View Full Version : Suspicious traffic from the network
bojanator
2014-01-31, 08:37
Hi,
I'm not sure if my computer is infected or not but I noticed this: 1.- Although my Mozilla Firefox is off and all updates are up to date (and idle), I can still see significant traffic to and from the network on to my computer. 2.- Shockwave Flash 12.0.0.43 (updated) knows to freeze very often. 3. - My mouse cursor "roam" the screen from time to time.These are the indicators for which I am suspicious.
I scanned the computer with AVG AntiVirus Free Edition 2014. and with Spybot 1.6.2.0. They did not find anything.:confused: Can You help me, please?
I run ERUNT and make restore point.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by bojan at 12:17:31 on 2014-01-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.446 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\System32\acs.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\bojan\Application Data\T-Mobile Internet Manager\ouc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1<mpl=default<mplcache=2
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "c:\program files\t-mobile\internetmanager_h\updatedog\ouc.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [DataCardMonitor] c:\program files\t-mobile\internetmanager_h\DataCardMonitor.exe
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~2\prdctr\LPMLCHK.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1346713701984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346714506484
TCP: Interfaces\{4810FB1A-88F7-4762-8293-3C25ABF3AD24} : DHCPNameServer = 192.168.0.1 192.168.0.1
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.102\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bojan\application data\mozilla\firefox\profiles\qdmnz9fc.default-1375427076500\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/
FF - plugin: c:\documents and settings\bojan\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
.
---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - cms.rednoses.net
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-8-22 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-8-22 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-8-1 27448]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-12-28 22344]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-8-22 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-8-1 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-8-22 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012-9-11 13680]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 DCService.exe;DCService.exe;c:\documents and settings\all users\application data\datacardservice\DCService.exe [2010-8-19 229376]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2013-3-21 44024]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2012-9-3 94208]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-8-14 10896]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2012-9-11 125504]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2013-9-5 32896]
R3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys [2012-9-3 7552]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2012-9-3 69504]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-9-3 63616]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2013-9-3 188392]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [2012-11-10 32872]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\bmload.sys --> c:\windows\system32\drivers\BMLoad.sys [?]
S0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys --> c:\windows\system32\drivers\sonyhcb.sys [?]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-9-11 127072]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2012-9-11 116216]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-9-3 101504]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys --> c:\windows\system32\drivers\sonyhcs.sys [?]
S3 vmaudioflt;vmaudioflt;c:\windows\system32\drivers\vmaudioflt.sys --> c:\windows\system32\drivers\vmaudioflt.sys [?]
S3 vmaudioflt_spkout;vmaudioflt_spkout;c:\windows\system32\drivers\vmaudioflt_spkout.sys --> c:\windows\system32\drivers\vmaudioflt_spkout.sys [?]
.
=============== File Associations ===============
.
.txt: <filetype is not registered>
.js: <filetype is not registered>
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-01-20 20:40:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-20 20:40:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-10 21:10:17 9272200 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-11-05 20:50:48 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-11-04 20:57:30 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
============= FINISH: 12:23:55,75 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-30 20:22:54
-----------------------------
20:22:54.187 OS Version: Windows 5.1.2600 Service Pack 3
20:22:54.187 Number of processors: 2 586 0xF06
20:22:54.187 ComputerName: MOBILEMJU UserName: bojan
20:22:56.203 Initialize success
20:53:04.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:53:04.406 Disk 0 Vendor: HTS541080G9SA00 MB4IC60R Size: 76319MB BusType: 3
20:53:04.640 Disk 0 MBR read successfully
20:53:04.640 Disk 0 MBR scan
20:53:04.640 Disk 0 Windows XP default MBR code
20:53:04.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
20:53:04.656 Disk 0 scanning sectors +156295440
20:53:04.734 Disk 0 scanning C:\WINDOWS\system32\drivers
20:53:25.140 Service scanning
20:53:50.984 Modules scanning
20:54:44.765 Disk 0 trace - called modules:
20:54:44.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
20:54:44.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d13ab8]
20:54:44.796 3 CLASSPNP.SYS[f753dfd7] -> nt!IofCallDriver -> \Device\0000008b[0x86d319e8]
20:54:44.828 5 ACPI.sys[f72bd620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d1e940]
20:54:44.828 Scan finished successfully
20:55:04.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bojan\My Documents\Alati Spy-boota\MBR.dat"
20:55:04.625 The log file has been saved successfully to "C:\Documents and Settings\bojan\My Documents\Alati Spy-boota\aswMBR.txt"
Thanks!
With the simple logs you have posted, no malware shows.
I'll get to this in a minute.
From what I know, onboard tools such as, Windows Remote Assistane, LogMeIn, Team Viewer should be disbaled or turned off. These are programs that could be set as "on" by default.
Of course you may not have these and if you do please set them to disabled, sometimes it's also something already on the machine as in infection that can do this.
I have seen cases where we could not find why the mouse cursor moves. Is it malware?, at times we never know.
