Inactive Generic Host Process for Win32...

[Inactive] Generic Host Process for Win32...

Hi,

I have a problem very similar to all of the people here. I watched some movies in firefox and suddenly everything got pretty slow and my antivirus programm (avg) was suddenly having very weird buttons and so on. Anyhow, I restarted and avg found some trojans (didn't write down the name) but I'm still encountering the wellknown "Generic host process for win32 services has encountered a problem and needs to close. We are sorry for the inconvenience." error when I start up my windows XP.

I started it in safe mode and ran Norton (I deinstalled avg) but it didn't find anything anymore.

Would be really happy for help since I need the laptop for a presentation on Friday. But I guess first come first serve .

edit 1: It seems Norton found something. It's called "Vundo ". However even with Norton saying that the problem is fixed, the system is running REALLY slowly at the moment. I have like 2 sec to get the mouse from one side to the other.

edit 2: Now I restarted the computer after it was running so slow and I got some new errors.
One popup is "On screen display message handler has encountered a problem and needs to close. We are sorry for the inconvenience "
The other one is "Error loading C:\Windows\system32\htkfddw.dll - The specified Module could not be found ".


Here is a logfile from my hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:17, on 21.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\SHREDDER\SAWCtrlSer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Virtual_Daemon\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\qoMgHxyv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: (no name) - {D9E6C2CD-2127-4D0F-BCA9-E3DF84A43F20} - C:\WINDOWS\system32\fccBqOFy.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe "
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Virtual_Daemon\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [1018ca1f] rundll32.exe "C:\WINDOWS\system32\htkfddvw.dll ",b
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CoolCalendar] C:\Program Files\Desktop Calendar\CoolCalendar.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Real Desktop] "C:\Program Files\Real Desktop\Real Desktop.exe "
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\ObjectDock\ObjectDock.exe
O4 - Global Startup: abylonsoft Activate modules.lnk = C:\Program Files\SHREDDER\SAWipe.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI699F~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI699F~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file:///D:/components/Liquid.ocx
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: qoMgHxyv - C:\WINDOWS\SYSTEM32\qoMgHxyv.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: apm - SAW control service (apmSAWCtrl) - abylonsoft - Dr. Thomas Klabunde GbR - C:\Program Files\SHREDDER\SAWCtrlSer.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

--
End of file - 18210 bytes

 

Sorry I forgot the DDS thing:

######################################


DDS (Ver_09-01-18.01) - NTFSx86
Run by Christian at 20:26:56.48 on 21.01.2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2030.1056 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\SHREDDER\SAWCtrlSer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Virtual_Daemon\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Christian\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com
mDefault_Page_URL = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.2.0.7\IPSBHO.DLL
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\qoMgHxyv.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: {d9e6c2cd-2127-4d0f-bca9-e3df84a43f20} - c:\windows\system32\fccBqOFy.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CoolCalendar] c:\program files\desktop calendar\CoolCalendar.exe
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [CubeDesktop]
uRun: [Real Desktop] "c:\program files\real desktop\Real Desktop.exe "
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe "
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~2\prdctr\LPMLCHK.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DAEMON Tools-1033] "c:\program files\virtual_daemon\daemon.exe" -lang 1033
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [FreePDF Assistant] c:\program files\freepdf_xp\fpassist.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [1018ca1f] rundll32.exe "c:\windows\system32\htkfddvw.dll ",b
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\christ~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\abylon~1.lnk - c:\program files\shredder\SAWipe.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\mi699f~1\office11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi699f~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: qoMgHxyv - qoMgHxyv.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\eudora\EuShlExt.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\qoMgHxyv.dll
LSA: Notification Packages = scecli ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\409qnq7l.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ManageAccount
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-3-2 100656]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1002000.007\SymEFA.sys [2009-1-21 309296]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-4-29 11520]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1002000.007\BHDrvx86.sys [2009-1-21 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1002000.007\cchpx86.sys [2009-1-21 362544]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-4-29 6016]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20080826.006\IDSxpx86.sys [2009-1-21 274808]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-4-29 4442]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2007-12-5 46656]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090121.032\naveng.sys [2009-1-21 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090121.032\navex15.sys [2009-1-21 876112]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 30336]
R4 apmSAWCtrl;apm - SAW control service;c:\program files\shredder\SAWCtrlSer.EXE [2008-8-14 230224]
R4 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.2.0.7\ccSvcHst.exe [2009-1-21 115560]
R4 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-12-5 520192]
R4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2007-12-5 249856]
S0 gjqknwaw;gjqknwaw;c:\windows\system32\drivers\phqoqimy.sys []
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2009-01-21 20:07 <DIR> --d----- c:\program files\Trend Micro
2009-01-21 17:13 <DIR> --d--r-- c:\program files\Norton Support
2009-01-21 17:07 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-01-21 17:07 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-21 17:07 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-21 17:07 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-21 17:07 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-21 17:07 <DIR> --d----- c:\program files\Symantec
2009-01-21 17:06 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-01-21 17:06 <DIR> --d----- c:\program files\Norton AntiVirus
2009-01-21 17:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-01-21 17:06 <DIR> --d----- c:\program files\NortonInstaller
2009-01-21 17:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-01-21 16:09 <DIR> --d----- C:\savxpsa
2009-01-21 15:59 47,616 a------- c:\windows\system32\xxyYPIya.dll
2009-01-21 00:18 48,640 a------- c:\windows\system32\fccdbBqP.dll
2009-01-21 00:17 1,432,143 ---sh--- c:\windows\system32\wvddfkth.ini
2009-01-21 00:17 82,944 a------- c:\windows\system32\htkfddvw.dll
2009-01-21 00:15 126,464 a------- c:\windows\system32\uwljio.dll
2009-01-21 00:15 126,464 a------- c:\windows\system32\grewksri.dll
2009-01-21 00:14 1,066,793 a--sh--- c:\windows\system32\yFOqBccf.ini2
2009-01-21 00:14 1,104 a------- c:\windows\gjqknwaw
2009-01-21 00:14 1,066,793 a--sh--- c:\windows\system32\yFOqBccf.ini
2009-01-21 00:09 47,616 a------- c:\windows\system32\efcbxVoM.dll
2009-01-21 00:09 48,640 a------- c:\windows\system32\qoMgHxyv.dll
2009-01-12 08:00 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-01-12 07:57 <DIR> --d----- c:\program files\Skype
2009-01-11 23:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2009-01-11 23:41 271,704 a----r-- c:\windows\system32\hpzids01.dll
2009-01-11 23:41 118,272 a------- c:\windows\system32\hpz3l5mu.dll
2009-01-11 23:40 729,088 a----r-- c:\windows\system32\hpowiax7.dll
2009-01-11 23:40 581,632 a----r-- c:\windows\system32\hpotscl6.dll
2009-01-11 23:40 372,736 a----r-- c:\windows\system32\hppldcoi.dll
2009-01-11 23:40 309,760 a----r-- c:\windows\system32\difxapi.dll
2009-01-11 23:40 303,104 a----r-- c:\windows\system32\hpovst15.dll
2009-01-11 23:37 0 a------- c:\windows\system32\ŸÓŸÓ
2009-01-11 23:35 <DIR> --d----- c:\program files\common files\HP
2009-01-11 23:33 <DIR> --d----- c:\program files\HP
2009-01-11 23:31 157,581 a------- c:\windows\hpoins28.dat
2009-01-11 23:31 932 -------- c:\windows\hpomdl28.dat
2009-01-11 16:44 <DIR> --d----- c:\documents and settings\christian\Bluetooth Software
2009-01-04 13:03 <DIR> --d----- c:\docume~1\christ~1\applic~1\TrueCrypt
2009-01-04 13:03 215,872 -------- c:\windows\system32\drivers\truecrypt.sys
2009-01-04 13:03 <DIR> --d----- c:\program files\TrueCrypt
2009-01-04 01:43 <DIR> --d----- c:\windows\SQLTools9_KB954606_ENU
2009-01-04 01:40 <DIR> --d----- c:\windows\SQL9_KB954606_ENU
2009-01-03 07:29 <DIR> --d----- c:\program files\MSDN Library
2009-01-03 05:54 <DIR> --d----- c:\temp\MSDN Library for Visual Studio 2008 (x86 and x64 WoW) - DVD (English)
2009-01-03 05:10 <DIR> --d----- c:\windows\system32\js
2009-01-03 05:10 <DIR> --d----- c:\windows\system32\images
2009-01-03 05:10 <DIR> --d----- c:\windows\system32\html
2009-01-03 05:10 <DIR> --d----- c:\windows\system32\css
2009-01-03 05:10 <DIR> --d----- c:\program files\Business Objects
2009-01-03 05:04 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-01-03 05:04 <DIR> --d----- c:\program files\Microsoft Device Emulator
2009-01-03 05:03 <DIR> --d----- c:\program files\Windows Mobile 5.0 SDK R2
2009-01-03 05:02 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2009-01-03 05:02 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-01-03 04:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PreEmptive Solutions
2009-01-03 04:50 <DIR> --d----- c:\program files\CE Remote Tools
2009-01-03 04:49 <DIR> --d----- c:\program files\Microsoft Web Designer Tools
2009-01-03 04:37 <DIR> --d----- c:\windows\system32\de-DE
2009-01-03 04:05 <DIR> --d----- c:\program files\IsoBuster
2009-01-02 11:56 <DIR> --d----- c:\documents and settings\christian\VSWebCache
2009-01-02 11:18 <DIR> --d----- c:\program files\HTML Help Workshop
2009-01-02 11:18 <DIR> --d----- c:\program files\common files\Merge Modules
2009-01-02 11:18 <DIR> --d----- c:\program files\common files\Crystal Decisions
2009-01-02 11:13 876,653 -------- c:\windows\system32\dllcache\fp4awel.dll
2009-01-02 11:13 94,208 -------- c:\windows\system32\dllcache\fpencode.dll
2009-01-02 09:06 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-02 09:05 14,048 -------- c:\windows\system32\spmsg2.dll
2009-01-02 08:55 <DIR> --d----- C:\Temp
2008-12-29 05:17 <DIR> --d----- c:\windows\1st JavaScript Editor
2008-12-29 05:17 <DIR> --d----- c:\program files\JavaScript Editor
2008-12-28 16:45 836 -------- c:\windows\ODBC.INI
2008-12-28 16:45 28,040 -------- c:\windows\system32\mdimon.dll
2008-12-28 16:44 <DIR> --d----- c:\program files\Microsoft Office 2003
2008-12-28 16:42 410,984 -------- c:\windows\system32\deploytk.dll
2008-12-28 16:36 32 -------- c:\windows\CD_Start.INI
2008-12-28 16:00 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2008-12-28 15:59 <DIR> --d----- c:\windows\SHELLNEW
2008-12-28 15:50 <DIR> --d----- c:\program files\MozBackup
2008-12-28 08:54 <DIR> --d----- c:\windows\system32\CatRoot_bak
2008-12-28 08:35 <DIR> --dshr-- C:\RRbackups

==================== Find3M ====================

2008-12-13 01:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 06:57 333,184 -------- c:\windows\system32\drivers\srv.sys
2008-12-11 06:57 333,184 -------- c:\windows\system32\dllcache\srv.sys
2008-10-24 06:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-04-29 00:36 32,768 ---sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-04-29 01:01 32,768 ---sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008042820080429\index.dat

============= FINISH: 20:27:46.71 ===============


#####################################

 

And finally the "attach.txt" - I know I should attach it to a post, but didn't find the button for that .

###############################################


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-18.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 29.04.2008 02:04:44
System Uptime: 21.01.2009 19:30:31 (1 hours ago)

Motherboard: LENOVO | | 7663D15
Processor: Intel Pentium III Xeon processor | None | 2493/200mhz
Processor: Intel Pentium III Xeon processor | None | 2493/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 232 GiB total, 155.847 GiB free.
D: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP30: 21.01.2009 00:15:06 - System Checkpoint
RP31: 21.01.2009 00:15:06 - System Checkpoint
RP32: 21.01.2009 00:15:06 - System Checkpoint
RP33: 21.01.2009 00:15:07 - System Checkpoint
RP34: 21.01.2009 00:15:07 - System Checkpoint
RP35: 21.01.2009 00:15:07 - System Checkpoint
RP36: 21.01.2009 00:15:07 - Software Distribution Service 3.0
RP37: 21.01.2009 00:15:07 - System Checkpoint
RP38: 21.01.2009 00:15:07 - System Checkpoint
RP39: 21.01.2009 00:15:07 - System Checkpoint
RP40: 21.01.2009 00:15:08 - System Checkpoint
RP41: 21.01.2009 00:15:17 - Last known good configuration

==== Installed Programs ======================

1st JavaScript Editor 3.85
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
abylon SHREDDER 7.0
Access Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Advertisement Service
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
Cisco Systems VPN Client 5.0.02.0090
Client Security - Password Manager
Copy
Crystal Reports Basic for Visual Studio 2008
Crystal Reports Basic German Language Pack for Visual Studio 2008
CustomerResearchQFolder
DAEMON Tools
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Diskeeper Lite
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
eMule
eSupportQFolder
F4200
F4200_Help
FreePDF XP (Remove only)
GDR 3073 for SQL Server Database Services 2005 ENU (KB954606)
GDR 3073 for SQL Server Tools and Workstation Components 2005 ENU (KB954606)
GPBaseService
Help Center
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB952241)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB889816)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894686)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB898456)
Hotfix for Windows XP (KB903250)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB909667)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB916189)
Hotfix for Windows XP (KB917332)
Hotfix for Windows XP (KB918005)
Hotfix for Windows XP (KB918837)
Hotfix for Windows XP (KB923293)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2100 series
HP Photosmart Essential 2.5
hp psc 2100 series
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
igLoader
Integrated Camera
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD
InterVideo WinDVD Creator 3
IsoBuster 2.4
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Lenovo Registration
Maintenance Manager
MarketResearch
mCore
mDriver
Message Center
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Language Pack - deu
Microsoft Device Emulator Version 3.0 - DEU
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 Language Pack - DEU
Microsoft FrontPage Client - German
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (German) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server Compact 3.5 Design Tools DEU
Microsoft SQL Server Compact 3.5 DEU
Microsoft SQL Server Compact 3.5 for Devices DEU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio .NET Professional 2003 - Deutsch
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
Microsoft Visual Studio 2008 Professional Edition - DEU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
mMHouse
Mozilla Firefox (3.0.5)
Mozilla Thunderbird (2.0.0.19)
mPfMgr
mProSafe
MSDN Library for Visual Studio 2008 - ENU
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
No23 Recorder
Norton AntiVirus
NVIDIA Drivers
On Screen Display
PC-Doctor 5 für Windows
PDF-XChange 3
Picasa 2
Presentation Director
Productivity Center Supplement for ThinkPad
PSSWCORE
QuickTime
R for Windows 2.7.0
Rainlendar2 (remove only)
RecordNow Audio
RecordNow Copy
RecordNow Data
RedMon - Redirection Port Monitor
Remove Multimedia Center
Rescue and Recovery
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Shop for HP Supplies
Skype™ 3.8
SmartWebPrintingOC
SolutionCenter
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
Status
System Migration Assistant
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Tinn-R 1.19.4.7
Toolbox
Tools für Microsoft SQL Server 2005 Express Edition
TrayApp
TrueCrypt
UnloadSupport
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
VideoToolkit01
Visual J# .NET Redistributable 1.1- German Language Pack
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
Visual Studio .NET Professional 2003 - German
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
Visual Studio.NET Baseline - German
Wallpapers
WebFldrs XP
WebReg
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883517
Windows XP Hotfix - KB883523
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB884868
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB885894
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889315
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB896613
WinRAR
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
XP Themes

==== Event Viewer Messages From Past Week ========

14.01.2009 21:04:40, error: d347bus [4] - Driver detected an internal error in its data structures for .
14.01.2009 18:12:36, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
18.01.2009 22:44:56, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
19.01.2009 08:35:14, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg8wd service.
21.01.2009 00:09:59, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
21.01.2009 00:15:40, error: Service Control Manager [7031] - The AVG8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
21.01.2009 00:22:07, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gjqknwaw
21.01.2009 07:55:21, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
21.01.2009 07:55:21, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
21.01.2009 08:01:04, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
21.01.2009 08:01:07, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
21.01.2009 08:01:53, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
21.01.2009 08:01:53, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
21.01.2009 08:01:53, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
21.01.2009 08:01:53, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
21.01.2009 08:01:53, error: Service Control Manager [7001] - The Bonjour-Dienst service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
21.01.2009 08:01:53, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
21.01.2009 08:01:53, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ANC AvgLdx86 AvgMfx86 Fips gjqknwaw IBMTPCHK intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip TPHKDRV TPPWRIF truecrypt TSMAPIP tvtumon
21.01.2009 08:10:34, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
21.01.2009 15:56:58, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
21.01.2009 15:58:13, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC AvgLdx86 AvgMfx86 Fips gjqknwaw IBMTPCHK intelppm TPHKDRV TPPWRIF truecrypt TSMAPIP tvtumon
21.01.2009 16:09:00, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC Fips gjqknwaw IBMTPCHK intelppm TPHKDRV TPPWRIF truecrypt TSMAPIP tvtumon
21.01.2009 17:08:01, error: ipnathlp [31012] - The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.
21.01.2009 17:11:54, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC Fips gjqknwaw IBMTPCHK intelppm SYMTDI TPHKDRV TPPWRIF truecrypt TSMAPIP tvtumon
21.01.2009 17:13:16, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments " " in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

==== End Of File ===========================

 

Welcome to WindowsBBS Christian85

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

Thanks for the quick anwer!

Here is the log:

######################################################

ComboFix 09-01-21.04 - Christian 2009-01-23 17:15:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2030.1618 [GMT -5:00]
Running from: c:\documents and settings\Christian\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaiejpsvcd.sys
c:\windows\system32\grewksri.dll
c:\windows\system32\hpowiax7.dll
c:\windows\system32\senekacbruyyep.dll
c:\windows\system32\senekadqqkriig.dat
c:\windows\system32\senekasempmjio.dll
c:\windows\system32\senekaxlwkbvgg.dat
c:\windows\system32\uwljio.dll
c:\windows\system32\wvddfkth.ini

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.

2009-01-21 21:17 . 2009-01-21 21:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-21 21:17 . 2009-01-21 21:17 <DIR> d-------- c:\documents and settings\Christian\Application Data\Malwarebytes
2009-01-21 21:17 . 2009-01-21 21:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-21 21:17 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-21 21:17 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-21 20:57 . 2009-01-21 20:57 303,616 --------- c:\windows\system32\urqRJAPH.dll
2009-01-21 20:07 . 2009-01-21 20:07 <DIR> d-------- c:\program files\Trend Micro
2009-01-21 17:06 . 2009-01-21 17:06 <DIR> d-------- c:\windows\system32\drivers\NAV
2009-01-21 17:06 . 2009-01-21 17:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-21 17:06 . 2009-01-23 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-21 16:09 . 2009-01-21 16:10 <DIR> d-------- C:\savxpsa
2009-01-21 01:00 . 2009-01-21 01:00 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\HPAppData
2009-01-21 00:18 . 2009-01-21 00:18 48,640 --a------ c:\windows\system32\fccdbBqP.dll
2009-01-21 00:14 . 2009-01-21 22:25 1,312 --a------ c:\windows\gjqknwaw
2009-01-16 20:03 . 2009-01-21 00:18 <DIR> d-------- c:\documents and settings\Christian\Application Data\HPAppData
2009-01-12 08:00 . 2009-01-23 16:58 <DIR> d-------- c:\documents and settings\Christian\Application Data\skypePM
2009-01-12 08:00 . 2009-01-12 08:00 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-12 07:57 . 2009-01-12 07:57 <DIR> d-------- c:\program files\Skype
2009-01-12 07:57 . 2009-01-12 07:57 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-12 07:57 . 2009-01-23 17:03 <DIR> d-------- c:\documents and settings\Christian\Application Data\Skype
2009-01-12 07:57 . 2009-01-12 07:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-01-11 23:48 . 2009-01-11 23:48 <DIR> d-------- c:\documents and settings\Christian\Application Data\HP
2009-01-11 23:48 . 2009-01-11 23:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2009-01-11 23:41 . 2009-01-11 23:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-01-11 23:41 . 2007-11-08 09:56 271,704 -ra------ c:\windows\system32\hpzids01.dll
2009-01-11 23:41 . 2007-10-20 18:25 118,272 --a------ c:\windows\system32\hpz3l5mu.dll
2009-01-11 23:40 . 2007-10-21 11:45 581,632 -ra------ c:\windows\system32\hpotscl6.dll
2009-01-11 23:40 . 2007-10-30 04:25 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2009-01-11 23:40 . 2007-10-30 04:25 309,760 -ra------ c:\windows\system32\difxapi.dll
2009-01-11 23:40 . 2007-10-21 11:45 303,104 -ra------ c:\windows\system32\hpovst15.dll
2009-01-11 23:37 . 2009-01-11 23:37 0 --a------ c:\windows\system32\ŸÓŸÓ
2009-01-11 23:36 . 2009-01-11 23:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-01-11 23:36 . 2009-01-11 23:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-01-11 23:35 . 2009-01-11 23:35 <DIR> d-------- c:\program files\Common Files\HP
2009-01-11 23:33 . 2009-01-11 23:36 <DIR> d-------- c:\program files\HP
2009-01-11 23:31 . 2009-01-11 23:48 157,581 --a------ c:\windows\hpoins28.dat
2009-01-11 23:31 . 2007-12-12 19:01 932 --------- c:\windows\hpomdl28.dat
2009-01-11 16:44 . 2009-01-11 16:44 <DIR> d-------- c:\documents and settings\Christian\Bluetooth Software
2009-01-04 13:03 . 2009-01-05 18:39 <DIR> d-------- c:\program files\TrueCrypt
2009-01-04 13:03 . 2009-01-04 13:03 <DIR> d-------- c:\documents and settings\Christian\Application Data\TrueCrypt
2009-01-04 13:03 . 2009-01-04 13:03 215,872 --------- c:\windows\system32\drivers\truecrypt.sys
2009-01-04 01:43 . 2009-01-04 01:43 <DIR> d-------- c:\windows\SQLTools9_KB954606_ENU
2009-01-04 01:40 . 2009-01-04 01:40 <DIR> d-------- c:\windows\SQL9_KB954606_ENU
2009-01-03 07:29 . 2009-01-03 07:29 <DIR> d-------- c:\program files\MSDN Library
2009-01-03 05:54 . 2009-01-03 07:06 <DIR> d-------- c:\temp\MSDN Library for Visual Studio 2008 (x86 and x64 WoW) - DVD (English)
2009-01-03 05:10 . 2009-01-03 05:10 <DIR> d-------- c:\windows\system32\js
2009-01-03 05:10 . 2009-01-03 05:10 <DIR> d-------- c:\windows\system32\images
2009-01-03 05:10 . 2009-01-03 05:10 <DIR> d-------- c:\windows\system32\html
2009-01-03 05:10 . 2009-01-03 05:10 <DIR> d-------- c:\windows\system32\css
2009-01-03 05:10 . 2009-01-03 05:10 <DIR> d-------- c:\program files\Business Objects
2009-01-03 05:04 . 2009-01-04 01:43 <DIR> d-------- c:\program files\Microsoft SQL Server
2009-01-03 05:04 . 2009-01-03 05:04 <DIR> d-------- c:\program files\Microsoft Device Emulator
2009-01-03 05:03 . 2009-01-03 05:04 <DIR> d-------- c:\program files\Windows Mobile 5.0 SDK R2
2009-01-03 05:02 . 2009-01-03 05:02 <DIR> d-------- c:\program files\Microsoft Synchronization Services
2009-01-03 05:02 . 2009-01-03 05:02 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-01-03 04:56 . 2009-01-03 04:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-01-03 04:52 . 2009-01-03 04:52 <DIR> d-------- c:\windows\symbols
2009-01-03 04:50 . 2009-01-03 05:10 <DIR> d-------- c:\program files\Microsoft Visual Studio 9.0
2009-01-03 04:50 . 2009-01-03 04:50 <DIR> d-------- c:\program files\Microsoft SDKs
2009-01-03 04:50 . 2009-01-03 04:50 <DIR> d-------- c:\program files\CE Remote Tools
2009-01-03 04:49 . 2009-01-03 04:49 <DIR> d-------- c:\program files\Microsoft Web Designer Tools
2009-01-03 04:37 . 2009-01-03 04:37 <DIR> d-------- c:\windows\system32\de-DE
2009-01-03 04:05 . 2009-01-03 07:22 <DIR> d-------- c:\program files\IsoBuster
2009-01-02 11:56 . 2009-01-02 11:56 <DIR> d-------- c:\documents and settings\Christian\VSWebCache
2009-01-02 11:18 . 2009-01-02 11:21 <DIR> d-------- c:\program files\HTML Help Workshop
2009-01-02 11:18 . 2009-01-03 04:56 <DIR> d-------- c:\program files\Common Files\Merge Modules
2009-01-02 11:18 . 2009-01-02 11:20 <DIR> d-------- c:\program files\Common Files\Crystal Decisions
2009-01-02 11:17 . 2009-01-02 11:26 <DIR> d-------- c:\program files\Microsoft Visual Studio .NET 2003
2009-01-02 11:13 . 2004-05-12 18:39 876,653 --------- c:\windows\system32\dllcache\fp4awel.dll
2009-01-02 11:13 . 2003-03-24 10:52 94,208 --------- c:\windows\system32\dllcache\fpencode.dll
2009-01-02 09:06 . 2009-01-03 04:37 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-02 09:06 . 2009-01-02 09:06 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-02 09:05 . 2006-06-29 07:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-02 08:55 . 2009-01-03 05:57 <DIR> d-------- C:\Temp
2008-12-29 05:17 . 2008-12-29 05:17 <DIR> d-------- c:\windows\1st JavaScript Editor
2008-12-29 05:17 . 2008-12-29 05:19 <DIR> d-------- c:\program files\JavaScript Editor
2008-12-28 16:45 . 2007-04-09 07:23 28,040 --------- c:\windows\system32\mdimon.dll
2008-12-28 16:45 . 2009-01-03 05:12 836 --------- c:\windows\ODBC.INI
2008-12-28 16:44 . 2008-12-28 16:44 <DIR> d-------- c:\program files\Microsoft Office 2003
2008-12-28 16:42 . 2008-12-28 16:42 410,984 --------- c:\windows\system32\deploytk.dll
2008-12-28 16:36 . 2008-12-28 16:36 32 --------- c:\windows\CD_Start.INI
2008-12-28 16:02 . 2009-01-03 04:52 <DIR> d-------- c:\program files\MSBuild
2008-12-28 16:02 . 2008-12-28 16:03 <DIR> d-------- c:\program files\Microsoft Works
2008-12-28 16:01 . 2009-01-03 05:07 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-28 16:00 . 2008-12-28 16:00 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-12-28 15:59 . 2008-12-28 16:45 <DIR> d-------- c:\windows\SHELLNEW
2008-12-28 15:58 . 2008-12-28 15:58 <DIR> dr-h----- C:\MSOCache
2008-12-28 15:53 . 2009-01-23 17:03 <DIR> d-------- c:\program files\Mozilla Thunderbird
2008-12-28 15:50 . 2008-12-28 15:56 <DIR> d-------- c:\program files\MozBackup
2008-12-28 08:54 . 2009-01-15 21:29 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-28 08:35 . 2008-12-28 08:36 <DIR> dr-hs---- C:\RRbackups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 21:59 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-22 00:32 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-21 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-15 12:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-12 04:36 --------- d-----w c:\program files\Hewlett-Packard
2008-12-28 21:42 --------- d-----w c:\program files\Java
2008-12-28 16:25 --------- d-----w c:\program files\TopDesk
2008-12-28 14:32 --------- d-----w c:\documents and settings\Christian\Application Data\Lenovo
2008-12-28 14:32 --------- d-----w c:\documents and settings\All Users\Application Data\Lenovo
2008-12-28 14:32 --------- d-----w c:\documents and settings\Administrator\Application Data\Lenovo
2008-12-28 14:31 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Lenovo
2008-12-28 14:31 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\InstallShield
2008-12-28 14:26 --------- d-----w c:\program files\Picasa2
2008-12-28 14:26 --------- d-----w c:\program files\PCDR5
2008-12-28 14:26 --------- d-----w c:\program files\No23 Recorder
2008-12-28 14:26 --------- d-----w c:\program files\NetWaiting
2008-12-28 14:26 --------- d-----w c:\program files\Multimedia Center for Think Offerings
2008-12-28 14:26 --------- d-----w c:\program files\MSXML 6.0
2008-12-28 14:26 --------- d-----w c:\program files\Mindjet
2008-12-28 14:26 --------- d-----w c:\program files\microsoft frontpage
2008-12-28 14:26 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-28 14:26 --------- d-----w c:\program files\Lenovo Registration
2008-12-28 14:26 --------- d-----w c:\program files\Lenovo
2008-12-28 14:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 14:25 --------- d-----w c:\program files\iTunes
2008-12-28 14:25 --------- d-----w c:\program files\iPod
2008-12-28 14:25 --------- d-----w c:\program files\InterVideo
2008-12-28 14:25 --------- d-----w c:\program files\Intel
2008-12-28 14:25 --------- d-----w c:\program files\Google
2008-12-28 14:25 --------- d-----w c:\program files\Ghostscript
2008-12-28 14:25 --------- d-----w c:\program files\FreePDF_XP
2008-12-28 14:25 --------- d-----w c:\program files\Eudora
2008-12-28 14:21 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel
2008-12-28 14:18 --------- d-----w c:\documents and settings\Christian\Application Data\VirtuaWin
2008-12-28 14:18 --------- d-----w c:\documents and settings\Christian\Application Data\Tinn-R
2008-12-28 14:18 --------- d-----w c:\documents and settings\Christian\Application Data\Thunderbird
2008-12-28 14:18 --------- d-----w c:\documents and settings\Christian\Application Data\Thinking Minds Budiling Bytes
2008-12-28 14:18 --------- d-----w c:\documents and settings\Christian\Application Data\Qualcomm
2008-12-28 14:18 --------- d-----w c:\documents and settings\Christian\Application Data\noteMaNIA
2008-12-28 14:18 --------- d-----w c:\documents and settings\Christian\Application Data\InterVideo
2008-12-28 14:18 --------- d-----w c:\documents and settings\Christian\Application Data\Intel
2008-12-28 14:18 --------- d-----w c:\documents and settings\Christian\Application Data\InstallShield
2008-12-28 14:18 --------- d-----w c:\documents and settings\Christian\Application Data\Hewlett-Packard
2008-12-28 14:18 --------- d-----w c:\documents and settings\Christian\Application Data\CoolCalendar
2008-12-28 14:18 --------- d-----w c:\documents and settings\Christian\Application Data\Apple Computer
2008-12-28 14:17 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-28 14:17 --------- d-----w c:\documents and settings\All Users\Application Data\UIB
2008-12-28 14:17 --------- d-----w c:\documents and settings\All Users\Application Data\SBSI
2008-12-28 14:17 --------- d-----w c:\documents and settings\All Users\Application Data\PC-Doctor
2008-12-28 14:17 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2008-12-28 14:17 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2008-12-28 14:17 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-12-28 14:17 --------- d-----w c:\documents and settings\All Users\Application Data\Channel4
2008-12-28 14:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-28 14:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-12-28 14:17 --------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield
2008-12-11 11:57 333,184 ------w c:\windows\system32\drivers\srv.sys
2008-04-29 05:36 32,768 --sh--w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2008-04-29 06:01 32,768 --sh--w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008042820080429\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Rainlendar2 "= "c:\program files\Rainlendar2\Rainlendar2.exe" [2007-12-30 1365504]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck "= "c:\windows\system32\dumprep 0 -u" [X]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288]
"PWRMGRTR "= "c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-19 159744]
"BLOG "= "c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-19 208896]
"TPFNF7 "= "c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-03-28 58416]
"TPHOTKEY "= "c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"EZEJMNAP "= "c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-07 243248]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-28 925696]
"TVT Scheduler Proxy "= "c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-12-05 487424]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch "= "c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager "= "c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-01-11 144728]
"AMSG "= "c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"DiskeeperSystray "= "c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACTray "= "c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-03-27 413696]
"ACWLIcon "= "c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-03-27 126976]
"LPMailChecker "= "c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-01-11 124248]
"cssauth "= "c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-11-29 2872632]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-12-10 8495104]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-12-10 81920]
"DAEMON Tools-1033 "= "c:\program files\Virtual_Daemon\daemon.exe" [2004-08-22 81920]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"FreePDF Assistant "= "c:\program files\FreePDF_XP\fpassist.exe" [2007-04-25 311296]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HP Software Update "= "c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon "= "c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"TpShocks "= "TpShocks.exe" [2007-03-29 c:\windows\system32\TpShocks.exe]
"nwiz "= "nwiz.exe" [2007-12-10 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
abylonsoft Activate modules.lnk - c:\program files\SHREDDER\SAWipe.EXE [2008-08-14 1291088]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-04-28 50688]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-05-03 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 02:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-13 21:06 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-03-27 21:51 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Download\\Emule\\emule.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-03-02 100656]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-03-02 19760]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-04-29 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-04-29 6016]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-04-29 4442]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2007-12-05 46656]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-09-13 30336]
R4 apmSAWCtrl;apm - SAW control service;c:\program files\SHREDDER\SAWCtrlSer.EXE [2008-08-14 230224]
R4 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-12-05 520192]
R4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2007-12-05 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-07-30 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1209466798.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 10:56]

2009-01-23 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-12-19 11:14]
.
- - - - ORPHANS REMOVED - - - -

BHO-{5EF83912-DBE4-4434-9D71-C4CAFA7444F0} - c:\windows\system32\fccBqOFy.dll
HKCU-Run-CoolCalendar - c:\program files\Desktop Calendar\CoolCalendar.exe
HKCU-Run-Real Desktop - c:\program files\Real Desktop\Real Desktop.exe
HKCU-Run-CubeDesktop - (no file)
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - c:\program files\Eudora\EuShlExt.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MI699F~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: {22D4879A-92DB-470D-8A83-E158797D8176} - file:///D:/components/Liquid.ocx
FF - ProfilePath - c:\documents and settings\Christian\Application Data\Mozilla\Firefox\Profiles\409qnq7l.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ManageAccount
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 17:23:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2110669661-2188122984-3469669283-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC6C3305-22D5-7696-3787-6E3D68AD6268}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hanaeppkngpmengc "=hex:6e,62,63,67,6e,6f,6e,64,6d,6e,62,64,70,62,6c,6b,69,61,
63,61,6e,6e,68,62,6f,70,65,6d,70,6d,6d,65,6a,70,61,66,65,68,67,67,67,61,6b,\
"janaeppkngpmengcpcji "=hex:66,61,63,67,68,6f,6a,62,68,6c,61,61,00,f4
"pafajjmhdbljaleghddnpfchfelmahkn "=hex:65,61,63,67,6f,6f,68,6d,66,6c,00,61

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|é•A~*]
"7040710900063D11C8EF10054038389C "= "C?\\WINDOWS\\system32\\FM20ENU.DLL "
"7040110900063D11C8EF10054038389C "= "C?\\WINDOWS\\system32\\FM20ENU.DLL "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1388)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(1444)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\rundll32.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-01-23 17:28:24 - machine was rebooted [Christian]
ComboFix-quarantined-files.txt 2009-01-23 22:28:21

Pre-Run: 167,358,357,504 bytes free
Post-Run: 167,684,800,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

415 --- E O F --- 2009-01-15 12:42:28

 

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

http://www.windowsbbs.com/malware-virus-removal/80769-active-generic-host-process-win32.html#post440318
Collect::
c:\windows\system32\urqRJAPH.dll
c:\windows\system32\fccdbBqP.dll
c:\windows\gjqknwaw
File::
c:\windows\system32\ŸÃ“ŸÃ“
DirLook::
C:\savxpsa
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "UserFaultCheck "=-
DDS::
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
RegNull::
[HKEY_USERS\S-1-5-21-2110669661-2188122984-3469669283-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC6C3305-22D5-7696-3787-6E3D68AD6268}*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\User Data\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|é•A~*]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log here.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Please note that I have instructed CFScript to collect some files. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. If the upload fails you will be be presented with instructions for uploading it manually. Please do so and let me know the results. This will assist the author in adding the files for removal in future updates. Thanks!

 

Hi!

Sorry for the late answer but I was out of town and left my laptop at home.

I ran the program (with the script you wrote me) - but it didn't create a .zip file. Only again a log file. Is it possible that it was already uploaded?

Thanks for your help! Really appreciate it.

ck

 

Sorry for the wait. Please post the contents of the following files.

C:\ComboFix.txt
C:\Qoobox\ComboFix-quarantined-files.txt