Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot run sophos or gmer or malwarebytes


  • This topic is locked This topic is locked
32 replies to this topic

#1 brijdec

brijdec

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 31 July 2011 - 03:48 PM

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Cees at 21:51:47 on 2011-07-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.343 [GMT 2:00]
.
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
FW: Sophos Client Firewall *Enabled*
.
============== Running Processes ===============
.
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\TomTom HOME\TomTomHOMEService.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\vspc2050.exe
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\tclocklight-040702-3\tclock.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyServer = http=94.228.220.7:8080;ftp=94.228.220.7:8080;https=94.228.220.7:8080;
uURLSearchHooks: H - No File
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\bh\BabylonToolbar.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: PDFXChange 4.0 IE Plugin: {42dfa04f-0f16-418e-b80c-ab97a5afad39} - c:\program files\tracker software\pdf-xchange 4\PXCIEAddin4.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
TB: {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - No File
TB: SYSTRAN Toolbar: {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: PDFXChange 4.0 IE Plugin: {42dfa04f-0f16-418e-b80c-ab97a5afad39} - c:\program files\tracker software\pdf-xchange 4\PXCIEAddin4.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\BabylonToolbarTlbr.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TPKMAPMN] c:\program files\thinkpad\utilities\TpKmapMn.exe
uRun: [<NO NAME>]
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [AMSG] c:\progra~1\thinkv~1\amsg\Amsg.exe /startup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [SPC2050] c:\windows\vspc2050.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [<NO NAME>]
mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [BabylonToolbar] "c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\BabylonToolbarsrv.exe" /md I
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\cees\startm~1\programs\startup\batter~1.lnk - c:\program files\dachshund software\battery doubler\Battery Doubler.exe
StartupFolder: c:\docume~1\cees\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\cees\startm~1\programs\startup\shortc~1.lnk - c:\program files\tclocklight-040702-3\tclock.exe
uPolicies-explorer: nosimplestartmenu = 1 (0x1)
uPolicies-explorer: norecentdochistory = 0 (0x0)
uPolicies-explorer: maxrecentdocs = 5 (0x5)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: SYSTRAN Opzoeken - c:\program files\systran\6\\GUIres.dll/lookup.js
IE: SYSTRAN Vertalen - c:\program files\systran\6\\GUIres.dll/translate.js
IE: {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - c:\program files\radarsync\RadarSync Website.lnk
IE: {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - c:\program files\winsysclean 2008\udmanager\UDManager.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
Trusted Zone: ebay.de\signin
Trusted Zone: ecb.int\wrap
Trusted Zone: microsoft.com\support
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 relog_ap
LSA: Notification Packages = scecli ACGina ACGina c:\program files\thinkvantage fingerprint software\psqlpwd.dll ACGina
Hosts: 65.75.216.6 www.winmx.com err.winmx.com
Hosts: 205.238.40.54 www.winmx.com err.winmx.com
Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?hl=nl|http://www.bedrockplace.eu/search.php|http://iskrwlcogisjthmeasiwk.com/index.php|http://geizhals.at/|http://my.ebay.de/ws/eBayISAPI.dll?MyEbayBeta&MyEbay=&CurrentPage=MyeBaySummary&ssPageName=STRK%3AME%3ALNLK%3AMESUMX&gbh=1&guest=1
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\fb_add_on@avm.de\platform\winnt_x86-msvc\components\FB_AddOn.dll
FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll
FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll
FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\cees\application data\mozilla\plugins\npagee.dll
FF - plugin: c:\documents and settings\cees\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\citrix\secure access client\npagee.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: FRITZ!Box AddOn: fb_add_on@avm.de - %profile%\extensions\fb_add_on@avm.de
FF - Ext: FRITZ!Box AddOn: fb_add_on@avm.de - %profile%\extensions\fb_add_on@avm.de
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: FireTorrent: firetorrent@radicalsoft.com - %profile%\extensions\firetorrent@radicalsoft.com
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: Torrent Finder Toolbar: TFToolbarX@torrent-finder - %profile%\extensions\TFToolbarX@torrent-finder
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: RSS Ticker: {1f91cde0-c040-11da-a94d-0800200c9a66} - %profile%\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF - Ext: TorrentBar: {7b821b0e-b102-4f9b-b6e3-433ede1fe379} - %profile%\extensions\{7b821b0e-b102-4f9b-b6e3-433ede1fe379}
FF - Ext: Simple RSS Reader (SRR): {A5475360-A7EA-437b-9A79-29208F476940} - %profile%\extensions\{A5475360-A7EA-437b-9A79-29208F476940}
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: FireMule: {D644F7E7-5141-4fac-A59C-21101C82C734} - %profile%\extensions\{D644F7E7-5141-4fac-A59C-21101C82C734}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\nokia\nokia pc suite 7\bkmrksync
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-5-9 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-5-9 13480]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2007-7-6 153344]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2007-7-6 24064]
R1 scfdriver;SCF Kernel Driver;c:\windows\system32\drivers\scfdriver.sys [2009-8-2 86264]
R1 scfint;Sophos Client Firewall packet filter;c:\windows\system32\drivers\scfint.sys [2011-3-2 52984]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-1-13 15872]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-5-9 132456]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-1-25 54752]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-10-23 53248]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640]
R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files\sophos\sophos client firewall\SCFManager.exe [2010-4-27 128240]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home\TomTomHOMEService.exe [2011-3-9 92592]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-3-2 63928]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]
R3 ausbmon;Advanced USB Port Monitor Filter Driver;c:\windows\system32\drivers\ausbmon.sys [2010-12-18 19744]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-10-3 37312]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\cyberlink\powerdvd8\000.fcl --> c:\program files\cyberlink\powerdvd8\000.fcl [?]
S2 ClipInc001;ClipInc 001;c:\program files\tobit clipinc\server\clipinc-server.exe 001 --> c:\program files\tobit clipinc\server\ClipInc-Server.exe 001 [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-5-21 45496]
S2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-4 97520]
S2 Sophos Client Firewall;Sophos Client Firewall;c:\program files\sophos\sophos client firewall\SCFService.exe [2010-4-27 32496]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys --> c:\windows\system32\drivers\camdrv41.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-5-16 137600]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 pgusbmme;usb-audio.de MME-Adapter;c:\windows\system32\drivers\pgusbmm3.sys [2011-1-8 39488]
S3 pgusbwdm;usb-audio.de driver (commercial 2.8.45);c:\windows\system32\drivers\pgusbwdm.sys [2011-1-8 403008]
S3 TridDev;Yakumo QuickStick TV easy Device;c:\windows\system32\drivers\Triddev.sys [2006-2-23 3584]
S3 TridVid;Yakumo QuickStick TV easy;c:\windows\system32\drivers\TridVid.sys [2006-2-23 165760]
S3 TSMPacket;T-DSL SpeedManager Service;c:\windows\system32\drivers\tsmpkt.sys --> c:\windows\system32\drivers\tsmpkt.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2008-1-29 160640]
S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2008-1-29 5248]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-8-6 14976]
.
=============== Created Last 30 ================
.
2011-07-31 17:01:07 1537536 ----a-w- c:\windows\system32\erdmpg-hi.dll
2011-07-31 17:01:07 -------- d-----w- c:\program files\common files\Doblon
2011-07-31 17:01:05 -------- d-----w- c:\program files\Doblon
2011-07-29 21:31:50 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{c2a5e103-4ad2-44e3-b22b-71eb2962a521}\mpengine.dll
2011-07-23 11:29:02 -------- d-----w- c:\program files\ReNamer
2011-07-22 23:46:52 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2011-07-08 18:57:10 -------- d-----w- c:\windows\Performance
2011-07-08 18:54:50 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
.
==================== Find3M ====================
.
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 17:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-15 13:41:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2003-08-07 10:44:08 22528 ------w- c:\program files\Dirscan18.exe
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 21:52:07,34 ===============


