Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tidserv Request and Tidserv Request 2


  • This topic is locked This topic is locked
2 replies to this topic

#1 tjtodd

tjtodd

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 04 May 2010 - 03:14 PM

Similar to other posts, Norton 360 is picking up intrusion attempts. A couple of days ago, I found I had the Trojan.FakeAV virus as I suddenly started getting notices that my anti-virus (through Windows Security) was out of date even though Norton Liveupdate was up to date. Popups were trying to get me to buy some security tool. This appears to have been corrected, but I'm still getting the intrusion detection alerts so I suspect I most have one of the rootkit viruses mentioned in other posts. I have not suffered from my browser being redirected, although there has been a couple of occasions of a pop-up of some internet gambling sites. I've also had the BSOD a few times (INVALID_WORK_QUEUE_ITEM x'96').

(added note):
I initially used MalwareBytes Antimalware to find and correct some registry entries. This at least got the system back to a usable state.
(end of added note)

I've run the DDS script with the output below. I have tried to run GMER multiple times. When I run GMER as requested in the preparation doc, it starts up then I get a BSOD (x'8E') and a reboot. Following another posting, I tried to run GMER and unselected "Files". Same result. I tried again and unselected everything but "Sections". Same result with the BSOD.

DDS Attach.txt follows:
============================================


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/15/2009 4:24:50 AM
System Uptime: 5/4/2010 9:02:26 AM (6 hours ago)

Motherboard: LENOVO | | 6459A24
Processor: Intel Pentium III Xeon processor | None | 2493/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 181 GiB total, 88.486 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 39 GiB total, 24.078 GiB free.
F: is FIXED (NTFS) - 73 GiB total, 31.299 GiB free.
G: is FIXED (NTFS) - 932 GiB total, 763.814 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart C6300 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: C6300,192.168.0.101
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C6300 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C6300 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

32 Bit HP CIO Components Installer
7-Zip 4.65
Access Help
Adobe Acrobat Connect Add-in
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
BitTorrent
Bonjour
BufferChm
C6300
C6300_Help
Cards_Calendar_OrderGift_DoMorePlugout
Client Security Solution
Compatibility Pack for the 2007 Office system
CoverPro
CustomerResearchQFolder
CVSNT Server 2.5.04.3510
DB2 Workgroup Server Edition - DB2COPY1
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Diskeeper Lite
DocProc
DocProcQFolder
eSupportQFolder
Google Chrome Frame
Google Update Helper
GPBaseService
GPBaseService2
Help Center
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Customer Participation Program 11.0
HP Driver Diagnostics
HP Imaging Device Functions 11.0
hp officejet g series
hp officejet g series - 2
HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
IBM Installation Manager
IBM Lotus Forms Designer 3.5
IBM Lotus Forms Turbo 3.5
IBM Lotus Forms Viewer 3.5
IBM Rational License Server TL 2.0
IBM Rational System Architect 11.3.1
IBM Rational System Architect for ERP Interface
IBM Rational System Architect for SOA Add-on
IBM WebSphere Application Server Network Deployment V7.0
IBM WebSphere Business Compass V7.0
IBM WebSphere Business Modeler
IBM WebSphere Business Modeler_1
IBM WebSphere Eclipse Platform V3.3
IBM WebSphere Integration Developer
IBM WebSphere MQ
Integrated Camera
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD
InterVideo WinDVD Creator 3
iTunes
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 11
Lenovo Registration
Maintenance Manager
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan
mCore
mDriver
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 7.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
mMHouse
Mozilla Firefox (3.0.14)
mPfMgr
mProSafe
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
mWlsSafe
MYOB Accounting Plus v18
MYOB ODBC Direct v7 NZ
MYOB ODBC Direct v8 NZ
MYOB Password Recovery v1.0k (remove only)
MYOB Payroll
Network
Norton 360
NVIDIA Drivers
OCR Software by I.R.I.S. 11.0
On Screen Display
PanoStandAlone
Pass4sure for IBM 000-316 4.14
Pass4sure for IBM 000-992 4.04
PC-Doctor 5 for Windows
Picasa 2
Presentation Director
Productivity Center Supplement for ThinkPad
PS_AIO_04_C6300_ProductContext
PS_AIO_04_C6300_Software
PS_AIO_04_C6300_Software_Min
PSSWCORE
QuickTime
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
Scan
Scheduler Updater
SeaTools for Windows
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Shop for HP Supplies
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
Status
System Migration Assistant
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 5.6
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Toolbox
TortoiseCVS 1.10.10
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB960763)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
Wallpapers
WebFldrs XP
WebReg
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Toolbar
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip 12.1
XML Spy Suite 4.4
XP Themes

