Your Ad Here

Thursday, April 2, 2009

regedit & cmd won't run...a/v won't update. Log included.

First time poster but Ive done a lot of reading here tonight!

Im getting random website redirects, regedit & cmd wont run (although msconfig will) and I cant update Avast! or install Trend Micro, either in normal or safe mode. The virus scans I have been able to run have come up clean but theres obviously something going on.

Heres my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:47 AM, on 4/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32ibmpmsvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32IPSSVC.EXE
C:Program FilesThinkPadConnectUtilitiesAcPrfMgrSvc.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSSystem32svchost.exe
c:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32PSIService.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32TPHDEXLG.EXE
C:WINDOWSsystem32TpKmpSVC.exe
C:Program FilesIBM ThinkVantageRescue and Recoveryrrservice.exe
C:Program FilesIBM ThinkVantageCommonSchedulertvtsched.exe
C:Program FilesThinkVantageSystemUpdateUCLauncherService.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesIBM ThinkVantageCommonLoggerlogmon.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesGoogleGmail Notifiergnotify.exe
C:Program FilesBillP StudiosWinPatrolwinpatrol.exe
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSsystem32tp4serv.exe
C:WINDOWSsystem32TpShocks.exe
C:WINDOWSsystem32TpScrLk.exe
C:PROGRA~1LenovoPkgMgrHOTKEYTPHKMGR.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesLenovoPkgMgrHOTKEYTPONSCR.exe
C:Program FilesLenovoPkgMgrHOTKEY_1TpScrex.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesIBM ThinkVantageSafeGuard PrivateDiskpdservice.exe
C:PROGRA~1THINKV~2PrdCtrLPMGR.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesIBM ThinkVantageCommonmndmapdrv.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32net.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.netflix.com/WatchNowMovie?mo ... 540166_3_0
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.lenovo.com/us/en/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O4 - HKLM..Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:Program FilesGoogleGmail Notifiergnotify.exe
O4 - HKLM..Run: [WinPatrol] C:Program FilesBillP StudiosWinPatrolwinpatrol.exe
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM..Run: [TpShocks] TpShocks.exe
O4 - HKLM..Run: [TPKMAPHELPER] C:Program FilesThinkPadUtilitiesTpKmapAp.exe -helper
O4 - HKLM..Run: [TPKBDLED] C:WINDOWSsystem32TpScrLk.exe
O4 - HKLM..Run: [TPHOTKEY] C:PROGRA~1LenovoPkgMgrHOTKEYTPHKMGR.exe
O4 - HKLM..Run: [TP4EX] tp4ex.exe
O4 - HKLM..Run: [suScheduler] C:Program FilesThinkVantageSystemUpdateUCLauncher.exe /SCHEDULER
O4 - HKLM..Run: [SunJavaUpdateSched] "c:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [SoundMAX] C:Program FilesAnalog DevicesSoundMAXSmax4.exe /tray
O4 - HKLM..Run: [PWRMGRTR] rundll32 C:PROGRA~1ThinkPadUTILIT~1PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM..Run: [PDService.exe] "C:Program FilesIBM ThinkVantageSafeGuard PrivateDiskpdservice.exe"
O4 - HKLM..Run: [LPManager] C:PROGRA~1THINKV~2PrdCtrLPMGR.exe
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup
O4 - HKLM..Run: [EZEJMNAP] C:PROGRA~1ThinkPadUTILIT~1EzEjMnAp.Exe
O4 - HKLM..Run: [cssauth] "C:Program FilesIBM ThinkVantageClient Security Solutioncssauth.exe" silent
O4 - HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [BLOG] rundll32 C:PROGRA~1ThinkPadUTILIT~1BatLogEx.DLL,StartBattLog
O4 - HKLM..Run: [BigDogPath] C:WINDOWSVM_STI.EXE Philips SPC 300NC PC Camera
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKCU..Run: [Wootalyzer] C:Program FilesWootalyzerwoot.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [updateMgr] "C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU..Run: [TomTomHOME.exe] "C:Program FilesTomTom HOME 2HOMERunner.exe"
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [Semagic] C:Program FilesSemagicLiveJournalU.exe
O4 - HKCU..Run: [Google Update] "C:Documents and SettingsTongaLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe" /c
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:WINDOWSsystem32GPhotos.scr/200
O8 - Extra context menu item: Semagic - C:Program FilesSemagiclink.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:Program FilesLenovoPkgMgrPkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra Tools menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra Tools menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O15 - Trusted Zone: http://gis.montva.com
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://roa.pt-usa.net/tsweb/msrdp.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/acce ... ontrol.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:Program FilesThinkPadConnectUtilitiesAcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Unknown owner - C:Program FilesThinkPadConnectUtilitiesAcSvc.exe (file missing)
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:Program FilesAmazonAmazon Unbox VideoADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:WINDOWSsystem32ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:WINDOWSsystem32IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - c:Program FilesJavajre6binjqs.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:Program FilesMioNetMioNetManager.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:WINDOWSsystem32PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:WINDOWSSystem32TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:WINDOWSsystem32TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:Program FilesIBM ThinkVantageClient Security Solutionibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:Program FilesIBM ThinkVantageRescue and Recoveryrrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:Program FilesIBM ThinkVantageCommonSchedulertvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:Program FilesThinkVantageSystemUpdateUCLauncherService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:Program FilesRealVNCVNC4WinVNC4.exe

--
End of file - 11031 bytes

Thanks, I really appreciate the help.

Robin

Read More...
Your Ad Here

No comments: