Topic: PC rebooting often - need spyware/virus check (Read 159 times)

wisesilver · « **on:** July 28, 2010, 08:11:01 PM »

Hi Grey Knight!

My PC has been rebooting often and I suspect an infection of some sort. can we take steps to check/clean it?

Thanks!

Here is my Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:07 PM, on 7/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\WINDOWS\SYSTEM32\3cshtdwn.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
C:\Program Files\PKWARE\PKZIPM\9.00.0010\PKTray.exe
C:\Program Files\Spb Backup\SPBBackupSync.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = http=127.0.0.1:6711
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO -

{A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program

Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program

Files\STOPzilla!\SZSG.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} -

C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program

Files\STOPzilla!\SZSG.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -

C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler]

C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer

OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices

\Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF

Converter 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [\Weisskids2\EPSON Stylus CX3800 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P39

"\\Weisskids2\EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [\\WEISSKIDS2\EPSON Stylus CX3800 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P39

"\\WEISSKIDS2\EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program

Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program

Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program

Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program

Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common

Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common

Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program

Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot

Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT ACR] C:\Program Files\Common Files\Portrait

Displays\Shared\DT_startup.exe -ACR
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common

Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"

-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ

Software\ActivDriver\ActivControl2.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler]

C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME

2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft

ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master

2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] "C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: ListProAlarms.lnk = C:\Program Files\Ilium

Software\ListPro\ListProAlarms.exe
O4 - Global Startup: ListProAlarms.lnk = C:\Program Files\Ilium

Software\ListPro\ListProAlarms.exe
O4 - Global Startup: PKZIP Attachments Status.lnk = C:\Program

Files\PKWARE\PKZIPM\9.00.0010\PKTray.exe
O4 - Global Startup: SPB Backup Sync.lnk = C:\Program Files\Spb

Backup\SPBBackupSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program

Files\Google\Google

Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki

.html
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 -

res://C:\Program Files\ScanSoft\PDF Converter 3.0\IEShellExt.dll /100
O9 - Extra button: Create Mobile Favorite -

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtac

tivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner

3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5

Control) -

http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.

cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan

Agent 6.6) -

http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/acti

vex/hcImpl.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application

Object) -

http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEn

gineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s

ite.cab?1134874155827
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb

_site.cab?1193394449812
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} (GoToMeeting/GoToWebinar

Web Starter) - https://www2.gotomeeting.com/default/applets/g2mdlax.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner

3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -

http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) -

http://penncamera.lifepics.com/net/Uploader/LPUploader57.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program

Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. -

C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown

owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology

LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. -

C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program

Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program

Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -

C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait

Displays, Inc. - C:\Program Files\Common Files\Portrait

Displays\Drivers\pdisrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program

Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME

2\TomTomHOMEService.exe

--
End of file - 15625 bytes

Kevin · « **Reply #1 on:** July 29, 2010, 07:02:53 PM »

Please make sure that Word Wrap is turned OFF in Notepad before you post your HijackThis log next time. As you can see, the formatting it creates (see the log you posted) makes it harder for us to read it. To turn this off, go to Format and make sure Word Wrap is unchecked.

I don't see anything suspicious here except for one entry. Do you use some kind of proxy server to access the internet? The following proxy caught my attention:

http=127.0.0.1:6711

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

wisesilver · « **Reply #2 on:** August 01, 2010, 01:32:04 PM »

Thank you Grey Knight. Sorry about the word wrap - I guess I should know by now

.

1) I'm not sure if the proxy (http=127.0.0.1:6711) was intentional - Perhaps it relates to a medically related web site https://www1.gotomeeting.com/s/dti we have used. I would say let's remove it.

2) When we are all done with this clean up I would like your advice on anti-virus/anti-spy-ware products to use. AVG free is no longer available (your anti-spyware site may need to be updated). I am running the last version that was available but I do not think it is protecting me any more. So, my current regime is AVG Free. I also have, for occasional scans, Super Anti Spy Ware and MalwareBytes Anti-Malware. So, any suggestions on changes would be appreciated.

