Jump to content


Photo

Google Searches Hijacked -problems on startup on netbook


  • This topic is locked This topic is locked
6 replies to this topic

#1 kennyess1

kennyess1

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 06 July 2009 - 06:30 PM

Hi-

It's been a while since I've posted.


I have a new Lenovo S10 Netbook with xp - great little machine

160 mb hd, xp sp3

I think it was the kids downloading movie torrent files but I had a lot of infected files -

Macafee ccleaner ans malwarebytes took care of a lot of it, but the mouse is occasionally locking up on startup and when I click on google results, the links go to odd sites.

Thanks for any help you can provide! Here is my hjt log.

Kennyess1

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:47 PM, on 7/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com...n.asp?cid=38468
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 prosecure.microsoft.com
O1 - Hosts: 209.44.111.62 antivir-prof.com
O1 - Hosts: 209.44.111.62 www.antivir-prof.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O23 - Service: DDNIMSGService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
O23 - Service: DDNIService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\DIBS\DDNIService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6535 bytes

#2 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,098 posts

Posted 07 July 2009 - 11:04 AM

Hi kennyess1, and Welcome to SWI.

Firstly,
Download HostsXpert.zip
  • Extract (unzip) HostsXpert.zip to a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click Make Hosts Writable? in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Please reboot the computer.

Secondly,
We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your Desktop.

    NOTE: Before scanning, make sure all other running programs are closed.
    There shouldn't be any scheduled antivirus scans running while the scan is being performed.
    Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • >>Follow the instructions that pop up for posting the results.<<
  • Close the program window, and delete the program from your Desktop.

Thirdly,
Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the Desktop.

Open the program - you should see the Rootkit / Malware tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Important: Close any open programs/windows!
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
Posted Image

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#3 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,813 posts

Posted 10 July 2009 - 03:15 PM

kennyess1,

snemelk will be away for a while and I will be helping you while he's gone. :)

Do you still need help?

Edited by screen317, 10 July 2009 - 03:16 PM.

Please consider donating to help support the continued prompt and excellent services of this site.


#4 kennyess1

kennyess1

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 15 July 2009 - 10:22 PM

Thanks for your help - Sorry was out of town = this is the first chance I've had to reply. I ran all the programs.
Let me know what to do.

I didn't see an attach on this board, so I pasted all the logs

attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/22/2009 11:54:21 PM
System Uptime: 7/15/2009 10:43:22 PM (0 hours ago)

Motherboard: Lenovo | | Mariana
Processor: Intel® Atom™ CPU N270 @ 1.60GHz | U2E1 | 1596/mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 104 GiB total, 84.958 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 29.723 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP27: 7/13/2009 11:02:29 PM - Installed Adobe Reader 9.1.
RP28: 7/14/2009 1:19:20 PM - Installed ooVoo
RP29: 7/15/2009 7:48:43 PM - Restore Operation
RP30: 7/15/2009 8:05:11 PM - Software Distribution Service 3.0

==== Installed Programs ======================

µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9.1
AIM 6
Apple Software Update
Broadcom Gigabit Integrated Controller
Broadcom WLAN
CCleaner (remove only)
Critical Update for Windows Media Player 11 (KB959772)
DIBS
Download Updater (AOL LLC)
Energy Management
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 14
K-Lite Mega Codec Pack 4.9.0
Lenovo First Boot
Lenovo Idea Central
Lenovo Idea Notes
Lenovo OneKey Recovery
Lenovo Quick Start
Lenovo System Repair - Windows Update Monitor
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5)
MSXML 6.0 Parser (KB925673)
Picasa 3
QuickTime
Realtek Card Reader
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
WebFldrs XP
Windows Communication Foundation
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

7/15/2009 7:43:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
7/15/2009 7:42:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
7/15/2009 7:42:03 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/15/2009 7:42:03 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/15/2009 7:42:03 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/15/2009 7:42:03 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/15/2009 7:41:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/15/2009 7:41:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/14/2009 12:55:15 PM, error: Service Control Manager [7023] - The Task Scheduler service terminated with the following error: The file or directory is corrupted and unreadable.
7/10/2009 5:16:22 PM, error: Service Control Manager [7028] - The nzcgfz Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

==== End Of File ===========================

DDS

DDS (Ver_09-06-26.01) - FAT32x86
Run by Ken at 22:49:17.89 on Wed 07/15/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.660 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
svchost
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Ken\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com:80/root/campaign.asp?cid=38468
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IdeaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ken\applic~1\mozilla\firefox\profiles\dtfnmhsd.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-10 144704]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-10 201320]
R2 DDNIMSGService;DDNIMSGService;c:\program files\ddni\lenovo idea notes\DDNIMSGService.exe [2008-10-6 185008]
R2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2009-4-8 164528]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-10 359248]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2009-4-8 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-4-8 48192]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-25 24652]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-4-8 9472]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-10 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-10 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-10 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-10 40488]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-4-8 157696]
S2 nzcgfz;nzcgfz;\??\c:\windows\system32\drivers\hxuqedqv.sys --> c:\windows\system32\drivers\hxuqedqv.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-8 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-25 38160]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-10 33832]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-4-8 81192]

=============== Created Last 30 ================

2009-07-15 22:20 <DIR> --d----- c:\program files\hosts
2009-07-15 20:08 127 a------- c:\windows\system32\MRT.INI
2009-07-15 19:49 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-07-14 23:00 <DIR> --dsh--- C:\FOUND.001
2009-07-14 22:37 <DIR> --dsh--- C:\FOUND.000
2009-07-14 13:19 <DIR> --d----- c:\program files\ooVoo
2009-07-10 16:35 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-07-10 16:35 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-07-10 16:34 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-07-10 16:03 5,632 a------- c:\windows\system32\ptpusb.dll
2009-07-10 16:03 159,232 a------- c:\windows\system32\ptpusd.dll
2009-07-10 16:03 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-07-10 16:03 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2009-07-06 13:05 0 a------- c:\windows\system32\drivers\str.sys
2009-07-06 00:42 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-06 00:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-06 00:33 <DIR> --d----- c:\program files\Trend Micro
2009-07-05 19:21 <DIR> --d----- c:\program files\CCleaner
2009-07-03 19:46 <DIR> --dsh--- c:\documents and settings\ken\PrivacIE
2009-07-02 20:53 93 a------- c:\windows\system32\hjgruiivkpmpeo.dat
2009-07-02 20:42 93,798 a------- c:\windows\system32\hjgruirsivqwuc.dat
2009-07-02 20:42 1 a------- c:\windows\system32\drivers\hjgruinvdqkdkp.sys
2009-06-27 00:17 <DIR> --dsh--- c:\documents and settings\ken\IETldCache
2009-06-26 23:45 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-26 23:45 <DIR> --d----- c:\windows\ie8updates
2009-06-26 23:44 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-26 23:44 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-26 23:37 <DIR> --d-h--- c:\windows\ie8
2009-06-26 08:14 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-25 21:46 <DIR> --d----- c:\docume~1\ken\applic~1\Malwarebytes
2009-06-25 21:46 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-25 21:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-25 21:46 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-25 21:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 21:09 <DIR> --d----- c:\program files\uTorrent
2009-06-25 21:08 <DIR> --d----- c:\docume~1\ken\applic~1\uTorrent
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll

==================== Find3M ====================

2009-07-03 13:36 98,304 a------- c:\windows\DUMP5e6b.tmp
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-02 12:11 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-05-29 17:37 205,824 a------- c:\windows\system32\xvidvfw.dll
2009-05-29 17:31 881,664 a------- c:\windows\system32\xvidcore.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 01:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 01:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-01 17:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 17:02 685,056 a------- c:\windows\system32\divx.dll
2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-30 17:22 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 17:22 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 17:22 1,207,808 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 17:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 17:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 07:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-29 00:55 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-08 04:28 725 a------- c:\documents and settings\ken\set_env.bat
2009-04-08 03:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

============= FINISH: 22:50:15.70 ===============


GMER

Time<2009,04.08.,03:58:57> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,04.08.,03:58:58> : Windows Path: C:\WINDOWS

Time<2009,04.08.,03:58:58> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,04.08.,03:58:58> : The value of AuditInProgress is 1.

Time<2009,04.08.,03:58:58> : Service Stopped

Time<2009,04.08.,03:58:58> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 1

Time<2009,04.08.,04:24:52> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,04.08.,04:24:53> : Windows Path: C:\WINDOWS

Time<2009,04.08.,04:24:53> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,04.08.,04:24:53> : The value of AuditInProgress is 1.

Time<2009,04.08.,04:24:53> : Service Stopped

Time<2009,04.08.,04:24:53> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 1

Time<2009,04.08.,04:26:54> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,04.08.,04:26:54> : Windows Path: C:\WINDOWS

Time<2009,04.08.,04:26:54> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,04.08.,04:26:54> : The value of AuditInProgress is 1.

