Solved Generic Host Process Win32 Error

cheesyatosu · 2009/01/24

[Resolved] Generic Host Process Win32 Error

Hello,

Like many before me, my wife's laptop is getting that blasted Generic Host Process error and automatically restarting without any option to ignore/close the window. It will suddenly pop up and start the countdown. She has been having a lot of problems lately with viruses, regardless of being protected by AVG. I thought they were the end all of virus protections...

She is also having problems with Google being redirected to ad pages and the like, much like others. So I am going to post her DDS and HJT logs below and hope that you can help out! Thank you so much in advance!

DDS (Ver_09-01-19.01) - NTFSx86
Run by Morgan Reed at 21:29:50.56 on 2009-01-24
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.432 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Morgan Reed\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hotmail.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=Userinit.exe,
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {40809112-7411-4124-bf5c-84dfcb59a7ff} - c:\windows\system32\geBtQhhE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe "
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe "
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Snavoheraf] rundll32.exe "c:\windows\Rkanozabocuka.dll ",e
mRun: [Tcuborunifus] rundll32.exe "c:\windows\orilijosifaduju.dll ",e
dRun: [msiexec.exe] msiconf.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\morgan~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - file:///C:/Documents%20and%20Settings/Morgan%20Reed/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {9012DD7E-8FC0-4902-B563-E1484BFBECD8} = 68.87.69.146,68.87.85.98
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
SecurityProviders: msapsspc.dll schannel.dll digest.dll msnsspc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\morgan~1\applic~1\mozilla\firefox\profiles\0gvbh6u4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\morgan reed\application data\mozilla\firefox\profiles\0gvbh6u4.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\morgan reed\application data\mozilla\firefox\profiles\0gvbh6u4.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: XUL Cache: {CB84A641-894E-4957-BDF2-E2A288E9C649} - c:\documents and settings\morgan reed\local settings\application data\{CB84A641-894E-4957-BDF2-E2A288E9C649}
FF - HiddenExtension: XUL Cache: {E6C97080-C59E-4564-9FBE-484E5AFBDFE5} - c:\windows\system32\config\systemprofile\local settings\application data\{e6c97080-c59e-4564-9fbe-484e5afbdfe5}\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

FF - user.js: browser.sessionstore.resume_from_crash - false

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-5 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-5 26824]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-5 231704]
R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-12 47640]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-11-5 25968]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-28 24652]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [2004-1-26 728083]
S4 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile= "%1" %*

=============== Created Last 30 ================

2009-01-24 21:21 <DIR> --d----- c:\program files\Trend Micro
2009-01-05 17:37 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-05 17:37 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-05 17:37 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-05 17:37 <DIR> --d----- c:\docume~1\morgan~1\applic~1\AVGTOOLBAR
2009-01-05 17:37 <DIR> --d----- c:\program files\AVG
2009-01-05 14:16 91,328 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-01-05 14:16 116,416 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-01-05 14:12 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-01-05 14:09 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-01-05 04:34 491 a------- c:\windows\system32\win32hlp.cnf
2009-01-05 04:32 1 a------- c:\windows\system32\uniq.tll
2009-01-04 21:00 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-04 20:18 <DIR> --d----- c:\program files\CCleaner
2009-01-04 08:51 91,648 -------- c:\windows\system32\vbqkbraw.dll
2009-01-02 18:17 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-02 14:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-01 21:57 1,307,356 ---sh--- c:\windows\system32\newwkedi.ini

==================== Find3M ====================

2008-12-12 22:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 02:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 02:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-21 13:46 1,044,480 ac------ c:\windows\system32\libdivx.dll
2008-11-21 13:46 200,704 ac------ c:\windows\system32\ssldivx.dll
2008-10-31 12:46 3,558 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2007-07-23 12:23 251 ac------ c:\program files\wt3d.ini
2007-03-02 11:06 20,142 ac------ c:\docume~1\morgan~1\applic~1\wklnhst.dat
2008-09-05 21:33 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 21:31:42.68 ===============

DDS (Ver_09-01-19.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2006-01-05 9:33:27 PM
System Uptime: 2009-01-24 9:08:06 PM (0 hours ago)

Motherboard: Dell Inc. | |
Processor: Intel(R) Pentium(R) M processor 2.00GHz | Microprocessor | 1995/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 69 GiB total, 25.501 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\18580D21314FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\18580D21314FC000
Service: NIC1394

==== System Restore Points ===================

RP723: 2009-01-01 9:56:33 PM - System Checkpoint
RP724: 2009-01-01 9:56:34 PM - System Checkpoint
RP725: 2009-01-01 9:56:34 PM - System Checkpoint
RP726: 2009-01-01 9:56:34 PM - System Checkpoint
RP727: 2009-01-01 9:56:35 PM - System Checkpoint
RP728: 2009-01-01 9:56:36 PM - System Checkpoint
RP729: 2009-01-01 9:56:36 PM - System Checkpoint
RP730: 2009-01-01 9:56:36 PM - System Checkpoint
RP731: 2009-01-01 9:56:36 PM - System Checkpoint
RP732: 2009-01-01 9:56:37 PM - System Checkpoint
RP733: 2009-01-01 9:56:37 PM - System Checkpoint
RP734: 2009-01-01 9:56:37 PM - Software Distribution Service 3.0
RP735: 2009-01-01 9:56:37 PM - System Checkpoint
RP736: 2009-01-01 9:56:38 PM - System Checkpoint
RP737: 2009-01-01 9:56:38 PM - System Checkpoint
RP738: 2009-01-01 9:56:39 PM - System Checkpoint
RP739: 2009-01-01 9:56:39 PM - System Checkpoint
RP740: 2009-01-01 9:56:39 PM - Software Distribution Service 3.0
RP741: 2009-01-01 9:56:40 PM - System Checkpoint
RP742: 2009-01-01 9:56:40 PM - System Checkpoint
RP743: 2009-01-01 9:56:40 PM - System Checkpoint
RP744: 2009-01-01 9:56:41 PM - System Checkpoint
RP745: 2009-01-01 9:56:42 PM - System Checkpoint
RP746: 2009-01-01 9:56:43 PM - System Checkpoint
RP747: 2009-01-01 9:56:43 PM - System Checkpoint
RP748: 2009-01-01 9:56:44 PM - System Checkpoint
RP749: 2009-01-01 9:56:44 PM - System Checkpoint
RP750: 2009-01-01 9:56:45 PM - System Checkpoint
RP751: 2009-01-01 9:56:45 PM - System Checkpoint
RP752: 2009-01-01 9:56:46 PM - System Checkpoint
RP753: 2009-01-01 9:56:47 PM - System Checkpoint
RP754: 2009-01-01 9:56:47 PM - System Checkpoint
RP755: 2009-01-01 9:56:49 PM - System Checkpoint
RP756: 2009-01-01 9:56:50 PM - System Checkpoint
RP757: 2009-01-01 9:56:50 PM - System Checkpoint
RP758: 2009-01-01 9:56:51 PM - Software Distribution Service 3.0
RP759: 2009-01-01 9:56:52 PM - System Checkpoint
RP760: 2009-01-01 9:56:53 PM - System Checkpoint
RP761: 2009-01-01 9:56:54 PM - System Checkpoint
RP762: 2009-01-01 9:56:55 PM - System Checkpoint
RP763: 2009-01-01 9:56:55 PM - System Checkpoint
RP764: 2009-01-01 9:56:56 PM - System Checkpoint
RP765: 2009-01-01 9:56:56 PM - System Checkpoint
RP766: 2009-01-01 9:56:57 PM - System Checkpoint
RP767: 2009-01-01 9:56:58 PM - System Checkpoint
RP768: 2009-01-01 9:56:58 PM - System Checkpoint
RP769: 2009-01-01 9:56:58 PM - System Checkpoint
RP770: 2009-01-01 9:56:59 PM - System Checkpoint
RP771: 2009-01-01 9:57:00 PM - System Checkpoint
RP772: 2009-01-01 9:57:01 PM - System Checkpoint
RP773: 2009-01-01 9:57:01 PM - System Checkpoint
RP774: 2009-01-01 9:57:01 PM - System Checkpoint
RP775: 2009-01-01 9:57:02 PM - System Checkpoint
RP776: 2009-01-01 9:57:02 PM - System Checkpoint
RP777: 2009-01-01 9:57:02 PM - System Checkpoint
RP778: 2009-01-01 9:57:03 PM - System Checkpoint
RP779: 2009-01-01 9:57:03 PM - System Checkpoint
RP780: 2009-01-01 9:57:03 PM - System Checkpoint
RP781: 2009-01-01 9:57:03 PM - System Checkpoint
RP782: 2009-01-01 9:57:04 PM - System Checkpoint
RP783: 2009-01-01 9:57:05 PM - System Checkpoint
RP784: 2009-01-01 9:57:06 PM - System Checkpoint
RP785: 2009-01-01 9:57:07 PM - System Checkpoint
RP786: 2009-01-01 9:57:09 PM - Installed LogMeIn
RP787: 2009-01-01 9:57:10 PM - Software Distribution Service 3.0
RP788: 2009-01-01 9:57:10 PM - System Checkpoint
RP789: 2009-01-01 9:57:11 PM - System Checkpoint
RP790: 2009-01-01 9:57:12 PM - Installed Netflix Movie Viewer
RP791: 2009-01-01 9:57:12 PM - System Checkpoint
RP792: 2009-01-01 9:57:13 PM - System Checkpoint
RP793: 2009-01-01 9:57:13 PM - Software Distribution Service 3.0
RP794: 2009-01-01 9:57:14 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP795: 2009-01-01 9:57:14 PM - System Checkpoint
RP796: 2009-01-01 9:57:15 PM - System Checkpoint
RP797: 2009-01-01 9:57:16 PM - System Checkpoint
RP798: 2009-01-01 9:57:16 PM - System Checkpoint
RP799: 2009-01-01 9:57:17 PM - System Checkpoint
RP800: 2009-01-01 9:57:17 PM - System Checkpoint
RP801: 2009-01-01 9:57:18 PM - System Checkpoint
RP802: 2009-01-01 9:57:18 PM - System Checkpoint
RP803: 2009-01-01 9:57:20 PM - System Checkpoint
RP804: 2009-01-01 9:57:21 PM - System Checkpoint
RP805: 2009-01-01 9:57:21 PM - System Checkpoint
RP806: 2009-01-01 9:57:21 PM - System Checkpoint
RP807: 2009-01-01 9:57:22 PM - System Checkpoint
RP808: 2009-01-01 9:57:22 PM - System Checkpoint
RP809: 2009-01-05 4:46:40 PM - Microsoft OneCare Protection Checkpoint
RP810: 2009-01-14 7:54:10 PM - System Checkpoint
RP811: 2009-01-15 9:40:43 PM - System Checkpoint

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
Ahead Nero Burning Rom PlugIn Pack 2.0.2 by MadHacker2k4
AIM 6
ALPS Touch Pad Driver
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
AVG Free 8.0
Banctec Service Agreement
Bonjour
Broadcom Management Programs 2
CCleaner (remove only)
Conexant D110 MDC V.9x Modem
Corel Photo Album 6
CustomerResearchQFolder
Dell Digital Jukebox Driver
Dell Game Console
Dell Printer Software Uninstall
Dell Software Uninstall
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
DivX Web Player
DocProc
DocProcQFolder
DocumentViewerQFolder
DVD Shrink 3.2
Google AFE
GTOneCare
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Malwarebytes' Anti-Malware
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project Professional 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Protection Service
Microsoft Software Update for Web Folders (English) 12
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Live OneCare Resources v2.5.2900.20
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.20
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.5)
mPfMgr
mPfWiz
mProSafe
mSSO
mToolkit
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mXML
MySpaceIM
mZConfig
Nero 6 Ultra Edition
Nero Digital
Netflix Movie Viewer
NetWaiting
OCR Software by I.R.I.S 7.0
PokerStars
Polar Bowler
Polar Golfer
PowerDVD 5.5
PX Engine
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
Ready Reference Bookshelf
RealPlayer
Roxio Backup MyPC
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Shockwave
Sonic Copy Module
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Data
Sonic Update Manager
spookyscr.exe
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Virtual Earth 3D (Beta)
VLC media player 0.9.4
WebFldrs XP
WebReg
WildTangent Web Driver
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
Works Upgrade
Yahoo! Install Manager
Zune Desktop Theme

==== Event Viewer Messages From Past Week ========

2009-01-19 3:19:30 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2009-01-19 3:19:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
2009-01-19 3:18:29 PM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
2009-01-19 3:15:25 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
2009-01-19 3:15:25 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
2009-01-19 3:00:01 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: General access denied error
2009-01-19 3:00:01 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: General access denied error
2009-01-19 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: General access denied error
2009-01-19 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: General access denied error
2009-01-19 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: General access denied error
2009-01-19 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: General access denied error
2009-01-19 12:05:13 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2009-01-19 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: General access denied error
2009-01-19 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: General access denied error
2009-01-19 11:06:15 AM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2009-01-19 11:06:15 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
2009-01-19 11:06:14 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments " " in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
2009-01-19 11:00:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: General access denied error
2009-01-19 11:00:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: General access denied error
2009-01-19 10:00:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: General access denied error
2009-01-19 10:00:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: General access denied error
2009-01-19 9:00:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: General access denied error
2009-01-19 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: General access denied error
2009-01-19 8:00:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: General access denied error
2009-01-19 8:00:00 AM, error: Schedule [7901] - The At33.job command failed to start due to the following error: General access denied error
2009-01-19 7:00:01 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: General access denied error
2009-01-19 7:00:00 AM, error: Schedule [7901] - The At32.job command failed to start due to the following error: General access denied error
2009-01-19 6:55:29 AM, error: MSFWDrv [9] - The device, , did not respond within the timeout period.
2009-01-18 6:00:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: General access denied error
2009-01-18 6:00:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: General access denied error
2009-01-18 5:00:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: General access denied error
2009-01-18 5:00:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: General access denied error
2009-01-18 4:00:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: General access denied error
2009-01-18 4:00:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: General access denied error
2009-01-18 6:00:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: General access denied error
2009-01-18 6:00:00 AM, error: Schedule [7901] - The At31.job command failed to start due to the following error: General access denied error
2009-01-18 5:00:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: General access denied error
2009-01-18 5:00:00 AM, error: Schedule [7901] - The At30.job command failed to start due to the following error: General access denied error
2009-01-18 4:00:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: General access denied error
2009-01-18 4:00:00 AM, error: Schedule [7901] - The At29.job command failed to start due to the following error: General access denied error
2009-01-18 3:00:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
2009-01-18 3:00:00 AM, error: Schedule [7901] - The At28.job command failed to start due to the following error: General access denied error
2009-01-18 2:00:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
2009-01-18 2:00:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: General access denied error
2009-01-18 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: General access denied error
2009-01-18 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
2009-01-18 12:57:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
2009-01-18 12:45:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: General access denied error
2009-01-17 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: General access denied error
2009-01-17 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: General access denied error
2009-01-17 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: General access denied error
2009-01-17 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: General access denied error
2009-01-17 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: General access denied error
2009-01-17 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: General access denied error
2009-01-17 8:00:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: General access denied error
2009-01-17 8:00:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: General access denied error
2009-01-17 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: General access denied error
2009-01-17 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: General access denied error
2009-01-19 3:21:33 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments " " in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
2009-01-19 3:21:34 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
2009-01-19 3:21:34 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2009-01-21 1:55:20 AM, error: Print [19] - Sharing printer failed + 1722, Printer Intuit Internal Printer share name Printer2.
2009-01-24 2:35:44 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2009-01-24 2:35:44 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22, on 2009-01-24
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=Userinit.exe,
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {40809112-7411-4124-BF5C-84DFCB59A7FF} - C:\WINDOWS\system32\geBtQhhE.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Snavoheraf] rundll32.exe "C:\WINDOWS\Rkanozabocuka.dll ",e
O4 - HKLM\..\Run: [Tcuborunifus] rundll32.exe "C:\WINDOWS\orilijosifaduju.dll ",e
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file:///C:/Documents%20and%20Settings/Morgan%20Reed/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9012DD7E-8FC0-4902-B563-E1484BFBECD8}: NameServer = 68.87.69.146,68.87.85.98
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12991 bytes

noahdfear · 2009/01/25

Welcome to WindowsBBS cheesyatosu

Definitely some infections aboard. Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix

Download ComboFix by sUBs from here, saving the file to your desktop.

Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click ComboFix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

cheesyatosu · 2009/01/26

ComboFix Log

Here is the log for the ComboFix. Thank you!

ComboFix 09-01-21.04 - Morgan Reed 2009-01-25 23:29:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.587 [GMT -8:00]
Running from: c:\documents and settings\Morgan Reed\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Morgan Reed\Application Data\FunWebProducts
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekayevgdxbd.sys
c:\windows\system32\newwkedi.ini
c:\windows\system32\senekabftoirql.dll
c:\windows\system32\senekacjmootko.dat
c:\windows\system32\senekadf.dat
c:\windows\system32\senekadoylydwt.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekaxurrvitm.dll
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\vbqkbraw.dll
c:\windows\system32\win32hlp.cnf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA

((((((((((((((((((((((((( Files Created from 2008-12-26 to 2009-01-26 )))))))))))))))))))))))))))))))
.

