|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
||||
|
||||
Generic Host Process for Win32 Services has encountered a problem and needs to close.
So I've been having some issues with my PC recently that are very frustrtating. My browser would randomly go to different websites. Or clicking on a link goes somewhere else than it says. I ran Malwarebytes' Anti-Malware thinking that would fix my problem because it has in the past. But no luck. I am also getting this popup from Windows:
"Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience." And I get the option to send or don't send the report. Along with that another message keeps popping up. I havent copied that down yet but it says something about not being able to read something because the value is 0.000000000 (i dont know the # of zeroes). So I came here hoping to find help. Thank you in advance. Here is a copy of my HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:51:11 PM, on 10/2/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Motorola\MotoConnectService\MotoConnectServi ce.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\Xobni\XobniService.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\WINDOWS\system32\acs.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\TpScrLk.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE C:\Program Files\Post-It Lite\PsnLite.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\PROGRA~1\POST-I~1\PSNGive.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://examinee.nbme.org/cas/exam R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPw rMonitor O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAuto nomicMonitor O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBa ttLog O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Virtual PDF Printer] C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user') O4 - Startup: iTunes.lnk = ? O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\Post-It Lite\PsnLite.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095260140286 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153411302365 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} (TSBnwCam Control) - http://clighthouse.dyndns.org/user/TSBnwCam.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O20 - Winlogon Notify: AfsLogon - C:\WINDOWS\SYSTEM32\afslogon.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32 \IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectServi ce.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: OpenAFS Client Service (TransarcAFSDaemon) - Unknown owner - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe -- End of file - 12250 bytes |
#2
|
||||
|
||||
Hello Chasers12
Do you try to install something on Bootup ? O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi (Microsoft Installer) The log looks clean, so letīs dig deeper. Please download DDS: Here If you are using Firefox, go to the toolbar and click File. Then go down to Save As & click. Then save it on the desktop. Save as dds.scr Save as Type : All files to your Desktop and doubleclick on DDs.scr to run it. If your security software includes script blocking features, please disable these before you run this utility. When the scan has finished, two logs will open. Copy and paste both reports in this topic. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. Before you provide them, we ask that you remove any P2P/file sharing programs if you have any, and this includes Torrent software, before we clean your computer. |
#3
|
||||
|
||||
I don't know of anything trying to install on bootup. That seems strange.
From the DDS file. DDS (Ver_10-03-17.01) - NTFSx86 Run by contic at 11:34:15.99 on Sun 10/03/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.459 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe svchost.exe svchost.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Motorola\MotoConnectService\MotoConnectServi ce.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe -k imgsvc c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\Xobni\XobniService.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\acs.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\TpScrLk.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Post-It Lite\PsnLite.exe C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\PROGRA~1\POST-I~1\PSNGive.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\contic\Local Settings\Temporary Internet Files\Content.IE5\B91UGFJO\dds[1].pif ============== Pseudo HJT Report =============== uStart Page = hxxp://examinee.nbme.org/cas/exam uInternet Connection Wizard,ShellNext = hxxp://www.java.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [IBM RecordNow!] mRun: [S3TRAY2] S3Tray2.exe mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [TpShocks] TpShocks.exe mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe mRun: [TP4EX] tp4ex.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPw rMonitor mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAuto nomicMonitor mRun: [BLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBa ttLog mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [Virtual PDF Printer] c:\program files\virtual pdf printer\VirtualPDFPrinter.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe " -t dRunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" dRunOnce: [supportdir] cmd /c "rmdir /q /s "c:\windows\temp\{7726CF62-7B45-4E6D-9266-615346816BCA}"" StartupFolder: c:\docume~1\contic\startm~1\programs\startup\itune s.lnk - c:\windows\installer\{a6fdf86a-f541-4e7b-aea0-8849a2a700d5}\iTunesIco.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pos t-i~1.lnk - c:\program files\post-it lite\PsnLite.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095260140286 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153411302365 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38159.3343865741 DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://clighthouse.dyndns.org/user/TSBnwCam.CAB Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: ACNotify - ACNotify.dll Notify: AfsLogon - afslogon.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll Notify: tpfnf2 - notifyf2.dll Notify: tphotkey - tphklock.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli ACGina Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\contic\applic~1\mozilla\firefox\profil es\201zzcji.default\ FF - prefs.js: browser.search.selectedEngine - Google Images FF - prefs.js: browser.startup.homepage - hxxps://amcmail.amc.edu/CookieAuth.dll?GetLogon?curl=Z2FowaZ2F&reason=0&fo rmdir=1 FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\contic\application data\mozilla\firefox\profiles\201zzcji.default\ext ensions\moveplayer@movenetworks.com\platform\winnt _x86-msvc\plugins\npmnqmp071303000004.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\windows\system32\dnaml\npdbplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); (continued in next post) |
#4
|
||||
|
||||
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-15 64288] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-9 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-9 29584] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-9 243024] R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2004-6-5 16384] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1356952] R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectServi ce.exe [2010-7-31 91456] R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-5-12 3968] R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-12-7 55016] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2010-7-31 6016] S3 cpuz130;cpuz130;\??\c:\docume~1\contic\locals~1\te mp\cpuz130\cpuz_x32.sys --> c:\docume~1\contic\locals~1\temp\cpuz130\cpuz_x32. sys [?] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-14 15008] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [2010-9-24 38224] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-7-31 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\dri vers\motccgpfl.sys [2010-7-31 8320] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-7-31 23424] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sy s [2010-7-31 9472] S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant .sys --> c:\windows\system32\vsdatant.sys [?] =============== Created Last 30 ================ 2010-09-24 04:01:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-24 04:01:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-23 00:15:54 0 d-----w- c:\program files\iPod 2010-09-23 00:15:50 0 d-----w- c:\program files\iTunes 2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts ==================== Find3M ==================== 2010-10-03 04:00:02 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe 2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll 2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-07-15 13:29:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-06 17:28:44 15880 ----a-w- c:\windows\system32\lsdelete.exe 2003-09-16 06:19:48 99544 ----a-w- c:\windows\inf\virprn.exe 2003-09-16 06:19:48 18950 ----a-w- c:\windows\inf\virpntd.dll 2003-09-16 06:19:48 10240 ----a-w- c:\windows\inf\virport.dll 2003-09-16 06:19:46 90624 ----a-w- c:\windows\inf\prtproc.dll 2008-09-07 23:45:47 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080 908\index.dat ============= FINISH: 11:36:24.97 =============== |
#5
|
||||
|
||||
From the Attach file.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2/26/2007 4:00:58 PM System Uptime: 10/3/2010 11:17:00 AM (0 hours ago) Motherboard: IBM | | 2373R01 Processor: Intel(R) Pentium(R) M processor 1.80GHz | None | 1794/400mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 75 GiB total, 12.097 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Intel(R) PRO/1000 MT Mobile Connection Device ID: PCI\VEN_8086&DEV_101E&SUBSYS_05491014&REV_03\4&39A 85202&0&08F0 Manufacturer: Intel Name: Intel(R) PRO/1000 MT Mobile Connection PNP Device ID: PCI\VEN_8086&DEV_101E&SUBSYS_05491014&REV_03\4&39A 85202&0&08F0 Service: E1000 Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318} Description: IBM Integrated 56K Modem Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_055A1014&REV_01\3&61A AA01&0&FE Manufacturer: CXT Name: IBM Integrated 56K Modem PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_055A1014&REV_01\3&61A AA01&0&FE Service: Modem ==== System Restore Points =================== RP1348: 7/5/2010 11:24:43 PM - System Checkpoint RP1349: 7/7/2010 12:52:27 AM - System Checkpoint RP1350: 7/8/2010 1:49:58 AM - System Checkpoint RP1351: 7/9/2010 1:54:20 AM - System Checkpoint RP1352: 7/10/2010 3:08:57 AM - System Checkpoint RP1353: 7/11/2010 3:13:24 AM - System Checkpoint RP1354: 7/12/2010 5:13:32 AM - System Checkpoint RP1355: 7/13/2010 7:24:37 AM - System Checkpoint RP1356: 7/14/2010 12:08:40 AM - Software Distribution Service 3.0 RP1357: 7/15/2010 12:18:37 AM - System Checkpoint RP1358: 7/15/2010 9:27:47 AM - Avg Update RP1359: 7/15/2010 9:29:58 AM - Avg Update RP1360: 7/16/2010 7:04:18 PM - System Checkpoint RP1361: 7/17/2010 8:50:05 PM - System Checkpoint RP1362: 7/18/2010 9:04:07 PM - System Checkpoint RP1363: 7/19/2010 11:16:15 PM - System Checkpoint RP1364: 7/21/2010 1:27:07 AM - System Checkpoint RP1365: 7/21/2010 8:38:48 AM - Avg Update RP1366: 7/22/2010 8:50:00 AM - System Checkpoint RP1367: 7/25/2010 5:57:56 PM - System Checkpoint RP1368: 7/26/2010 11:46:31 PM - System Checkpoint RP1369: 7/28/2010 12:48:17 AM - System Checkpoint RP1370: 7/29/2010 1:24:51 AM - System Checkpoint RP1371: 7/30/2010 1:26:16 AM - System Checkpoint RP1372: 7/31/2010 1:17:09 PM - System Checkpoint RP1373: 7/31/2010 11:26:58 PM - Installed Motorola Driver Installation 4.6.0 RP1374: 7/31/2010 11:28:05 PM - Installed Windows XP Wdf01007. RP1375: 8/2/2010 12:54:45 AM - System Checkpoint RP1376: 8/2/2010 9:58:45 PM - Software Distribution Service 3.0 RP1377: 8/3/2010 11:09:46 PM - System Checkpoint RP1378: 8/4/2010 11:25:33 PM - System Checkpoint RP1379: 8/5/2010 11:56:17 PM - System Checkpoint RP1380: 8/7/2010 12:34:26 AM - System Checkpoint RP1381: 8/8/2010 2:21:33 AM - System Checkpoint RP1382: 8/9/2010 4:21:32 AM - System Checkpoint RP1383: 8/10/2010 4:48:07 AM - System Checkpoint RP1384: 8/11/2010 6:21:39 AM - System Checkpoint RP1385: 8/11/2010 9:26:56 PM - Software Distribution Service 3.0 RP1386: 8/12/2010 11:55:57 PM - System Checkpoint RP1387: 8/14/2010 12:54:41 AM - System Checkpoint RP1388: 8/15/2010 12:54:53 AM - System Checkpoint RP1389: 8/16/2010 2:54:56 AM - System Checkpoint RP1390: 8/17/2010 3:13:54 AM - System Checkpoint RP1391: 8/18/2010 3:37:11 AM - System Checkpoint RP1392: 8/19/2010 4:46:21 AM - System Checkpoint RP1393: 8/20/2010 6:46:27 AM - System Checkpoint RP1394: 8/21/2010 8:46:28 AM - System Checkpoint RP1395: 8/22/2010 10:46:30 AM - System Checkpoint RP1396: 8/23/2010 12:46:34 PM - System Checkpoint RP1397: 8/24/2010 2:46:36 PM - System Checkpoint RP1398: 8/26/2010 1:09:46 AM - System Checkpoint RP1399: 8/27/2010 2:46:40 AM - System Checkpoint RP1400: 8/28/2010 3:16:11 AM - System Checkpoint RP1401: 8/29/2010 4:21:20 PM - System Checkpoint RP1402: 8/30/2010 5:37:08 PM - System Checkpoint RP1403: 8/31/2010 6:12:40 PM - System Checkpoint RP1404: 9/1/2010 7:04:41 PM - System Checkpoint RP1405: 9/3/2010 12:42:05 AM - System Checkpoint RP1406: 9/4/2010 1:02:43 AM - System Checkpoint RP1407: 9/5/2010 5:28:02 AM - System Checkpoint RP1408: 9/6/2010 7:10:49 AM - System Checkpoint RP1409: 9/7/2010 9:10:53 AM - System Checkpoint RP1410: 9/8/2010 12:58:43 PM - Avg Update RP1411: 9/9/2010 4:27:03 PM - System Checkpoint RP1412: 9/10/2010 4:52:32 PM - System Checkpoint RP1413: 9/11/2010 4:52:44 PM - System Checkpoint RP1414: 9/12/2010 8:19:10 PM - System Checkpoint RP1415: 9/14/2010 12:12:38 AM - System Checkpoint RP1416: 9/14/2010 8:27:06 PM - Software Distribution Service 3.0 RP1417: 9/15/2010 11:38:14 PM - System Checkpoint RP1418: 9/17/2010 12:49:51 AM - System Checkpoint RP1419: 9/18/2010 3:59:02 AM - System Checkpoint RP1420: 9/19/2010 11:47:09 PM - System Checkpoint RP1421: 9/21/2010 12:08:28 AM - System Checkpoint RP1422: 9/22/2010 1:14:51 AM - System Checkpoint RP1423: 9/23/2010 2:08:38 AM - System Checkpoint RP1424: 9/23/2010 2:19:02 PM - Avg Update RP1425: 9/23/2010 2:20:26 PM - Avg Update RP1426: 9/25/2010 1:46:25 AM - System Checkpoint RP1427: 9/26/2010 3:46:26 PM - System Checkpoint RP1428: 9/27/2010 10:39:36 PM - System Checkpoint RP1429: 9/28/2010 11:05:41 PM - System Checkpoint RP1430: 9/30/2010 7:06:19 PM - System Checkpoint RP1431: 10/1/2010 4:57:51 PM - Installed QuickTime RP1432: 10/2/2010 6:48:32 PM - System Checkpoint ==== Installed Programs ====================== AC3Filter (remove only) Access IBM Ad-Aware Ad-Aware Email Scanner for Outlook Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Photoshop 7.0 Adobe Reader 8.2.4 Adobe Shockwave Player 11 AIM 7 Apple Application Support Apple Mobile Device Support Apple Software Update ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver ATI HYDRAVISION Audacity 1.2.6 AVG Free 9.0 Bonjour Citrix XenApp Web Plugin Compatibility Pack for the 2007 Office system Critical Update for Windows Media Player 11 (KB959772) Curse Client - 1 DivX Converter DivX Plus DirectShow Filters DivX Setup DivX Version Checker Download Updater (AOL LLC) EndNote X Volume License Edition Futuremark SystemInfo Google Talk (remove only) HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) IBM 32-bit Runtime Environment for Java 2, v1.4.1 IBM Integrated 56K Modem IBM RecordNow! IBM Themes IBM ThinkPad Battery MaxiMiser and Power Management Features Intel(R) PRO Network Adapters and Drivers Intel(R) PROSet for Wired Connections ITS Secure Browser iTunes J2SE Development Kit 5.0 Update 12 J2SE Runtime Environment 5.0 Update 12 Java(TM) 6 Update 13 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft FrontPage Client - English Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual J# .NET Redistributable Package 1.1 MotoConnect Motorola Driver Installation 4.6.0 Mozilla Firefox (3.6.10) MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB933579) OGA Notifier 2.0.0048.0 OpenAFS for Windows PC-Doctor for Windows PDF Annotator 2.0.0.265 Post-itŪ Software Notes Lite PrimoPDF -- by Nitro PDF Software QuickTime Rescue and Recovery Rescue and Recovery Critical Patch for Windows Update (KB917422) Scroll Lock Indicator Utility Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SoundMAX Spelling Dictionaries Support For Adobe Reader 8 System Migration Assistant System Update ThinkPad Configuration ThinkPad EasyEject Utility ThinkPad FullScreen Magnifier ThinkPad Hotkey Features Setup ThinkPad Keyboard Customizer Utility ThinkPad Power Management Driver ThinkPad Presentation Director ThinkPad Software Installer ThinkPad UltraNav Driver ThinkPad UltraNav Wizard ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g) ThinkVantage Access Connections ThinkVantage Active Protection System TrackPoint Accessibility Features Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971180) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Usmleworld Step2 QBank VC80CRTRedist - 8.0.50727.4053 Ventrilo Client Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual C++ 8.0 ATL (x86) WinSXS MSM Visual C++ 8.0 CRT (x86) WinSXS MSM Visual Studio.NET Baseline - English Wallpapers WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Presentation Foundation Windows XP Service Pack 3 WinRAR archiver World of Warcraft XML Paper Specification Shared Components Pack 1.0 Xobni Xobni Core ==== Event Viewer Messages From Past Week ======== 9/28/2010 9:18:30 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 9/28/2010 9:18:30 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. 9/28/2010 7:06:40 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00054E49E8CB. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 9/28/2010 1:55:14 PM, error: Schannel [36884] - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is www.google.com. The SSL connection request has failed. The attached data contains the server certificate. 9/28/2010 1:54:43 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00054E49E8CB has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message). 9/27/2010 6:16:52 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 9/27/2010 6:01:53 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 10/2/2010 3:27:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service. ==== End Of File =========================== |
#6
|
||||
|
||||
Ok. Weīll deal with msi later, along with configure your pagefile, as it seems itīs not large enough to contain all physical memory.
It looks like your hostsfile are infected, therefore -> Please download Combofix from: Here And save to the desktop. Double-click on the combofix icon found on your desktop. Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. When finished, it will produce a logfile located at C:\combofix.txt. Post the contents of that log in your next reply The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. |
#7
|
||||
|
||||
ComboFix 10-10-03.03 - contic 10/04/2010 17:59:13.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.950 [GMT -4:00] Running from: c:\documents and settings\contic\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Infected copy of c:\windows\system32\drivers\intelppm.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 ))))))))))))))))))))))))))))))) . 2010-10-04 21:37 . 2010-10-04 21:37 4100960 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe 2010-10-04 21:37 . 2010-10-04 21:37 2065760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe 2010-10-04 21:37 . 2010-10-04 21:37 4394336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-10-01 22:04 . 2010-10-01 22:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2010-10-01 22:04 . 2010-10-01 22:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2010-10-01 20:58 . 2010-10-01 20:59 -------- d-----w- c:\program files\QuickTime 2010-09-28 23:40 . 2010-09-28 23:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-09-24 04:01 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-24 04:01 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-23 18:20 . 2010-09-23 18:20 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe 2010-09-23 18:20 . 2010-09-23 18:20 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe 2010-09-23 18:20 . 2010-09-23 18:20 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll 2010-09-23 18:20 . 2010-09-23 18:20 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll 2010-09-23 18:20 . 2010-09-23 18:20 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll 2010-09-23 18:20 . 2010-09-23 18:20 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll 2010-09-23 18:20 . 2010-09-23 18:20 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll 2010-09-23 18:19 . 2010-09-23 18:19 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-09-23 00:15 . 2010-09-23 00:15 -------- d-----w- c:\program files\iPod 2010-09-23 00:15 . 2010-09-23 00:16 -------- d-----w- c:\program files\iTunes 2010-09-23 00:09 . 2010-09-23 00:09 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe 2010-09-15 23:42 . 2010-09-15 23:42 45056 ----a-w- c:\documents and settings\contic\Application Data\Sun\Java\Deployment\cache\6.0\43\3f7f03ab-1a617f67-n\ntps.dll 2010-09-15 04:00 . 2010-09-24 00:28 762176 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2010-10-03 04:00 . 2004-06-05 07:24 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2010-09-29 01:32 . 2010-01-03 02:17 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-09-24 04:02 . 2010-07-09 21:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-23 00:15 . 2007-07-04 00:03 -------- d-----w- c:\program files\Common Files\Apple 2010-09-05 20:08 . 2010-03-21 18:52 -------- d-----w- c:\program files\World of Warcraft 2010-08-27 11:20 . 2010-05-11 04:57 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-08-27 11:20 . 2010-08-27 11:20 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-08-27 11:20 . 2010-05-11 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-08-27 11:20 . 2010-08-27 11:20 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-08-27 11:20 . 2007-02-28 00:56 -------- d-----w- c:\program files\DivX 2010-08-27 11:20 . 2010-08-27 11:20 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-08-27 11:19 . 2010-08-27 11:19 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-08-27 11:18 . 2010-08-27 11:18 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-08-27 11:17 . 2010-08-27 11:20 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll 2010-08-27 11:17 . 2010-08-27 11:17 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-08-27 11:17 . 2010-05-11 04:56 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-08-27 11:17 . 2010-05-11 04:56 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-08-27 00:39 . 2010-08-27 00:39 -------- d-----w- c:\program files\Bonjour 2010-08-22 06:25 . 2010-08-22 06:25 -------- d-----w- c:\program files\Common Files\Futuremark Shared 2010-08-22 06:25 . 2004-06-05 07:15 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-17 13:17 . 1980-01-01 07:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-07-22 15:49 . 2004-06-22 06:07 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 05:57 . 2009-04-16 17:10 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-07-15 13:29 . 2009-05-09 04:08 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-15 13:29 . 2010-07-15 13:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 13:28 . 2009-05-09 04:08 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2008-12-03 19:27 . 2008-12-03 19:27 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-12-03 19:27 . 2008-12-03 19:27 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-12-03 19:27 . 2008-12-03 19:27 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2008-12-03 19:27 . 2008-12-03 19:27 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-12-03 19:27 . 2008-12-03 19:27 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-12-03 19:27 . 2008-12-03 19:27 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2008-12-03 19:27 . 2008-12-03 19:27 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-03-16 20:33 . 2007-03-16 20:33 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll 2007-03-16 20:33 . 2007-03-16 20:33 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll 2007-03-16 20:33 . 2007-03-16 20:33 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll 2008-12-03 18:10 . 2008-12-03 18:10 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-12-03 19:27 . 2008-12-03 19:27 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "S3TRAY2"="S3Tray2.exe" [2001-10-12 69632] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 864256] "TpShocks"="TpShocks.exe" [2005-11-07 106496] "TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPH KMGR.exe" [2006-10-02 94208] "TP4EX"="tp4ex.exe" [2005-10-17 65536] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp .Exe" [2006-02-24 237568] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-26 344064] "PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "TPKBDLED"="c:\windows\system32\TpScrLk.exe" [2002-10-09 40960] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-05-13 2333440] "BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.d ll" [2005-04-20 110592] "BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480] "BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfE x.dll" [2005-04-20 396288] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL " [2005-04-20 208896] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-12-25 409600] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-22 39264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "configmsi"="rmdir" [X] "supportdir"="rmdir" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Post-itr Software Notes Lite.lnk - c:\program files\Post-It Lite\PsnLite.exe [2004-10-15 2080768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AfsLogon] 2004-11-09 14:59 71152 ----a-w- c:\windows\system32\afslogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-15 13:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2005-07-06 03:45 28672 ----a-w- c:\windows\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2005-12-01 00:16 24576 ----a-w- c:\windows\system32\tphklock.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk backup=c:\windows\pss\VPN Client.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] 2010-10-02 21:49 864624 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-03-09 09:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2008-10-06 15:06 1323008 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] 2008-10-06 15:14 118784 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Java\\jre1.5.0_12\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\contic\\Local Settings\\Apps\\2.0\\BBM196H6.VNP\\YY4XCXZE.ZEJ\\c urs..tion_eee711038731a406_0004.0000_172b37d8269e5 e48\\CurseClient.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= |
#8
|
||||
|
||||
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenP]
"7001:UDP"= 7001:UDP:AFS Cache Manager Callback [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "7001:UDP"= 7001:UDP:AFS CacheManager Callback (UDP) "7001:TCP"= 7001:TCP:AFS CacheManager Callback (TCP) "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/15/2009 2:24 PM 64288] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/9/2009 12:08 AM 216400] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/9/2009 12:08 AM 243024] R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [6/5/2004 3:16 AM 16384] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 9:28 AM 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:29 AM 308136] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 1:28 PM 1356952] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectServi ce.exe [7/31/2010 11:28 PM 91456] R2 smi2;smi2;c:\program files\SMI2\smi2.sys [5/12/2006 6:10 PM 3968] R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [12/7/2009 8:29 PM 55016] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/14/2010 5:43 PM 15008] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [7/31/2010 11:27 PM 6016] S3 cpuz130;cpuz130;\??\c:\docume~1\contic\LOCALS~1\Te mp\cpuz130\cpuz_x32.sys --> c:\docume~1\contic\LOCALS~1\Temp\cpuz130\cpuz_x32. sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [9/24/2010 12:01 AM 38224] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [7/31/2010 11:27 PM 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\dri vers\motccgpfl.sys [7/31/2010 11:27 PM 8320] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [7/31/2010 11:27 PM 23424] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sy s [7/31/2010 11:27 PM 9472] . Contents of the 'Scheduled Tasks' folder 2010-10-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 21:49] 2006-07-20 c:\windows\Tasks\BMMTask.job - c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2004-06-05 05:38] . . ------- Supplementary Scan ------- . uStart Page = hxxp://examinee.nbme.org/cas/exam uInternet Connection Wizard,ShellNext = hxxp://www.java.com/ uInternet Settings,ProxyOverride = *.local DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://clighthouse.dyndns.org/user/TSBnwCam.CAB FF - ProfilePath - c:\documents and settings\contic\Application Data\Mozilla\Firefox\Profiles\201zzcji.default\ FF - prefs.js: browser.search.selectedEngine - Google Images FF - prefs.js: browser.startup.homepage - hxxps://amcmail.amc.edu/CookieAuth.dll?GetLogon?curl=Z2FowaZ2F&reason=0&fo rmdir=1 FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\contic\Application Data\Mozilla\Firefox\Profiles\201zzcji.default\ext ensions\moveplayer@movenetworks.com\platform\WINNT _x86-msvc\plugins\npmnqmp071303000004.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\windows\system32\DNAML\npdbplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) HKCU-Run-IBM RecordNow! - (no file) HKLM-Run-Virtual PDF Printer - c:\program files\Virtual PDF Printer\VirtualPDFPrinter.exe Notify-ACNotify - ACNotify.dll Notify-NavLogon - (no file) MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe MSConfigStartUp-ibmmessages - c:\program files\IBM\Messages By IBM\ibmmessages.exe MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe MSConfigStartUp-UpdateManager - c:\program files\Common Files\Sonic\Update Manager\sgtray.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe AddRemove-{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4} - c:\documents and settings\contic\Local Settings\Application Data\{7D4B3D1D-104E-4507-9123-568BC721B7E2}\BYKI4Installer.exe . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(992) c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\tphklock.dll - - - - - - - > 'explorer.exe'(4104) c:\windows\system32\WININET.dll c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\i TunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMini Player.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\ieframe.dll c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\windows\system32\Ati2evxx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\HPZipm12.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\lenovo\system update\suservice.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\System32\TPHDEXLG.EXE c:\windows\system32\TpKmpSVC.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe c:\program files\Common Files\Lenovo\Logger\logmon.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\system32\acs.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\windows\system32\Ati2evxx.exe c:\program files\Motorola\MotoConnectService\MotoConnect.exe c:\windows\system32\rundll32.exe c:\windows\system32\TpShocks.exe c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe c:\windows\system32\RunDll32.exe c:\windows\system32\rundll32.exe c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE c:\progra~1\POST-I~1\PSNGive.exe c:\program files\iPod\bin\iPodService.exe . ************************************************** ************************ . Completion time: 2010-10-04 18:33:17 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-04 22:33 Pre-Run: 12,818,264,064 bytes free Post-Run: 12,689,821,696 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptOut - - End Of File - - BABBD443EE6E28194C0F790B26C8EEFF |
#9
|
||||
|
||||
Looks clean.
Please run a complete scan with AVG, if it find some infections (except cookies) post the log. Run new scan with DDS, and post Attach.Txt as well |
#10
|
||||
|
||||
AVG didn't find anything. Here is my Attach.txt from the DDS scan:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2/26/2007 4:00:58 PM System Uptime: 10/5/2010 8:54:57 PM (2 hours ago) Motherboard: IBM | | 2373R01 Processor: Intel(R) Pentium(R) M processor 1.80GHz | None | 1794/400mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 75 GiB total, 11.791 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Intel(R) PRO/1000 MT Mobile Connection Device ID: PCI\VEN_8086&DEV_101E&SUBSYS_05491014&REV_03\4&39A 85202&0&08F0 Manufacturer: Intel Name: Intel(R) PRO/1000 MT Mobile Connection PNP Device ID: PCI\VEN_8086&DEV_101E&SUBSYS_05491014&REV_03\4&39A 85202&0&08F0 Service: E1000 Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318} Description: IBM Integrated 56K Modem Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_055A1014&REV_01\3&61A AA01&0&FE Manufacturer: CXT Name: IBM Integrated 56K Modem PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_055A1014&REV_01\3&61A AA01&0&FE Service: Modem ==== System Restore Points =================== RP1350: 7/8/2010 1:49:58 AM - System Checkpoint RP1351: 7/9/2010 1:54:20 AM - System Checkpoint RP1352: 7/10/2010 3:08:57 AM - System Checkpoint RP1353: 7/11/2010 3:13:24 AM - System Checkpoint RP1354: 7/12/2010 5:13:32 AM - System Checkpoint RP1355: 7/13/2010 7:24:37 AM - System Checkpoint RP1356: 7/14/2010 12:08:40 AM - Software Distribution Service 3.0 RP1357: 7/15/2010 12:18:37 AM - System Checkpoint RP1358: 7/15/2010 9:27:47 AM - Avg Update RP1359: 7/15/2010 9:29:58 AM - Avg Update RP1360: 7/16/2010 7:04:18 PM - System Checkpoint RP1361: 7/17/2010 8:50:05 PM - System Checkpoint RP1362: 7/18/2010 9:04:07 PM - System Checkpoint RP1363: 7/19/2010 11:16:15 PM - System Checkpoint RP1364: 7/21/2010 1:27:07 AM - System Checkpoint RP1365: 7/21/2010 8:38:48 AM - Avg Update RP1366: 7/22/2010 8:50:00 AM - System Checkpoint RP1367: 7/25/2010 5:57:56 PM - System Checkpoint RP1368: 7/26/2010 11:46:31 PM - System Checkpoint RP1369: 7/28/2010 12:48:17 AM - System Checkpoint RP1370: 7/29/2010 1:24:51 AM - System Checkpoint RP1371: 7/30/2010 1:26:16 AM - System Checkpoint RP1372: 7/31/2010 1:17:09 PM - System Checkpoint RP1373: 7/31/2010 11:26:58 PM - Installed Motorola Driver Installation 4.6.0 RP1374: 7/31/2010 11:28:05 PM - Installed Windows XP Wdf01007. RP1375: 8/2/2010 12:54:45 AM - System Checkpoint RP1376: 8/2/2010 9:58:45 PM - Software Distribution Service 3.0 RP1377: 8/3/2010 11:09:46 PM - System Checkpoint RP1378: 8/4/2010 11:25:33 PM - System Checkpoint RP1379: 8/5/2010 11:56:17 PM - System Checkpoint RP1380: 8/7/2010 12:34:26 AM - System Checkpoint RP1381: 8/8/2010 2:21:33 AM - System Checkpoint RP1382: 8/9/2010 4:21:32 AM - System Checkpoint RP1383: 8/10/2010 4:48:07 AM - System Checkpoint RP1384: 8/11/2010 6:21:39 AM - System Checkpoint RP1385: 8/11/2010 9:26:56 PM - Software Distribution Service 3.0 RP1386: 8/12/2010 11:55:57 PM - System Checkpoint RP1387: 8/14/2010 12:54:41 AM - System Checkpoint RP1388: 8/15/2010 12:54:53 AM - System Checkpoint RP1389: 8/16/2010 2:54:56 AM - System Checkpoint RP1390: 8/17/2010 3:13:54 AM - System Checkpoint RP1391: 8/18/2010 3:37:11 AM - System Checkpoint RP1392: 8/19/2010 4:46:21 AM - System Checkpoint RP1393: 8/20/2010 6:46:27 AM - System Checkpoint RP1394: 8/21/2010 8:46:28 AM - System Checkpoint RP1395: 8/22/2010 10:46:30 AM - System Checkpoint RP1396: 8/23/2010 12:46:34 PM - System Checkpoint RP1397: 8/24/2010 2:46:36 PM - System Checkpoint RP1398: 8/26/2010 1:09:46 AM - System Checkpoint RP1399: 8/27/2010 2:46:40 AM - System Checkpoint RP1400: 8/28/2010 3:16:11 AM - System Checkpoint RP1401: 8/29/2010 4:21:20 PM - System Checkpoint RP1402: 8/30/2010 5:37:08 PM - System Checkpoint RP1403: 8/31/2010 6:12:40 PM - System Checkpoint RP1404: 9/1/2010 7:04:41 PM - System Checkpoint RP1405: 9/3/2010 12:42:05 AM - System Checkpoint RP1406: 9/4/2010 1:02:43 AM - System Checkpoint RP1407: 9/5/2010 5:28:02 AM - System Checkpoint RP1408: 9/6/2010 7:10:49 AM - System Checkpoint RP1409: 9/7/2010 9:10:53 AM - System Checkpoint RP1410: 9/8/2010 12:58:43 PM - Avg Update RP1411: 9/9/2010 4:27:03 PM - System Checkpoint RP1412: 9/10/2010 4:52:32 PM - System Checkpoint RP1413: 9/11/2010 4:52:44 PM - System Checkpoint RP1414: 9/12/2010 8:19:10 PM - System Checkpoint RP1415: 9/14/2010 12:12:38 AM - System Checkpoint RP1416: 9/14/2010 8:27:06 PM - Software Distribution Service 3.0 RP1417: 9/15/2010 11:38:14 PM - System Checkpoint RP1418: 9/17/2010 12:49:51 AM - System Checkpoint RP1419: 9/18/2010 3:59:02 AM - System Checkpoint RP1420: 9/19/2010 11:47:09 PM - System Checkpoint RP1421: 9/21/2010 12:08:28 AM - System Checkpoint RP1422: 9/22/2010 1:14:51 AM - System Checkpoint RP1423: 9/23/2010 2:08:38 AM - System Checkpoint RP1424: 9/23/2010 2:19:02 PM - Avg Update RP1425: 9/23/2010 2:20:26 PM - Avg Update RP1426: 9/25/2010 1:46:25 AM - System Checkpoint RP1427: 9/26/2010 3:46:26 PM - System Checkpoint RP1428: 9/27/2010 10:39:36 PM - System Checkpoint RP1429: 9/28/2010 11:05:41 PM - System Checkpoint RP1430: 9/30/2010 7:06:19 PM - System Checkpoint RP1431: 10/1/2010 4:57:51 PM - Installed QuickTime RP1432: 10/2/2010 6:48:32 PM - System Checkpoint RP1433: 10/4/2010 5:35:58 PM - Avg Update RP1434: 10/5/2010 3:00:18 AM - Software Distribution Service 3.0 ==== Installed Programs ====================== AC3Filter (remove only) Access IBM Ad-Aware Ad-Aware Email Scanner for Outlook Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Photoshop 7.0 Adobe Reader 8.2.4 Adobe Shockwave Player 11 AIM 7 Apple Application Support Apple Mobile Device Support Apple Software Update ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver ATI HYDRAVISION Audacity 1.2.6 AVG Free 9.0 Bonjour Citrix XenApp Web Plugin Compatibility Pack for the 2007 Office system Critical Update for Windows Media Player 11 (KB959772) Curse Client - 1 DivX Converter DivX Plus DirectShow Filters DivX Setup DivX Version Checker Download Updater (AOL LLC) EndNote X Volume License Edition Futuremark SystemInfo Google Talk (remove only) HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) IBM 32-bit Runtime Environment for Java 2, v1.4.1 IBM Integrated 56K Modem IBM RecordNow! IBM Themes IBM ThinkPad Battery MaxiMiser and Power Management Features Intel(R) PRO Network Adapters and Drivers Intel(R) PROSet for Wired Connections ITS Secure Browser iTunes J2SE Development Kit 5.0 Update 12 J2SE Runtime Environment 5.0 Update 12 Java(TM) 6 Update 13 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft FrontPage Client - English Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual J# .NET Redistributable Package 1.1 MotoConnect Motorola Driver Installation 4.6.0 Mozilla Firefox (3.6.10) MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB933579) OGA Notifier 2.0.0048.0 OpenAFS for Windows PC-Doctor for Windows PDF Annotator 2.0.0.265 Post-itŪ Software Notes Lite PrimoPDF -- by Nitro PDF Software QuickTime |
#11
|
||||
|
||||
Rescue and Recovery
Rescue and Recovery Critical Patch for Windows Update (KB917422) Scroll Lock Indicator Utility Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SoundMAX Spelling Dictionaries Support For Adobe Reader 8 System Migration Assistant System Update ThinkPad Configuration ThinkPad EasyEject Utility ThinkPad FullScreen Magnifier ThinkPad Hotkey Features Setup ThinkPad Keyboard Customizer Utility ThinkPad Power Management Driver ThinkPad Presentation Director ThinkPad Software Installer ThinkPad UltraNav Driver ThinkPad UltraNav Wizard ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g) ThinkVantage Access Connections ThinkVantage Active Protection System TrackPoint Accessibility Features Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971180) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Usmleworld Step2 QBank VC80CRTRedist - 8.0.50727.4053 Ventrilo Client Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual C++ 8.0 ATL (x86) WinSXS MSM Visual C++ 8.0 CRT (x86) WinSXS MSM Visual Studio.NET Baseline - English Wallpapers WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Presentation Foundation Windows XP Service Pack 3 WinRAR archiver World of Warcraft XML Paper Specification Shared Components Pack 1.0 Xobni Xobni Core ==== Event Viewer Messages From Past Week ======== 9/30/2010 3:23:51 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00054E49E8CB has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message). 9/29/2010 1:09:27 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00054E49E8CB. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 9/28/2010 1:55:14 PM, error: Schannel [36884] - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is www.google.com. The SSL connection request has failed. The attached data contains the server certificate. 10/4/2010 5:50:36 PM, error: Service Control Manager [7034] - The tvtnetwk service terminated unexpectedly. It has done this 1 time(s). 10/4/2010 5:50:36 PM, error: Service Control Manager [7034] - The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s). 10/4/2010 5:50:36 PM, error: Service Control Manager [7034] - The ACU Configuration Service service terminated unexpectedly. It has done this 1 time(s). 10/4/2010 5:50:36 PM, error: Service Control Manager [7031] - The Ac Profile Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 10/4/2010 5:47:55 PM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service. 10/4/2010 5:47:23 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 10/4/2010 5:43:33 PM, error: Service Control Manager [7034] - The AVG Free E-mail Scanner service terminated unexpectedly. It has done this 3 time(s). 10/4/2010 5:42:11 PM, error: Service Control Manager [7034] - The AVG Free E-mail Scanner service terminated unexpectedly. It has done this 2 time(s). 10/4/2010 5:41:51 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 10/4/2010 5:41:45 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 10/4/2010 5:41:23 PM, error: Service Control Manager [7034] - The AVG Free E-mail Scanner service terminated unexpectedly. It has done this 1 time(s). 10/3/2010 5:36:59 PM, error: Dhcp [1002] - The IP address lease 172.19.246.52 for the Network Card with network address 00054E49E8CB has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 10/3/2010 4:38:22 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00054E49E8CB has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message). 10/2/2010 3:27:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service. 10/2/2010 10:02:50 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 10/2/2010 10:02:50 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. ==== End Of File =========================== |
#12
|
||||
|
||||
Please tell how things are running now ?
|
#13
|
||||
|
||||
My PC seems to be running fine now. Just like before. I dont get those popups telling me things are shutting down. And the browser no longer opens the random websites. It appears to be fixed. Is there anything else I need to do? If not, thank you very much for your time.
|
#14
|
||||
|
||||
Just some cleanup remains.
Go to to Start > Run Type/copy in the box: combofix /uninstall Note: the space between the X and the /u Press Enter. This command will: ◦Delete the following: ComboFix and its associated files and folders. You should Create a New Restore Point to prevent possible reinfection from an old one. The easiest and safest way to do this is: Go to Start > All Programs > Accessories > System Tools > System Restore Select Create a restore point, and Ok it. Next, go to Start > Run and type in cleanmgr Select the More options tab Choose the option to clean up system restore and OK it. This will remove all restore points except the new one you just created. Keep safe |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Problem With Generic Host Process for Win32 Services | kpoman | Malware Removal | 5 | January 30th, 2010 08:44 PM |
generic host process for win32 encountered a problem.... | NYCMAMI2103 | The Anything Else Board | 0 | March 15th, 2009 09:16 PM |
Generic Host Process for Win32 Services has encountered a problem and needs to close | Thomas Harris | Windows XP | 4 | January 29th, 2008 11:46 PM |
Generic Host Process for Win32 Services | jodys67 | Windows XP | 2 | June 27th, 2007 09:31 PM |
Generic Host Process for Win 32 has encountered a problem and needs to close? | hpTunes | Windows XP | 6 | August 16th, 2006 02:22 AM |
All times are GMT +1. The time now is 11:23 AM.