I'll do my best to see if there is malware infections on your computer
~~~~~~~~~~~~~~~~~~~~~~~
Let's do this:
Tweaking.com Registry Backup
http://i.imgur.com/OJQgrbU.png
Tweaking.com Registry Backup
Download the tool found here (http://www.bleepingcomputer.com/download/registry-backup/) to your Desktop so it is easy to find.
Double click on the file you just downloaded
to install it to your system.
Once the tool is installed, double-click on the Tweaking.com Registry Backup icon
**Note** The tool should automatically open to the Backup Registry tab.
http://i.imgur.com/TRfuT3t.jpg
Press Backup Now
When the back up is complete, the tool will tell you that Successful */* Files Backed Up
You have now successfully backed up your Registry.
Once you have the tool downloaded there is a tab labeled Settings where you can set where the backups are saved at.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your Desktop.
(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
Please also paste that along with the FRST.txt into your reply.
bojanator
2014-02-03, 18:29
Here it goes-
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2014 03
Ran by bojan (administrator) on MOBILEMJU on 03-02-2014 18:14:37
Running from C:\Documents and Settings\bojan\My Documents\Alati Spy-boota
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) ===================
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Huawei Technologies Co., Ltd.) C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
(Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Atheros) C:\WINDOWS\system32\acs.exe
(Huawei Technologies Co., Ltd.) C:\Documents and Settings\bojan\Application Data\T-Mobile Internet Manager\ouc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
() C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
() C:\WINDOWS\system32\TpKmpSvc.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [PWRMGRTR] - C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL [311296 2008-06-10] (Lenovo Group Limited)
HKLM\...\Run: [BLOG] - C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL [208896 2008-06-10] ()
HKLM\...\Run: [DataCardMonitor] - C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe [253952 2012-09-03] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [PSQLLauncher] - C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [48904 2007-08-14] (UPEK Inc.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-20] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [716800 2005-05-06] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPLpr] - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [134456 2012-10-17] (Synaptics Incorporated)
HKLM\...\Run: [LPManager] - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [185688 2009-07-23] (Lenovo Group Limited)
HKLM\...\Run: [LPMailChecker] - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE [124248 2009-07-23] (Lenovo Group Limited)
HKLM\...\Run: [TPKMAPHELPER] - C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [868352 2007-01-09] (Lenovo)
HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [398944 2006-10-16] (CANON INC.)
HKLM\...\Run: [LenovoAutoScrollUtility] - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [101440 2011-10-20] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\WINDOWS\system32\TpShocks.exe [180224 2012-06-21] (Lenovo.)
HKLM\...\Run: [EZEJMNAP] - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [256576 2009-12-01] (Lenovo Group Ltd.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379064 2012-10-17] (Synaptics Incorporated)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [TVT Scheduler Proxy] - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\psfus: C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-1214440339-725345543-1591399546-1003\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] - C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-1214440339-725345543-1591399546-1003\...\MountPoints2: {0212c07a-1481-11e2-a7d3-001641aee695} - E:\AutoRun.exe
HKU\S-1-5-21-1214440339-725345543-1591399546-1003\...\MountPoints2: {6c5a25af-f5cc-11e1-800e-0019d206a68c} - E:\AutoRun.exe
HKU\S-1-5-21-1214440339-725345543-1591399546-1003\...\MountPoints2: {75d9e5ca-153e-11e2-a7d5-0019d206a68c} - E:\AutoRun.exe
HKU\S-1-5-21-1214440339-725345543-1591399546-1003\...\MountPoints2: {82c58ac7-fac4-11e1-a78b-0019d206a68c} - E:\AutoRun.exe
HKU\S-1-5-21-1214440339-725345543-1591399546-1003\...\MountPoints2: {c5c6e842-0c6a-11e2-a7be-0019d206a68c} - F:\AutoRun.exe
HKU\S-1-5-21-1214440339-725345543-1591399546-1003\...\MountPoints2: {e12eb060-f5d8-11e1-8011-0019d206a68c} - E:\AutoRun.exe
HKU\S-1-5-21-1214440339-725345543-1591399546-1003\...\MountPoints2: {f0fd3b40-7131-11e2-9fa0-806d6172696f} - G:\startup.EXE
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1<mpl=default<mplcache=2
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {5C849736-A737-41C7-9417-AC8AC9ECB4BC} URL = http://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=^NY&apn_dtid=^YYYYYY^YY^HR&apn_uid=5B5A2D92-F086-462D-8BC3-25E856EAB4ED&apn_sauid=CF46E331-AE1B-48C1-B15E-F4FD0804274C
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1346713701984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346714506484
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\bojan\Application Data\Mozilla\Firefox\Profiles\qdmnz9fc.default-1375427076500
FF user.js: detected! => C:\Documents and Settings\bojan\Application Data\Mozilla\Firefox\Profiles\qdmnz9fc.default-1375427076500\user.js
FF Homepage: hxxp://www.google.hr/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\bojan\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: DownloadHelper - C:\Documents and Settings\bojan\Application Data\Mozilla\Firefox\Profiles\qdmnz9fc.default-1375427076500\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-28]
FF Extension: AllowClipboard Helper - C:\Documents and Settings\bojan\Application Data\Mozilla\Firefox\Profiles\qdmnz9fc.default-1375427076500\Extensions\{cda6db95-6aab-414b-803c-40cf34f589b5} [2013-08-26]
FF Extension: MeasureIt - C:\Documents and Settings\bojan\Application Data\Mozilla\Firefox\Profiles\qdmnz9fc.default-1375427076500\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-08-26]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2012-09-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.72\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.72\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.72\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\bojan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-26]
CHR Extension: (Google disk) - C:\Documents and Settings\bojan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-26]
CHR Extension: (YouTube) - C:\Documents and Settings\bojan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-26]
CHR Extension: (Google pretraživanje) - C:\Documents and Settings\bojan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-26]
CHR Extension: (Google Novčanik) - C:\Documents and Settings\bojan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Documents and Settings\bojan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-26]
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 acs; C:\WINDOWS\System32\acs.exe [364629 2007-03-21] (Atheros)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)
R2 DCService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe [229376 2010-08-19] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [44024 2013-02-26] (Lenovo Group Limited)
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [127072 2012-08-24] (Lenovo Group Limited)
S2 NOD32FiXTemDono; C:\WINDOWS\system32\regedt32.exe [3584 2001-08-23] (Microsoft Corporation)
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [94208 2008-06-10] ()
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2013-07-10] (Lenovo Group Limited)
S2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [116216 2013-05-23] (Lenovo Group Limited)
R2 TpKmpSVC; C:\WINDOWS\system32\TpKmpSVC.exe [32768 2006-06-29] ()
R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited)
S2 AcrSch2Svc; "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [x]
==================== Drivers (Whitelisted) ====================
R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [93952 2006-08-07] (Andrea Electronics Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 atmeltpm; C:\WINDOWS\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [879624 2007-11-21] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 filtertdidriver; C:\WINDOWS\System32\drivers\ewfiltertdidriver.sys [7552 2009-02-27] (Huawei Technologies Co., Ltd.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [217016 2010-06-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [993464 2010-06-02] (Conexant Systems, Inc.)
R3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [69504 2010-04-09] (Huawei Technologies Co., Ltd.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2236544 2007-11-26] (Intel Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 RTL2832UBDA; C:\WINDOWS\System32\drivers\RTL2832UBDA.sys [188392 2011-07-01] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832UUSB; C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys [32872 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
R2 smihlp; C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [10896 2007-08-14] (UPEK Inc.)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2013-02-07] (Duplex Secure Ltd.)
R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2008-06-10] ()
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [57344 2007-07-03] (Atheros Communications, Inc.)
S2 adfs; No ImagePath
S0 BMLoad; system32\drivers\BMLoad.sys [x]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [117504 2010-03-20] (Huawei Technologies Co., Ltd.)
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S0 sonyhcb; system32\DRIVERS\sonyhcb.sys [x]
S3 sonyhcs; system32\DRIVERS\sonyhcs.sys [x]
S3 vmaudioflt; system32\drivers\vmaudioflt.sys [x]
S3 vmaudioflt_spkout; system32\drivers\vmaudioflt_spkout.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-03 18:14 - 2014-02-03 18:14 - 00000000 ____D () C:\FRST
2014-02-03 18:13 - 2014-02-03 18:13 - 00000000 ____D () C:\RegBackup
2014-02-03 18:12 - 2014-02-03 18:12 - 00001945 _____ () C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
2014-02-03 18:12 - 2014-02-03 18:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-02-03 18:10 - 2014-02-03 18:10 - 00000511 _____ () C:\Documents and Settings\bojan\Desktop\Shortcut to Alati Spy-boota.lnk
2014-01-30 12:13 - 2014-01-30 12:13 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-01-30 12:10 - 2014-01-30 12:11 - 00000000 ____D () C:\Program Files\ERUNT
2014-01-30 12:10 - 2014-01-30 12:10 - 00000611 _____ () C:\Documents and Settings\bojan\Desktop\NTREGOPT.lnk
2014-01-30 12:10 - 2014-01-30 12:10 - 00000592 _____ () C:\Documents and Settings\bojan\Desktop\ERUNT.lnk
2014-01-30 12:10 - 2014-01-30 12:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-01-30 12:01 - 2014-02-03 18:14 - 00000000 ____D () C:\Documents and Settings\bojan\My Documents\Alati Spy-boota
2014-01-30 11:59 - 2014-01-30 12:01 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\bojan\Desktop\erunt-setup.exe
2014-01-15 07:54 - 2014-01-15 07:54 - 00006627 _____ () C:\WINDOWS\iis6.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00002821 _____ () C:\WINDOWS\tsoc.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00002041 _____ () C:\WINDOWS\comsetup.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00001850 _____ () C:\WINDOWS\msmqinst.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00001238 _____ () C:\WINDOWS\ntdtcsetup.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 07:53 - 2014-01-15 07:54 - 00004578 _____ () C:\WINDOWS\KB2914368.log
==================== One Month Modified Files and Folders =======
2014-02-03 18:14 - 2014-02-03 18:14 - 00000000 ____D () C:\FRST
2014-02-03 18:14 - 2014-01-30 12:01 - 00000000 ____D () C:\Documents and Settings\bojan\My Documents\Alati Spy-boota
2014-02-03 18:13 - 2014-02-03 18:13 - 00000000 ____D () C:\RegBackup
2014-02-03 18:13 - 2013-12-26 06:43 - 00003155 _____ () C:\WINDOWS\setupapi.log
2014-02-03 18:13 - 2012-09-03 15:34 - 00000000 ____D () C:\WINDOWS\repair
2014-02-03 18:13 - 2012-09-03 13:49 - 00000000 ____D () C:\WINDOWS\Registration
2014-02-03 18:12 - 2014-02-03 18:12 - 00001945 _____ () C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
2014-02-03 18:12 - 2014-02-03 18:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-02-03 18:11 - 2012-09-03 15:58 - 01996946 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-03 18:10 - 2014-02-03 18:10 - 00000511 _____ () C:\Documents and Settings\bojan\Desktop\Shortcut to Alati Spy-boota.lnk
2014-02-03 18:10 - 2012-09-03 15:43 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-02-03 18:10 - 2012-09-03 15:43 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-02-03 18:10 - 2012-09-03 14:19 - 00000300 _____ () C:\WINDOWS\Tasks\PMTask.job
2014-02-03 18:09 - 2013-02-26 15:25 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 18:09 - 2012-09-03 13:52 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-03 18:08 - 2012-09-03 13:57 - 00000178 ___SH () C:\Documents and Settings\bojan\ntuser.ini
2014-02-03 18:08 - 2012-09-03 13:56 - 00032594 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-03 18:03 - 2012-10-10 04:55 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-03 17:58 - 2013-02-26 15:25 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-02 18:57 - 2013-09-22 09:48 - 00000000 ____D () C:\Documents and Settings\bojan\Local Settings\Application Data\Avg2014
2014-02-02 18:39 - 2012-09-04 00:54 - 00142848 _____ () C:\Documents and Settings\bojan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-02 03:55 - 2012-09-04 12:08 - 00000000 ____D () C:\Documents and Settings\bojan\Application Data\BitTorrent
2014-02-01 18:52 - 2013-09-22 09:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-01-31 15:46 - 2012-09-04 00:31 - 00000000 ____D () C:\Documents and Settings\bojan\Application Data\BSplayer PRO
2014-01-30 14:33 - 2012-09-03 13:57 - 00000000 ____D () C:\Documents and Settings\bojan
2014-01-30 12:13 - 2014-01-30 12:13 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-01-30 12:11 - 2014-01-30 12:10 - 00000000 ____D () C:\Program Files\ERUNT
2014-01-30 12:10 - 2014-01-30 12:10 - 00000611 _____ () C:\Documents and Settings\bojan\Desktop\NTREGOPT.lnk
2014-01-30 12:10 - 2014-01-30 12:10 - 00000592 _____ () C:\Documents and Settings\bojan\Desktop\ERUNT.lnk
2014-01-30 12:10 - 2014-01-30 12:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-01-30 12:01 - 2014-01-30 11:59 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\bojan\Desktop\erunt-setup.exe
2014-01-28 19:41 - 2013-03-08 11:01 - 00000000 ____D () C:\Documents and Settings\bojan\Application Data\vlc
2014-01-22 04:01 - 2001-08-23 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-01-20 21:40 - 2012-09-04 01:23 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-20 21:40 - 2012-09-04 01:23 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-20 21:00 - 2012-09-04 23:46 - 00000000 ____D () C:\Documents and Settings\bojan\Local Settings\Application Data\Adobe
2014-01-20 16:10 - 2012-09-07 11:37 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-01-15 18:31 - 2012-10-12 09:56 - 00000000 ____D () C:\Documents and Settings\bojan\dwhelper
2014-01-15 08:03 - 2013-07-26 16:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-15 07:54 - 2014-01-15 07:54 - 00006627 _____ () C:\WINDOWS\iis6.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00002821 _____ () C:\WINDOWS\tsoc.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00002041 _____ () C:\WINDOWS\comsetup.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00001850 _____ () C:\WINDOWS\msmqinst.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00001238 _____ () C:\WINDOWS\ntdtcsetup.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-01-15 07:54 - 2014-01-15 07:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 07:54 - 2014-01-15 07:53 - 00004578 _____ () C:\WINDOWS\KB2914368.log
2014-01-15 07:54 - 2012-09-04 09:10 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 07:47 - 2013-10-19 08:26 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-12 16:16 - 2013-10-27 17:55 - 00000000 ____D () C:\Program Files\Nokia
2014-01-12 16:15 - 2013-10-27 18:21 - 00000000 ____D () C:\Documents and Settings\bojan\Application Data\Nokia Suite
2014-01-12 16:15 - 2013-10-27 18:20 - 00000000 ____D () C:\Documents and Settings\bojan\Application Data\Nokia
2014-01-12 16:02 - 2012-09-04 23:50 - 00000000 ____D () C:\Program Files\Adobe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2014 03
Ran by bojan at 2014-02-03 18:16:14
Running from C:\Documents and Settings\bojan\My Documents\Alati Spy-boota
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
==================== Installed Programs ======================
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.2 - Adobe Systems) Hidden
Adobe After Effects CS4 Third Party Content (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Media Encoder CS4 Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (Version: 1.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CS4 Third Party Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (Version: 12.0.7.148 - Adobe Systems, Inc.)
Adobe Soundbooth CS4 Codecs (Version: 2 - Adobe Systems Incorporated) Hidden
Any Video Converter Ultimate 4.5.5 (Version: - Any-Video-Converter.com)
ArcSoft TotalMedia 3.5 (Version: 3.5.39.265 - ArcSoft)
Ashampoo Burning Studio 6 FREE (Version: 6.6.0 - ashampoo GmbH & Co. KG)
ASUS Popup TV (Version: 1.4 - ASUSTeK Computer Inc.)
AVG 2014 (Version: 14.0.3684 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
BitTorrent (Version: 7.7.0 - BitTorrent Inc.)
BS.Player PRO (Version: 2.62.1068 - AB Team, d.o.o.)
Canon Camera Access Library (Version: 8.4.0.1 - Canon Inc.)
Canon Camera Support Core Library (Version: 7.3.1.6 - Canon Inc.)
Canon Color Management Tool Pro (Version: - )
Canon PhotoRecord (Version: 02.02.03002 - Cisra)
Canon Pro9000 (Version: - )
Canon Pro9000 User Registration (Version: - )
Canon Setup Utility 2.1 (Version: - )
Canon Utilities CameraWindow (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.6.18 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.5 (Version: 3.5.0.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint (Version: - )
Canon Utilities Easy-PhotoPrint Pro (Version: - )
Canon Utilities Easy-PrintToolBox (Version: - )
Canon Utilities EOS Utility (Version: 2.5.0.1 - Canon Inc.)
Canon Utilities MyCamera (Version: 7.0.0.3 - Canon Inc.)
Canon Utilities Original Data Security Tools (Version: 1.5.0.0 - Canon Inc.)
Canon Utilities PhotoStitch (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (Version: 1.4.0.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities WFT-E1/E2/E3 Utility (Version: 3.2.2.3 - Canon Inc.)
Canon Utilities ZoomBrowser EX (Version: 6.2.0.29 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.0.9 - Canon Inc.)
CD-LabelPrint (Version: - )
Easy-WebPrint (Version: - )
ERUNT 1.1j (Version: - Lars Hederer)
Google Chrome (Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (Version: - )
Intel(R) PRO Network Connections 12.0.41.0 (Version: - Intel)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Keyboard driver (Version: - )
Lenovo Auto Scroll Utility (Version: 1.11 - )
Lenovo Patch Utility (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (Version: 1.65.05.21 - )
Lenovo System Interface Driver (Version: 1.05 - )
Lenovo USB Webcam (Version: 1.00.0000 - Vimicro Corporation) Hidden
MCE Software Encoder 1.1 (Version: 1.1.0.2323 - CyberLink Corporation)
Media Player Classic - Home Cinema v1.5.2.3456 (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden
Microsoft Office 2000 Premium (Version: 9.00.2720 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (Version: 6.00.3883.8 - Microsoft Corporation)
Native Instruments Traktor 2 (Version: - Native Instruments)
Native Instruments Traktor 2 (Version: 2.6.0.14627 - Native Instruments) Hidden
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up (Version: - )
Nokia Connectivity Cable Driver (Version: 7.1.172.0 - Nokia)
On Screen Display (Version: 6.70.00 - )
PC Connectivity Solution (Version: 12.0.109.0 - Nokia)
Productivity Center Supplement for ThinkPad (Version: 3.00b - )
SoundMAX (Version: 5.10.01.4326 - Analog Devices)
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Update (Version: 3.16.0006 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 5.1.0.4700 - Lenovo)
ThinkPad EasyEject Utility (Version: 2.39 - )
ThinkPad FullScreen Magnifier (Version: 2.40 - )
ThinkPad Keyboard Customizer Utility (Version: 1.3.53.0 - )
ThinkPad Modem (Version: 7.80.7.0 - Conexant Systems)
ThinkPad Power Manager (Version: 1.40 - )
ThinkPad UltraNav Driver (Version: 16.2.19.2 - )
ThinkPad UltraNav Utility (Version: 2.13.0 - Lenovo)
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g) (Version: 5.3.0.85 - )
ThinkVantage Active Protection System (Version: 1.77.0.5 - Lenovo)
ThinkVantage Communications Utility (Version: 2.10.0.0 - Lenovo)
ThinkVantage Fingerprint Software 5.6 (Version: 5.6.2.3650 - UPEK Inc.)
ThinkVantage Productivity Center (Version: 3.11 - Lenovo)
T-Mobile Internet Manager (Version: 11.301.05.64.55 - Huawei Technologies Co.,Ltd)
Tweaking.com - Registry Backup (Version: 1.6.9 - Tweaking.com)
Unity Web Player (HKCU Version: - Unity Technologies ApS)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (Version: 2.0.5 - VideoLAN)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
Windows Driver Package - Intel (NETw4x32) net (11/27/2007 11.5.0.36) (Version: 11/27/2007 11.5.0.36 - Intel)
Windows Driver Package - Intel (w29n51) net (07/25/2007 9.0.4.37) (Version: 07/25/2007 9.0.4.37 - Intel)
Windows Driver Package - Intel net (11/27/2007 11.5.0.36) (Version: 11/27/2007 11.5.0.36 - Intel)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (Version: - )
Xpose Plugin v 1.1 (Version: - )
==================== Restore Points =========================
02-11-2013 17:29:28 System Checkpoint
04-11-2013 13:49:55 System Checkpoint
07-11-2013 12:41:51 System Checkpoint
14-11-2013 07:56:31 Software Distribution Service 3.0
15-11-2013 13:31:41 System Checkpoint
17-11-2013 13:37:21 System Checkpoint
18-11-2013 18:08:50 System Checkpoint
23-11-2013 09:03:32 System Checkpoint
27-11-2013 21:53:36 System Checkpoint
05-12-2013 09:42:48 System Checkpoint
12-12-2013 22:08:18 Software Distribution Service 3.0
14-12-2013 02:39:49 Software Distribution Service 3.0
18-12-2013 12:34:45 System Checkpoint
25-12-2013 09:12:13 Serato DJ 1.1
12-01-2014 15:02:07 Removed Adobe Community Help
14-01-2014 10:22:56 Software Distribution Service 3.0
15-01-2014 06:52:48 Software Distribution Service 3.0
25-01-2014 17:24:37 System Checkpoint
27-01-2014 12:24:01 System Checkpoint
28-01-2014 15:06:06 System Checkpoint
==================== Hosts content: ==========================
2001-08-23 13:00 - 2013-11-16 08:56 - 00450570 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PMTask.job => C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
==================== Loaded Modules (whitelisted) =============
2012-09-03 14:19 - 2008-06-10 00:40 - 00045056 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2012-09-03 14:19 - 2008-06-10 00:40 - 00094208 ____N () C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
2001-08-23 13:00 - 2008-04-14 04:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
Name: Atmel TPM
Description: Atmel TPM
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Atmel Corp
Service: atmeltpm
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (02/03/2014 05:48:39 PM) (Source: Application Hang) (User: )
Description: Hanging application SDUpdate.exe, version 1.6.0.12, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (02/03/2014 05:48:37 PM) (Source: Application Hang) (User: )
Description: Hanging application SDUpdate.exe, version 1.6.0.12, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (02/03/2014 05:27:58 AM) (Source: Application Hang) (User: )
Description: Hanging application T-Mobile Internet Manager.exe, version 1.0.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (02/02/2014 03:59:35 AM) (Source: Application Hang) (User: )
Description: Hanging application TeaTimer.exe, version 1.6.6.32, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/27/2014 01:00:25 PM) (Source: Application Hang) (User: )
Description: Fault bucket -287931297.
Error: (01/27/2014 00:58:28 PM) (Source: Application Hang) (User: )
Description: Fault bucket -287931297.
Error: (01/27/2014 00:58:28 PM) (Source: Application Hang) (User: )
Description: Fault bucket -287931297.
Error: (01/27/2014 00:58:28 PM) (Source: Application Hang) (User: )
Description: Fault bucket -287931297.
Error: (01/27/2014 00:56:47 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 26.0.0.5087, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/27/2014 00:56:43 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 26.0.0.5087, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System errors:
=============
Error: (02/03/2014 06:10:39 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BMLoad
Error: (02/03/2014 06:10:34 PM) (Source: Service Control Manager) (User: )
Description: The Eset Nod32 Boot service failed to start due to the following error:
%%1053
Error: (02/03/2014 06:10:34 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service to connect.
Error: (02/03/2014 06:10:34 PM) (Source: Service Control Manager) (User: )
Description: The adfs service failed to start due to the following error:
%%2
Error: (02/03/2014 06:10:34 PM) (Source: Service Control Manager) (User: )
Description: The Acronis Scheduler2 Service service failed to start due to the following error:
%%2
Error: (02/03/2014 05:47:10 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BMLoad
Error: (02/03/2014 05:47:07 PM) (Source: Service Control Manager) (User: )
Description: The Eset Nod32 Boot service failed to start due to the following error:
%%1053
Error: (02/03/2014 05:47:07 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service to connect.
Error: (02/03/2014 05:47:07 PM) (Source: Service Control Manager) (User: )
Description: The adfs service failed to start due to the following error:
%%2
Error: (02/03/2014 05:47:07 PM) (Source: Service Control Manager) (User: )
Description: The Acronis Scheduler2 Service service failed to start due to the following error:
%%2
Microsoft Office Sessions:
=========================
Error: (02/03/2014 05:48:39 PM) (Source: Application Hang)(User: )
Description: SDUpdate.exe1.6.0.12hungapp0.0.0.000000000
Error: (02/03/2014 05:48:37 PM) (Source: Application Hang)(User: )
Description: SDUpdate.exe1.6.0.12hungapp0.0.0.000000000
Error: (02/03/2014 05:27:58 AM) (Source: Application Hang)(User: )
Description: T-Mobile Internet Manager.exe1.0.0.1hungapp0.0.0.000000000
Error: (02/02/2014 03:59:35 AM) (Source: Application Hang)(User: )
Description: TeaTimer.exe1.6.6.32hungapp0.0.0.000000000
Error: (01/27/2014 01:00:25 PM) (Source: Application Hang)(User: )
Description: -287931297
Error: (01/27/2014 00:58:28 PM) (Source: Application Hang)(User: )
Description: -287931297
Error: (01/27/2014 00:58:28 PM) (Source: Application Hang)(User: )
Description: -287931297
Error: (01/27/2014 00:58:28 PM) (Source: Application Hang)(User: )
Description: -287931297
Error: (01/27/2014 00:56:47 PM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.5087hungapp0.0.0.000000000
Error: (01/27/2014 00:56:43 PM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.5087hungapp0.0.0.000000000
==================== Memory info ===========================
Percentage of memory in use: 66%
Total physical RAM: 1014.36 MB
Available physical RAM: 339.43 MB
Total Pagefile: 2440.39 MB
Available Pagefile: 1592.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.61 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.53 GB) (Free:29.45 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (T-Mobile) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: ED1F86F7)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)
==================== End Of Log ============================
At this point there is a new point of suspicion: when I tryed to turn off Tea timer in Residnent, computer needed about 15 min to write all of the reports! As I know there is no Windows Remote Assistance, LogMeIn or Team Viewer softwere at my computer. I made Registry Backup.
Thank You!
You may want to print or write these directions as you will disconnect from the internet for a while -
1. Very important: First disconnect your computer from the internet. (Log Off)
2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
If you don't connect through a router directly then skip that procedure.
3. Reset the IP/DNS settings of your interent connection:
Go to Start -> Control Panel -> Double click on Network Connections.
Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
Select the General tab.
Double click on Internet Protocol (TCP/IP).
?Under General tab:
Select "Obtain an IP address automatically".
Select "Obtain DNS server address automatically".
Click OK twice to save the settings.
Reboot if you had to change any setting.
4. Flush the DNS cache:
Click the Start logo in the bottom left corner of the screen
Click on Run or press Windows Logo+R
In the command window copy/paste the following (one at a time):
ipconfig /flushdns
netsh winsock reset
Then hit enter.
Exit the command window.
5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet
=========================================================================
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
SearchScopes: HKCU - {5C849736-A737-41C7-9417-AC8AC9ECB4BC} URL = http://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=
^NY&apn_dtid=^YYYYYY^YY^HR&apn_uid=5B5A2D92-F086-462D-8BC3-25E856EAB4ED&apn_sauid=CF46E331-AE1B-48C1-B15E-F4FD0804274C
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
FF user.js: detected! => C:\Documents and Settings\bojan\Application Data\Mozilla\Firefox\Profiles\qdmnz9fc.default-1375427076500\user.js
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
~~~~~~~~~~~~~~~~~~~~~`
Malwarebytes Anti-Rootkit
1.Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.
If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.
bojanator
2014-02-04, 10:30
You may want to print or write these directions as you will disconnect from the internet for a while -
1. Very important: First disconnect your computer from the internet. (Log Off)
2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
If you don't connect through a router directly then skip that procedure.
3. Reset the IP/DNS settings of your interent connection:
Go to Start -> Control Panel -> Double click on Network Connections.
Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
Select the General tab.
Double click on Internet Protocol (TCP/IP).
?Under General tab:
Select "Obtain an IP address automatically".
Select "Obtain DNS server address automatically".
Click OK twice to save the settings.
Reboot if you had to change any setting.
4. Flush the DNS cache:
Click the Start logo in the bottom left corner of the screen
Click on Run or press Windows Logo+R
In the command window copy/paste the following (one at a time):
ipconfig /flushdns
netsh winsock reset
Then hit enter.
Exit the command window.
5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet
=========================================================================
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
~~~~~~~~~~~~~~~~~~~~~`
Malwarebytes Anti-Rootkit
1.Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.