2009-01-24 21:21 . 2009-01-24 21:21 <DIR> d-------- c:\program files\Trend Micro
2009-01-05 17:37 . 2009-01-25 13:53 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-05 17:37 . 2009-01-05 17:37 <DIR> d-------- c:\program files\AVG
2009-01-05 17:37 . 2009-01-05 17:37 <DIR> d-------- c:\documents and settings\Morgan Reed\Application Data\AVGTOOLBAR
2009-01-05 17:37 . 2009-01-05 17:37 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-05 17:37 . 2009-01-05 17:37 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-04 21:00 . 2009-01-04 20:59 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-04 20:18 . 2009-01-04 20:18 <DIR> d-------- c:\program files\CCleaner
2009-01-02 18:17 . 2009-01-20 12:40 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-02 14:17 . 2009-01-05 17:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 02:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-05 22:22 --------- d-----w c:\program files\Lavasoft
2009-01-05 04:59 --------- d-----w c:\program files\Java
2009-01-05 02:44 --------- d-----w c:\program files\NOS
2009-01-05 02:44 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-01-05 02:41 --------- d-----w c:\program files\Hewlett-Packard
2009-01-05 02:39 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-01-05 02:39 --------- d-----w c:\program files\Common Files\HP
2009-01-03 05:48 --------- d-----w c:\program files\HP
2009-01-02 17:12 --------- d-----w c:\program files\Real
2008-12-31 18:14 --------- d-----w c:\program files\DivX
2008-12-15 19:58 --------- d-----w c:\program files\Netflix
2008-12-12 19:53 --------- d-----w c:\documents and settings\All Users\Application Data\LogMeIn
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-30 04:40 --------- d-----w c:\program files\DOSBox-0.70
2008-11-30 02:02 --------- d-----w c:\program files\PokerStars
2008-11-28 06:21 --------- d--h--w c:\documents and settings\Morgan Reed\Application Data\Move Networks
2007-07-23 20:23 251 -c--a-w c:\program files\wt3d.ini
2007-03-02 19:06 20,142 -c--a-w c:\documents and settings\Morgan Reed\Application Data\wklnhst.dat
2008-09-06 05:33 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090520080906\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupport "= "c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Apoint "= "c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"Dell QuickSet "= "c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MimBoot "= "c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192]
"Corel Photo Downloader "= "c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-16 106496]
"DAEMON Tools "= "c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-10 185896]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-05 1261336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

c:\documents and settings\Morgan Reed\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-12-30 156784]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)
"NoActiveDesktopChanges "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 14:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo "= ucdvfw.dll
"VIDC.YV12 "= xl_yv12.dll
"VIDC.XJPG "= camfc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\1136700599\\ee\\aolsoftware.exe "=
"c:\\Program Files\\Common Files\\AOL\\1136700599\\ee\\aim6.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Documents and Settings\\Morgan Reed\\My Documents\\Unused\\utorrent.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-05 97928]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-05 231704]
R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-12 47640]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-01-28 24652]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [2004-01-26 728083]
S4 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fab9d1a7-f2bf-11db-baf7-0013cef50a27}]
\Shell\AutoRun\command - f:\jdsecure\Windows\JDSecure31.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-25 c:\windows\Tasks\At1.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At10.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At11.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At12.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At13.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At14.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At15.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At16.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-26 c:\windows\Tasks\At17.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-26 c:\windows\Tasks\At18.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-26 c:\windows\Tasks\At19.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At2.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At20.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At21.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At22.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At23.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-26 c:\windows\Tasks\At24.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At25.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At26.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At27.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At28.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At29.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At3.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At30.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At31.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At32.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At33.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At34.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At35.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At36.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At37.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At38.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At39.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At4.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At40.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-26 c:\windows\Tasks\At41.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-26 c:\windows\Tasks\At42.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-26 c:\windows\Tasks\At43.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At44.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At45.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At46.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At47.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-26 c:\windows\Tasks\At48.job
- c:\windows\system32\uutnM4xI.exe []

2009-01-25 c:\windows\Tasks\At5.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At6.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At7.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At8.job
- c:\windows\system32\c5L3m2Or.exe []