Time<2009,04.08.,04:26:54> : Service Stopped

Time<2009,04.08.,04:26:54> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 1

Time<2009,04.08.,04:48:44> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,04.08.,04:48:45> : Windows Path: C:\WINDOWS

Time<2009,04.08.,04:48:45> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,04.08.,04:48:45> : The value of AuditInProgress is 1.

Time<2009,04.08.,04:48:45> : Service Stopped

Time<2009,04.08.,04:48:45> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 1

Time<2009,04.08.,04:50:09> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,04.08.,04:50:10> : Windows Path: C:\WINDOWS

Time<2009,04.08.,04:50:13> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,04.08.,04:50:13> : The value of AuditInProgress is 1.

Time<2009,04.08.,04:50:13> : Service Stopped

Time<2009,04.08.,04:50:13> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 1

Time<2009,04.23.,11:52:20> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,04.23.,11:52:20> : Windows Path: C:\WINDOWS

Time<2009,04.23.,11:52:20> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,04.23.,11:52:20> : There is no AuditInProgress in registry.

Time<2009,04.23.,11:52:20> : OOBE flag has not been set at ..\TvTuMon\Parameters. Check Setup State Flag -- OOBE please.
Time<2009,04.23.,11:56:59> : ------------ServiceStart:SERVICE START------------
Time<2009,04.23.,11:56:59> : ---------Entring AppInit-----------------

Time<2009,04.23.,11:56:59> : ----------FileInitalSys Success-----------------

Time<2009,04.23.,11:56:59> : ----------Set SevFlag TRUE-----------------

Time<2009,04.23.,11:57:00> : ----------ICAutoUpdate.log Access Denied-----------------

Time<2009,04.23.,11:57:00> : -----------ICAutoUpdate.log:ERROR_FILE_NOT_FOUND-----------------

Time<2009,04.23.,11:57:00> : ReadLastUpdate32:<g_cKerFileDigests.Save> return code = -100
Time<2009,04.23.,12:02:25> : Service Stop Pending

Time<2009,04.23.,12:02:25> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,04.23.,12:02:25> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN------------
Time<2009,04.23.,12:02:25> : CheckTimeOut_shutdown:Update <0> Reg files
Time<2009,04.23.,12:02:25> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN<CheckTimeOut_shutdown>------------
Time<2009,04.23.,12:02:25> : Service Stop Pending

Time<2009,04.23.,12:02:25> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,04.23.,19:59:34> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,04.23.,19:59:34> : Windows Path: C:\WINDOWS

Time<2009,04.23.,19:59:34> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,04.23.,19:59:34> : There is no AuditInProgress in registry.

Time<2009,04.23.,19:59:34> : OOBE flag has already been set at ..\TvTuMon\Parameters.
Time<2009,04.23.,19:59:35> : ------------ServiceStart:SERVICE START------------
Time<2009,04.23.,19:59:35> : ---------Entring AppInit-----------------

Time<2009,04.23.,19:59:35> : ----------FileInitalSys Success-----------------

Time<2009,04.23.,19:59:35> : ----------Set SevFlag TRUE-----------------

Time<2009,04.23.,19:59:35> : ----------ICAutoUpdate.log Access Denied-----------------

Time<2009,04.23.,19:59:35> : -----------ICAutoUpdate.log:ERROR_FILE_NOT_FOUND-----------------

Time<2009,04.23.,19:59:35> : ReadLastUpdate32:<g_cKerFileDigests.Save> return code = -100
Time<2009,04.23.,20:10:25> : Service Stop Pending

Time<2009,04.23.,20:10:26> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,04.23.,20:10:26> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN------------
Time<2009,04.23.,20:10:26> : CheckTimeOut_shutdown:Update <0> Reg files
Time<2009,04.23.,20:10:27> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN<CheckTimeOut_shutdown>------------
Time<2009,04.23.,20:10:27> : Service Stop Pending

Time<2009,04.23.,20:10:27> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,04.25.,10:57:01> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,04.25.,10:57:02> : Windows Path: C:\WINDOWS

Time<2009,04.25.,10:57:02> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,04.25.,10:57:02> : There is no AuditInProgress in registry.

Time<2009,04.25.,10:57:02> : OOBE flag has already been set at ..\TvTuMon\Parameters.
Time<2009,04.25.,10:57:03> : ------------ServiceStart:SERVICE START------------
Time<2009,04.25.,10:57:03> : ---------Entring AppInit-----------------

Time<2009,04.25.,10:57:03> : ----------FileInitalSys Success-----------------

Time<2009,04.25.,10:57:03> : ----------Set SevFlag TRUE-----------------

Time<2009,04.25.,10:57:03> : ----------ICAutoUpdate.log Access Denied-----------------

Time<2009,04.25.,10:57:03> : -----------ICAutoUpdate.log:ERROR_SUCCESS-----------------

Time<2009,04.25.,10:57:03> : ReadLastAutoUpdate32 g_cKerFileDigests.Save() return -100

Time<2009,04.25.,10:57:03> : Delete ICAutoUpdate.log success.

Time<2009,04.25.,10:57:03> : ReadLastUpdate32:<g_cKerFileDigests.Save> return code = -100
Time<2009,04.25.,11:03:58> : Service Stop Pending

Time<2009,04.25.,11:03:58> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,04.25.,11:03:58> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN------------
Time<2009,04.25.,11:03:58> : CheckTimeOut_shutdown:Update <0> Reg files
Time<2009,04.25.,11:03:58> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN<CheckTimeOut_shutdown>------------
Time<2009,04.25.,11:03:58> : Service Stop Pending

Time<2009,04.25.,11:03:59> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,04.25.,11:05:11> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,04.25.,11:05:13> : Windows Path: C:\WINDOWS

Time<2009,04.25.,11:05:13> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,04.25.,11:05:13> : There is no AuditInProgress in registry.

Time<2009,04.25.,11:05:13> : OOBE flag has already been set at ..\TvTuMon\Parameters.
Time<2009,04.25.,11:05:13> : ------------ServiceStart:SERVICE START------------
Time<2009,04.25.,11:05:13> : ---------Entring AppInit-----------------

Time<2009,04.25.,11:05:13> : ----------FileInitalSys Success-----------------

Time<2009,04.25.,11:05:13> : ----------Set SevFlag TRUE-----------------

Time<2009,04.25.,11:05:14> : ----------ICAutoUpdate.log Access Denied-----------------

Time<2009,04.25.,11:05:14> : -----------ICAutoUpdate.log:ERROR_SUCCESS-----------------

Time<2009,04.25.,11:05:14> : ReadLastAutoUpdate32 g_cKerFileDigests.Save() return -100

Time<2009,04.25.,11:05:14> : Delete ICAutoUpdate.log success.

Time<2009,04.25.,11:05:14> : ReadLastUpdate32:<g_cKerFileDigests.Save> return code = -100
Time<2009,04.25.,11:18:46> : Service Stop Pending

Time<2009,04.25.,11:18:47> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,04.25.,11:18:47> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN------------
Time<2009,04.25.,11:18:47> : CheckTimeOut_shutdown:Update <0> Reg files
Time<2009,04.25.,11:18:47> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN<CheckTimeOut_shutdown>------------
Time<2009,04.25.,11:18:47> : Service Stop Pending

Time<2009,04.25.,11:18:47> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,04.25.,11:20:18> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,04.25.,11:20:19> : Windows Path: C:\WINDOWS

Time<2009,04.25.,11:20:19> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,04.25.,11:20:19> : There is no AuditInProgress in registry.

Time<2009,04.25.,11:20:19> : OOBE flag has already been set at ..\TvTuMon\Parameters.
Time<2009,04.25.,11:20:20> : ------------ServiceStart:SERVICE START------------
Time<2009,04.25.,11:20:20> : ---------Entring AppInit-----------------

Time<2009,04.25.,11:20:20> : ----------FileInitalSys Success-----------------

Time<2009,04.25.,11:20:20> : ----------Set SevFlag TRUE-----------------

Time<2009,04.25.,11:20:20> : ----------ICAutoUpdate.log Access Denied-----------------

Time<2009,04.25.,11:20:20> : -----------ICAutoUpdate.log:ERROR_SUCCESS-----------------

Time<2009,04.25.,11:20:21> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\netapi32.dll, return 0

Time<2009,04.25.,11:20:21> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\netapi32.dll ,return 0, hash(new) is [fea487503602a6dc85ea0e07fbeceb32296776b6dcd4703e67af90b4631073ea]

Time<2009,04.25.,11:20:22> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\drivers\tcpip6.sys, return 0

Time<2009,04.25.,11:20:22> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\drivers\tcpip6.sys ,return 0, hash(new) is [7888cc67149e0ac4a25ca182c1ea497115ecf45f0113ccd188478c49582752d2]

Time<2009,04.25.,11:20:22> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\drivers\tcpip.sys, return 0