Please not that i was not able to create ark.txt because i could not succesfully run GMER.EXE. After unchekcing the boxes "IAT/ETA" and "show all' I selected scan and then the window closed. I tried once more to run the program but got an error message : error windows cannot access the specified device path or file you may not have the appropiate permissions to access the item" I get the same errors while trying to run Sophos, malware bytes or macaffee. I would be happy to get your help.

Attached Files



BC AdBot (Login to Remove)

 


#2 brijdec

brijdec
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 06 August 2011 - 06:21 PM

Dear all,
Anyone a suggestion how to proceed... I started with running combofix.
Could not wait any longer, sorry. I posted this already a week ago, without response.
I decided to proceed with comnbofix. See the outcome in the DDS + attach.zip
The combofix logfile is atached too(log.zip)

what to do next ?
******************************************************************************
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Cees at 19:53:01 on 2011-08-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.225 [GMT 2:00]
.
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
FW: Sophos Client Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\TomTom HOME\TomTomHOMEService.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\tclocklight-040702-3\tclock.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\WINDOWS\Integrator.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyServer = http=94.228.220.7:8080;ftp=94.228.220.7:8080;https=94.228.220.7:8080;
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\bh\BabylonToolbar.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: PDFXChange 4.0 IE Plugin: {42dfa04f-0f16-418e-b80c-ab97a5afad39} - c:\program files\tracker software\pdf-xchange 4\PXCIEAddin4.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
TB: SYSTRAN Toolbar: {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: PDFXChange 4.0 IE Plugin: {42dfa04f-0f16-418e-b80c-ab97a5afad39} - c:\program files\tracker software\pdf-xchange 4\PXCIEAddin4.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\BabylonToolbarTlbr.dll
uRun: [TPKMAPMN] c:\program files\thinkpad\utilities\TpKmapMn.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [AMSG] c:\progra~1\thinkv~1\amsg\Amsg.exe /startup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [BabylonToolbar] "c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\BabylonToolbarsrv.exe" /md I
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\cees\startm~1\programs\startup\batter~1.lnk - c:\program files\dachshund software\battery doubler\Battery Doubler.exe
StartupFolder: c:\docume~1\cees\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\cees\startm~1\programs\startup\shortc~1.lnk - c:\program files\tclocklight-040702-3\tclock.exe
uPolicies-explorer: nosimplestartmenu = 1 (0x1)
uPolicies-explorer: norecentdochistory = 0 (0x0)
uPolicies-explorer: maxrecentdocs = 5 (0x5)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: SYSTRAN Opzoeken - c:\program files\systran\6\\GUIres.dll/lookup.js
IE: SYSTRAN Vertalen - c:\program files\systran\6\\GUIres.dll/translate.js
IE: {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - c:\program files\radarsync\RadarSync Website.lnk
IE: {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - c:\program files\winsysclean 2008\udmanager\UDManager.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
Trusted Zone: ebay.de\signin
Trusted Zone: ecb.int\wrap
Trusted Zone: microsoft.com\support
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?hl=nl|http://www.bedrockplace.eu/search.php|http://iskrwlcogisjthmeasiwk.com/index.php|http://geizhals.at/|http://my.ebay.de/ws/eBayISAPI.dll?MyEbayBeta&MyEbay=&CurrentPage=MyeBaySummary&ssPageName=STRK%3AME%3ALNLK%3AMESUMX&gbh=1&guest=1
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\fb_add_on@avm.de\platform\winnt_x86-msvc\components\FB_AddOn.dll
FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll
FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll
FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: FRITZ!Box AddOn: fb_add_on@avm.de - %profile%\extensions\fb_add_on@avm.de
FF - Ext: FRITZ!Box AddOn: fb_add_on@avm.de - %profile%\extensions\fb_add_on@avm.de
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: FireTorrent: firetorrent@radicalsoft.com - %profile%\extensions\firetorrent@radicalsoft.com
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: Torrent Finder Toolbar: TFToolbarX@torrent-finder - %profile%\extensions\TFToolbarX@torrent-finder
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: RSS Ticker: {1f91cde0-c040-11da-a94d-0800200c9a66} - %profile%\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF - Ext: TorrentBar: {7b821b0e-b102-4f9b-b6e3-433ede1fe379} - %profile%\extensions\{7b821b0e-b102-4f9b-b6e3-433ede1fe379}
FF - Ext: Simple RSS Reader (SRR): {A5475360-A7EA-437b-9A79-29208F476940} - %profile%\extensions\{A5475360-A7EA-437b-9A79-29208F476940}
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: FireMule: {D644F7E7-5141-4fac-A59C-21101C82C734} - %profile%\extensions\{D644F7E7-5141-4fac-A59C-21101C82C734}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\nokia\nokia pc suite 7\bkmrksync
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-5-9 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-5-9 13480]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2007-7-6 153344]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2007-7-6 24064]
R1 scfdriver;SCF Kernel Driver;c:\windows\system32\drivers\scfdriver.sys [2009-8-2 86264]
R1 scfint;Sophos Client Firewall packet filter;c:\windows\system32\drivers\scfint.sys [2011-3-2 52984]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-1-13 15872]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-5-9 132456]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-1-25 54752]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-21 366640]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-10-23 53248]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640]
R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files\sophos\sophos client firewall\SCFManager.exe [2010-4-27 128240]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home\TomTomHOMEService.exe [2011-3-9 92592]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-3-2 63928]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 524288]
R3 ausbmon;Advanced USB Port Monitor Filter Driver;c:\windows\system32\drivers\ausbmon.sys [2010-12-18 19744]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-21 22712]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-10-3 37312]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\cyberlink\powerdvd8\000.fcl --> c:\program files\cyberlink\powerdvd8\000.fcl [?]
S2 ClipInc001;ClipInc 001;c:\program files\tobit clipinc\server\clipinc-server.exe 001 --> c:\program files\tobit clipinc\server\ClipInc-Server.exe 001 [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-5-21 45496]
S2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-4 97520]
S2 Sophos Client Firewall;Sophos Client Firewall;c:\program files\sophos\sophos client firewall\SCFService.exe [2010-4-27 32496]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys --> c:\windows\system32\drivers\camdrv41.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-5-16 137600]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 pgusbmme;usb-audio.de MME-Adapter;c:\windows\system32\drivers\pgusbmm3.sys [2011-1-8 39488]
S3 pgusbwdm;usb-audio.de driver (commercial 2.8.45);c:\windows\system32\drivers\pgusbwdm.sys [2011-1-8 403008]
S3 TridDev;Yakumo QuickStick TV easy Device;c:\windows\system32\drivers\Triddev.sys [2006-2-23 3584]
S3 TridVid;Yakumo QuickStick TV easy;c:\windows\system32\drivers\TridVid.sys [2006-2-23 165760]
S3 TSMPacket;T-DSL SpeedManager Service;c:\windows\system32\drivers\tsmpkt.sys --> c:\windows\system32\drivers\tsmpkt.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2008-1-29 160640]
S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2008-1-29 5248]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-8-6 14976]
.
=============== Created Last 30 ================
.
2011-08-06 16:56:19 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-08-06 16:52:31 -------- d-sha-r- C:\cmdcons
2011-08-06 16:46:52 98816 ----a-w- c:\windows\sed.exe
2011-08-06 16:46:52 518144 ----a-w- c:\windows\SWREG.exe
2011-08-06 16:46:52 256000 ----a-w- c:\windows\PEV.exe
2011-08-06 16:46:52 208896 ----a-w- c:\windows\MBR.exe
2011-07-31 17:01:07 1537536 ----a-w- c:\windows\system32\erdmpg-hi.dll
2011-07-31 17:01:07 -------- d-----w- c:\program files\common files\Doblon
2011-07-31 17:01:05 -------- d-----w- c:\program files\Doblon
2011-07-29 21:31:50 6881616 ------w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{c2a5e103-4ad2-44e3-b22b-71eb2962a521}\mpengine.dll
2011-07-23 11:29:02 -------- d-----w- c:\program files\ReNamer
2011-07-22 23:46:52 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2011-07-08 18:57:10 -------- d-----w- c:\windows\Performance
2011-07-08 18:54:50 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
.
==================== Find3M ====================
.
2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 17:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-15 13:41:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2003-08-07 10:44:08 22528 ------w- c:\program files\Dirscan18.exe
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 19:56:14,47 ===============

Attached Files



#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:42 AM

Posted 06 August 2011 - 07:08 PM

Hi

We have a huge backlog right now, sorry we haven't reached you yet


Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 brijdec

brijdec
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 07 August 2011 - 02:21 PM

thanks for quick reply. Just one question before i proceed.
When do I uninstall combofix ?

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:42 AM

Posted 07 August 2011 - 05:06 PM

once you are totally clean, I have a special clean-up routine for it, so leave it alone for now

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 brijdec

brijdec
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 09 August 2011 - 12:42 AM

Hi CATBYTE,
please find attached the requested logfiles.
1. TDSSKILLER did not report any threads.
2. MBAM: No malicious items detected
3. ESETSCAN: 52 (see attached file ESETSCAN.txt)

Note that I had to reinstall MBAM becasue I could not run it again.
Somehow I have the impression that this rootkit virus is still there.

thanks for following up

Attached Files



#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:42 AM

Posted 09 August 2011 - 05:55 PM

You have a very stubborn infection in some of your program files as you can see by the results of the ESET scan, the best way to deal with it, is to totally uninstall those programs that are easy to uninstall then re-install

C:\Program Files\Bonjour
C:\Program Files\Common Files\Acronis
C:\Program Files\Common Files\Apple\Mobile Device Support
C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\Program Files\Common Files\Nero
C:\Program Files\FolderSize
C:\Program Files\Java
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort
C:\Program Files\Sophos
C:\Program Files\TomTom HOME
C:\Program Files\WIDCOMM\Bluetooth Software

Those should be easy enough to re-install

the other files are core files and unique to your system which may be a little harder to fix

Kaspersky AntiVirus does a fair job of cleaning the files, Download and run the trial version of the software and see if it can repair those files (don't choose to delete or quarantine - only clean)


http://www.kaspersky.com/anti-virus_trial


Next

there are a few more files to remove with ComboFix

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::

File::
C:\Ploytec USB ASIO (USB 2 Audio) Driver 2.8.40 For Win XP, Win Vista & Win 7 (32-bit & 64-bit).rar
C:\AAA__\Van_Basco_Karaoke_player_songs\van basco player\van basco karaoke.exe	
C:\Documents and Settings\Cees\My Documents\Ploytec USB ASIO (USB 2 Audio) Driver 2.8.40 For Win XP, Win Vista & Win 7 (32-bit & 64-bit).rar	
C:\Documents and Settings\Cees\My Documents\My Received Files\FXServer139.zip	
C:\_Mx incompl\POWER VIDEO KARAOKE v 1.2.1.3 + keygen\Keymaker.exe

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 brijdec

brijdec
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 14 August 2011 - 07:58 AM

I was not able to uninstall sophos, bonjour, apple and some others mentioned.
I managed to delete some directories (using file-shredder), but i did not touch the registry.
I did run combofix with the scriptfile as explained. see attached.

After the reboot it tries each time to install foldershare, but it cannot find the installation files.
During the kaspersky installation it tried to remove the 2 sophos executables that where still there.
It asked me to reboot it continued to detect incompatible software and again started to try to delete the sophos files.
It asked me to reboot again. Then a popup screen came "installation failed".
After the 3rd reboot it started again to try to delete the sophos files but I proceeded installing kaspersky.
It asked me to reboot but I continued the installation without rebooting. I finally got a message
"installation complete, succesfully installed, please reboot".
After the reboot i activated the kaspersky trial and could update the virus database. i started the scan.
I immediatly got an warning: virus win32,suspic.gen and choose to scan without updating the database.
The scan suddenly stopped at 95%, it had found 25 threats and neutralized 75 files. Karspensky stopped and a a windows error something like this poped-up:
"tpfinfsp.exe bad image. Npdirect/nppoem .dll is no valid windows image please chwck it against .....". it then rebooted.

Attached Files



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:42 AM

Posted 14 August 2011 - 08:14 AM

Let me use ComboFix to uninstall Sophos for you, you can re-install it once the computer is completely clean, but it may be interfering in allowing our other tools to work properly,

so please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

SecCenter::
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
FW: Sophos Client Firewall *Enabled* {0786E95E-326A-4524-9691-41EF88FB52EA}

Driver::
SAVOnAccessControl
SAVOnAccessFilter
scfdriver
scfint
SAVAdminService
SAVService
Sophos Client Firewall Manager
Sophos Client Firewall
SophosBootDriver
swi_service

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Sophos Client Firewall Manager"=-
"Sophos Client Firewall"=-
"Sophos AutoUpdate Service"=-
"SAVService"=-
"SAVAdminService"=-
"swi_service"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000000



Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Once Sophos is gone, give the Kaspersky AV another run, see if it finds anything else


then run that ESET online scan again and post the log, so I can see if Kaspersky has cleaned that infection the way I hope it can.

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 brijdec

brijdec
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 14 August 2011 - 08:15 AM

please find attached a copy of the karspersky virus scan.

Attached Files



#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:42 AM

Posted 14 August 2011 - 08:17 AM

That scan looks promising :thumbup2:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 brijdec

brijdec
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 14 August 2011 - 08:24 AM

Dear Catbyte, thanks for quick reply. I will proceed as you mentioned, please deny my last post with the kaspersky scan.

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:42 AM

Posted 14 August 2011 - 08:40 AM

:thumbup2:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 brijdec

brijdec
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 14 August 2011 - 01:16 PM

Dear Catbtyte,
I have created both combofix and kaspersky logfiles again. Kaspersky still has a lot of virusses. I did not run the eset online yet. i hesitated to go online. Windows wanted me to update, but i did not go online yet.
I did manage to uninstal the filesharing and other progs with ccleaner, including bonjour, sophos and some others.

Attached Files



#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:42 AM

Posted 14 August 2011 - 02:42 PM

Set a new restore point and remove all the old ones in case Kaspersky is finding those:

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points


Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create,
when the confirmation screen shows the restore point has been created click Close.

Now remove all previous Restore Points:
Click Start > Run > copy and paste the following into the run box:

cleanmgr

Choose to scan drive C:\ (if C:\ is your main drive) At the top, click on More Options tab. Click the Clean up button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.



Once that is done

give Kaspersky another run,


If Kaspersky keeps finding more and more infections, then it would seem your whole system has been permeated with a file infector and your best recourse then would be a reformat / re-install, but if it gets less and less with every scan, then it might be OK,

keep going with it, I know it's tedious, but you are getting somewhere at least.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users