2009-01-25 c:\windows\Tasks\At9.job
- c:\windows\system32\c5L3m2Or.exe []

2007-01-28 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1156221520.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]

2009-01-26 c:\windows\Tasks\hixtkgaf.job
- c:\windows\system32\fccdCTKb.dll []
.
- - - - ORPHANS REMOVED - - - -

BHO-{40809112-7411-4124-BF5C-84DFCB59A7FF} - c:\windows\system32\geBtQhhE.dll
HKLM-Run-Snavoheraf - c:\windows\Rkanozabocuka.dll
HKLM-Run-Tcuborunifus - c:\windows\orilijosifaduju.dll
HKU-Default-Run-msiexec.exe - msiconf.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
TCP: {9012DD7E-8FC0-4902-B563-E1484BFBECD8} = 68.87.69.146,68.87.85.98
FF - ProfilePath - c:\documents and settings\Morgan Reed\Application Data\Mozilla\Firefox\Profiles\0gvbh6u4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\Morgan Reed\Application Data\Mozilla\Firefox\Profiles\0gvbh6u4.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\Morgan Reed\Application Data\Mozilla\Firefox\Profiles\0gvbh6u4.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

FF - user.js: browser.sessionstore.resume_from_crash - false
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 23:40:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-25 23:46:11 - machine was rebooted [Morgan Reed]
ComboFix-quarantined-files.txt 2009-01-26 07:45:57

Pre-Run: 27,500,376,064 bytes free
Post-Run: 27,958,788,096 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
359 --- E O F --- 2009-01-15 02:04:26

noahdfear · 2009/01/26

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
 "SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "
AtJob::
Please reboot to safe mode and logon to the same user account.
Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done (allow it to start in normal mode). A log will open when it's complete. Post the contents of that log.

If the computer does not restart on it's own, restart in normal mode and post the new ComboFix log located at C:\ComboFix.txt

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

cheesyatosu · 2009/01/26

Aw ****, I thought I had disabled it... Sorry. Here is the new log after following your instructions. Thanks again for your help!

ComboFix 09-01-21.04 - Morgan Reed 2009-01-26 20:58:32.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.798 [GMT -8:00]
Running from: c:\documents and settings\Morgan Reed\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Morgan Reed\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
.

2009-01-24 21:21 . 2009-01-24 21:21 <DIR> d-------- c:\program files\Trend Micro
2009-01-05 17:37 . 2009-01-05 17:37 <DIR> d-------- c:\program files\AVG
2009-01-04 21:00 . 2009-01-04 20:59 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-04 20:18 . 2009-01-04 20:18 <DIR> d-------- c:\program files\CCleaner
2009-01-02 14:17 . 2009-01-26 20:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 02:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-05 22:22 --------- d-----w c:\program files\Lavasoft
2009-01-05 04:59 --------- d-----w c:\program files\Java
2009-01-05 02:44 --------- d-----w c:\program files\NOS
2009-01-05 02:44 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-01-05 02:41 --------- d-----w c:\program files\Hewlett-Packard
2009-01-05 02:39 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-01-05 02:39 --------- d-----w c:\program files\Common Files\HP
2009-01-03 05:48 --------- d-----w c:\program files\HP
2009-01-02 17:12 --------- d-----w c:\program files\Real
2008-12-31 18:14 --------- d-----w c:\program files\DivX
2008-12-15 19:58 --------- d-----w c:\program files\Netflix
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 19:53 --------- d-----w c:\documents and settings\All Users\Application Data\LogMeIn
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-30 04:40 --------- d-----w c:\program files\DOSBox-0.70
2008-11-30 02:02 --------- d-----w c:\program files\PokerStars
2008-11-28 06:21 --------- d--h--w c:\documents and settings\Morgan Reed\Application Data\Move Networks
2008-11-21 21:46 200,704 -c--a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 -c--a-w c:\windows\system32\libdivx.dll
2008-10-31 20:46 3,558 -csha-w c:\windows\system32\KGyGaAvL.sys
2007-07-23 20:23 251 -c--a-w c:\program files\wt3d.ini
2007-03-02 19:06 20,142 -c--a-w c:\documents and settings\Morgan Reed\Application Data\wklnhst.dat
2008-09-06 05:33 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090520080906\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupport "= "c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Apoint "= "c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"Dell QuickSet "= "c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MimBoot "= "c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192]
"Corel Photo Downloader "= "c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-16 106496]
"DAEMON Tools "= "c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-10 185896]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

c:\documents and settings\Morgan Reed\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-12-30 156784]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)
"NoActiveDesktopChanges "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 14:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo "= ucdvfw.dll
"VIDC.YV12 "= xl_yv12.dll
"VIDC.XJPG "= camfc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\1136700599\\ee\\aolsoftware.exe "=
"c:\\Program Files\\Common Files\\AOL\\1136700599\\ee\\aim6.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Documents and Settings\\Morgan Reed\\My Documents\\Unused\\utorrent.exe "=

