 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2006-04-30 06:55 730112 ------w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2006-04-30 06:55 385024 ------w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2006-04-30 06:55 718336 ------w- c:\windows\system32\ntdll.dll 2010-12-09 14:30 . 2006-04-30 06:55 33280 ------w- c:\windows\system32\csrsrv.dll 2010-12-09 13:42 . 2006-04-30 06:55 2148864 ------w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07 . 2004-08-03 22:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((( SnapShot@2011-02-23_11.51.20 ))))))))))))))))))))))))))))))))))))))))) . + 2011-02-28 08:00 . 2011-02-28 08:00 16384 c:\windows\temp\Perflib_Perfdata_bc8.dat + 2006-04-30 06:55 . 2011-02-28 08:06 79360 c:\windows\system32\perfc009.dat - 2006-04-30 06:55 . 2011-02-23 11:23 79360 c:\windows\system32\perfc009.dat + 2011-02-21 17:11 . 2011-02-26 15:48 3987 c:\windows\system32\config\systemprofile\Application Data\Intel\Wireless\Settings\AlertHistory.bin + 2006-04-30 06:55 . 2011-02-28 08:06 465640 c:\windows\system32\perfh009.dat - 2006-04-30 06:55 . 2011-02-23 11:23 465640 c:\windows\system32\perfh009.dat + 2011-02-26 15:55 . 2011-02-26 15:55 1094656 c:\windows\Installer\11541b.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2009-03-13 1118720] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104] "Google Update"="c:\documents and settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-01-29 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-11-04 517480] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-11-04 208896] "TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-25 62312] "TpShocks"="TpShocks.exe" [2011-01-14 337256] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-11-30 256576] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152] "PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-07-21 55120] "LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-05 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-05 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-05 142360] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-10-22 124224] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\Alex\Start Menu\Programs\Startup\ SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-9-22 607584] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-1-25 50688] Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2010-7-27 546360] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2010-07-21 09:28 100176 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\SoulseekNS\\slsk.exe"= "c:\\WINDOWS\\KMSEmulator.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16654:TCP"= 16654:TCP:BitComet 16654 TCP "16654:UDP"= 16654:UDP:BitComet 16654 UDP R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [25/01/2011 15:42 24304] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [13/01/2011 12:02 20592] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [26/01/2011 00:29 218688] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [25/01/2011 20:10 13680] R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [25/01/2011 15:42 132456] R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [25/01/2011 23:09 513536] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [22/10/2010 18:07 22816] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [25/01/2011 23:01 69192] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [04/05/2010 10:07 503080] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [25/01/2011 15:42 53248] R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13/03/2009 12:47 12560] R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [25/01/2011 20:10 99328] R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [30/03/2007 14:39 64440] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [09/02/2007 03:11 569344] R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [25/01/2011 20:43 6609920] R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [25/01/2011 07:29 23152] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [14/09/2006 02:42 38336] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/02/2011 04:15 136176] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [25/01/2011 20:10 45496] S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [26/01/2011 11:33 44368] S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUM_XP32.sys [25/01/2011 23:09 14992] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [25/01/2011 23:01 66536] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 08:25 30969208] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [08/02/2011 08:41 18432] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 19:37 4640000] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 14:06 11520] . Contents of the 'Scheduled Tasks' folder 2011-02-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 23:54] 2011-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-15 14:57] 2011-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-15 14:57] 2011-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2238128139-3701080661-2959468671-1005Core.job - c:\documents and settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-29 14:57] 2011-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2238128139-3701080661-2959468671-1005UA.job - c:\documents and settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-29 14:57] 2011-02-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-01-27 22:29] 2011-02-28 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-01-25 17:29] 2011-02-27 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\pcdrcui.exe [2011-01-27 22:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www-307.ibm.com/pc/support/site.wss/migr-67971.html uInternet Settings,ProxyOverride = *.local IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\ycilvo5k.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.lemonde.fr FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-28 23:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc] "ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1392) c:\windows\system32\vrlogon.dll c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infql2.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\qlbase.dll c:\program files\ThinkVantage Fingerprint Software\ps2css.dll c:\windows\system32\igfxdev.dll - - - - - - - > 'lsass.exe'(1448) c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infql2.dll - - - - - - - > 'explorer.exe'(3340) c:\windows\system32\WININET.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll c:\windows\system32\btmmhook.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2011-03-01 00:02:14 ComboFix-quarantined-files.txt 2011-02-28 18:01 ComboFix2.txt 2011-02-23 14:48 ComboFix3.txt 2011-02-23 11:53 ComboFix4.txt 2011-02-23 11:30 Pre-Run: 9,468,481,536 bytes free Post-Run: 9,458,384,896 bytes free - - End Of File - - 424D7FC083C8FAD94D347CB47D30F3EC
