Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old October 3rd, 2010, 01:09 AM
Chasers12's Avatar
Chasers12 Chasers12 is offline
Member
 
Join Date: May 2004
Posts: 76
Generic Host Process for Win32 Services has encountered a problem and needs to close.

So I've been having some issues with my PC recently that are very frustrtating. My browser would randomly go to different websites. Or clicking on a link goes somewhere else than it says. I ran Malwarebytes' Anti-Malware thinking that would fix my problem because it has in the past. But no luck. I am also getting this popup from Windows:

"Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience."

And I get the option to send or don't send the report. Along with that another message keeps popping up. I havent copied that down yet but it says something about not being able to read something because the value is 0.000000000 (i dont know the # of zeroes). So I came here hoping to find help. Thank you in advance. Here is a copy of my HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:11 PM, on 10/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectServi ce.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Post-It Lite\PsnLite.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\POST-I~1\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://examinee.nbme.org/cas/exam
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPw rMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAuto nomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBa ttLog
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Virtual PDF Printer] C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O4 - Startup: iTunes.lnk = ?
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\Post-It Lite\PsnLite.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.co...?1095260140286
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsof...?1153411302365
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} (TSBnwCam Control) - http://clighthouse.dyndns.org/user/TSBnwCam.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AfsLogon - C:\WINDOWS\SYSTEM32\afslogon.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32

\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectServi ce.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog

Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: OpenAFS Client Service (TransarcAFSDaemon) - Unknown owner - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 12250 bytes
Reply With Quote
  #2  
Old October 3rd, 2010, 06:46 AM
touch's Avatar
touch touch is offline
Malware Removal Team
 
Join Date: Jan 2007
O/S: Windows XP Pro
Posts: 3,595
Hello Chasers12

Do you try to install something on Bootup ?
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi (Microsoft Installer)

The log looks clean, so letīs dig deeper.

Please download DDS: Here

If you are using Firefox, go to the toolbar and click File. Then go down to Save As & click.
Then save it on the desktop. Save as dds.scr
Save as Type : All files


to your Desktop and doubleclick on DDs.scr to run it.
If your security software includes script blocking features, please disable these before you run this utility.


When the scan has finished, two logs will open.
Copy and paste both reports in this topic.
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


Before you provide them, we ask that you remove any P2P/file sharing programs if you have any, and this includes Torrent software, before we clean your computer.
Reply With Quote
  #3  
Old October 3rd, 2010, 04:45 PM
Chasers12's Avatar
Chasers12 Chasers12 is offline
Member
 
Join Date: May 2004
Posts: 76
I don't know of anything trying to install on bootup. That seems strange.

From the DDS file.

DDS (Ver_10-03-17.01) - NTFSx86
Run by contic at 11:34:15.99 on Sun 10/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.459 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnectServi ce.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Post-It Lite\PsnLite.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\POST-I~1\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\contic\Local Settings\Temporary Internet Files\Content.IE5\B91UGFJO\dds[1].pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://examinee.nbme.org/cas/exam
uInternet Connection Wizard,ShellNext = hxxp://www.java.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [IBM RecordNow!]
mRun: [S3TRAY2] S3Tray2.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPw rMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAuto nomicMonitor
mRun: [BLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBa ttLog
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Virtual PDF Printer] c:\program files\virtual pdf printer\VirtualPDFPrinter.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe " -t
dRunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi"
dRunOnce: [supportdir] cmd /c "rmdir /q /s "c:\windows\temp\{7726CF62-7B45-4E6D-9266-615346816BCA}""
StartupFolder: c:\docume~1\contic\startm~1\programs\startup\itune s.lnk - c:\windows\installer\{a6fdf86a-f541-4e7b-aea0-8849a2a700d5}\iTunesIco.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pos t-i~1.lnk - c:\program files\post-it lite\PsnLite.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095260140286
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153411302365
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38159.3343865741
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://clighthouse.dyndns.org/user/TSBnwCam.CAB
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: ACNotify - ACNotify.dll
Notify: AfsLogon - afslogon.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ACGina
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\contic\applic~1\mozilla\firefox\profil es\201zzcji.default\
FF - prefs.js: browser.search.selectedEngine - Google Images
FF - prefs.js: browser.startup.homepage - hxxps://amcmail.amc.edu/CookieAuth.dll?GetLogon?curl=Z2FowaZ2F&reason=0&fo rmdir=1
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\contic\application data\mozilla\firefox\profiles\201zzcji.default\ext ensions\moveplayer@movenetworks.com\platform\winnt _x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\dnaml\npdbplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);


(continued in next post)
Reply With Quote
  #4  
Old October 3rd, 2010, 04:46 PM
Chasers12's Avatar
Chasers12 Chasers12 is offline
Member
 
Join Date: May 2004
Posts: 76
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-15 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-9 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-9 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-9 243024]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2004-6-5 16384]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1356952]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectServi ce.exe [2010-7-31 91456]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-5-12 3968]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-12-7 55016]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2010-7-31 6016]
S3 cpuz130;cpuz130;\??\c:\docume~1\contic\locals~1\te mp\cpuz130\cpuz_x32.sys --> c:\docume~1\contic\locals~1\temp\cpuz130\cpuz_x32. sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-14 15008]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [2010-9-24 38224]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-7-31 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\dri vers\motccgpfl.sys [2010-7-31 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-7-31 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sy s [2010-7-31 9472]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant .sys --> c:\windows\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2010-09-24 04:01:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 04:01:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-23 00:15:54 0 d-----w- c:\program files\iPod
2010-09-23 00:15:50 0 d-----w- c:\program files\iTunes
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-10-03 04:00:02 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 13:29:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-06 17:28:44 15880 ----a-w- c:\windows\system32\lsdelete.exe
2003-09-16 06:19:48 99544 ----a-w- c:\windows\inf\virprn.exe
2003-09-16 06:19:48 18950 ----a-w- c:\windows\inf\virpntd.dll
2003-09-16 06:19:48 10240 ----a-w- c:\windows\inf\virport.dll
2003-09-16 06:19:46 90624 ----a-w- c:\windows\inf\prtproc.dll
2008-09-07 23:45:47 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080 908\index.dat

============= FINISH: 11:36:24.97 ===============
Reply With Quote
  #5  
Old October 3rd, 2010, 04:48 PM
Chasers12's Avatar
Chasers12 Chasers12 is offline
Member
 
Join Date: May 2004
Posts: 76
From the Attach file.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/26/2007 4:00:58 PM
System Uptime: 10/3/2010 11:17:00 AM (0 hours ago)

Motherboard: IBM | | 2373R01
Processor: Intel(R) Pentium(R) M processor 1.80GHz | None | 1794/400mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 12.097 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/1000 MT Mobile Connection
Device ID: PCI\VEN_8086&DEV_101E&SUBSYS_05491014&REV_03\4&39A 85202&0&08F0
Manufacturer: Intel
Name: Intel(R) PRO/1000 MT Mobile Connection
PNP Device ID: PCI\VEN_8086&DEV_101E&SUBSYS_05491014&REV_03\4&39A 85202&0&08F0
Service: E1000

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: IBM Integrated 56K Modem
Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_055A1014&REV_01\3&61A AA01&0&FE
Manufacturer: CXT
Name: IBM Integrated 56K Modem
PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_055A1014&REV_01\3&61A AA01&0&FE
Service: Modem

==== System Restore Points ===================

RP1348: 7/5/2010 11:24:43 PM - System Checkpoint
RP1349: 7/7/2010 12:52:27 AM - System Checkpoint
RP1350: 7/8/2010 1:49:58 AM - System Checkpoint
RP1351: 7/9/2010 1:54:20 AM - System Checkpoint
RP1352: 7/10/2010 3:08:57 AM - System Checkpoint
RP1353: 7/11/2010 3:13:24 AM - System Checkpoint
RP1354: 7/12/2010 5:13:32 AM - System Checkpoint
RP1355: 7/13/2010 7:24:37 AM - System Checkpoint
RP1356: 7/14/2010 12:08:40 AM - Software Distribution Service 3.0
RP1357: 7/15/2010 12:18:37 AM - System Checkpoint
RP1358: 7/15/2010 9:27:47 AM - Avg Update
RP1359: 7/15/2010 9:29:58 AM - Avg Update
RP1360: 7/16/2010 7:04:18 PM - System Checkpoint
RP1361: 7/17/2010 8:50:05 PM - System Checkpoint
RP1362: 7/18/2010 9:04:07 PM - System Checkpoint
RP1363: 7/19/2010 11:16:15 PM - System Checkpoint
RP1364: 7/21/2010 1:27:07 AM - System Checkpoint
RP1365: 7/21/2010 8:38:48 AM - Avg Update
RP1366: 7/22/2010 8:50:00 AM - System Checkpoint
RP1367: 7/25/2010 5:57:56 PM - System Checkpoint
RP1368: 7/26/2010 11:46:31 PM - System Checkpoint
RP1369: 7/28/2010 12:48:17 AM - System Checkpoint
RP1370: 7/29/2010 1:24:51 AM - System Checkpoint
RP1371: 7/30/2010 1:26:16 AM - System Checkpoint
RP1372: 7/31/2010 1:17:09 PM - System Checkpoint
RP1373: 7/31/2010 11:26:58 PM - Installed Motorola Driver Installation 4.6.0
RP1374: 7/31/2010 11:28:05 PM - Installed Windows XP Wdf01007.
RP1375: 8/2/2010 12:54:45 AM - System Checkpoint
RP1376: 8/2/2010 9:58:45 PM - Software Distribution Service 3.0
RP1377: 8/3/2010 11:09:46 PM - System Checkpoint
RP1378: 8/4/2010 11:25:33 PM - System Checkpoint
RP1379: 8/5/2010 11:56:17 PM - System Checkpoint
RP1380: 8/7/2010 12:34:26 AM - System Checkpoint
RP1381: 8/8/2010 2:21:33 AM - System Checkpoint
RP1382: 8/9/2010 4:21:32 AM - System Checkpoint
RP1383: 8/10/2010 4:48:07 AM - System Checkpoint
RP1384: 8/11/2010 6:21:39 AM - System Checkpoint
RP1385: 8/11/2010 9:26:56 PM - Software Distribution Service 3.0
RP1386: 8/12/2010 11:55:57 PM - System Checkpoint
RP1387: 8/14/2010 12:54:41 AM - System Checkpoint
RP1388: 8/15/2010 12:54:53 AM - System Checkpoint
RP1389: 8/16/2010 2:54:56 AM - System Checkpoint
RP1390: 8/17/2010 3:13:54 AM - System Checkpoint
RP1391: 8/18/2010 3:37:11 AM - System Checkpoint
RP1392: 8/19/2010 4:46:21 AM - System Checkpoint
RP1393: 8/20/2010 6:46:27 AM - System Checkpoint
RP1394: 8/21/2010 8:46:28 AM - System Checkpoint
RP1395: 8/22/2010 10:46:30 AM - System Checkpoint
RP1396: 8/23/2010 12:46:34 PM - System Checkpoint
RP1397: 8/24/2010 2:46:36 PM - System Checkpoint
RP1398: 8/26/2010 1:09:46 AM - System Checkpoint
RP1399: 8/27/2010 2:46:40 AM - System Checkpoint
RP1400: 8/28/2010 3:16:11 AM - System Checkpoint
RP1401: 8/29/2010 4:21:20 PM - System Checkpoint
RP1402: 8/30/2010 5:37:08 PM - System Checkpoint
RP1403: 8/31/2010 6:12:40 PM - System Checkpoint
RP1404: 9/1/2010 7:04:41 PM - System Checkpoint
RP1405: 9/3/2010 12:42:05 AM - System Checkpoint
RP1406: 9/4/2010 1:02:43 AM - System Checkpoint
RP1407: 9/5/2010 5:28:02 AM - System Checkpoint
RP1408: 9/6/2010 7:10:49 AM - System Checkpoint
RP1409: 9/7/2010 9:10:53 AM - System Checkpoint
RP1410: 9/8/2010 12:58:43 PM - Avg Update
RP1411: 9/9/2010 4:27:03 PM - System Checkpoint
RP1412: 9/10/2010 4:52:32 PM - System Checkpoint
RP1413: 9/11/2010 4:52:44 PM - System Checkpoint
RP1414: 9/12/2010 8:19:10 PM - System Checkpoint
RP1415: 9/14/2010 12:12:38 AM - System Checkpoint
RP1416: 9/14/2010 8:27:06 PM - Software Distribution Service 3.0
RP1417: 9/15/2010 11:38:14 PM - System Checkpoint
RP1418: 9/17/2010 12:49:51 AM - System Checkpoint
RP1419: 9/18/2010 3:59:02 AM - System Checkpoint
RP1420: 9/19/2010 11:47:09 PM - System Checkpoint
RP1421: 9/21/2010 12:08:28 AM - System Checkpoint
RP1422: 9/22/2010 1:14:51 AM - System Checkpoint
RP1423: 9/23/2010 2:08:38 AM - System Checkpoint
RP1424: 9/23/2010 2:19:02 PM - Avg Update
RP1425: 9/23/2010 2:20:26 PM - Avg Update
RP1426: 9/25/2010 1:46:25 AM - System Checkpoint
RP1427: 9/26/2010 3:46:26 PM - System Checkpoint
RP1428: 9/27/2010 10:39:36 PM - System Checkpoint
RP1429: 9/28/2010 11:05:41 PM - System Checkpoint
RP1430: 9/30/2010 7:06:19 PM - System Checkpoint
RP1431: 10/1/2010 4:57:51 PM - Installed QuickTime
RP1432: 10/2/2010 6:48:32 PM - System Checkpoint

==== Installed Programs ======================


AC3Filter (remove only)
Access IBM
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 8.2.4
Adobe Shockwave Player 11
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
Audacity 1.2.6
AVG Free 9.0
Bonjour
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Curse Client - 1
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Download Updater (AOL LLC)
EndNote X Volume License Edition
Futuremark SystemInfo
Google Talk (remove only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IBM 32-bit Runtime Environment for Java 2, v1.4.1
IBM Integrated 56K Modem
IBM RecordNow!
IBM Themes
IBM ThinkPad Battery MaxiMiser and Power Management Features
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
ITS Secure Browser
iTunes
J2SE Development Kit 5.0 Update 12
J2SE Runtime Environment 5.0 Update 12
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft FrontPage Client - English
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual J# .NET Redistributable Package 1.1
MotoConnect
Motorola Driver Installation 4.6.0
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
OGA Notifier 2.0.0048.0
OpenAFS for Windows
PC-Doctor for Windows
PDF Annotator 2.0.0.265
Post-itŪ Software Notes Lite
PrimoPDF -- by Nitro PDF Software
QuickTime
Rescue and Recovery
Rescue and Recovery Critical Patch for Windows Update (KB917422)
Scroll Lock Indicator Utility
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
System Migration Assistant
System Update
ThinkPad Configuration
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Power Management Driver
ThinkPad Presentation Director
ThinkPad Software Installer
ThinkPad UltraNav Driver
ThinkPad UltraNav Wizard
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
ThinkVantage Access Connections
ThinkVantage Active Protection System
TrackPoint Accessibility Features
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Usmleworld Step2 QBank
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual Studio.NET Baseline - English
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
XML Paper Specification Shared Components Pack 1.0
Xobni
Xobni Core

==== Event Viewer Messages From Past Week ========

9/28/2010 9:18:30 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
9/28/2010 9:18:30 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
9/28/2010 7:06:40 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00054E49E8CB. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
9/28/2010 1:55:14 PM, error: Schannel [36884] - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is www.google.com. The SSL connection request has failed. The attached data contains the server certificate.
9/28/2010 1:54:43 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00054E49E8CB has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
9/27/2010 6:16:52 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/27/2010 6:01:53 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/2/2010 3:27:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.

==== End Of File ===========================
Reply With Quote
  #6  
Old October 4th, 2010, 05:03 AM
touch's Avatar
touch touch is offline
Malware Removal Team
 
Join Date: Jan 2007
O/S: Windows XP Pro
Posts: 3,595
Ok. Weīll deal with msi later, along with configure your pagefile, as it seems itīs not large enough to contain all physical memory.

It looks like your hostsfile are infected, therefore ->

Please download Combofix from: Here
And save to the desktop.

Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.


Post the contents of that log in your next reply

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.
Reply With Quote
  #7  
Old October 4th, 2010, 11:40 PM
Chasers12's Avatar
Chasers12 Chasers12 is offline
Member
 
Join Date: May 2004
Posts: 76
ComboFix 10-10-03.03 - contic 10/04/2010 17:59:13.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.950 [GMT -4:00]
Running from: c:\documents and settings\contic\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\intelppm.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-04 21:37 . 2010-10-04 21:37 4100960 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-10-04 21:37 . 2010-10-04 21:37 2065760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-10-04 21:37 . 2010-10-04 21:37 4394336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-10-01 22:04 . 2010-10-01 22:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-10-01 22:04 . 2010-10-01 22:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-10-01 20:58 . 2010-10-01 20:59 -------- d-----w- c:\program files\QuickTime
2010-09-28 23:40 . 2010-09-28 23:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-24 04:01 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 04:01 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-23 18:20 . 2010-09-23 18:20 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 18:20 . 2010-09-23 18:20 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 18:20 . 2010-09-23 18:20 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 18:20 . 2010-09-23 18:20 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-09-23 18:20 . 2010-09-23 18:20 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 18:20 . 2010-09-23 18:20 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 18:20 . 2010-09-23 18:20 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 18:19 . 2010-09-23 18:19 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-09-23 00:15 . 2010-09-23 00:15 -------- d-----w- c:\program files\iPod
2010-09-23 00:15 . 2010-09-23 00:16 -------- d-----w- c:\program files\iTunes
2010-09-23 00:09 . 2010-09-23 00:09 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-15 23:42 . 2010-09-15 23:42 45056 ----a-w- c:\documents and settings\contic\Application Data\Sun\Java\Deployment\cache\6.0\43\3f7f03ab-1a617f67-n\ntps.dll
2010-09-15 04:00 . 2010-09-24 00:28 762176 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-10-03 04:00 . 2004-06-05 07:24 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-09-29 01:32 . 2010-01-03 02:17 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 04:02 . 2010-07-09 21:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 00:15 . 2007-07-04 00:03 -------- d-----w- c:\program files\Common Files\Apple
2010-09-05 20:08 . 2010-03-21 18:52 -------- d-----w- c:\program files\World of Warcraft
2010-08-27 11:20 . 2010-05-11 04:57 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-27 11:20 . 2010-08-27 11:20 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-27 11:20 . 2010-05-11 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-27 11:20 . 2010-08-27 11:20 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-27 11:20 . 2007-02-28 00:56 -------- d-----w- c:\program files\DivX
2010-08-27 11:20 . 2010-08-27 11:20 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-08-27 11:19 . 2010-08-27 11:19 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-27 11:18 . 2010-08-27 11:18 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-27 11:17 . 2010-08-27 11:20 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-08-27 11:17 . 2010-08-27 11:17 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-27 11:17 . 2010-05-11 04:56 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-08-27 11:17 . 2010-05-11 04:56 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-08-27 00:39 . 2010-08-27 00:39 -------- d-----w- c:\program files\Bonjour
2010-08-22 06:25 . 2010-08-22 06:25 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-08-22 06:25 . 2004-06-05 07:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-17 13:17 . 1980-01-01 07:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2004-06-22 06:07 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 17:10 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 13:29 . 2009-05-09 04:08 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:29 . 2010-07-15 13:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:28 . 2009-05-09 04:08 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2008-12-03 19:27 . 2008-12-03 19:27 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-12-03 19:27 . 2008-12-03 19:27 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-12-03 19:27 . 2008-12-03 19:27 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-12-03 19:27 . 2008-12-03 19:27 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-12-03 19:27 . 2008-12-03 19:27 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-12-03 19:27 . 2008-12-03 19:27 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-12-03 19:27 . 2008-12-03 19:27 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 20:33 . 2007-03-16 20:33 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 20:33 . 2007-03-16 20:33 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 20:33 . 2007-03-16 20:33 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-12-03 18:10 . 2008-12-03 18:10 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-12-03 19:27 . 2008-12-03 19:27 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 864256]
"TpShocks"="TpShocks.exe" [2005-11-07 106496]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPH KMGR.exe" [2006-10-02 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp .Exe" [2006-02-24 237568]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-26 344064]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"TPKBDLED"="c:\windows\system32\TpScrLk.exe" [2002-10-09 40960]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-05-13 2333440]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.d ll" [2005-04-20 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfE x.dll" [2005-04-20 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL " [2005-04-20 208896]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-12-25 409600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"configmsi"="rmdir" [X]
"supportdir"="rmdir" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Post-itr Software Notes Lite.lnk - c:\program files\Post-It Lite\PsnLite.exe [2004-10-15 2080768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AfsLogon]
2004-11-09 14:59 71152 ----a-w- c:\windows\system32\afslogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 13:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 03:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-12-01 00:16 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-10-02 21:49 864624 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 09:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-10-06 15:06 1323008 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2008-10-06 15:14 118784 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Java\\jre1.5.0_12\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\contic\\Local Settings\\Apps\\2.0\\BBM196H6.VNP\\YY4XCXZE.ZEJ\\c urs..tion_eee711038731a406_0004.0000_172b37d8269e5 e48\\CurseClient.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
Reply With Quote
  #8  
Old October 4th, 2010, 11:41 PM
Chasers12's Avatar
Chasers12 Chasers12 is offline
Member
 
Join Date: May 2004
Posts: 76
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenP]
"7001:UDP"= 7001:UDP:AFS Cache Manager Callback

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"7001:UDP"= 7001:UDP:AFS CacheManager Callback (UDP)
"7001:TCP"= 7001:TCP:AFS CacheManager Callback (TCP)
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/15/2009 2:24 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/9/2009 12:08 AM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/9/2009 12:08 AM 243024]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [6/5/2004 3:16 AM 16384]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 9:28 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:29 AM 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 1:28 PM 1356952]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectServi ce.exe [7/31/2010 11:28 PM 91456]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [5/12/2006 6:10 PM 3968]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [12/7/2009 8:29 PM 55016]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/14/2010 5:43 PM 15008]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [7/31/2010 11:27 PM 6016]
S3 cpuz130;cpuz130;\??\c:\docume~1\contic\LOCALS~1\Te mp\cpuz130\cpuz_x32.sys --> c:\docume~1\contic\LOCALS~1\Temp\cpuz130\cpuz_x32. sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [9/24/2010 12:01 AM 38224]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [7/31/2010 11:27 PM 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\dri vers\motccgpfl.sys [7/31/2010 11:27 PM 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [7/31/2010 11:27 PM 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sy s [7/31/2010 11:27 PM 9472]
.
Contents of the 'Scheduled Tasks' folder

2010-10-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 21:49]

2006-07-20 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2004-06-05 05:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://examinee.nbme.org/cas/exam
uInternet Connection Wizard,ShellNext = hxxp://www.java.com/
uInternet Settings,ProxyOverride = *.local
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://clighthouse.dyndns.org/user/TSBnwCam.CAB
FF - ProfilePath - c:\documents and settings\contic\Application Data\Mozilla\Firefox\Profiles\201zzcji.default\
FF - prefs.js: browser.search.selectedEngine - Google Images
FF - prefs.js: browser.startup.homepage - hxxps://amcmail.amc.edu/CookieAuth.dll?GetLogon?curl=Z2FowaZ2F&reason=0&fo rmdir=1
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\contic\Application Data\Mozilla\Firefox\Profiles\201zzcji.default\ext ensions\moveplayer@movenetworks.com\platform\WINNT _x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\windows\system32\DNAML\npdbplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-IBM RecordNow! - (no file)
HKLM-Run-Virtual PDF Printer - c:\program files\Virtual PDF Printer\VirtualPDFPrinter.exe
Notify-ACNotify - ACNotify.dll
Notify-NavLogon - (no file)
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-ibmmessages - c:\program files\IBM\Messages By IBM\ibmmessages.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-UpdateManager - c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4} - c:\documents and settings\contic\Local Settings\Application Data\{7D4B3D1D-104E-4507-9123-568BC721B7E2}\BYKI4Installer.exe


.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(992)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(4104)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\i TunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMini Player.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\acs.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Motorola\MotoConnectService\MotoConnect.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\progra~1\POST-I~1\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Completion time: 2010-10-04 18:33:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-04 22:33

Pre-Run: 12,818,264,064 bytes free
Post-Run: 12,689,821,696 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptOut

- - End Of File - - BABBD443EE6E28194C0F790B26C8EEFF
Reply With Quote
  #9  
Old October 5th, 2010, 03:56 AM
touch's Avatar
touch touch is offline
Malware Removal Team
 
Join Date: Jan 2007
O/S: Windows XP Pro
Posts: 3,595
Looks clean.

Please run a complete scan with AVG, if it find some infections (except cookies) post the log. Run new scan with DDS, and post Attach.Txt as well
Reply With Quote
  #10  
Old October 6th, 2010, 03:13 AM
Chasers12's Avatar
Chasers12 Chasers12 is offline
Member
 
Join Date: May 2004
Posts: 76
AVG didn't find anything. Here is my Attach.txt from the DDS scan:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/26/2007 4:00:58 PM
System Uptime: 10/5/2010 8:54:57 PM (2 hours ago)

Motherboard: IBM | | 2373R01
Processor: Intel(R) Pentium(R) M processor 1.80GHz | None | 1794/400mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 11.791 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/1000 MT Mobile Connection
Device ID: PCI\VEN_8086&DEV_101E&SUBSYS_05491014&REV_03\4&39A 85202&0&08F0
Manufacturer: Intel
Name: Intel(R) PRO/1000 MT Mobile Connection
PNP Device ID: PCI\VEN_8086&DEV_101E&SUBSYS_05491014&REV_03\4&39A 85202&0&08F0
Service: E1000

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: IBM Integrated 56K Modem
Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_055A1014&REV_01\3&61A AA01&0&FE
Manufacturer: CXT
Name: IBM Integrated 56K Modem
PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_055A1014&REV_01\3&61A AA01&0&FE
Service: Modem

==== System Restore Points ===================

RP1350: 7/8/2010 1:49:58 AM - System Checkpoint
RP1351: 7/9/2010 1:54:20 AM - System Checkpoint
RP1352: 7/10/2010 3:08:57 AM - System Checkpoint
RP1353: 7/11/2010 3:13:24 AM - System Checkpoint
RP1354: 7/12/2010 5:13:32 AM - System Checkpoint
RP1355: 7/13/2010 7:24:37 AM - System Checkpoint
RP1356: 7/14/2010 12:08:40 AM - Software Distribution Service 3.0
RP1357: 7/15/2010 12:18:37 AM - System Checkpoint
RP1358: 7/15/2010 9:27:47 AM - Avg Update
RP1359: 7/15/2010 9:29:58 AM - Avg Update
RP1360: 7/16/2010 7:04:18 PM - System Checkpoint
RP1361: 7/17/2010 8:50:05 PM - System Checkpoint
RP1362: 7/18/2010 9:04:07 PM - System Checkpoint
RP1363: 7/19/2010 11:16:15 PM - System Checkpoint
RP1364: 7/21/2010 1:27:07 AM - System Checkpoint
RP1365: 7/21/2010 8:38:48 AM - Avg Update
RP1366: 7/22/2010 8:50:00 AM - System Checkpoint
RP1367: 7/25/2010 5:57:56 PM - System Checkpoint
RP1368: 7/26/2010 11:46:31 PM - System Checkpoint
RP1369: 7/28/2010 12:48:17 AM - System Checkpoint
RP1370: 7/29/2010 1:24:51 AM - System Checkpoint
RP1371: 7/30/2010 1:26:16 AM - System Checkpoint
RP1372: 7/31/2010 1:17:09 PM - System Checkpoint
RP1373: 7/31/2010 11:26:58 PM - Installed Motorola Driver Installation 4.6.0
RP1374: 7/31/2010 11:28:05 PM - Installed Windows XP Wdf01007.
RP1375: 8/2/2010 12:54:45 AM - System Checkpoint
RP1376: 8/2/2010 9:58:45 PM - Software Distribution Service 3.0
RP1377: 8/3/2010 11:09:46 PM - System Checkpoint
RP1378: 8/4/2010 11:25:33 PM - System Checkpoint
RP1379: 8/5/2010 11:56:17 PM - System Checkpoint
RP1380: 8/7/2010 12:34:26 AM - System Checkpoint
RP1381: 8/8/2010 2:21:33 AM - System Checkpoint
RP1382: 8/9/2010 4:21:32 AM - System Checkpoint
RP1383: 8/10/2010 4:48:07 AM - System Checkpoint
RP1384: 8/11/2010 6:21:39 AM - System Checkpoint
RP1385: 8/11/2010 9:26:56 PM - Software Distribution Service 3.0
RP1386: 8/12/2010 11:55:57 PM - System Checkpoint
RP1387: 8/14/2010 12:54:41 AM - System Checkpoint
RP1388: 8/15/2010 12:54:53 AM - System Checkpoint
RP1389: 8/16/2010 2:54:56 AM - System Checkpoint
RP1390: 8/17/2010 3:13:54 AM - System Checkpoint
RP1391: 8/18/2010 3:37:11 AM - System Checkpoint
RP1392: 8/19/2010 4:46:21 AM - System Checkpoint
RP1393: 8/20/2010 6:46:27 AM - System Checkpoint
RP1394: 8/21/2010 8:46:28 AM - System Checkpoint
RP1395: 8/22/2010 10:46:30 AM - System Checkpoint
RP1396: 8/23/2010 12:46:34 PM - System Checkpoint
RP1397: 8/24/2010 2:46:36 PM - System Checkpoint
RP1398: 8/26/2010 1:09:46 AM - System Checkpoint
RP1399: 8/27/2010 2:46:40 AM - System Checkpoint
RP1400: 8/28/2010 3:16:11 AM - System Checkpoint
RP1401: 8/29/2010 4:21:20 PM - System Checkpoint
RP1402: 8/30/2010 5:37:08 PM - System Checkpoint
RP1403: 8/31/2010 6:12:40 PM - System Checkpoint
RP1404: 9/1/2010 7:04:41 PM - System Checkpoint
RP1405: 9/3/2010 12:42:05 AM - System Checkpoint
RP1406: 9/4/2010 1:02:43 AM - System Checkpoint
RP1407: 9/5/2010 5:28:02 AM - System Checkpoint
RP1408: 9/6/2010 7:10:49 AM - System Checkpoint
RP1409: 9/7/2010 9:10:53 AM - System Checkpoint
RP1410: 9/8/2010 12:58:43 PM - Avg Update
RP1411: 9/9/2010 4:27:03 PM - System Checkpoint
RP1412: 9/10/2010 4:52:32 PM - System Checkpoint
RP1413: 9/11/2010 4:52:44 PM - System Checkpoint
RP1414: 9/12/2010 8:19:10 PM - System Checkpoint
RP1415: 9/14/2010 12:12:38 AM - System Checkpoint
RP1416: 9/14/2010 8:27:06 PM - Software Distribution Service 3.0
RP1417: 9/15/2010 11:38:14 PM - System Checkpoint
RP1418: 9/17/2010 12:49:51 AM - System Checkpoint
RP1419: 9/18/2010 3:59:02 AM - System Checkpoint
RP1420: 9/19/2010 11:47:09 PM - System Checkpoint
RP1421: 9/21/2010 12:08:28 AM - System Checkpoint
RP1422: 9/22/2010 1:14:51 AM - System Checkpoint
RP1423: 9/23/2010 2:08:38 AM - System Checkpoint
RP1424: 9/23/2010 2:19:02 PM - Avg Update
RP1425: 9/23/2010 2:20:26 PM - Avg Update
RP1426: 9/25/2010 1:46:25 AM - System Checkpoint
RP1427: 9/26/2010 3:46:26 PM - System Checkpoint
RP1428: 9/27/2010 10:39:36 PM - System Checkpoint
RP1429: 9/28/2010 11:05:41 PM - System Checkpoint
RP1430: 9/30/2010 7:06:19 PM - System Checkpoint
RP1431: 10/1/2010 4:57:51 PM - Installed QuickTime
RP1432: 10/2/2010 6:48:32 PM - System Checkpoint
RP1433: 10/4/2010 5:35:58 PM - Avg Update
RP1434: 10/5/2010 3:00:18 AM - Software Distribution Service 3.0

==== Installed Programs ======================

AC3Filter (remove only)
Access IBM
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 8.2.4
Adobe Shockwave Player 11
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
Audacity 1.2.6
AVG Free 9.0
Bonjour
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Curse Client - 1
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Download Updater (AOL LLC)
EndNote X Volume License Edition
Futuremark SystemInfo
Google Talk (remove only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IBM 32-bit Runtime Environment for Java 2, v1.4.1
IBM Integrated 56K Modem
IBM RecordNow!
IBM Themes
IBM ThinkPad Battery MaxiMiser and Power Management Features
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
ITS Secure Browser
iTunes
J2SE Development Kit 5.0 Update 12
J2SE Runtime Environment 5.0 Update 12
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft FrontPage Client - English
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual J# .NET Redistributable Package 1.1
MotoConnect
Motorola Driver Installation 4.6.0
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
OGA Notifier 2.0.0048.0
OpenAFS for Windows
PC-Doctor for Windows
PDF Annotator 2.0.0.265
Post-itŪ Software Notes Lite
PrimoPDF -- by Nitro PDF Software
QuickTime
Reply With Quote
  #11  
Old October 6th, 2010, 03:13 AM
Chasers12's Avatar
Chasers12 Chasers12 is offline
Member
 
Join Date: May 2004
Posts: 76
Rescue and Recovery
Rescue and Recovery Critical Patch for Windows Update (KB917422)
Scroll Lock Indicator Utility
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
System Migration Assistant
System Update
ThinkPad Configuration
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Power Management Driver
ThinkPad Presentation Director
ThinkPad Software Installer
ThinkPad UltraNav Driver
ThinkPad UltraNav Wizard
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
ThinkVantage Access Connections
ThinkVantage Active Protection System
TrackPoint Accessibility Features
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Usmleworld Step2 QBank
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual Studio.NET Baseline - English
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
XML Paper Specification Shared Components Pack 1.0
Xobni
Xobni Core

==== Event Viewer Messages From Past Week ========

9/30/2010 3:23:51 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00054E49E8CB has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
9/29/2010 1:09:27 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00054E49E8CB. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
9/28/2010 1:55:14 PM, error: Schannel [36884] - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is www.google.com. The SSL connection request has failed. The attached data contains the server certificate.
10/4/2010 5:50:36 PM, error: Service Control Manager [7034] - The tvtnetwk service terminated unexpectedly. It has done this 1 time(s).
10/4/2010 5:50:36 PM, error: Service Control Manager [7034] - The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s).
10/4/2010 5:50:36 PM, error: Service Control Manager [7034] - The ACU Configuration Service service terminated unexpectedly. It has done this 1 time(s).
10/4/2010 5:50:36 PM, error: Service Control Manager [7031] - The Ac Profile Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/4/2010 5:47:55 PM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
10/4/2010 5:47:23 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/4/2010 5:43:33 PM, error: Service Control Manager [7034] - The AVG Free E-mail Scanner service terminated unexpectedly. It has done this 3 time(s).
10/4/2010 5:42:11 PM, error: Service Control Manager [7034] - The AVG Free E-mail Scanner service terminated unexpectedly. It has done this 2 time(s).
10/4/2010 5:41:51 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/4/2010 5:41:45 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/4/2010 5:41:23 PM, error: Service Control Manager [7034] - The AVG Free E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
10/3/2010 5:36:59 PM, error: Dhcp [1002] - The IP address lease 172.19.246.52 for the Network Card with network address 00054E49E8CB has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/3/2010 4:38:22 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00054E49E8CB has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
10/2/2010 3:27:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.
10/2/2010 10:02:50 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
10/2/2010 10:02:50 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================
Reply With Quote
  #12  
Old October 6th, 2010, 06:10 AM
touch's Avatar
touch touch is offline
Malware Removal Team
 
Join Date: Jan 2007
O/S: Windows XP Pro
Posts: 3,595
Please tell how things are running now ?
Reply With Quote
  #13  
Old October 6th, 2010, 06:22 PM
Chasers12's Avatar
Chasers12 Chasers12 is offline
Member
 
Join Date: May 2004
Posts: 76
My PC seems to be running fine now. Just like before. I dont get those popups telling me things are shutting down. And the browser no longer opens the random websites. It appears to be fixed. Is there anything else I need to do? If not, thank you very much for your time.
Reply With Quote
  #14  
Old October 7th, 2010, 06:14 AM
touch's Avatar
touch touch is offline
Malware Removal Team
 
Join Date: Jan 2007
O/S: Windows XP Pro
Posts: 3,595
Just some cleanup remains.

Go to to Start > Run
Type/copy in the box:
combofix /uninstall

Note: the space between the X and the /u

Press Enter.
This command will:
◦Delete the following:
ComboFix and its associated files and folders.

You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.


Keep safe
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Problem With Generic Host Process for Win32 Services kpoman Malware Removal 5 January 30th, 2010 08:44 PM
generic host process for win32 encountered a problem.... NYCMAMI2103 The Anything Else Board 0 March 15th, 2009 09:16 PM
Generic Host Process for Win32 Services has encountered a problem and needs to close Thomas Harris Windows XP 4 January 29th, 2008 11:46 PM
Generic Host Process for Win32 Services jodys67 Windows XP 2 June 27th, 2007 09:31 PM
Generic Host Process for Win 32 has encountered a problem and needs to close? hpTunes Windows XP 6 August 16th, 2006 02:22 AM


All times are GMT +1. The time now is 11:23 AM.