3) I had a message about AVG-Anti-Virus-Free real time scanner being active while running ComboFix, but I could not deactivate AVG. Do I need to worry about this?

4) Here is my ComboFix Log:
ComboFix 10-07-31.04 - COMPUTER 08/01/2010 12:55:29.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1405 [GMT -4:00]
Running from: c:\documents and settings\COMPUTER\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE
c:\windows\system32\4394140.dat
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-07-29 00:20 . 2010-07-29 00:20   63488   ----a-w-   c:\documents and settings\COMPUTER\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-29 00:20 . 2010-07-29 00:20   52224   ----a-w-   c:\documents and settings\COMPUTER\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-29 00:19 . 2010-07-29 00:19   117760   ----a-w-   c:\documents and settings\COMPUTER\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-29 00:19 . 2010-07-29 00:19   --------   d-----w-   c:\documents and settings\COMPUTER\Application Data\SUPERAntiSpyware.com
2010-07-28 22:44 . 2010-07-28 22:44   63488   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-22 04:45 . 2010-07-22 04:45   1615200   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-22 04:45 . 2010-07-22 04:45   1373536   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-22 04:45 . 2010-07-22 04:45   1107296   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-22 04:45 . 2010-07-22 04:45   4368224   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-15 17:26 . 2010-07-15 17:26   242896   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-15 17:26 . 2010-07-15 17:26   216200   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-15 17:25 . 2010-07-15 17:25   12536   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-07-15 17:24 . 2010-07-15 17:24   1690464   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-15 17:24 . 2010-07-15 17:24   1038688   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-15 17:24 . 2010-07-15 17:24   813336   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-15 17:24 . 2010-07-15 17:24   624920   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-14 17:35 . 2010-06-14 14:31   744448   -c----w-   c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 02:02 . 2010-07-12 02:02   28424   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-07-09 03:02 . 2010-07-09 03:02   --------   d-----w-   c:\documents and settings\COMPUTER\Application Data\Promethean
2010-07-09 02:57 . 2010-07-09 02:57   --------   d-----w-   c:\program files\Common Files\Activ Software
2010-07-09 02:57 . 2010-07-09 02:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\Promethean
2010-07-09 02:57 . 2010-08-01 16:16   63488   ----a-w-   c:\documents and settings\All Users\Application Data\Activ Software\ActivApplications\ActivFocusHook.dll
2010-07-09 02:56 . 2010-07-09 02:56   --------   d-----w-   c:\documents and settings\COMPUTER\Application Data\ACTIV Software
2010-07-09 02:56 . 2010-07-09 02:57   --------   d-----w-   c:\program files\Activ Software
2010-07-09 02:56 . 2010-07-09 02:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\Activ Software
2010-07-03 03:03 . 2010-07-03 03:03   --------   d-----w-   c:\program files\iPod
2010-07-03 03:03 . 2010-07-03 03:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-03 02:59 . 2010-07-03 02:59   --------   d-----w-   c:\program files\QuickTime
2010-07-03 02:55 . 2010-07-03 02:55   --------   d-----w-   c:\program files\Bonjour
2010-07-03 02:54 . 2010-07-03 02:54   72504   ----a-w-   c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-03 02:51 . 2010-07-03 02:51   71992   ----a-w-   c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 03:19 . 2009-12-26 20:12   0   ----a-w-   c:\documents and settings\COMPUTER\Local Settings\Application Data\prvlcl.dat
2010-07-29 00:19 . 2007-10-20 18:19   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-07-29 00:16 . 2009-03-11 02:12   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-07-28 22:44 . 2010-05-07 03:31   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-15 17:25 . 2009-03-09 01:49   243024   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-07-15 17:25 . 2009-01-21 03:52   216400   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-07-12 02:01 . 2009-01-21 03:52   29584   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-07-12 01:37 . 2009-11-11 19:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2010-07-03 13:31 . 2006-01-15 17:44   --------   d-----w-   c:\program files\Quicken
2010-07-03 03:04 . 2009-09-07 20:38   --------   d-----w-   c:\program files\iTunes
2010-07-03 03:03 . 2009-09-07 20:35   --------   d-----w-   c:\program files\Common Files\Apple
2010-07-03 02:53 . 2009-10-12 12:22   --------   d-----w-   c:\program files\Safari
2010-06-25 18:03 . 2002-03-23 22:16   78376   ----a-w-   c:\documents and settings\COMPUTER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-25 17:52 . 2010-06-25 17:52   --------   d-----w-   c:\documents and settings\COMPUTER\Application Data\Microsoft Web Folders
2010-06-23 13:24 . 2010-06-23 13:24   501936   ----a-w-   c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb1B.tmp.exe
2010-06-14 14:31 . 2002-03-23 21:37   744448   ------w-   c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-06 14:49 . 2010-06-06 14:49   --------   d-----w-   c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-05-18 20:35 . 2010-05-18 20:35   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-05-07 03:31 . 2010-05-07 03:31   52224   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-06 10:41 . 2001-08-23 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2008-04-13 20:58 . 2008-04-13 20:56   26694   ------w-   c:\program files\12247285-4023-8430-9530-928348073246.ico
2006-01-15 19:56 . 2006-01-15 19:56   89   ------w-   c:\program files\Common Files\appop.log
2009-01-21 03:44 . 2008-12-07 18:45   7764768   --sh--w-   c:\windows\system32\drivers\fidbox.dat
2009-01-21 03:44 . 2008-12-07 18:45   225056   --sh--w-   c:\windows\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25   2117704   ----a-w-   c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe" [2006-09-15 2048000]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-09 95800]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-24 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3c1807pd"="c:\windows\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-11-17 3022848]
"nwiz"="nwiz.exe" [2003-11-17 753664]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2001-09-10 86016]
"PDF3 Registry Controller"="c:\program files\ScanSoft\PDF Converter 3.0\\RegistryController.exe" [2005-04-12 106496]
"\Weisskids2\EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"\\WEISSKIDS2\EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-02-07 36864]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-02-07 40960]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-24 1325848]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2010-03-23 1088800]