  11. Hi Borislav, Thanks. I have disabled McAfee Access Protection and reinstalled MBAM. However, I could not update to the latest version... still the same error PROGRAM_ERROR_UPDATING(12029, 0, WinHttpSendRequest). I have used mbam-rules.exe and install it and after it says my DB version is 5750... but still cannot update to the latest version. Any idea? Thanks, Alex
  12. Hi Borislav, I have another computer which is running MBAM database 5898. Is it possible to transfer the database to the infected computer? I don't understand why the manual update mbam-rules.exe contains an old database 5850 dated 02 FEB 2011... why not download the latest one? Thanks for your help anyway. Alex
  13. Hi Borislav, In IE Options, the box is not checked "Use a proxy server for your LAN" In Firefox, the box "No proxy" is checked However , I still have the same error: PROGRAM_ERROR_UPDATING(12029, 0, WinHttpSendRequest) Note that I can browse the internet normally with IE and Firefox. Chrome is not connecting. Thanks again, I hope I can fix this soon. Alex
  14. Hi Borislav, Thanks a lot for your help. I am following all your steps, but as I said, the database update doesn't work: PROGRAM_ERROR_UPDATING(12029, 0, WinHttpSendRequest) I downloaded the file mbam-rules.exe and install it and after it says my DB version is 5750... Here is the log for quick scan and screenshot: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5750 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 27/02/2011 17:30:02 mbam-log-2011-02-27 (17-30-02).txt Scan type: Quick scan Objects scanned: 157258 Time elapsed: 5 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  15. Hi Borislav, Thanks, Here is the result of the scan: It seems that if found and delete some dll related to QVOD... however after reboot the problem is still there (MBAM wont update, chrome cant connect to internet, etc...) What should I do next? Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5750 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 27/02/2011 14:56:17 mbam-log-2011-02-27 (14-56-17).txt Scan type: Full scan (C:\|) Objects scanned: 230011 Time elapsed: 1 hour(s), 46 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QvodPlayer (Spyware.Passwords) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\program files\qvodplayer\qvoduninst.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
  16. Hi Borislav, Thanks for your help and fast response. I have followed your steps: 1. I have removed BitComet. I am quite cautious with P2P and Internet in general, and as an IT project manager, I think I am quite computer litterate. I have been using BitComet and other P2P for years without any major hassle. It seems that this time the virus has been more clever and quite nasty... I was in the process of setting up a new computer and perhaps all the defence I usually use were not yet set up or adequate anymore. Appreciate if you could refer me to an updated page of best defence programs (I am lost will all the programs on the market and not sure which one to use anymore). Apparently SpywareGuard and McAfee did not detect the threat... 2. I have removed SpyBot. I could not untick the box Resident SD Helper, so I uninstalled everything. Is this program still usefull nowadays? 3. I have downladed and installed MBAM rules. 4. When I run MBAM, it starts, when I check updates it says the database is outdated by 14 days. Would you like to update now. When I click yes, it says An error has occured.Please report this error code to our support team. PROGRAM_ERROR_UPDATING(12029, 0, WinHttpSendRequest). Note that my internet connection seems up, as I am able to browse websites with Firefox. Chrome is still not connection... Most programs are not able to connect. Skype is connecting. Anyway, I have opted to run a full scan. It's running now, will let you know the outcome. Thanks again, Alex
  17. Hello, It seems that my computer as been infected by a nasty virus/malware since 3 days. I have tried to eradicate it with ComboFix but it keeps resuming its activities. The initial symptoms was no access to Web in Chrome: Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error However I had web access via IE and Firefox. Also HTML content was not anymore displayed in Outlook (images displaying red cross). Then I could not install any new software, seems like the access to Registry was blocked somehow. I managed to install MBAM but it won't update it's 68 days old signature file. Even to start the GMER I had to go back to safe mode because it would not start. Below are the following logs: 1. The defogger log 2. The HIJACK THIS log 3. The DDS log (plus the Attach) 4. The GMER log (I had to run it in safe mode because in normal mode I have the error: LoadDriver ("C:\Document and Settings\Alex\Locals~1\Temp\kwlorpod.sys" ) error 0xC0000034: The system cannot find the file specified. Thanks in advance for your help. Alex Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:57:15, on 26/02/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE C:\Program Files\DU Meter\DUMeterSvc.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\WINDOWS\system32\svchost.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\DUMETE~1\DUMeter.exe C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Lenovo\Client Security Solution\password_manager.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www-307.ibm.com/pc/support/si...igr-67971.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1295875073413 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files\DU Meter\DUMeterSvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- End of file - 22997 bytes defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:33 on 23/02/2011 (Alex) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCUAEMON Tools Lite -> Removed Checking for services/drivers... DDS (Ver_10-12-12.02) - NTFSx86 Run by Alex at 21:35:05.40 on 23/02/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.921 [GMT 6:00] AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\WiFi\bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE C:\Program Files\DU Meter\DUMeterSvc.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxext.exe C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\PROGRA~1\DUMETE~1\DUMeter.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Alex\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Lenovo\Client Security Solution\password_manager.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Documents and Settings\Alex\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www-307.ibm.com/pc/support/site.wss/migr-67971.html uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll BHO: Java Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.