If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.
Ok. I did it.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2014 03
Ran by bojan at 2014-02-04 09:55:35 Run:1
Running from C:\Documents and Settings\bojan\My Documents\Alati Spy-boota
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
SearchScopes: HKCU - {5C849736-A737-41C7-9417-AC8AC9ECB4BC} URL = http://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=
^NY&apn_dtid=^YYYYYY^YY^HR&apn_uid=5B5A2D92-F086-462D-8BC3-25E856EAB4ED&apn_sauid=CF46E331-AE1B-48C1-B15E-F4FD0804274C
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
FF user.js: detected! => C:\Documents and Settings\bojan\Application Data\Mozilla\Firefox\Profiles\qdmnz9fc.default-1375427076500\user.js
end
*****************
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5C849736-A737-41C7-9417-AC8AC9ECB4BC} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C849736-A737-41C7-9417-AC8AC9ECB4BC} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
C:\Documents and Settings\bojan\Application Data\Mozilla\Firefox\Profiles\qdmnz9fc.default-1375427076500\user.js => Moved successfully.
==== End of Fixlog ====
No malwere found by Malwarebytes Anti-Rootkit.
At this point I can't Verify that my system is now functioning normally. I will chek in use and I'll be back with news for 12 hours.
Thanks for the effort!
No malwere found by Malwarebytes Anti-Rootkit.
this is good.
At this point I can't Verify that my system is now functioning normally. I will chek in use and I'll be back with news for 12 hours.
:bigthumb:
bojanator
2014-02-05, 07:15
this is good.
:bigthumb:
Well, this is it. I can't see extra traffic now. So, we are DONE!:bigthumb: (though I have no idea what we done).
:thanks: J.!!!
Bojan
oh goodie goodie goodie!
I got no idea either other then we flushed out and Reset the IP/DNS settings of your interent connection:
At this time I think it a good idea to clean out your host files
Blocking Unwanted Connections with a Hosts File
http://winhelp2002.mvps.org/hosts.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
start
DeleteQuarantine:
end
~~~~~~~~~~~~~~~~~~~~~~~~~
Download and Run OTC
We will now remove the tools we used during this fix using OTC.
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) by OldTimer and save it to your desktop.
Double click http://i517.photobucket.com/albums/u338/Eextremeboy/OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
Then Click the big http://i517.photobucket.com/albums/u338/Eextremeboy/CleanUp.jpg button.
You will get a prompt saying "Being Cleanup Process". Please select Yes.
Restart your computer when prompted.
Any other tools we used with remaining files and folders simply delete.
**********
Your good to go, good job!
Please take the time to read over a few of my preventive tips.
Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Be prepared for CryptoLocker:
Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.
Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.
AdblockPlus
AdblockPlus, Surf the web without annoying ads![/*]
Blocks banners, pop-ups and video ads - even on Facebook and YouTube[/*]
Protects your online privacy[/*]
Two-click installation, It's free![/*]
click the icon that corresponds to your browser and download.[/*]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Green should be good to go
Yellow for caution
Red to stop
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null)))
Avoid P2P
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
Please read these short reports on the dangers of peer-2-peer programs and file sharing.
FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
File sharing infects 500,000 computers (http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computers)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)[/*]
*********************************************
Please read the following safe computing articles..
Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)
Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/
bojanator
2014-02-05, 19:24
oh goodie goodie goodie!
I got no idea either other then we flushed out and Reset the IP/DNS settings of your interent connection:
At this time I think it a good idea to clean out your host files
Blocking Unwanted Connections with a Hosts File
http://winhelp2002.mvps.org/hosts.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
~~~~~~~~~~~~~~~~~~~~~~~~~
Download and Run OTC
We will now remove the tools we used during this fix using OTC.
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) by OldTimer and save it to your desktop.
Double click http://i517.photobucket.com/albums/u338/Eextremeboy/OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
Then Click the big http://i517.photobucket.com/albums/u338/Eextremeboy/CleanUp.jpg button.
You will get a prompt saying "Being Cleanup Process". Please select Yes.
Restart your computer when prompted.
Any other tools we used with remaining files and folders simply delete.
**********
Your good to go, good job!
Please take the time to read over a few of my preventive tips.
Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Be prepared for CryptoLocker:
Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.
Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.
AdblockPlus
AdblockPlus, Surf the web without annoying ads![/*]
Blocks banners, pop-ups and video ads - even on Facebook and YouTube[/*]
Protects your online privacy[/*]
Two-click installation, It's free![/*]
click the icon that corresponds to your browser and download.[/*]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Green should be good to go
Yellow for caution
Red to stop
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null)))
Avoid P2P
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
Please read these short reports on the dangers of peer-2-peer programs and file sharing.
FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
File sharing infects 500,000 computers (http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computers)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)[/*]
*********************************************
Please read the following safe computing articles..
Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)
Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/
Thanks again!
And many thanks for usefull information. I was just about to ask You what to do with all of this softwere we used...
:greeting:
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.