c:\documents and settings\COMPUTER\Start Menu\Programs\Startup\
ListProAlarms.lnk - c:\program files\Ilium Software\ListPro\ListProAlarms.exe [2009-12-26 142200]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ListProAlarms.lnk - c:\program files\Ilium Software\ListPro\ListProAlarms.exe [2009-12-26 142200]
PKZIP Attachments Status.lnk - c:\program files\PKWARE\PKZIPM\9.00.0010\PKTray.exe [2009-1-10 169552]
SPB Backup Sync.lnk - c:\program files\Spb Backup\SPBBackupSync.exe [2008-8-19 610304]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 17:25   12536   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\U.S. Robotics\\ControlCenter\\ctrlcntr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2640:TCP"= 2640:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"1033:TCP"= 1033:TCP:Akamai NetSession Interface
"1038:TCP"= 1038:TCP:Akamai NetSession Interface

R0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [1/15/2006 3:53 PM 38784]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/20/2009 11:52 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/8/2009 9:49 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 1:25 PM 308136]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/30/2008 2:23 PM 161064]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [10/20/2009 9:39 PM 109168]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [1/15/2006 12:36 PM 23200]
R2 SBFSHOOK;SBFSHOOK;c:\windows\system32\drivers\sbfshook.sys [1/15/2006 3:56 PM 8320]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56 PM 431384]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 10:41 AM 92008]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [5/5/2009 4:25 PM 55936]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [10/5/2009 4:56 PM 6144]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 10:14 PM 135664]
S2 portD;CMS PortIO Service;c:\windows\system32\DRIVERS\portd2k.sys --> c:\windows\system32\DRIVERS\portd2k.sys [?]
S3 iviudf;iviudf;c:\windows\system32\drivers\IviUdf.sys [1/15/2006 3:53 PM 116224]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [8/28/2007 9:48 AM 65024]

--- Other Services/Drivers In Memory ---

*Deregistered* - udffsrec
.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 02:14]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 02:14]

2010-08-01 c:\windows\Tasks\User_Feed_Synchronization-{2D7F88AD-663C-43AA-AC8C-6D71D20ED591}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:6711
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open with Scansoft PDF Converter 3.0 - c:\program files\ScanSoft\PDF Converter 3.0\IEShellExt.dll /100
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://penncamera.lifepics.com/net/Uploader/LPUploader57.cab
FF - ProfilePath - c:\documents and settings\COMPUTER\Application Data\Mozilla\Firefox\Profiles\2m5oryds.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://msn.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\COMPUTER\Application Data\Mozilla\Firefox\Profiles\2m5oryds.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere __temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RegisterDropHandler - c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c00c\6&2d8444ee&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1140)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-08-01 13:09:04
ComboFix-quarantined-files.txt 2010-08-01 17:09
ComboFix2.txt 2009-03-08 16:32
ComboFix3.txt 2009-01-16 04:07

Pre-Run: 8,761,008,128 bytes free
Post-Run: 9,865,596,928 bytes free

- - End Of File - - 766B433ECDF04718BAF25AFB51F15F84

Kevin · « **Reply #3 on:** August 02, 2010, 09:22:51 PM »

You may fix that proxy address entry via HijackThis.

There's nothing suspicious in the ComboFix log. I would suggest checking to see if it could be a hardware related issue at this point.

1. Run the Windows Memory Diagnostic Tool to see if it could be a memory issue:
http://oca.microsoft.com/en/windiag.asp

2. Open up the computer and check to see if there are any leaking or bulging capacitors:
http://1.bp.blogspot.com/_Ak3fwBcCvh0/Sbi0j_eL3UI/AAAAAAAABIg/cDfu8YsjY2I/s1600-h/Blown+Caps_online2.jpg

Other than that, did you install anything (hardware or software) recently before this problem occurred?

wisesilver · « **Reply #4 on:** August 03, 2010, 11:45:10 PM »

Hi Gray Knight:

OK I had three of the six memory tests fail.

a) MATS+ succeeded
b) INVC succeeded
c) LRAND succeeded
d)Stride6 failed
e)WMATS+ failed
f)WINVC failed

1) Any comments? Could this be causing the rebooting? Can I tell if it is also the mother board or just the RAM?
I'll try re-seating and re-testing the RAM and look at the capacitors.

Meanwhile :
2) I removed the proxy (http=127.0.0.1:6711).

3) What should I run on my system? When we are all done with this clean up I would like your advice on anti-virus/anti-spy-ware products to use. AVG free is no longer available (your anti-spyware site may need to be updated). I am running the last version that was available but I do not think it is protecting me any more. So, my current regime is AVG Free. I also have, for occasional scans, Super Anti Spy Ware and MalwareBytes Anti-Malware. So, any suggestions on changes would be appreciated.

Thank you Gray knight.

wisesilver · « **Reply #5 on:** August 05, 2010, 11:16:37 PM »

Hi Grey Knight.
1) I reseated the Memory and retested. They still failed but only on the last test. I've contacted the manufacturer and am awaiting an RMA number to get replacement RAM
2) I looked at all capacitors and none were leaking or bulging
3) We did Install ActivManager for Promethean Boards (kind of a hi tech blackboard. It is to develop lesson plans at home and port them to school)

Questions from before:
1) Any comments on the memory tests? Could this be causing the rebooting? Can I tell if it is also the mother board or just the RAM?

Meanwhile :
2) I removed the proxy (http=127.0.0.1:6711).

3) What should I run on my system? When we are all done with this clean up I would like your advice on anti-virus/anti-spy-ware products to use. AVG free is no longer available (your anti-spyware site may need to be updated). I am running the last version that was available but I do not think it is protecting me any more. So, my current regime is AVG Free. I also have, for occasional scans, Super Anti Spy Ware and MalwareBytes Anti-Malware. So, any suggestions on changes would be appreciated.

Thank you Gray knight.

Kevin · « **Reply #6 on:** August 07, 2010, 01:51:26 PM »

How many sticks of RAM do you have on that computer? If more than one, remove all of them and use them one at a time to see if the errors show up. One way to test out if it's the memory slot/bank itself is to try testing each stick of RAM on each of the empty slots also. A more tedious way to do this is to test out each stick of RAM by using it and see if your computer reboots.

Unless your motherboard came with its own diagnostic software, you will need to run third party tools to test out the motherboard. I'm not aware of any that will show you problems, but one that I use to stress test my computer's hardware is called BurnInTest.

I checked the Anti-Spyware Tutorial and don't see a problem with the AVG link. It is outdated but brings you to the current AVG main webpage where you can get AVG Free Edition. I have recommended using AVG for years now and still continue to do so. I use it along with other security measures which you can read at:

http://www.greyknight17.com/spyware.php#prevent

wisesilver · « **Reply #7 on:** August 15, 2010, 02:41:58 PM »

I've been running with two sticks of RAM (1 GIG each). While waiting for the RMA of the defective RAM I ordered two more sticks from Tiger Direct. They test clean without memory errors. The machine runs fine with out rebooting now. The only problem is that in order to boot it up most of the time I need to press the reset button

instead of the power button. The new RAM is 1 GIG PNY DDR PC2700 333MHz/266MGHz and the previous was 1 GIG ULTRA at just 333MHz. I also have two sticks of 256 meg RAM (333MHz) and am running with all four giving me a grand total of 2.5 Gigs. When I get the ULTRA RAM returned I plan to run with all 4 with 4 Gigs of RAM. -- Any thoughts on the need to press the reset button to start?

I checked the Anti-Spyware Tutorial and now I see the link for AVG free

. Maybe it was me

, I just didn't see it before.

Kevin · « **Reply #8 on:** August 23, 2010, 07:26:05 PM »

Just FYI on the 4GB of RAM. Windows XP 32-bit will only be able to about 3.5GB (approximate as I have seen some stations that can recognize like 3.75GB I think) of the 4GB.

The problem with the reset button being used first before you can power on the computer may be a bit tricky. Try reseating all the cables from the front of the computer case (where the power and reset buttons are) an make sure they are plugged into the correct pins on the motherboard. Careful when removing the cables since it can be a problem unless you have a good pair of eyes to read the small etching on the motherboard for power (PWR usually) and reset (RST usually).

If the motherboard looks ok overall, the next thing I would suggest looking into is the power supply. See if you can borrow another power supply (instead of buying one) and test it out to see if it powers on directly without pressing the reset button first.

wisesilver · « **Reply #9 on:** August 25, 2010, 07:30:45 AM »

Hi Gray Knight - how was your vacation?

The RMAed Ulta RAM came back and I put it in by itself. The PC boots up fine pressing only the power button (without pressing the reset button). Also, when I put in the two 256 Meg RAM sticks by themselves it also boots up fine pressing only the power button (without pressing the reset button). Tiger Direct is graciously letting me return the PNY.

The computer is stable and does not reboot on me - RAM was he problem!

So, considering that i experience no need to press the reset button, with the Ultra RAM, do you think I need to "play" with the cables as you've suggested?

Thank you.

Kevin · « **Reply #10 on:** August 25, 2010, 06:38:24 PM »

Vacation was great. Had a good time

That is a very strange problem. Don't know how the RAM played a role with this reset power issue. Since it seems to be ok now, I don't suggest fiddling around with the cables.

KRC Forum

News:

Author Topic: PC rebooting often - need spyware/virus check (Read 159 times)

wisesilver

PC rebooting often - need spyware/virus check

Kevin

Re: PC rebooting often - need spyware/virus check

wisesilver

Re: PC rebooting often - need spyware/virus check

Kevin

Re: PC rebooting often - need spyware/virus check

wisesilver

Re: PC rebooting often - need spyware/virus check

wisesilver

Re: PC rebooting often - need spyware/virus check

Kevin

Re: PC rebooting often - need spyware/virus check

wisesilver

Re: PC rebooting often - need spyware/virus check

Kevin

Re: PC rebooting often - need spyware/virus check

wisesilver

Re: PC rebooting often - need spyware/virus check

Kevin

Re: PC rebooting often - need spyware/virus check