new logs
combofix log:
ComboFix 11-06-06.06 - mojem 06/07/2011 16:30:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.666 [GMT 3:00]
Running from: C:\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Thumbs.db
.
----- BITS: Possible infected sites -----
.
hxxp://ROT2SMS03:80
.
((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-07 09:42 . 2011-06-07 09:42 -------- d-----w- c:\documents and settings\mojem\Application Data\smkits
2011-06-07 09:12 . 2011-06-07 09:12 -------- d-----w- c:\documents and settings\mojem\Local Settings\Application Data\LogMeIn
2011-06-07 08:25 . 2011-06-07 08:25 388096 ----a-r- c:\documents and settings\mojem\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-07 08:25 . 2011-06-07 08:25 -------- d-----w- c:\program files\Hijckthis
2011-06-07 07:58 . 2011-06-07 07:58 -------- d-----w- c:\documents and settings\mojem\Application Data\Malwarebytes
2011-06-07 07:58 . 2011-05-29 06:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-07 07:58 . 2011-06-07 07:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-07 07:58 . 2011-06-07 07:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-07 07:58 . 2011-05-29 06:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-06 07:21 . 2007-04-03 11:59 23176 ----a-r- c:\windows\system32\drivers\s616nd5.sys
2011-06-06 07:21 . 2007-04-03 11:59 99080 ----a-r- c:\windows\system32\drivers\s616unic.sys
2011-06-06 07:21 . 2007-04-03 11:59 11016 ----a-r- c:\windows\system32\drivers\s616cr.sys
2011-06-06 07:21 . 2007-04-03 11:59 100360 ----a-r- c:\windows\system32\drivers\s616mgmt.sys
2011-06-06 07:21 . 2007-04-03 11:59 98568 ----a-r- c:\windows\system32\drivers\s616obex.sys
2011-06-06 07:21 . 2007-04-03 11:59 108680 ----a-r- c:\windows\system32\drivers\s616mdm.sys
2011-06-06 07:21 . 2007-04-03 11:59 15112 ----a-r- c:\windows\system32\drivers\s616mdfl.sys
2011-06-06 07:21 . 2007-04-03 11:59 12424 ----a-r- c:\windows\system32\drivers\s616cmnt.sys
2011-06-06 07:21 . 2007-04-03 11:59 12424 ----a-r- c:\windows\system32\drivers\s616cm.sys
2011-06-06 07:21 . 2007-04-03 11:59 12424 ----a-r- c:\windows\system32\drivers\s616whnt.sys
2011-06-06 07:21 . 2007-04-03 11:59 12424 ----a-r- c:\windows\system32\drivers\s616wh.sys
2011-06-06 07:21 . 2007-04-03 11:59 83208 ----a-r- c:\windows\system32\drivers\s616bus.sys
2011-05-18 06:38 . 2011-05-18 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2011-05-10 06:37 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-10 06:37 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-10 06:37 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-10 06:37 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-10 06:37 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-10 06:37 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-10 06:37 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-10 06:37 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-10 06:30 . 2011-05-10 06:34 12521992 ----a-w- C:\Firefox Setup 4.0.1.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 12:48 . 2011-05-24 12:46 8234862 ----a-w- C:\copii.zip
2011-03-15 06:53 . 2011-03-15 06:53 112832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2011-02-23 05:26 . 2011-02-23 05:26 288568 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-04-14 16:26 . 2011-05-10 06:37 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTIM.exe"="c:\program files\WebEx\Productivity Tools\PTIM.exe" [2011-03-30 336184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1036288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-22 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"support"="c:\program files\Common Files\support\s.bat" [2010-11-22 0]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
Lotus Quickr Monitor.lnk - c:\program files\IBM\Lotus Quickr connectors\DIMon.exe [2009-1-27 470152]
.
c:\documents and settings\mojem\Start Menu\Programs\Startup\
DeskPins.lnk - c:\program files\DeskPins\DeskPins.exe [2004-5-2 62464]
Shortcut to Wlipper.lnk - c:\mojem\kits\Wlipper.exe [2010-10-29 79360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CheckPoint\\Session Authentication Agent\\5.0\\fwsession.exe"=
"c:\\Lotus\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.j2se.win32.x86_1.6.0.20081029a-200812291355\\jre\\bin\\notes2w.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/7/2011 10:58 AM 366640]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/8/2007 5:48 AM 116664]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/12/2011 6:48 PM 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/7/2011 10:58 AM 22712]
S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [11/27/2007 7:22 PM 10880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 Manager;Manager;c:\program files\Manager.exe [10/20/2010 9:04 AM 31184]
S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [9/21/2010 7:45 AM 423576]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [10/1/2006 3:37 PM 26624]
S3 TestController;Test Controller;c:\program files\testController.exe [10/20/2010 9:04 AM 157144]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Checkpoint]
2004-11-11 07:42 132707 ----a-w- c:\program files\CheckPoint\Session Authentication Agent\5.0\checkpoint_executable.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Quicktime]
2008-05-18 23:57 95744 ----a-w- c:\windows\system32\msiexec.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://i4.tsacorp.com/homepage.asp
uInternet Settings,ProxyOverride = *.local
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
LSP: c:\progra~1\WHALEC~1\CLIENT~1\31265D~1.0\WhlLSP.dll
TCP: DhcpNameServer = 172.22.14.18 172.23.66.71
DPF: {5E3E59C4-7847-11D0-9081-0080C76A0985} - hxxps://i4.tsacorp.com/Common/activex/iptdimagecontrol.cab
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
DPF: {CAFECAFE-0013-0001-0030-ABCDEFABCDEF}
FF - ProfilePath - c:\documents and settings\mojem\Application Data\Mozilla\Firefox\Profiles\pd14r8hd.default\
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-wxPython2.8-ansi-py27_is1 - c:\work\Python27\Lib\site-packages\wx-2.8-msw-ansi\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-06-07 16:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(748)
c:\progra~1\WHALEC~1\CLIENT~1\31265D~1.0\WhlNSP.dll
.
Completion time: 2011-06-07 16:40:39
ComboFix-quarantined-files.txt 2011-06-07 13:40
.
Pre-Run: 21,860,237,312 bytes free
Post-Run: 22,084,165,632 bytes free
.
- - End Of File - - 287542A23710A2EF9A704641CA7EF171
hijack log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:44:43 PM, on 6/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Lotus\Notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DeskPins\DeskPins.exe
C:\mojem\kits\Wlipper.exe
C:\mojem\kits\net\putty.exe
C:\totalcmd\TOTALCMD.EXE
C:\mojem\fx\mt4\terminal.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Lotus\Notes\NLNOTES.EXE
C:\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.1.2.200808010926\win32\x86\eclipse.exe
C:\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20081029a-200812291355\jre\bin\notes2w.exe
C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
C:\Lotus\Notes\ntaskldr.EXE
C:\Program Files\Hijckthis\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://i4.tsacorp.com/homepage.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll
O3 - Toolbar: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [support] "c:\Program Files\Common Files\support\s.bat"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe
O4 - S-1-5-18 Startup: Lotus Quickr Monitor.lnk = C:\Program Files\IBM\Lotus Quickr connectors\DIMon.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Lotus Quickr Monitor.lnk = C:\Program Files\IBM\Lotus Quickr connectors\DIMon.exe (User 'Default user')
O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
O4 - Startup: Shortcut to Wlipper.lnk = C:\mojem\kits\Wlipper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\work\jre6\jre\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\work\jre6\jre\bin\jp2iexp.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) -
http://quickr.tsacorp.com/qp2.cab
O16 - DPF: {5E3E59C4-7847-11D0-9081-0080C76A0985} (IPTDImageControl.SImage) -
https://i4.tsacorp.com/Common/activex/iptdimagecontrol.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1214935205578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1285052103780
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) -
O16 - DPF: {CAFECAFE-0013-0001-0030-ABCDEFABCDEF} (JInitiator 1.3.1.30) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) -
https://i4.tsacorp.com/common/activex/ikcntrls.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eu.tsacorp.com
O17 - HKLM\Software\..\Telephony: DomainName = eu.tsacorp.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eu.tsacorp.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eu.tsacorp.com
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASMAgent - Dell|ASAP Software - C:\Program Files\Asset Services Management\ASMAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\work\jre6\bin\jqs.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 8719 bytes
The computer works fine