davikut
2009-12-13, 19:37
Hi,I had posted this thread on nov 9th.. http://forums.spybot.info/showthread.php?t=53645&highlight=malware+removal
As per the replier's(Blade81) directions I had downloaded and run ddr.scr..Here are the log files requested..Thanks for the reply & hope u'll help me out.
DDR.txt
DDS (Ver_09-12-01.01) - NTFSx86
Run by ADMIN at 23:43:14.42 on Sun 12/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1411 [GMT 5.5:30]
AV: avast! antivirus 4.8.1356 [VPS 091213-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Huawei\MT841\dslagent.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webshots\Webshots.scr
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ADMIN\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32*\smss.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\rpbrowserrecordplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Sumanya] c:\windows\debug\winllg.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [DSLAGENTEXE] c:\program files\huawei\mt841\dslagent.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Sumanya] c:\windows\debug\winlng.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245148268265
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245221188109
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {6B5B4B3D-DC5A-45C9-A01F-0666C367EF2C} = 218.248.240.208 61.1.96.69
Notify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Authentication Packages = msv1_0 nwv1_0 nwprovau
LSA: Notification Packages = scecli ACGina
mASetup: {23KLN5J0-4OPM-11WE-AAX5-24EF1F387232} - c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\8u5rik1g.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\real\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\netscape6\nprpjplug.dll
FF - plugin: c:\program files\vlc\npvlc.dll
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-17 114768]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-12 13480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-17 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-17 138680]
R2 LFKAS;Service of LFKA;c:\program files\lenovo\atk hotkey\LFKAS.exe [2009-6-16 208896]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-6-18 53248]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-17 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-17 352920]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-4-29 108032]
S3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\ilmsmm.sys --> c:\windows\system32\drivers\ilmsmm.sys [?]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe --> c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe [?]
=============== Created Last 30 ================
2009-11-24 01:28:33 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-24 01:18:55 0 d-----w- c:\program files\bfgclient
2009-11-24 01:13:08 0 d-----w- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2009-11-24 01:11:48 207880 ----a-w- c:\program files\righteous-kill-2_s1_l1_gF5041T1L1_d701615298.exe
2009-11-21 14:55:00 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-11-21 14:55:00 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-11-21 14:51:50 0 d-----w- c:\windows\system32\AGEIA
2009-11-21 04:35:38 0 d-----w- c:\docume~1\admin\applic~1\GTM_Bodie
2009-11-20 23:01:24 0 d-----w- c:\program files\Ghost Town Mysteries - Bodie
2009-11-20 20:54:40 0 d-----w- c:\docume~1\alluse~1\applic~1\GameHouse
2009-11-20 20:53:16 0 d-----w- c:\program files\Campfire Legends The Hookman
2009-11-20 20:52:43 0 d-----w- c:\program files\ReflexiveArcade
==================== Find3M ====================
2009-11-13 12:07:57 389120 ----a-w- c:\windows\system32\cmd.exe
2009-11-12 05:04:26 33280 ----a-w- c:\windows\system32\rundll32.exe
2009-11-11 15:31:56 26112 ----a-w- c:\windows\system32\userinit.exe
2009-11-08 12:23:07 348160 ----a-w- c:\windows\system32\msvcr71.dll
============= FINISH: 23:43:30.10 ===============
[B]Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/16/2009 5:19:36 PM
System Uptime: 12/13/2009 11:13:21 PM (0 hours ago)
Motherboard: LENOVO | | 2743A61
Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz | Socket 478 | 1995/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 58 GiB total, 40.263 GiB free.
D: is FIXED (NTFS) - 58 GiB total, 38.74 GiB free.
E: is FIXED (NTFS) - 59 GiB total, 49.531 GiB free.
F: is CDROM ()
G: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 12/13/2009 5:31:45 PM - System Checkpoint
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Apple Software Update
Avanquest update
avast! Antivirus
Big Fish Games Client
Bonjour
Conexant HD Audio
Critical Update for Windows Media Player 11 (KB959772)
Ghost Town Mysteries - Bodie
Google Chrome
Google Earth
Google Talk (remove only)
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Huawei MT841
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Karunya University
Lenovo System Interface Driver
Lenovo System Toolbox
Lenovo_ATK_Package
LiveUpdate 3.3 (Symantec Corporation)
Message Center Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Motorola Driver Installation
Motorola Phone Tools
Mozilla Firefox (3.5)
MSXML 4.0 SP2 (KB954430)
Need for Speed™ SHIFT Demo
neroxml
NICI (Shared) U.S./Worldwide (128 bit) (2.7.0-2)
NMAS Challenge Response Method
NMAS Client
Novell Client for Windows
NVIDIA Drivers
NVIDIA PhysX
On Screen Display
Picasa 3
Presentation Director
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Startup Delayer v2.5 (build 138)
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Power Management Driver for SL Series
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
Total Video Converter 3.10
UltraISO Premium V9.33
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VLC media player 0.9.9
WebFldrs XP
Webshots Desktop
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
12/8/2009 2:42:28 PM, error: Service Control Manager [7000] - The MAC Bridge Miniport service failed to start due to the following error: The system cannot find the file specified.
12/13/2009 5:31:30 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/13/2009 12:54:06 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
12/12/2009 12:24:04 PM, error: Service Control Manager [7000] - The rimmptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/12/2009 11:25:55 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
==== End Of File ===========================
As per the replier's(Blade81) directions I had downloaded and run ddr.scr..Here are the log files requested..Thanks for the reply & hope u'll help me out.
DDR.txt
DDS (Ver_09-12-01.01) - NTFSx86
Run by ADMIN at 23:43:14.42 on Sun 12/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1411 [GMT 5.5:30]
AV: avast! antivirus 4.8.1356 [VPS 091213-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Huawei\MT841\dslagent.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webshots\Webshots.scr
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ADMIN\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32*\smss.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\rpbrowserrecordplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Sumanya] c:\windows\debug\winllg.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [DSLAGENTEXE] c:\program files\huawei\mt841\dslagent.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Sumanya] c:\windows\debug\winlng.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245148268265
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245221188109
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {6B5B4B3D-DC5A-45C9-A01F-0666C367EF2C} = 218.248.240.208 61.1.96.69
Notify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Authentication Packages = msv1_0 nwv1_0 nwprovau
LSA: Notification Packages = scecli ACGina
mASetup: {23KLN5J0-4OPM-11WE-AAX5-24EF1F387232} - c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\8u5rik1g.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\real\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\netscape6\nprpjplug.dll
FF - plugin: c:\program files\vlc\npvlc.dll
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-17 114768]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-12 13480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-17 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-17 138680]
R2 LFKAS;Service of LFKA;c:\program files\lenovo\atk hotkey\LFKAS.exe [2009-6-16 208896]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-6-18 53248]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-17 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-17 352920]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-4-29 108032]
S3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\ilmsmm.sys --> c:\windows\system32\drivers\ilmsmm.sys [?]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe --> c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe [?]
=============== Created Last 30 ================
2009-11-24 01:28:33 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-24 01:18:55 0 d-----w- c:\program files\bfgclient
2009-11-24 01:13:08 0 d-----w- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2009-11-24 01:11:48 207880 ----a-w- c:\program files\righteous-kill-2_s1_l1_gF5041T1L1_d701615298.exe
2009-11-21 14:55:00 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-11-21 14:55:00 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-11-21 14:51:50 0 d-----w- c:\windows\system32\AGEIA
2009-11-21 04:35:38 0 d-----w- c:\docume~1\admin\applic~1\GTM_Bodie
2009-11-20 23:01:24 0 d-----w- c:\program files\Ghost Town Mysteries - Bodie
2009-11-20 20:54:40 0 d-----w- c:\docume~1\alluse~1\applic~1\GameHouse
2009-11-20 20:53:16 0 d-----w- c:\program files\Campfire Legends The Hookman
2009-11-20 20:52:43 0 d-----w- c:\program files\ReflexiveArcade
==================== Find3M ====================
2009-11-13 12:07:57 389120 ----a-w- c:\windows\system32\cmd.exe
2009-11-12 05:04:26 33280 ----a-w- c:\windows\system32\rundll32.exe
2009-11-11 15:31:56 26112 ----a-w- c:\windows\system32\userinit.exe
2009-11-08 12:23:07 348160 ----a-w- c:\windows\system32\msvcr71.dll
============= FINISH: 23:43:30.10 ===============
[B]Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/16/2009 5:19:36 PM
System Uptime: 12/13/2009 11:13:21 PM (0 hours ago)
Motherboard: LENOVO | | 2743A61
Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz | Socket 478 | 1995/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 58 GiB total, 40.263 GiB free.
D: is FIXED (NTFS) - 58 GiB total, 38.74 GiB free.
E: is FIXED (NTFS) - 59 GiB total, 49.531 GiB free.
F: is CDROM ()
G: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 12/13/2009 5:31:45 PM - System Checkpoint
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Apple Software Update
Avanquest update
avast! Antivirus
Big Fish Games Client
Bonjour
Conexant HD Audio
Critical Update for Windows Media Player 11 (KB959772)
Ghost Town Mysteries - Bodie
Google Chrome
Google Earth
Google Talk (remove only)
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Huawei MT841
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Karunya University
Lenovo System Interface Driver
Lenovo System Toolbox
Lenovo_ATK_Package
LiveUpdate 3.3 (Symantec Corporation)
Message Center Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Motorola Driver Installation
Motorola Phone Tools
Mozilla Firefox (3.5)
MSXML 4.0 SP2 (KB954430)
Need for Speed™ SHIFT Demo
neroxml
NICI (Shared) U.S./Worldwide (128 bit) (2.7.0-2)
NMAS Challenge Response Method
NMAS Client
Novell Client for Windows
NVIDIA Drivers
NVIDIA PhysX
On Screen Display
Picasa 3
Presentation Director
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Startup Delayer v2.5 (build 138)
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Power Management Driver for SL Series
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
Total Video Converter 3.10
UltraISO Premium V9.33
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VLC media player 0.9.9
WebFldrs XP
Webshots Desktop
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
12/8/2009 2:42:28 PM, error: Service Control Manager [7000] - The MAC Bridge Miniport service failed to start due to the following error: The system cannot find the file specified.
12/13/2009 5:31:30 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/13/2009 12:54:06 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
12/12/2009 12:24:04 PM, error: Service Control Manager [7000] - The rimmptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/12/2009 11:25:55 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
==== End Of File ===========================