S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [2004-01-26 728083]
S4 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-12 47640]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-01-28 24652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fab9d1a7-f2bf-11db-baf7-0013cef50a27}]
\Shell\AutoRun\command - f:\jdsecure\Windows\JDSecure31.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-01-28 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1156221520.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]

2009-01-26 c:\windows\Tasks\hixtkgaf.job
- c:\windows\system32\fccdCTKb.dll []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
TCP: {9012DD7E-8FC0-4902-B563-E1484BFBECD8} = 68.87.69.146,68.87.85.98
FF - ProfilePath - c:\documents and settings\Morgan Reed\Application Data\Mozilla\Firefox\Profiles\0gvbh6u4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\Morgan Reed\Application Data\Mozilla\Firefox\Profiles\0gvbh6u4.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\Morgan Reed\Application Data\Mozilla\Firefox\Profiles\0gvbh6u4.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

FF - user.js: browser.sessionstore.resume_from_crash - false
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 21:03:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\MORGAN~1\LOCALS~1\Temp\Perflib_Perfdata_1b4.dat 16384 bytes

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(288)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-01-26 21:07:15
ComboFix-quarantined-files.txt 2009-01-27 05:05:59
ComboFix2.txt 2009-01-26 07:46:20

Pre-Run: 29,064,802,304 bytes free
Post-Run: 29,041,373,184 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
194 --- E O F --- 2009-01-15 02:04:26

noahdfear · 2009/01/26

I didn't mean to imply that you hadn't disabled your realtime protections on the first run .... just a reminder to disable it when running ComboFix.

Please delete the following scheduled task.

c:\windows\Tasks\hixtkgaf.job

Now do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.

Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

Click View scan report at the bottom.

Click the Save Report As... button.

Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.

Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

cheesyatosu · 2009/01/27

Haha. I didn't want my wrists slapped already on my first posts on this board!

Here is the scan log from Kaspersky. Thanks!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, January 27, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, January 27, 2009 05:31:27
Records in database: 1703638
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 101050
Threat name: 3
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 12:48:36

File name / Threat name / Threats count
C:\Documents and Settings\Morgan Reed\.housecall6.6\Quarantine\upgrade.exe.bac_a00500 Infected: not-a-virus:AdWare.Win32.OneStep.a 1
C:\Documents and Settings\Morgan Reed\.housecall6.6\Quarantine\upgrade.exe.bac_a00500 Infected: not-a-virus:AdWare.Win32.OneStep.c 2
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1

The selected area was scanned.

noahdfear · 2009/01/27

Looks good. I'm guessing the housecall folder is from an online scan?? If so, you can delete the whole folder.

C:\Documents and Settings\Morgan Reed\.housecall6.6

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

Delete dds.scr on the desktop.
You can delete any other logs that were created/saved too.
Empty the recycle bin when done.

Recommend you uninstall the following outdated Java modules as well.

Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1

That should finish things up. Everything appear to be working normally?

cheesyatosu · 2009/01/27

My wife reports that everything has been working great, and she is actually sent to google.com when she types that in instead of some random page. Thanks again for your help!

noahdfear · 2009/01/27

That's great. You're very welcome. Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!

Log in or Sign up

Solved Generic Host Process Win32 Error

cheesyatosu Inactive Thread Starter

noahdfear Inactive

cheesyatosu Inactive Thread Starter

noahdfear Inactive

cheesyatosu Inactive Thread Starter

noahdfear Inactive

cheesyatosu Inactive Thread Starter

noahdfear Inactive

cheesyatosu Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Solved Generic Host Process Win32 Error

cheesyatosu Inactive Thread Starter

noahdfear Inactive

cheesyatosu Inactive Thread Starter

noahdfear Inactive

cheesyatosu Inactive Thread Starter

noahdfear Inactive

cheesyatosu Inactive Thread Starter

noahdfear Inactive

cheesyatosu Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches