HJT Log - Unwanted traffic on port 80 :(

Author	All Replies
Pete needs help @tpnet.pl	HJT Log - Unwanted traffic on port 80 :( As soon as I get an internet connection, I get some unwanted traffic which greatly slows down my internet and browser. I scanned using AVG, Malwarebytes' Anti-Malware, A2 Anti Malware, Spybot SD and online scanner ESET. Fixed a few viruses and trojans, but the problem remains. C:\Users\Popi>netstat -n Aktywne po³±czenia Protokó³ Adres lokalny Obcy adres Stan TCP 127.0.0.1:10080 127.0.0.1:49256 USTANOWIONO TCP 127.0.0.1:10080 127.0.0.1:49270 OCZEKIWANIE_FIN__2 TCP 127.0.0.1:10080 127.0.0.1:49278 USTANOWIONO TCP 127.0.0.1:10080 127.0.0.1:49286 USTANOWIONO TCP 127.0.0.1:10080 127.0.0.1:49302 USTANOWIONO TCP 127.0.0.1:10080 127.0.0.1:49306 USTANOWIONO TCP 127.0.0.1:10080 127.0.0.1:49314 USTANOWIONO TCP 127.0.0.1:10080 127.0.0.1:49318 USTANOWIONO TCP 127.0.0.1:10080 127.0.0.1:49320 CZAS_OCZEKIWANIA TCP 127.0.0.1:10080 127.0.0.1:49322 CZAS_OCZEKIWANIA TCP 127.0.0.1:10080 127.0.0.1:49324 USTANOWIONO TCP 127.0.0.1:49256 127.0.0.1:10080 USTANOWIONO TCP 127.0.0.1:49264 127.0.0.1:49265 USTANOWIONO TCP 127.0.0.1:49265 127.0.0.1:49264 USTANOWIONO TCP 127.0.0.1:49266 127.0.0.1:49267 USTANOWIONO TCP 127.0.0.1:49267 127.0.0.1:49266 USTANOWIONO TCP 127.0.0.1:49270 127.0.0.1:10080 OCZEKIWANIE_ZAMKN TCP 127.0.0.1:49278 127.0.0.1:10080 USTANOWIONO TCP 127.0.0.1:49286 127.0.0.1:10080 USTANOWIONO TCP 127.0.0.1:49302 127.0.0.1:10080 USTANOWIONO TCP 127.0.0.1:49306 127.0.0.1:10080 USTANOWIONO TCP 127.0.0.1:49314 127.0.0.1:10080 USTANOWIONO TCP 127.0.0.1:49318 127.0.0.1:10080 USTANOWIONO TCP 127.0.0.1:49324 127.0.0.1:10080 USTANOWIONO TCP 192.168.0.178:49257 77.67.30.73:80 USTANOWIONO TCP 192.168.0.178:49271 74.125.39.147:80 OCZEKIWANIE_ZAMKN TCP 192.168.0.178:49279 74.125.39.103:80 USTANOWIONO TCP 192.168.0.178:49287 74.125.39.103:80 USTANOWIONO TCP 192.168.0.178:49303 209.85.129.165:80 USTANOWIONO TCP 192.168.0.178:49307 74.125.39.157:80 USTANOWIONO TCP 192.168.0.178:49315 74.125.43.100:80 USTANOWIONO TCP 192.168.0.178:49319 74.125.39.102:80 USTANOWIONO TCP 192.168.0.178:49325 217.96.43.30:80 USTANOWIONO Only firefox should be using the internet. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:22:24, on 2009-07-26 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\svchost.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe C:\Windows\system32\svchost.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Lenovo\PM Driver\PMSveH.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\tcpsvcs.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Apoint2K\Apoint.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\a-squared Anti-Malware\a2guard.exe c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Popi\Gadu-Gadu\gg.exe C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\cmd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conime.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Windows\system32\svchost.exe C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2start.exe C:\Users\Popi\Desktop\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Pomocnik rejestracji us³ugi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Popi\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'US£UGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'US£UGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'US£UGA SIECIOWA') O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Wy¶lij obraz do urz±dzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Wy¶lij stronê do urz±dzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: acaptuser32.dll,avgrsstx.dll O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe (file missing) O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13182 bytes First I ran Malwarebytes/A2 in safe mode with no internet access, fixed a few problems. After scanning again, all clean. Malwarebytes' Anti-Malware 1.39 Database version: 2500 Windows 6.0.6001 Service Pack 1 2009-07-26 11:39:46 mbam-log-2009-07-26 (11-39-46).txt Scan type: Quick Scan Objects scanned: 86719 Time elapsed: 12 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Any help greatly appreciated!