Time<2009,04.25.,11:20:22> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\drivers\tcpip.sys ,return 0, hash(new) is [ea29e49434585409272e7901af89771fe9d6e911a7dc44ab3c7020cff8a44552]

Time<2009,04.25.,11:20:22> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\drivers\afd.sys, return 0

Time<2009,04.25.,11:20:22> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\drivers\afd.sys ,return 0, hash(new) is [e2b746d5839715432fa073378149545d51c8beff8621411e0ff184de8aa83414]

Time<2009,04.25.,11:20:25> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\shell32.dll, return 0

Time<2009,04.25.,11:20:25> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\shell32.dll ,return 0, hash(new) is [4a4e428992acf52fc025946b8d99f38e45c34bbc9bcdbcbdc4963592e606f380]

Time<2009,04.25.,11:20:25> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\drivers\srv.sys, return 0

Time<2009,04.25.,11:20:25> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\drivers\srv.sys ,return 0, hash(new) is [2efd14332e133e71b09a0e00bf40cd9bc6850e976f05313b94b7e76780cddf3d]

Time<2009,04.25.,11:20:25> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\drivers\mrxsmb.sys, return 0

Time<2009,04.25.,11:20:25> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\drivers\mrxsmb.sys ,return 0, hash(new) is [eda62550bfb9ebb0fbe88cb55bb13c8f2636c620e52d691c7bef13357f68c7dc]

Time<2009,04.25.,11:20:25> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\drivers\rmcast.sys, return 0

Time<2009,04.25.,11:20:25> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\drivers\rmcast.sys ,return 0, hash(new) is [e3b0a0337be05e48c7bd9e6d5a08173f1e5faac89526dac3d87d21d1b55d524e]

Time<2009,04.25.,11:20:26> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\ntoskrnl.exe, return 0

Time<2009,04.25.,11:20:26> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\ntoskrnl.exe ,return 0, hash(new) is [404fc57f7ea7a772f4ff48fcd8995112e86a46a0a28882d60ba05abfd14f3ef5]

Time<2009,04.25.,11:20:26> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\services.exe, return 0

Time<2009,04.25.,11:20:26> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\services.exe ,return 0, hash(new) is [59c606977db40a3443dff0be2a4c761824881b22c9fdb3d23f6486db580e92a4]

Time<2009,04.25.,11:20:27> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\ntdll.dll, return 0

Time<2009,04.25.,11:20:27> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\ntdll.dll ,return 0, hash(new) is [09bd981eaebcce6aff0f17596cebdd19a48955c268349e25fd1aab73838a1940]

Time<2009,04.25.,11:20:28> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\lsasrv.dll, return 0

Time<2009,04.25.,11:20:28> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\lsasrv.dll ,return 0, hash(new) is [f690b8c143c76d731ed682f1d2b2048c115cd28a7b2e00cfbffa982226003fdf]

Time<2009,04.25.,11:20:29> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\advapi32.dll, return 0

Time<2009,04.25.,11:20:29> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\advapi32.dll ,return 0, hash(new) is [bfcf5361b7335760a7ae4b6958de516a27ac60aa09135a46f0b49f588fafe3a0]

Time<2009,04.25.,11:20:30> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\rpcss.dll, return 0

Time<2009,04.25.,11:20:30> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\rpcss.dll ,return 0, hash(new) is [6aeac16ab4e0dfd25123aaf4d4181fee1b919b7b2793117006ce8cf30e826cfd]

Time<2009,04.25.,11:20:30> : ReadLastAutoUpdate32 g_cKerFileDigests.Save() return 0

Time<2009,04.25.,11:20:30> : Delete ICAutoUpdate.log success.

Time<2009,04.25.,11:20:30> : ReadLastUpdate32:<g_cKerFileDigests.Save> return code = 0
Time<2009,04.25.,11:25:44> : Service Stop Pending

Time<2009,04.25.,11:25:44> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,04.25.,11:25:45> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN------------
Time<2009,04.25.,11:25:45> : CheckTimeOut_shutdown:Update <0> Reg files
Time<2009,04.25.,11:25:45> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN<CheckTimeOut_shutdown>------------
Time<2009,04.25.,11:25:45> : Service Stop Pending

Time<2009,04.25.,11:25:45> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,04.25.,11:27:04> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,04.25.,11:27:05> : Windows Path: C:\WINDOWS

Time<2009,04.25.,11:27:05> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,04.25.,11:27:05> : There is no AuditInProgress in registry.

Time<2009,04.25.,11:27:05> : OOBE flag has already been set at ..\TvTuMon\Parameters.
Time<2009,04.25.,11:27:06> : ------------ServiceStart:SERVICE START------------
Time<2009,04.25.,11:27:06> : ---------Entring AppInit-----------------

Time<2009,04.25.,11:27:06> : ----------FileInitalSys Success-----------------

Time<2009,04.25.,11:27:06> : ----------Set SevFlag TRUE-----------------

Time<2009,04.25.,11:27:06> : ----------ICAutoUpdate.log Access Denied-----------------

Time<2009,04.25.,11:27:06> : -----------ICAutoUpdate.log:ERROR_SUCCESS-----------------

Time<2009,04.25.,11:27:06> : ReadLastAutoUpdate32 g_cKerFileDigests.Save() return -100

Time<2009,04.25.,11:27:06> : Delete ICAutoUpdate.log success.

Time<2009,04.25.,11:27:06> : ReadLastUpdate32:<g_cKerFileDigests.Save> return code = -100
Time<2009,04.25.,12:54:35> : Service Stop Pending

Time<2009,04.25.,12:54:35> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,04.25.,12:54:35> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN------------
Time<2009,04.25.,12:54:35> : CheckTimeOut_shutdown:Update <0> Reg files
Time<2009,04.25.,12:54:35> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN<CheckTimeOut_shutdown>------------
Time<2009,04.25.,12:54:35> : Service Stop Pending

Time<2009,04.25.,12:54:35> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,04.25.,23:58:47> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,04.25.,23:58:49> : Windows Path: C:\WINDOWS

Time<2009,04.25.,23:58:49> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,04.25.,23:58:49> : There is no AuditInProgress in registry.

Time<2009,04.25.,23:58:49> : OOBE flag has already been set at ..\TvTuMon\Parameters.
Time<2009,04.25.,23:58:49> : ------------ServiceStart:SERVICE START------------
Time<2009,04.25.,23:58:49> : ---------Entring AppInit-----------------

Time<2009,04.25.,23:58:50> : ----------FileInitalSys Success-----------------

Time<2009,04.25.,23:58:50> : ----------Set SevFlag TRUE-----------------

Time<2009,04.25.,23:58:50> : ----------ICAutoUpdate.log Access Denied-----------------

Time<2009,04.25.,23:58:50> : -----------ICAutoUpdate.log:ERROR_FILE_NOT_FOUND-----------------

Time<2009,04.25.,23:58:50> : ReadLastUpdate32:<g_cKerFileDigests.Save> return code = -100
Time<2009,04.26.,00:01:28> : Service Stop Pending

Time<2009,04.26.,00:01:28> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,04.26.,00:01:29> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN------------
Time<2009,04.26.,00:01:29> : CheckTimeOut_shutdown:Update <0> Reg files
Time<2009,04.26.,00:01:29> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN<CheckTimeOut_shutdown>------------
Time<2009,04.26.,00:01:29> : Service Stop Pending

Time<2009,04.26.,00:01:29> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,04.26.,00:04:20> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,04.26.,00:04:21> : Windows Path: C:\WINDOWS

Time<2009,04.26.,00:04:21> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,04.26.,00:04:21> : There is no AuditInProgress in registry.

Time<2009,04.26.,00:04:21> : OOBE flag has already been set at ..\TvTuMon\Parameters.
Time<2009,04.26.,00:04:22> : ------------ServiceStart:SERVICE START------------
Time<2009,04.26.,00:04:22> : ---------Entring AppInit-----------------

Time<2009,04.26.,00:04:22> : ----------FileInitalSys Success-----------------

Time<2009,04.26.,00:04:22> : ----------Set SevFlag TRUE-----------------

Time<2009,04.26.,00:04:22> : ----------ICAutoUpdate.log Access Denied-----------------

Time<2009,04.26.,00:04:22> : -----------ICAutoUpdate.log:ERROR_FILE_NOT_FOUND-----------------

Time<2009,04.26.,00:04:22> : ReadLastUpdate32:<g_cKerFileDigests.Save> return code = -100
Time<2009,04.26.,00:14:49> : Service Stop Pending

Time<2009,04.26.,00:14:49> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,04.26.,00:14:49> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN------------
Time<2009,04.26.,00:14:49> : CheckTimeOut_shutdown:Update <0> Reg files
Time<2009,04.26.,00:14:49> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN<CheckTimeOut_shutdown>------------
Time<2009,04.26.,00:14:49> : Service Stop Pending

Time<2009,04.26.,00:14:49> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,05.02.,21:54:55> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,05.02.,21:54:56> : Windows Path: C:\WINDOWS

Time<2009,05.02.,21:54:56> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,05.02.,21:54:56> : There is no AuditInProgress in registry.

Time<2009,05.02.,21:54:56> : OOBE flag has already been set at ..\TvTuMon\Parameters.
Time<2009,05.02.,21:54:56> : ------------ServiceStart:SERVICE START------------
Time<2009,05.02.,21:54:56> : ---------Entring AppInit-----------------

Time<2009,05.02.,21:54:56> : ----------FileInitalSys Success-----------------

Time<2009,05.02.,21:54:56> : ----------Set SevFlag TRUE-----------------

Time<2009,05.02.,21:54:57> : ----------ICAutoUpdate.log Access Denied-----------------

Time<2009,05.02.,21:54:57> : -----------ICAutoUpdate.log:ERROR_FILE_NOT_FOUND-----------------

Time<2009,05.02.,21:54:57> : ReadLastUpdate32:<g_cKerFileDigests.Save> return code = -100
Time<2009,05.02.,12:54:54> : Service Stop Pending

Time<2009,05.02.,12:54:54> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,05.02.,12:54:54> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN------------
Time<2009,05.02.,12:54:54> : CheckTimeOut_shutdown:Update <0> Reg files
Time<2009,05.02.,12:54:54> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN<CheckTimeOut_shutdown>------------
Time<2009,05.02.,12:54:54> : Service Stop Pending

Time<2009,05.02.,12:54:54> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,05.02.,02:14:10> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,05.02.,02:14:11> : Windows Path: C:\WINDOWS

Time<2009,05.02.,02:14:11> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,05.02.,02:14:11> : There is no AuditInProgress in registry.

Time<2009,05.02.,02:14:11> : OOBE flag has already been set at ..\TvTuMon\Parameters.
Time<2009,05.02.,02:14:12> : ------------ServiceStart:SERVICE START------------
Time<2009,05.02.,02:14:12> : ---------Entring AppInit-----------------

Time<2009,05.02.,02:14:12> : ----------FileInitalSys Success-----------------

Time<2009,05.02.,02:14:12> : ----------Set SevFlag TRUE-----------------

Time<2009,05.02.,02:14:13> : ----------ICAutoUpdate.log Access Denied-----------------

Time<2009,05.02.,02:14:13> : -----------ICAutoUpdate.log:ERROR_SUCCESS-----------------

Time<2009,05.02.,02:14:15> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\win32k.sys, return 0

Time<2009,05.02.,02:14:15> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\win32k.sys ,return 0, hash(new) is [d74ff5891a59d00e4fa53fedcad8c428a96c761129428f43383f70b2801a5547]

Time<2009,05.02.,02:14:16> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\wininet.dll, return 0

Time<2009,05.02.,02:14:16> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\wininet.dll ,return 0, hash(new) is [70f51f671b60d3b863f185853d1ed9fb34fe73ff5e5b76252c2243ee8f6c77a5]

Time<2009,05.02.,02:14:16> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\advpack.dll, return 0

Time<2009,05.02.,02:14:16> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\advpack.dll ,return 0, hash(new) is [f31eeb6aec92efaff21da50a0475cd718efda8bc6b9b4eabe230d47c80b42ea0]

Time<2009,05.02.,02:14:16> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\kernel32.dll, return 0

Time<2009,05.02.,02:14:16> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\kernel32.dll ,return 0, hash(new) is [d3b69a8b59e07e775f99871c4ad107a4f72f392325695e7f261f6aa6e590d4e6]

Time<2009,05.02.,02:14:17> : ReadLastAutoUpdate32 g_cUpdateFileDB.SaveFile:c:\windows\system32\secur32.dll, return 0

Time<2009,05.02.,02:14:17> : ReadLastAutoUpdate32 g_cUpdateFileDB.SetDigest:c:\windows\system32\secur32.dll ,return 0, hash(new) is [baf9e7e3c30fa3d9ddbe4475f9e147a1006a2c96b79a05994cd8aadbeef2ec1d]

Time<2009,05.02.,02:14:17> : ReadLastAutoUpdate32 g_cKerFileDigests.Save() return 0

Time<2009,05.02.,02:14:17> : Delete ICAutoUpdate.log success.

Time<2009,05.02.,02:14:17> : ReadLastUpdate32:<g_cKerFileDigests.Save> return code = 0
Time<2009,05.02.,14:24:21> : Service Stop Pending

Time<2009,05.02.,14:24:21> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,05.02.,14:24:21> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN------------
Time<2009,05.02.,14:24:21> : CheckTimeOut_shutdown:Update <0> Reg files
Time<2009,05.02.,14:24:22> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN<CheckTimeOut_shutdown>------------
Time<2009,05.02.,14:24:22> : Service Stop Pending

Time<2009,05.02.,14:24:22> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,05.02.,15:44:18> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,05.02.,15:44:19> : Windows Path: C:\WINDOWS

Time<2009,05.02.,15:44:19> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,05.02.,15:44:19> : There is no AuditInProgress in registry.

Time<2009,05.02.,15:44:19> : OOBE flag has already been set at ..\TvTuMon\Parameters.
Time<2009,05.02.,15:44:20> : ------------ServiceStart:SERVICE START------------
Time<2009,05.02.,15:44:20> : ---------Entring AppInit-----------------

Time<2009,05.02.,15:44:20> : ----------FileInitalSys Success-----------------

Time<2009,05.02.,15:44:20> : ----------Set SevFlag TRUE-----------------

Time<2009,05.02.,15:44:20> : ----------ICAutoUpdate.log Access Denied-----------------

Time<2009,05.02.,15:44:20> : -----------ICAutoUpdate.log:ERROR_FILE_NOT_FOUND-----------------

Time<2009,05.02.,15:44:20> : ReadLastUpdate32:<g_cKerFileDigests.Save> return code = -100
Time<2009,05.02.,23:48:19> : Service Stop Pending

Time<2009,05.02.,23:48:19> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,05.02.,23:48:19> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN------------
Time<2009,05.02.,23:48:19> : CheckTimeOut_shutdown:Update <0> Reg files
Time<2009,05.02.,23:48:19> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN<CheckTimeOut_shutdown>------------
Time<2009,05.02.,23:48:19> : Service Stop Pending

Time<2009,05.02.,23:48:19> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,05.03.,10:29:06> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,05.03.,10:29:06> : Windows Path: C:\WINDOWS

Time<2009,05.03.,10:29:06> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 4

Time<2009,05.03.,10:29:06> : There is no AuditInProgress in registry.

Time<2009,05.03.,10:29:06> : OOBE flag has already been set at ..\TvTuMon\Parameters.
Time<2009,05.03.,10:29:07> : ------------ServiceStart:SERVICE START------------
Time<2009,05.03.,10:29:07> : ---------Entring AppInit-----------------

Time<2009,05.03.,10:29:07> : ----------FileInitalSys Success-----------------

Time<2009,05.03.,10:29:07> : ----------Set SevFlag TRUE-----------------

Time<2009,05.03.,10:29:07> : ----------ICAutoUpdate.log Access Denied-----------------

Time<2009,05.03.,10:29:07> : -----------ICAutoUpdate.log:ERROR_FILE_NOT_FOUND-----------------

Time<2009,05.03.,10:29:07> : ReadLastUpdate32:<g_cKerFileDigests.Save> return code = -100
Time<2009,05.03.,12:41:05> : Service Stop Pending

Time<2009,05.03.,12:41:05> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,05.03.,12:41:05> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN------------
Time<2009,05.03.,12:41:05> : CheckTimeOut_shutdown:Update <0> Reg files
Time<2009,05.03.,12:41:05> : ------------service_ctrl:SERVICE CONTROL SHUTDOWN<CheckTimeOut_shutdown>------------
Time<2009,05.03.,12:41:05> : Service Stop Pending

Time<2009,05.03.,12:41:05> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 3

Time<2009,05.03.,18:43:39> : ReportStatusToSCMgr:SetServiceStatus sucess:dwCurrentState = 2

Time<2009,05.03.,18:43:40> : Windows Path: C:\WINDOWS

Time<2009,0

#5 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,813 posts

Posted 17 July 2009 - 08:48 PM

Hi,

It seems like you clicked "Show All" in GMER. You were asked not to...

We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingc...to-use-combofix
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.


-screen317

Please consider donating to help support the continued prompt and excellent services of this site.


#6 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,813 posts

Posted 28 July 2009 - 12:20 AM

Still with us kennyess1??

Please consider donating to help support the continued prompt and excellent services of this site.


#7 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,813 posts

Posted 12 August 2009 - 04:08 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Please consider donating to help support the continued prompt and excellent services of this site.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button