Computer Security & Viruses/Computer infected with Trojans

Advertisement

Expert: - 2/21/2011


Question
QUESTION: Dear Brian,

Appreciate your kindly help to remove the trojans found in my computer.

The Antivirus programs which I am using now are AD-Aware, Symantec Antivirus.

Here is the Log file from Hijack this program:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:29:13 PM, on 2011-02-17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32ibmpmsvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesThinkPadBluetooth Softwareintwdins.exe
C:Program FilesIntelWiFiinS24EvMon.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesSymantec Client SecuritySymantec Client FirewallISSVC.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesIBMPersonal CommunicationsPCS_AGNT.EXE
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1SYMANT~2SYMANT~2VPTray.exe
C:Program FilesIBMPersonal Communications   pam.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32
undll32.exe
C:WINDOWSsystem32TpShocks.exe
C:WINDOWSsystem32
undll32.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesLenovoNPDIRECTTPFNF7SP.exe
C:WINDOWSsystem32igfxsrvc.exe
C:Program FilesLenovoHOTKEYTPOSDSVC.exe
C:Program FilesThinkPadConnectUtilitiesACTray.exe
C:Program FilesLenovoHOTKEYTPONSCR.exe
C:Program FilesLenovoZoomTpScrex.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesThinkPadConnectUtilitiesACWLIcon.exe
C:Program FilesIBMMy Helppluginscom.ibm.myhelp.common_1.4.19pmonmh.exe
C:Program FilesC4ebregisamtray.exe
C:Program FilesCommon FilesAdobeARM.0AdobeARM.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesIBMLotusSymphony rameworksharedeclipsepluginscom.ibm.productivity.tools.base.app.win32_3.5.0.20090417-1727soffice.exe
C:Program FilesThinkPadBluetooth SoftwareBTTray.exe
C:Program FilesIBMInfoprint Selectipnotify.exe
C:PROGRA~1ThinkPadBLUETO~1BTSTAC~1.EXE
C:WINDOWSsystem32Drivers   rcboot.exe
C:Program FilesThinkPadConnectUtilitiesAcPrfMgrSvc.exe
C:Program FilesSymantec Client SecuritySymantec AntiVirusDefWatch.exe
C:Program FilesIntelWiFiinEvtEng.exe
C:Program FilesC4ebregc4ebreg.exe
c:sdworkissimsvc.exe
C:Program FilesIBMJava60jreinjqs.exe
C:Notes
sd.exe
C:Notes
tmulti.exe
C:Program FilesAT&T Network ClientNetCfgSv.EXE
C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
c:Program FilesSymantec Client SecuritySymantec AntiVirusSavRoam.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:Program FilesSymantec Client SecuritySymantec AntiVirusRtvscan.exe
C:Program FilesSymantec Client SecuritySymantec Client FirewallSymSPort.exe
C:WINDOWSSystem32TPHDEXLG.exe
C:WINDOWSsystem32TpKmpSVC.exe
C:Program FilesThinkPadUtilitiesPWMDBSVC.EXE
C:WINDOWSsystem32Driversldlcserv.exe
C:WINDOWSsystem32Driversldlcserv6.exe
C:Program FilesThinkPadConnectUtilitiesAcSvc.exe
C:Program FilesThinkPadConnectUtilitiesSvcGuiHlpr.exe
C:Program FilesIBMMy HelpMyHelp.exe
C:Program FilesIBMMy Helpjreinmyhelpw.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-AwareAAWService.exe
C:Program FilesLavasoftAd-AwareAAWTray.exe
c:sdworkissimgui.exe
c:sdworkw32maing.exe
C:WINDOWSsystem32msiexec.exe
C:Program FilesTrend MicroHiJackThisHiJackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.live.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://w3.ibm.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://w3.ibm.com/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = ;<local>
O1 - Hosts: 213.39.74.190 jobs3.netmedia1.com
O1 - Hosts: 213.39.74.190 jobs2.netmedia1.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:Program FilesTechSmithSnagIt 7SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesIBMJava60jreinssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesIBMJava60jreinjp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program FilesWindows LiveToolbarwltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesIBMJava60jrelibdeployjqsiejqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:Program FilesTechSmithSnagIt 7SnagItIEAddin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [ISAM SMT Service] "C:Program FilesC4ebregisamsmt.exe"
O4 - HKLM..Run: [stgclean] c:sdworkw32main2.exe /cleanup
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [vptray] C:PROGRA~1SYMANT~2SYMANT~2VPTray.exe
O4 - HKLM..Run: [Tpam.exe] "C:Program FilesIBMPersonal Communications   pam.exe"
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [TpShocks] TpShocks.exe
O4 - HKLM..Run: [PWRMGRTR] rundll32 C:PROGRA~1ThinkPadUTILIT~1PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM..Run: [BLOG] rundll32 C:PROGRA~1ThinkPadUTILIT~1BatLogEx.DLL,StartBattLog
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [TPFNF7] C:Program FilesLenovoNPDIRECTTPFNF7SP.exe /r
O4 - HKLM..Run: [TPHOTKEY] C:Program FilesLenovoHOTKEYTPOSDSVC.exe
O4 - HKLM..Run: [TPKMAPHELPER] C:Program FilesThinkPadUtilitiesTpKmapAp.exe -helper
O4 - HKLM..Run: [ACTray] C:Program FilesThinkPadConnectUtilitiesACTray.exe
O4 - HKLM..Run: [ACWLIcon] C:Program FilesThinkPadConnectUtilitiesACWLIcon.exe
O4 - HKLM..Run: [GSW] C:Program FilesIBMMy HelpGSWGSW.exe
O4 - HKLM..Run: [MyHelpService] C:Program FilesIBMMy HelpworkspaceservicedelayStart.exe
O4 - HKLM..Run: [pmonmh] C:Program FilesIBMMy Helpplugins\com.ibm.myhelp.common_1.4.19/pmonmh.exe
O4 - HKLM..Run: [PSQLLauncher] "C:Program FilesThinkvantage Fingerprint Softwarelauncher.exe" /startup
O4 - HKLM..Run: [C4EBReg] "C:Program FilesC4ebregc4ebreg.exe" /q
O4 - HKLM..Run: [Isamtray] "C:Program FilesC4ebregisamtray.exe"
O4 - HKLM..Run: [osprun] C:sdworkosprun.exe
O4 - HKLM..Run: [RescueRecoverySetPW] c:sdworkRescue&RecoverySetPW.lnk
O4 - HKLM..Run: [ISSI Service] "c:sdworkissimsvc.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program FilesCommon FilesAdobeARM.0AdobeARM.exe"
O4 - HKLM..Run: [SODCPreLoad] C:Program FilesIBMLotusSymphony rameworksharedeclipsepluginscom.ibm.productivity.tools.base.app.win32_3.5.0.20090417-1727preload.exe C:PROGRA~1IBMLotusSymphonydata.sodc\r
O4 - HKLM..Run: [Boots] "c:sdworkw32boots.exe"
O4 - HKCU..Run: [NetSP - restore settings on power failure] "C:Program FilesAT&T Network ClientNetSP.exe" -show
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [Google Update] "C:Documents and SettingsAdministratorLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe" /c
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Infoprint Select Notification.lnk = C:Program FilesIBMInfoprint Selectipnotify.exe
O4 - Global Startup: SnagIt 7.lnk = C:Program FilesTechSmithSnagIt 7SnagIt32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:Program FilesThinkPadBluetooth Softwaretsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:Program FilesThinkPadBluetooth Softwaretsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesThinkPadBluetooth Softwaretsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesThinkPadBluetooth Softwaretsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.6.0) - http://
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java2 Runtime Environment 1.6.0) - http://
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.6.0) - http://
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java2 Runtime Environment 1.6.0) - http://
O17 - HKLMSystemCCSServicesTcpipParameters: Domain = my.ibm.com
O17 - HKLMSoftware..Telephony: DomainName = my.ibm.com
O17 - HKLMSystemCCSServicesTcpip..{C800DBB0-AC62-4DF5-84D8-E9EFE421BFB5}: Domain = my.ibm.com
O17 - HKLMSystemCS1ServicesTcpipParameters: Domain = my.ibm.com
O17 - HKLMSystemCS1ServicesTcpipParameters: SearchList = my.ibm.com,ibm.com
O17 - HKLMSystemCS2ServicesTcpipParameters: Domain = my.ibm.com
O17 - HKLMSystemCS2ServicesTcpipParameters: SearchList = my.ibm.com,ibm.com
O17 - HKLMSystemCCSServicesTcpipParameters: SearchList = my.ibm.com,ibm.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32rowseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32rowseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:Program FilesThinkPadConnectUtilitiesAcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:Program FilesThinkPadConnectUtilitiesAcSvc.exe
O23 - Service: AppnNode - IBM Corporation - C:WINDOWSsystem32Driversappnnode.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:Program FilesThinkPadBluetooth Softwareintwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: csrcmds - IBM Corporation - C:Program FilesIBMPersonal Communicationscsrcmds.exe
O23 - Service: IBM Command Line Trace (cstrcser) - IBM Corporation - C:WINDOWSsystem32driverscstrcser.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:Program FilesSymantec Client SecuritySymantec AntiVirusDefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:Program FilesIntelWiFiinEvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:WINDOWSsystem32ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriverM0Intel 32IDriverT.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:Program FilesC4ebregisamsmt.exe (file missing)
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:Program FilesC4ebregc4ebreg.exe
O23 - Service: ISSI (ISSIMon) - IBM Corp. - c:sdworkissimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:Program FilesSymantec Client SecuritySymantec Client FirewallISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - IBM - C:Program FilesIBMJava60jreinjqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:Program FilesLavasoftAd-AwareAAWService.exe
O23 - Service: IBM Enterprise Extender (IPv4) (ldlcserv) - IBM Corporation - C:WINDOWSsystem32Driversldlcserv.exe
O23 - Service: IBM Enterprise Extender (IPv6) (ldlcserv6) - IBM Corporation - C:WINDOWSsystem32Driversldlcserv6.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Lotus Notes Diagnostics - IBM Corp - C:Notes
sd.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:Notes
tmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:Program FilesAT&T Network ClientNetCfgSv.EXE
O23 - Service: Power Manager DBC Service - Unknown owner - C:Program FilesThinkPadUtilitiesPWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:Program FilesIntelWiFiinS24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:Program FilesSymantec Client SecuritySymantec AntiVirusSavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:Program FilesSymantec Client SecuritySymantec AntiVirusRtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:Program FilesSymantec Client SecuritySymantec Client FirewallSymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:WINDOWSSystem32TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:WINDOWSsystem32TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:WINDOWSsystem32Drivers   rcboot.exe

--
End of file - 17067 bytes


Thank you very much for your kind help and have a pleasant day!

Clarence

ANSWER: Hi Clarence

I'd be happy to help you out here.  Please restart the computer while tapping the F8 button continuously until a menu screen appears.  Choose to Boot Windows into Safe Mode With Networking.  Once in safe mode, open a browser and download Malwarebytes' Anti-Malware to your desktop from here:

http://fileforum.betanews.com/download/Malwarebytes-AntiMalware/1186760019/1

Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end of the install, Malwarebytes will perform an update to it's definitions.
* Once the program has loaded, select Full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* Reboot the computer normally.
* When completed, a log will open in Notepad.  Please save it to your desktop.
* Copy and paste that log to me in a follow-up, along with a new HJT log scan.

Brian

---------- FOLLOW-UP ----------

QUESTION: Dear Brian,

Thank you very much for your advices. Here is the results:

Malwarebytes scan result:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

2011-02-21 8:51:00 AM
mbam-log-2011-02-21 (08-51-00).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 253580
Time elapsed: 30 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Hijack This Log file

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:06:23 PM, on 2011-02-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.4.19\pmonmh.exe
C:\Program Files\C4ebreg\isamtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090417-1727\soffice.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\IBM\Infoprint Select\ipnotify.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\C4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\IBM\Java60\jre\bin\jqs.exe
C:\Notes\nsd.exe
C:\Notes\ntmulti.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\WINDOWS\system32\Drivers\ldlcserv6.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\IBM\My Help\MyHelp.exe
C:\Program Files\IBM\My Help\jre\bin\myhelpw.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O1 - Hosts: 213.39.74.190 jobs3.netmedia1.com
O1 - Hosts: 213.39.74.190 jobs2.netmedia1.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java60\jre\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [GSW] C:\Program Files\IBM\My Help\GSW\GSW.exe
O4 - HKLM\..\Run: [MyHelpService] C:\Program Files\IBM\My Help\workspace\service\delayStart.exe
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.19/pmonmh.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [Isamtray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [osprun] C:\sdwork\osprun.exe
O4 - HKLM\..\Run: [RescueRecoverySetPW] c:\sdwork\Rescue&RecoverySetPW.lnk
O4 - HKLM\..\Run: [ISSI Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090417-1727\preload.exe C:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.6.0) - http://
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java2 Runtime Environment 1.6.0) - http://
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.6.0) - http://
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java2 Runtime Environment 1.6.0) - http://
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = my.ibm.com
O17 - HKLM\Software\..\Telephony: DomainName = my.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{C800DBB0-AC62-4DF5-84D8-E9EFE421BFB5}: Domain = my.ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = my.ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = my.ibm.com,ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = my.ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = my.ibm.com,ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = my.ibm.com,ibm.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: csrcmds - IBM Corporation - C:\Program Files\IBM\Personal Communications\csrcmds.exe
O23 - Service: IBM Command Line Trace (cstrcser) - IBM Corporation - C:\WINDOWS\system32\drivers\cstrcser.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - IBM - C:\Program Files\IBM\Java60\jre\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: IBM Enterprise Extender (IPv4) (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: IBM Enterprise Extender (IPv6) (ldlcserv6) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv6.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Notes Diagnostics - IBM Corp - C:\Notes\nsd.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Network Client\NetCfgSv.EXE
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe

--
End of file - 17375 bytes


Thank you very much and looking forward your reply.

Clarence

Answer
Hi Clarence

Those three registry detections by MBAM are probably not actually malware.  They indicate that your Security Center's settings were changed.  If you have manually disabled any component of your Windows Security Center (such as the Windows Firewall or told Windows not to alert you when your anti-virus updater is not functional),  MBAM will detect it.  If you have previously removed malware which disabled your Security Center, this could also be the reason for the detection.
Regardless, there are no other instances of malware showing up in your HJT log.  However , there are a few entries which need fixing.  Open HJT and and click to do a Scan Only.  Place a check mark in the box next to the following entry.  Close any open browser windows, then click the Fix Checked button.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Also, if you do not recognize the following Host Files, I recommend fixing those as well:

O1 - Hosts: 213.39.74.190 jobs3.netmedia1.com
O1 - Hosts: 213.39.74.190 jobs2.netmedia1.com

After fixing close HJT and restart the computer.  If you are then experiencing further PC issues, just let me know.  Cheers!

Brian

Computer Security & Viruses

All Answers

Answers by Expert:

Ask Experts

Volunteer

Brian Benosky

Expertise

I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.

Experience

I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here: http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm I am also a Top Contributor of General Computing answers in Yahoo! Questions.

Education/Credentials
College Educated Self-taught Computer Skills

©2012 About.com, a part of The New York Times Company. All rights reserved.