==== Event Viewer Messages From Past Week ========

5/3/2010 11:48:09 AM, error: System Error [1003] - Error code 00000096, parameter1 89eb8250, parameter2 8056485c, parameter3 80564820, parameter4 80576ac2.
4/30/2010 9:40:21 AM, error: System Error [1003] - Error code 00000096, parameter1 89ec73d8, parameter2 8056485c, parameter3 80564820, parameter4 80576ac2.
4/30/2010 5:31:39 PM, error: Dhcp [1002] - The IP address lease 192.168.0.105 for the Network Card with network address 001F3B526251 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/30/2010 5:28:26 PM, error: System Error [1003] - Error code 00000096, parameter1 8a4ba558, parameter2 8056485c, parameter3 80564820, parameter4 80576ac2.
4/30/2010 5:12:00 PM, error: Dhcp [1002] - The IP address lease 192.168.0.102 for the Network Card with network address 001C257EFE12 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/30/2010 10:13:53 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'ATMELTPM.INF' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
4/30/2010 10:13:06 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
4/29/2010 8:46:40 AM, error: Service Control Manager [7024] - The SQL Server (SQLEXPRESS) service terminated with service-specific error 2148081668 (0x80092004).

==== End Of File ===========================



DDS DDS.txt follows:
================================================

DDS (Ver_10-03-17.01) - NTFSx86
Run by Tom Todd at 15:57:29.73 on Tue 05/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1458 [GMT 12:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\IBM\Common\acsi\bin\jservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\CVSNT\cvslock.exe
C:\Program Files\CVSNT\cvsservice.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\IBM\LOTUSF~1\Turbo\3.5\SQLLIB\ITMA\TMAITM6\KUDCMA_DB2.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\IBM\Common\acsi\jre\bin\java.exe
C:\Program Files\IBM\Rational\License Server\lmgrd.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\IBM\Rational\License Server\lmgrd.exe
C:\Program Files\IBM\Rational\License Server\telelogic.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\IBM\LOTUSF~1\Turbo\3.5\SQLLIB\BIN\db2systray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\IBM\WebSphere MQ\bin\amqmtbrn.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tom Todd\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.nz/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - c:\program files\ibm\lotus forms\viewer\3.5\PEhelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\5.0.375.15\npchrome_frame.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [masqform.exe] c:\program files\ibm\lotus forms\viewer\3.5\masqform.exe -RunOnce"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [DB2COPY1 - db2systray.exe DB2] c:\progra~1\ibm\lotusf~1\turbo\3.5\sqllib\bin\db2systray.exe DB2
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\websph~1.lnk - c:\program files\ibm\websphere mq\bin\amqmtbrn.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Edit with &XML Spy - c:\program files\altova\xml spy suite\spy.htm
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\5.0.375.15\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
Notify: ACNotify - ACNotify.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 setuid
LSA: Notification Packages = scecli psqlpwd ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tomtod~1\applic~1\mozilla\firefox\profiles\73l7o1yn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-5 310320]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-3 19760]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-5 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-5 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100429.001\IDSXpx86.sys [2010-5-4 329592]
R2 acsisrv;IBM ADE Service;c:\program files\ibm\common\acsi\bin\jservice.exe [2010-3-26 204800]
R2 CITMDRV;CITMDRV;c:\windows\system32\drivers\CITMDRV.SYS [2010-3-26 10752]
R2 kudcma_DB2;Monitoring Agent for DB2 - DB2;c:\progra~1\ibm\lotusf~1\turbo\3.5\sqllib\itma\tmaitm6\KUDCMA_DB2.exe [2010-3-26 1217824]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-5 117640]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-15 11152]
R2 Telelogic License Manager;Telelogic License Manager;c:\program files\ibm\rational\license server\lmgrd.exe [2007-11-27 1423440]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-9 569344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-30 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100503.021\NAVENG.SYS [2010-5-4 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100503.021\NAVEX15.SYS [2010-5-4 1324720]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-14 35264]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-3 135664]
S3 DB2GOVERNOR_DB2COPY1;DB2 Governor (DB2COPY1);c:\program files\ibm\lotus forms\turbo\3.5\sqllib\bin\db2govds.exe [2009-4-4 18720]
S3 DB2LICD_DB2COPY1;DB2 License Server (DB2COPY1);c:\program files\ibm\lotus forms\turbo\3.5\sqllib\bin\db2licd.exe [2009-4-4 124192]
S3 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\program files\ibm\lotus forms\turbo\3.5\sqllib\bin\db2mgmtsvc.exe [2009-4-4 38688]
S3 DB2REMOTECMD_DB2COPY1;DB2 Remote Command Server (DB2COPY1);c:\program files\ibm\lotus forms\turbo\3.5\sqllib\bin\db2rcmd.exe [2009-4-4 29984]
S3 DB2TS - DB2;DB2TS - DB2COPY1 - DB2;c:\progra~1\ibm\lotusf~1\turbo\3.5\sqllib\bin\cielock.exe [2009-4-4 197920]
S3 IBM Rational System Architect Rest Service;IBM Rational System Architect Rest Service;c:\program files\ibm\rational\system architect suite\11.3.1\system architect\SARestWebService.exe [2009-11-24 62976]
S3 IBMWAS70Service - THINKPADNode01;IBM WebSphere Application Server V7.0 - THINKPADNode01;c:\program files\ibm\websphere\buscomp\bin\WASService.exe [2010-3-26 86016]
S3 IBMWAS70Service - THINKPADNode02;IBM WebSphere Application Server V7.0 - THINKPADNode02;c:\program files\ibm\websphere\buscomp\bin\WASService.exe [2010-3-26 86016]
S3 MQSeriesServices;IBM MQSeries;c:\program files\ibm\websphere mq\bin\amqsvc.exe [2009-12-22 80768]

=============== Created Last 30 ================

2010-05-04 03:55:52 0 ----a-w- c:\documents and settings\tom todd\defogger_reenable
2010-04-29 22:41:53 0 d-----w- c:\program files\Seagate
2010-04-29 22:40:15 0 d-----w- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2010-04-29 03:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 03:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 02:02:07 10752 ------w- c:\windows\system32\drivers\CITMDRV.SYS
2010-03-19 01:17:29 47840 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-10 06:15:52 420352 ------w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-02-24 22:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-21 20:09:41 23113 ------w- c:\windows\hpqins15.dat
2010-02-21 20:03:43 77377 ------w- c:\windows\hpqins05.dat
2010-02-16 21:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2009-01-13 23:53:53 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-09-10 04:11:52 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009091020090911\index.dat

============= FINISH: 15:58:49.95 ===============

Attached Files


Edited by tjtodd, 04 May 2010 - 04:02 PM.


BC AdBot (Login to Remove)

 


#2 tjtodd

tjtodd
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 05 May 2010 - 11:19 PM

This can be closed....problem solved via Combofix.....

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 AM

Posted 06 May 2010 - 05:43 PM

Topic closed at member's request.

Please send me a PM if you would like it opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users