	to forum · permalink · 2009-07-26 06:55:06 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Alexandria, VA	Hi Pete I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed. I recommend you uninstall the questionable Ask Toolbar, it was likely installed with another program and you didn't see the notice that it was an optional component at the start of the install process. Many programs (even widely known legitimate programs) have toolbars as optional bundled installs these days because they get money from the business relationship. You can read more about Ask.com here. If you uninstalled the Ask Toolbar as recommended, using Windows Explorer delete the following folders if found: C:\Program Files\AskBarDis C:\Program Files\AskSearch Please Run Malwarebytes' Anti-Malware. - Click the Update tab. - Click Check for Updates. - If an update is found, it will download and install. - Click the Scanner tab. - Select "Perform full scan", then click Scan. - The scan may take some time to finish,so please be patient. - When the scan is complete, click OK, then Show Results to view the results. - Make sure that everything is checked, and click Remove Selected. - When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note) - The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. - Copy & Paste the entire report in your next reply along with a fresh HijackThis log. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Download ComboFix© by sUBs from one of these locations: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe * IMPORTANT !!! Save ComboFix.exe to your Desktop Familiarize yourself with ComboFix before running it: »www.bleepingcomputer.com/combofi···combofix - Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering. - Double click on ComboFix.exe & follow the prompts. - As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. There are some difficult to remove infections that will only be fixed if you have the Recovery Console installed. - Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it will save a log. Please include the contents of the log at C:\ComboFix.txt in your next reply. In Internet Explorer, please run the BitDefender** online scan at BitDefender.com You will need to allow an ActiveX control to install for the scan to run. Leave the scanning options at default and press "click here to scan" When finished scanning, click on "click here to export the scan report" Save it to your desktop, at "file name" type in "bdscan" then click save. Please post the log in your next reply. Please post a new HijackThis log, the log from MBAM, the log from BitDefender's online scan, and in a second reply (due to length) the log from ComboFix (combofix.txt), and note any errors encountered. -- Proud ASAP member since 2005 Microsoft MVP/Windows Security 2009
	to forum · permalink · · 2009-07-28 08:33:48 ·
Pete needs help @davita.com	Goodmorning Joker! Ask toolbar has been uninstalled. --------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 05:20:20, on 2009-07-29 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe C:\Windows\system32\svchost.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Lenovo\PM Driver\PMSveH.exe C:\Windows\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\System32\tcpsvcs.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\a-squared Anti-Malware\a2guard.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Popi\Gadu-Gadu\gg.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe C:\Windows\system32\cmd.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Users\Popi\Desktop\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\RacAgent.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Pomocnik rejestracji us³ugi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Popi\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Wy¶lij obraz do urz±dzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Wy¶lij stronê do urz±dzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - »download.bitdefender.com/resourc···can8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - »download.eset.com/special/eos/On···nner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6F31BCFC-0749-4AAD-BF1D-9157D98125B1}: NameServer = 89.108.195.20 89.108.195.21 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\System32\acaptuser32.dll C:\Windows\System32\avgrsstx.dll O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe (file missing) O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13654 bytes --------------------------------------------------------- Malwarebytes' Anti-Malware 1.39 Database version: 2518 Windows 6.0.6001 Service Pack 1 2009-07-28 19:51:46 mbam-log-2009-07-28 (19-51-45).txt Scan type: Full Scan (C:\\|) Objects scanned: 330552 Time elapsed: 2 hour(s), 55 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) --------------------------------------------------------- BitDefender Online Scanner - Real Time Virus Report Generated at: Wed, Jul 29, 2009 - 04:31:27 Scan Info Scanned Files 1272723 Infected Files 0 Virus Detected No virus found.
	to forum · permalink · 2009-07-28 23:24:18 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Alexandria, VA	Download ComboFix© by sUBs from one of these locations: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe * IMPORTANT !!! Save ComboFix.exe to your Desktop Familiarize yourself with ComboFix before running it: »www.bleepingcomputer.com/combofi···combofix - Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering. - Double click on ComboFix.exe & follow the prompts. - As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. There are some difficult to remove infections that will only be fixed if you have the Recovery Console installed. - Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it will save a log. Please include the contents of the log at C:\ComboFix.txt** in your next reply along with a new HijackThis log. -- Proud ASAP member since 2005 Microsoft MVP/Windows Security 2009
	to forum · permalink · · 2009-07-28 23:34:48 ·
Pete needs help @davita.com	reply to TheJoker ComboFix 09-07-27.04 - Popi 2009-07-28 19:56.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.48.1045.18.2008.1135 [GMT 2:00] Uruchomiony z: c:\users\Popi\Desktop\ComboFix.exe AV: ZoneAlarm Security Suite Antivirus On-access scanning disabled (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: ZoneAlarm Anti-Spyware enabled (Outdated) {F245A209-1085-48B4-B927-35D56015EC60} . ((((((((((((((((((((((((((((((((((((((( Usuniêto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1149175206-1025816094-1348354112-500 C:\System c:\windows\Installer\1c417.msi Q:\AUTORUN.INF S:\Autorun.inf . ((((((((((((((((((((((((( Pliki utworzone od 2009-06-28 do 2009-07-28 ))))))))))))))))))))))))))))))) . 2009-07-26 09:37 . 2009-07-26 09:37 -------- d-----w- c:\program files\ESET 2009-07-26 05:16 . 2009-07-26 05:16 -------- d-----w- C:\VundoFix Backups 2009-07-25 18:15 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-07-25 18:07 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll 2009-07-25 18:07 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-07-25 18:05 . 2009-07-25 18:05 -------- d-----w- c:\users\Popi\AppData\Roaming\Malwarebytes 2009-07-25 18:05 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-25 18:05 . 2009-07-25 18:05 -------- d-----w- c:\programdata\Malwarebytes 2009-07-25 18:05 . 2009-07-25 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-25 18:05 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-25 17:32 . 2009-07-25 17:32 -------- d-----w- c:\program files\a-squared HiJackFree 2009-07-25 17:17 . 2009-07-26 09:20 -------- d-----w- c:\program files\a-squared Anti-Malware 2009-07-25 16:00 . 2009-02-15 22:10 69000 ----a-w- c:\windows\system32\zlcomm.dll 2009-07-25 16:00 . 2009-02-15 22:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll 2009-07-25 15:59 . 2009-02-15 22:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll 2009-07-25 15:59 . 2009-02-15 22:11 293528 ----a-w- c:\windows\system32\drivers\vsdatant.sys 2009-07-25 14:23 . 2009-07-25 14:54 -------- d--h--w- C:\$AVG8.VAULT$ 2009-07-25 11:24 . 2009-07-25 11:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-07-25 11:24 . 2009-07-25 11:24 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-07-25 11:24 . 2009-07-25 11:24 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-25 11:24 . 2009-07-26 09:19 -------- d-----w- c:\windows\system32\drivers\Avg 2009-07-25 11:24 . 2009-07-25 11:24 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-07-25 11:24 . 2009-07-25 11:24 -------- d-----w- c:\programdata\avg8 2009-07-25 11:24 . 2009-07-25 11:24 -------- d-----w- c:\program files\AVG 2009-07-25 11:21 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2009-07-25 11:21 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2009-07-25 11:21 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2009-07-25 11:21 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2009-07-25 11:21 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2009-07-25 11:21 . 2009-07-25 11:21 -------- d-----w- c:\program files\Trojan Remover 2009-07-25 11:21 . 2009-07-25 11:21 -------- d-----w- c:\users\Popi\AppData\Roaming\Simply Super Software 2009-07-25 11:21 . 2009-07-25 11:21 -------- d-----w- c:\programdata\Simply Super Software 2009-07-24 19:06 . 2009-07-24 19:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-07-24 19:06 . 2009-07-24 19:07 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-22 18:51 . 2009-07-22 19:11 -------- d-----w- C:\flash 2009-07-21 12:00 . 2009-07-21 12:00 -------- d-----w- C:\Utopia 2009-07-20 14:14 . 2009-07-20 14:14 -------- d-----w- c:\users\Popi\AppData\Local\Macromedia 2009-07-09 16:43 . 2009-07-09 16:43 45056 ----a-r- c:\users\Popi\AppData\Roaming\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe 2009-07-09 16:43 . 2009-07-09 16:43 45056 ----a-r- c:\users\Popi\AppData\Roaming\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe 2009-07-09 16:42 . 2009-07-20 14:02 -------- d-----w- c:\program files\Common Files\Macromedia 2009-07-09 16:42 . 2009-07-20 14:00 -------- d-----w- c:\program files\Macromedia 2009-07-04 22:09 . 2007-12-26 15:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll 2009-07-04 22:09 . 2007-12-26 15:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll 2009-07-04 22:09 . 2009-07-26 10:52 -------- d-----w- c:\program files\Cheat Engine . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-28 18:13 . 2009-01-03 23:36 -------- d-----w- c:\users\Popi\AppData\Roaming\skypePM 2009-07-28 18:13 . 2009-01-03 23:22 -------- d-----w- c:\users\Popi\AppData\Roaming\Skype 2009-07-28 18:08 . 2008-11-19 03:01 12 ----a-w- c:\windows\bthservsdp.dat 2009-07-28 13:34 . 2008-04-18 17:14 708764 ----a-w- c:\windows\system32\perfh015.dat 2009-07-28 13:34 . 2008-04-18 17:14 144430 ----a-w- c:\windows\system32\perfc015.dat 2009-07-28 13:25 . 2009-04-19 18:09 -------- d-----w- c:\program files\Warcraft III 2009-07-26 09:16 . 2008-11-19 03:26 -------- d-----w- c:\programdata\Sonic 2009-07-26 01:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-26 01:29 . 2008-11-19 03:49 -------- d-----w- c:\programdata\Microsoft Help 2009-07-26 01:15 . 2008-11-19 03:52 -------- d-----w- c:\program files\Microsoft SQL Server 2009-07-25 16:24 . 2009-07-25 15:59 350192 ---ha-w- c:\windows\system32\drivers\vsconfig.xml 2009-07-25 16:10 . 2009-07-25 16:12 32768 ----a-w- c:\windows\Internet Logs\xDBF9F9.tmp 2009-07-24 22:30 . 2009-02-27 20:33 1 ----a-w- c:\users\Popi\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-07-24 19:49 . 2009-01-25 09:17 -------- d-----w- c:\users\Popi\AppData\Roaming\uTorrent 2009-07-23 16:13 . 2009-04-21 21:23 -------- d-----w- c:\program files\Garena 2009-07-09 17:29 . 2008-11-19 03:30 -------- d-----w- c:\program files\Java 2009-07-09 16:43 . 2009-03-22 10:39 -------- d-----w- c:\users\Popi\AppData\Roaming\FileZilla 2009-06-25 17:44 . 2009-06-11 18:27 -------- d-----w- c:\users\Popi\AppData\Roaming\dvdcss 2009-06-24 16:01 . 2009-01-03 22:03 -------- d-----w- c:\program files\DivX 2009-06-24 16:01 . 2009-06-24 16:00 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-06-23 08:38 . 2009-01-03 22:25 -------- d-----w- c:\program files\Windows Live 2009-06-23 08:38 . 2009-01-02 01:58 -------- d-----w- c:\program files\Windows Live Toolbar 2009-06-23 08:37 . 2009-06-23 08:37 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-06-23 08:36 . 2009-06-23 08:36 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-06-23 08:33 . 2009-06-23 08:33 -------- d-----w- c:\program files\Microsoft 2009-06-23 08:32 . 2009-06-23 08:32 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-06-23 08:24 . 2009-06-23 08:24 -------- d-----w- c:\program files\Common Files\Windows Live 2009-06-16 16:45 . 2009-06-16 16:45 -------- d-----w- c:\program files\Free DVD Ripper 2009-06-16 10:19 . 2009-03-22 10:38 -------- d-----w- c:\program files\FileZilla FTP Client 2009-06-15 15:24 . 2009-07-25 18:14 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 15:20 . 2009-07-25 18:14 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 15:20 . 2009-07-25 18:14 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-06-15 12:52 . 2009-07-25 18:14 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-05-24 01:35 . 2009-05-23 11:12 680 ----a-w- c:\users\Popi\AppData\Local\d3d9caps.dat 2009-05-21 09:33 . 2009-02-05 12:23 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-07-23 12:33 . 2009-01-03 20:43 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2008-11-19 11:40 . 2008-11-19 11:38 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . Uwaga puste wpisy oraz domy¶lne, prawid³owe wpisy nie s± pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "Gadu-Gadu"="c:\popi\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-11 145944] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-11 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-11 170520] "CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-10-07 16384] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-25 1948440] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2009-07-25 3208848] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "DefaultOutboundAction"= 1 (0x1) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{4EB2441D-6423-40F2-831F-F2A9D12935CF}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{67915D57-070E-4C6E-96BC-8E24EB9597EF}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{204DE9E3-35CD-406E-B8AA-218A9776F25A}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger "UDP Query User{5EF27D26-4832-4FD1-B2EE-2C449A53C58B}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger "TCP Query User{9CAD6AD2-6CE4-4556-A4A6-F643BB966D8A}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype "UDP Query User{99550F07-8604-40B6-BB2A-3A6DC3C24F55}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype "TCP Query User{713340ED-BD2B-40AD-A6E2-F3E8FF3A5954}c:\\petes files files\\sid meier's civilization 4 gold\\warlords\\civ4warlords.exe"= UDP:c:\petes files files\sid meier's civilization 4 gold\warlords\civ4warlords.exe:Sid Meier's Civilization 4 : Warlords "UDP Query User{C4F5995C-E621-410F-8E16-5B49B0BB22D1}c:\\petes files files\\sid meier's civilization 4 gold\\warlords\\civ4warlords.exe"= TCP:c:\petes files files\sid meier's civilization 4 gold\warlords\civ4warlords.exe:Sid Meier's Civilization 4 : Warlords "TCP Query User{3E30834C-0DA9-422A-A923-9351362EFCC7}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype "UDP Query User{517D4C1D-F104-4C30-AE0E-824986B93A78}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype "TCP Query User{1EF9ED39-FF4D-4A89-A35A-869CFC322141}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{3F1F12CA-61C3-4082-A84C-A11F6BAEC98B}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{6ED837EA-5EB3-4C55-81F8-98C096074149}c:\\popi\\gadu-gadu\\gg.exe"= UDP:c:\popi\gadu-gadu\gg.exe:Gadu-Gadu - program g³ówny "UDP Query User{BC24C313-3CA4-467E-A3AF-EEEC03638D49}c:\\popi\\gadu-gadu\\gg.exe"= TCP:c:\popi\gadu-gadu\gg.exe:Gadu-Gadu - program g³ówny "TCP Query User{5F16FF77-6232-4378-ADF2-48BD54569EF2}c:\\petes files files\\warcraft iii\\war3.exe"= UDP:c:\petes files files\warcraft iii\war3.exe:Warcraft III "UDP Query User{A727B381-611D-4B90-817A-34D416AFBCDD}c:\\petes files files\\warcraft iii\\war3.exe"= TCP:c:\petes files files\warcraft iii\war3.exe:Warcraft III "{BF3AAB12-D5DC-494F-B97A-97CF203DD3FD}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{093DA067-DD7D-4D3A-B21D-318634E74E7B}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{44429192-A6FB-4F27-B7B7-D477D5406C8F}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{11186B9B-AE1E-45D5-A7F4-53B6C9D2B6B9}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{DC97A871-BBFD-4AC9-BF39-C41495659747}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{7E234BC3-E53D-4D6D-A8A4-6536D6BB4891}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{1A8DB5E2-2C7C-49DD-A51A-66E45208A4DC}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server "{C4D12C66-E47A-41C3-ADE8-38065988F4AC}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server "TCP Query User{0A4E395B-2A0A-453B-B4ED-2C8E0335DAA5}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{9F273C40-B813-4966-97F9-138A4E306E29}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{9E9C92E3-9B57-48B2-BF2A-5B2324CE3320}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena "UDP Query User{82B3B865-CCDC-4CF2-8D54-10FEAEC2E450}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena "TCP Query User{481065D1-5784-4DBB-8C40-BCC860C8DD54}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{ABB5EBE3-A9EC-4D18-AE24-81378091DE58}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{DC3B127A-CF61-407D-9D03-48A95C88F3EB}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{222C752D-F912-4668-9F53-AB9332086EC5}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "{D306F92B-F310-4A32-82A2-C2D879001148}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{AAB0A113-B586-4970-A8BA-0269F04C8A34}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "TCP Query User{3802A9F1-7005-4841-835D-E7667A0EBEC7}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{0A86B26F-AC2B-4B07-BE9B-B9E373C3318C}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client "TCP Query User{F6154A38-3C75-4C29-9368-D72DFCF3FE1B}c:\\program files\\warcraft iii\\lancraft.exe"= UDP:c:\program files\warcraft iii\lancraft.exe:lancraft "UDP Query User{F80859EE-0912-45F7-9290-7D7152F53389}c:\\program files\\warcraft iii\\lancraft.exe"= TCP:c:\program files\warcraft iii\lancraft.exe:lancraft "TCP Query User{7EB05E65-1B16-434F-BD80-6121B8EA8BCD}c:\\petes files files\\sid meier's civilization 4 gold\\warlords\\civ4warlords.exe"= UDP:c:\petes files files\sid meier's civilization 4 gold\warlords\civ4warlords.exe:Sid Meier's Civilization 4 : Warlords "UDP Query User{05D8E07E-5C4A-473A-AAF5-344A24C53E96}c:\\petes files files\\sid meier's civilization 4 gold\\warlords\\civ4warlords.exe"= TCP:c:\petes files files\sid meier's civilization 4 gold\warlords\civ4warlords.exe:Sid Meier's Civilization 4 : Warlords "{E9E16420-0989-481A-911A-EBEDE9797218}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "TCP Query User{89AF851D-49D1-4C7F-AF3E-9AB924A10F41}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena "UDP Query User{42705290-4757-46EA-BA6E-6163F1F6F463}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena "{0D1D2699-6B90-44A8-AF7A-4DC2AAD8748A}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{2E824C3C-FD01-406D-8854-04A49C8FD6EB}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "TCP Query User{6E6C92CA-B93B-44F5-9D4C-304D626414D2}c:\\users\\popi\\downloads\\sc2-battlereport-3_pegi-downloader.exe"= Disabled:UDP:c:\users\popi\downloads\sc2-battlereport-3_pegi-downloader.exe:sc2-battlereport-3_pegi-downloader.exe "UDP Query User{0BA0A08F-6CDE-47CA-BC2C-6EDAF92B7489}c:\\users\\popi\\downloads\\sc2-battlereport-3_pegi-downloader.exe"= Disabled:TCP:c:\users\popi\downloads\sc2-battlereport-3_pegi-downloader.exe:sc2-battlereport-3_pegi-downloader.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DoNotAllowExceptions"= 1 (0x1) R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-07-25 335752] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-07-25 108552] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [2008-05-20 13480] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-25 298776] R2 BcmSqlStartupSvc;Us³uga startowa serwera SQL dodatku Business Contact Manager;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312] R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [2008-09-11 54560] R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [2008-09-11 53325] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-01-24 183808] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [2008-11-19 112128] R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-11-19 97536] R3 NETw5v32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-04-28 3658752] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [2008-09-07 21920] R3 TVTI2C;Lenovo SM bus driver;c:\windows\System32\drivers\tvti2c.sys [2008-02-22 37312] S1 tvtumon;tvtumon;c:\windows\System32\drivers\tvtumon.sys [2008-05-24 48192] S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2008-04-25 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-04-25 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-04-25 166384] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-24 253952] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [2009-06-16 84832] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-11-19 29736] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2008-04-25 313840] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752] S4 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?] --- Inne Us³ugi/Sterowniki w Pamiêci --- Deregistered - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . . ------- Skan uzupe³niaj±cy ------- . uInternet Settings,ProxyOverride = .local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Wy¶lij obraz do urz±dzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Wy¶lij stronê do urz±dzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab FF - ProfilePath - c:\users\Popi\AppData\Roaming\Mozilla\Firefox\Profiles\wmbyw17s.default\ FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . *********************************************************************** catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net Rootkit scan 2009-07-28 20:11 Windows 6.0.6001 Service Pack 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... c:\users\Popi\AppData\Local\Temp\catchme.dll 53248 bytes executable c:\windows\TEMP\TMP00000004CDF5AF9DD35D416D 0 bytes skanowanie pomy¶lnie ukoñczone ukryte pliki: 2 ********************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\users\Popi\AppData\Local\Temp\GKYDB58.tmp" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Pliki DLL ³adowane pod uruchomionymi procesami --------------------- - - - - - - - > 'Explorer.exe'(4600) c:\windows\system32\btncopy.dll c:\program files\Lenovo\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll c:\windows\System32\ntlanman.dll . ------------------------ Pozosta³e uruchomione procesy ------------------------ . c:\windows\System32\audiodg.exe c:\windows\System32\wlanext.exe c:\program files\a-squared Anti-Malware\a2service.exe c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Lenovo\PM Driver\PMSveH.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\System32\TCPSVCS.EXE c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\windows\System32\drivers\XAudio.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Lenovo\System Update\SUService.exe c:\windows\System32\conime.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\program files\AVG\AVG8\avgtray.exe c:\program files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe c:\windows\System32\igfxsrvc.exe c:\program files\Apoint2K\ApMsgFwd.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Apoint2K\ApntEx.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\Windows Live\Contacts\wlcomm.exe . ************************************************************************ . Czas ukoñczenia: 2009-07-28 20:23 - komputer zosta³ uruchomiony ponownie ComboFix-quarantined-files.txt 2009-07-28 18:23 Przed: 79 902 351 360 bajtów wolnych Po: 79 782 760 448 bajtów wolnych 358 --- E O F --- 2009-07-27 06:50 --------------------------------------------------------- And as for the errors, port 80 seems to be ok after going through all the preliminary scanning to post the problem, however I still have quite a bit of unwanted traffic. After finishing the Bitdefender scan I had to restart the laptop as the connections were blocking my access to the internet. For example; TCP 188.33.95.226:49175 msnbot-65-55-106-93:http USTANOWIONO TCP 188.33.95.226:49177 207.46.216.54:http USTANOWIONO TCP 188.33.95.226:49189 star-services-personas:http USTANOWIONO TCP 188.33.95.226:49195 65.55.13.92:http CZAS_OCZEKIWANIA TCP 188.33.95.226:49197 hb-in-f113:http USTANOWIONO TCP 188.33.95.226:49199 65.55.13.92:http CZAS_OCZEKIWANIA TCP 188.33.95.226:49201 www:http USTANOWIONO TCP 188.33.95.226:49203 198.78.205.126:http USTANOWIONO TCP 188.33.95.226:49205 198.78.205.126:http USTANOWIONO Sometimes I have weird traffic like that, which greatly slows down any internet connection I am on. Currently I have about 25 active connections. (Although my internet is yet to slow down?)
	to forum · permalink · 2009-07-28 23:53:07 ·
Pete needs help @davita.com	reply to TheJoker Sorry, you were too fast Was biding my time waiting to see if anything odd would happen to my internet connection that I would be able to report.
	to forum · permalink · 2009-07-29 00:11:04 ·
Pete needs help @davita.com	reply to Pete needs help Just to update, port 80 is being spammed with connections again Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:23:05, on 2009-07-29 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe C:\Windows\system32\cmd.exe C:\Windows\system32\conime.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Popi\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Pomocnik rejestracji us³ugi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Popi\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Wy¶lij obraz do urz±dzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Wy¶lij stronê do urz±dzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - »download.bitdefender.com/resourc···can8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - »download.eset.com/special/eos/On···nner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6F31BCFC-0749-4AAD-BF1D-9157D98125B1}: NameServer = 89.108.195.20 89.108.195.21 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\System32\acaptuser32.dll C:\Windows\System32\avgrsstx.dll O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe (file missing) O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10733 bytes Another HJT log incase it helps
	to forum · permalink · 2009-07-29 01:26:47 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Alexandria, VA	From your ComboFix log, you have ZoneAlarm Security Suite installed (the log says it's outdated), and you also have AVG8 installed. It is not recommended to have more than one antivirus program installed as they can conflict with each other, and you actually end up with less protection, not more. You should decide which you want to keep, and completely uninstall the other. If you chose to uninstall ZoneAlarm Security Suite, you will need to replace the firewall. You could do that with the free version of ZoneAlarm here: »www.zonealarm.com/security/en-us···wall.htm. I recommend NOT installing the new optional feature Spy Blocker, as it's run by the questionable search engine Ask.com and doesn't actually block any spyware. You can read more about Ask.com here. Download the latest version of Kaspersky Virus Removal Tool ftp://downloads2.kaspersky-labs.com/devbuilds/AVPTool/index.html - Reboot to Safe mode. - Close all other applications and double-click and run the installer. - When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button. - If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active). - After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button - In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active). - If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window. - In the Scan window click the Reports button and select Save to file. - Name the report AVPT.txt, and save it to the Desktop. - Close AVPTool. - You will be prompted if you want to uninstall the program; click Yes. - You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system. - Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events. Please run HijackThis, click on "Open the Misc Tools section", and then on "Open Uninstall Manager". Click the "Save list" button, save the file uninstall_list.txt to your Desktop, and post the contents here for review. Please post a new HijackThis log, the contents of uninstall_list.txt, the requested portion of the Kaspersky log, and note any errors encountered. Does the problem continue? -- Proud ASAP member since 2005 Microsoft MVP/Windows Security 2009
	to forum · permalink · · 2009-07-30 06:21:01 ·


Sunday, 29-Nov 11:25:30	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF