Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help - virus redirects and popups


  • This topic is locked This topic is locked
17 replies to this topic

#1 mttporter

mttporter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 07 May 2010 - 05:36 PM

My lenovo R60 picked up a virus, and after my tech friend helped me get rid of it - comp was locked up. He ran malwarebytes 3 times - machine ran ok when he tested it, then the next day i get popups and when I click on links I get redirected to unrelated pages.
running windows xp pro, I have run ad-aware and malwarebytes several times. Adaware finds and deletes stuff every time - malwarebytes finds nothing
Any help would be greatly appreciated
Thanks
Matt

Edit: Moved topic from Web Browsing/Email and Other Internet Applications to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:18 PM

Posted 07 May 2010 - 07:20 PM

Hello and welcome.. Let's run these and review the logs.
Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mttporter

mttporter
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 08 May 2010 - 08:57 AM

Thanks fro your help - I followed your directions, but the problem still persists.
Below are the reults of the SAS scan and Malware bytes scan

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/08/2010 at 08:16 AM

Application Version : 4.37.1000

Core Rules Database Version : 4905
Trace Rules Database Version: 2717

Scan type : Complete Scan
Total Scan Time : 01:01:47

Memory items scanned : 249
Memory threats detected : 0
Registry items scanned : 5889
Registry threats detected : 2
File items scanned : 73715
File threats detected : 16

Adware.ShopAtHomeSelect
HKU\S-1-5-21-1747895464-1615603243-2991599925-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}

Adware.HBHelper
HKU\S-1-5-20_Classes\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Adware.Tracking Cookie
C:\Documents and Settings\NetworkService\Cookies\system@ad.candystand[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adcloudmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adx.bidsystem[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@microsoftsto.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@smartadserver[2].txt


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4077

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/8/2010 8:50:40 AM
mbam-log-2010-05-08 (08-50-40).txt

Scan type: Quick scan
Objects scanned: 131119
Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:18 PM

Posted 08 May 2010 - 09:55 AM

Hello, OK we'll run an online scan and check for rootkits now then.

ESET
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.


GMER
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mttporter

mttporter
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 08 May 2010 - 04:28 PM

I ran eset twice– first time found no threats, second time found 4 threats
Copied and pasted and Tried to run C:\Program Files\EsetOnlineScanner\log.txt
Received error message: “windows cannot find ‘c:/ program’ make sure you typed the name correctly and try again. To search for a file , click the start button and then click search”
Tried to run gmer twice – both times, computer went to blue screen with a page long message saying something like “windows has to close, if this is the first time you have seen this screen….

Note, I was unable to figure out how to disable super spyware, adaware, avg

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:18 PM

Posted 08 May 2010 - 10:45 PM

Hello, I want to use another online as I had another PC with this ESET issue and I want to be sure it's the scanner.

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 mttporter

mttporter
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 10 May 2010 - 12:25 PM

I clicked on the link for f secure. I don't know if it is running, not - nothing has happened for over an hour - just shows a
"spinning wheel". My machine usually runs pretty fast.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:18 PM

Posted 10 May 2010 - 12:33 PM

No that's not right. Are you running it from Internet explorer. Restart it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 mttporter

mttporter
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 10 May 2010 - 01:47 PM

BELOW IS A COPY OF THE PAGE YOU LINKED ME TO I clicked on accept agreement, then clicked start. Internet explorer is the only browser on my machine

1.Skip to navigation
2.Skip to content
3.Skip to secondary-content

--------------------------------------------------------------------------------
F-Secure
ToolsChoose Location: AustraliaBelgium - DutchBelgium - FrenchBrazilDenmarkEstoniaFinlandFranceGermanyGlobalGreeceHong KongIndiaItalyJapanMalaysiaNetherlandsNew ZealandPolandRussiaSloveniaSwedenUKUSA .Search Go .
--------------------------------------------------------------------------------
NavigationHomeProducts & StorePartnersSupportDownloadsSecurityAbout Us .
--------------------------------------------------------------------------------
SubnavigationSecurity CenterSecurity LabWorld Map.
--------------------------------------------------------------------------------
Security Lab
Latest ThreatsSubmit SamplesTools & ServicesLearn MoreWhere You AreHomeSecuritySecurity LabTools & ServicesOnline Scanner
.
Digg Delicious Email Facebook Favorites Google Myspace StumbleUpon Twitter Online ScannerBlackLight | Online Scanner | Removal Tools | Rescue CD | Definition Databases

Find viruses and spyware with our free Online Scanner
Online Scanner can help get rid of viruses and spyware causing problems on your PC. After running Online Scanner, you should make sure that you have an up-to-date security solution keeping your computer free of problems in the future.

Run F-Secure Online Scanner now: Choose language: EnglishČeštinaDanskDeutschελληνικάEspañolEspañol (México)EestiSuomiFrançaisFrançais (Canada)MagyarItaliano日本語NederlandsNorskPolskiPortuguês (Brazil)PortuguêsRomânăРусскийSlovenščinaSvenskaTürkçe中文(中国)中文繁體(香港)中文繁體(臺灣)

--------------------------------------------------------------------------------
Accept the license terms and then click the Run Check button below. You may first see a Java popup, which you should allow.

I have read and accepted the license terms
FAQSystem Requirements



JavaScript needs to be enabled, and you need to have at least Version 6 Update 10 of Java Runtime Environment installed.
Note: If JavaScript was disabled for security reasons, please remember to restore your original settings after scanning.
.© 2010 F-Secure Corporation Protecting the irreplaceable
Contact UsAntivirusRSS FeedsProductsLegal Terms and PrivacySitemapAffiliate.

#10 mttporter

mttporter
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 10 May 2010 - 01:53 PM

I have tried the link several times with the same result

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:18 PM

Posted 10 May 2010 - 02:08 PM

Ok sorry here's a new link.
http://www.f-secure.com/en_EMEA/security/t...online-scanner/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 mttporter

mttporter
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 10 May 2010 - 02:19 PM

that looks like the same page that did not work for me - I'll try it though

#13 mttporter

mttporter
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 10 May 2010 - 02:21 PM

also your link above for instructions did not include any instructions- it is a link to the same page

i tried the link again, and got the same result again

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:18 PM

Posted 10 May 2010 - 02:31 PM

Perhaps your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


If still no joy we'll need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 mttporter

mttporter
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 10 May 2010 - 07:19 PM

Same problem still exists.
I followed your directions...dleted all java, then installed per link provided

ran dds see file below - not sure if I should have posted it here, but I don't know what it means to "ZIP IT UP" as per instructions.
also confused about starting new topic????should I abandon this thread, and start again???????


DDS (Ver_10-03-17.01) - NTFSx86
Run by matt porter at 19:11:36.20 on Mon 05/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.392 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\matt porter\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.jackpotfishing.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [suScheduler] c:\program files\thinkvantage\systemupdate\UCLauncher.exe /SCHEDULER
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [cssauth] "c:\program files\ibm thinkvantage\client security solution\cssauth.exe" silent
mRun: [PDService.exe] "c:\program files\ibm thinkvantage\safeguard privatedisk\pdservice.exe"
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [1ClickSpamShield] c:\program files\secure pc solutions\1clickspamshield\1ClickSpamShield.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DXDllRegExe] dxdllreg.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - hxxp://merillat.view22.com/release_3_9_177/View22RTEv4.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: ACNotify - ACNotify.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli csspwntfy

============= SERVICES / DRIVERS ===============

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [2005-12-21 6912]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-5 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-7 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-7 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-7 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-7 308064]
R2 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-11-15 46142]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-7 430152]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1285864]

=============== Created Last 30 ================

2010-05-11 00:06:43 0 ----a-w- c:\documents and settings\matt porter\defogger_reenable
2010-05-10 23:52:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-10 23:52:15 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-08 15:15:46 0 d-----w- c:\program files\ESET
2010-05-08 03:32:30 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-05-08 03:32:05 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-08 03:32:05 0 d-----w- c:\docume~1\mattpo~1\applic~1\SUPERAntiSpyware.com
2010-05-08 03:31:17 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-07 23:14:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-07 23:14:08 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-07 23:14:02 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-07 23:13:49 0 d-----w- c:\windows\system32\drivers\Avg
2010-05-07 23:13:46 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-05-07 23:10:13 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-05-06 03:49:22 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-06 02:58:16 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-06 02:58:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-05 00:00:19 0 d-----w- c:\docume~1\mattpo~1\applic~1\Malwarebytes
2010-05-04 23:25:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-04 23:25:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-04 23:25:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-04 23:25:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-28 03:33:36 34468 ------w- c:\windows\hpomdl03.dat
2010-04-28 03:33:36 29235 ----a-w- c:\windows\hpoins03.dat
2010-04-28 03:27:42 0 d-----w- c:\windows\system32\NtmsData
2010-04-28 03:27:31 278528 ----a-w- c:\windows\system32\hpdjaio
2010-04-28 03:20:47 34468 ------w- c:\windows\hpomdl03.dat.temp
2010-04-28 03:20:47 28948 ------w- c:\windows\hpoins03.dat.temp
2010-04-27 14:37:13 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-25 23:41:39 0 d-----w- C:\Raymarine

==================== Find3M ====================

2010-05-09 09:55:47 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 16:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 14:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-16 04:50:23 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2007-03-27 01:54:10 88 --sh--r- c:\windows\system32\E195A9C9FD.sys
2007-03-27 01:54:10 2828 --sh--w- c:\windows\system32\KGyGaAvL.sys
2008-08-29 19:16:09 32768 -csh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082920080830\index.dat

============= FINISH: 19:12:49.84 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/25/2006 2:48:08 AM
System Uptime: 5/10/2010 6:55:32 PM (1 hours ago)

Motherboard: LENOVO | | 94566BU
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | None | 1662/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 51 GiB total, 24.425 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP584: 2/28/2010 3:00:17 AM - Software Distribution Service 3.0
RP585: 3/1/2010 3:38:13 AM - System Checkpoint
RP586: 3/2/2010 3:38:18 AM - System Checkpoint
RP587: 3/3/2010 4:38:21 AM - System Checkpoint
RP588: 3/4/2010 5:38:18 AM - System Checkpoint
RP589: 3/5/2010 6:38:17 AM - System Checkpoint
RP590: 3/6/2010 7:38:18 AM - System Checkpoint
RP591: 3/7/2010 7:49:55 AM - System Checkpoint
RP592: 3/7/2010 3:28:05 PM - Removed Apple Application Support
RP593: 3/7/2010 3:28:59 PM - Removed Apple Software Update
RP594: 3/8/2010 3:31:39 PM - System Checkpoint
RP595: 3/9/2010 4:31:39 PM - System Checkpoint
RP596: 3/10/2010 4:45:32 PM - System Checkpoint
RP597: 3/11/2010 7:24:10 PM - System Checkpoint
RP598: 3/12/2010 8:22:53 PM - System Checkpoint
RP599: 3/13/2010 10:22:05 PM - System Checkpoint
RP600: 3/14/2010 4:00:15 AM - Software Distribution Service 3.0
RP601: 3/15/2010 4:08:05 AM - System Checkpoint
RP602: 3/16/2010 5:08:05 AM - System Checkpoint
RP603: 3/17/2010 6:09:09 AM - System Checkpoint
RP604: 3/18/2010 6:25:20 AM - System Checkpoint
RP605: 3/19/2010 8:04:35 AM - System Checkpoint
RP606: 3/20/2010 8:12:31 AM - System Checkpoint
RP607: 3/21/2010 3:01:50 AM - Software Distribution Service 3.0
RP608: 3/22/2010 3:33:00 AM - System Checkpoint
RP609: 3/23/2010 4:33:01 AM - System Checkpoint
RP610: 3/24/2010 5:32:59 AM - System Checkpoint
RP611: 3/25/2010 5:52:01 AM - System Checkpoint
RP612: 3/26/2010 5:54:22 AM - System Checkpoint
RP613: 3/27/2010 6:00:40 AM - System Checkpoint
RP614: 3/27/2010 12:05:55 PM - Software Distribution Service 3.0
RP615: 3/27/2010 9:46:55 PM - Removed Microsoft Silverlight
RP616: 3/27/2010 9:48:16 PM - Removed System Migration Assistant
RP617: 3/27/2010 9:50:02 PM - Removed EasyEject Utility
RP618: 3/27/2010 9:51:43 PM - Removed Access Help
RP619: 3/27/2010 9:53:37 PM - Removed Security Update for CAPICOM (KB931906)
RP620: 3/27/2010 9:55:06 PM - Removed Microsoft .NET Framework 1.1
RP621: 3/28/2010 11:26:42 PM - System Checkpoint
RP622: 3/29/2010 9:31:07 AM - Installed Windows Internet Explorer 8.
RP623: 3/29/2010 9:32:03 AM - Software Distribution Service 3.0
RP624: 3/29/2010 2:10:51 PM - Restore Operation
RP625: 3/29/2010 2:15:55 PM - Restore Operation
RP626: 3/29/2010 2:18:53 PM - Restore Operation
RP627: 3/30/2010 7:04:58 PM - System Checkpoint
RP628: 3/31/2010 7:34:35 PM - System Checkpoint
RP629: 4/1/2010 9:53:03 PM - System Checkpoint
RP630: 4/2/2010 11:18:05 PM - System Checkpoint
RP631: 4/3/2010 11:51:35 PM - System Checkpoint
RP632: 4/4/2010 3:00:17 AM - Software Distribution Service 3.0
RP633: 4/5/2010 3:23:21 AM - System Checkpoint
RP634: 4/6/2010 3:35:24 AM - System Checkpoint
RP635: 4/7/2010 3:56:53 AM - System Checkpoint
RP636: 4/8/2010 4:56:52 AM - System Checkpoint
RP637: 4/9/2010 3:07:03 PM - System Checkpoint
RP638: 4/10/2010 3:26:53 PM - System Checkpoint
RP639: 4/11/2010 5:08:29 PM - System Checkpoint
RP640: 4/12/2010 5:12:35 PM - System Checkpoint
RP641: 4/13/2010 5:50:27 PM - System Checkpoint
RP642: 4/14/2010 6:50:24 PM - System Checkpoint
RP643: 4/15/2010 7:36:35 PM - System Checkpoint
RP644: 4/16/2010 7:43:18 PM - System Checkpoint
RP645: 4/18/2010 12:44:05 AM - System Checkpoint
RP646: 4/18/2010 3:00:28 AM - Software Distribution Service 3.0
RP647: 4/19/2010 3:26:13 AM - System Checkpoint
RP648: 4/20/2010 9:40:23 AM - System Checkpoint
RP649: 4/21/2010 9:49:31 AM - System Checkpoint
RP650: 4/22/2010 10:34:43 AM - System Checkpoint
RP651: 4/23/2010 11:34:45 AM - System Checkpoint
RP652: 4/24/2010 11:51:26 AM - System Checkpoint
RP653: 4/25/2010 3:00:31 AM - Software Distribution Service 3.0
RP654: 4/26/2010 3:33:53 AM - System Checkpoint
RP655: 4/27/2010 9:45:25 AM - Software Distribution Service 3.0
RP656: 4/27/2010 9:49:22 AM - Software Distribution Service 3.0
RP657: 4/27/2010 10:46:41 PM - Installed 1300
RP658: 4/27/2010 10:47:02 PM - Installed 1300Tour
RP659: 4/27/2010 10:47:18 PM - Installed 1300_Help
RP660: 4/27/2010 10:47:24 PM - Installed 1300Trb
RP661: 4/28/2010 3:00:33 AM - Software Distribution Service 3.0
RP662: 4/29/2010 3:00:20 AM - Software Distribution Service 3.0
RP663: 5/3/2010 11:41:18 AM - System Checkpoint
RP664: 5/4/2010 12:01:34 PM - System Checkpoint
RP665: 5/5/2010 12:40:08 PM - System Checkpoint
RP666: 5/5/2010 5:42:50 PM - Removed QuickTime
RP667: 5/7/2010 5:40:26 PM - Removed Ad-Aware Email Scanner for Outlook
RP668: 5/7/2010 6:10:12 PM - Installed AVG Free 9.0
RP669: 5/7/2010 10:32:04 PM - Installed SUPERAntiSpyware Free Edition
RP670: 5/9/2010 1:57:46 PM - System Checkpoint
RP671: 5/10/2010 5:12:03 PM - System Checkpoint
RP672: 5/10/2010 6:41:40 PM - Removed Java™ 6 Update 17
RP673: 5/10/2010 6:42:25 PM - Removed Java™ 6 Update 5
RP674: 5/10/2010 6:43:38 PM - Removed Java™ 6 Update 7
RP675: 5/10/2010 6:51:53 PM - Installed Java™ 6 Update 20

==== Installed Programs ======================

1300
1300_Help
1300Tour
1300Trb
Acrobat.com
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.3
AiO_Scan
AIOMinimal
AiOSoftware
AVG Free 9.0
Compatibility Pack for the 2007 Office system
Copy
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
Defraggler
Director
Diskeeper Lite
DocProc
ESET Online Scanner v3
Fax
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
hpmdtab
HPSystemDiagnostics
InstantShare
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
Java Auto Updater
Java™ 6 Update 20
Malwarebytes' Anti-Malware
mCore
mDriver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mMHouse
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
Overland
PhotoGallery
PrintScreen
Productivity Center Supplement for ThinkPad
QFolder
QuickBooks Pro 2006
QuickProjects
Readme
Rescue and Recovery - Client Security Solution
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SkinsHP1
SkinsHP2
SUPERAntiSpyware Free Edition
ThinkPad Configuration
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad Presentation Director
ThinkPad UltraNav Driver
ThinkPad UltraNav Wizard
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Away Manager
ThinkVantage Productivity Center
ThinkVantage System Update
ThinkVantage Technologies Welcome Message
TrayApp
Unload
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wallpapers
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XP Themes
Yahoo! Internet Mail

==== Event Viewer Messages From Past Week ========

5/9/2010 4:55:40 AM, error: Dhcp [1002] - The IP address lease 192.168.1.121 for the Network Card with network address 0018DE19B307 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/8/2010 8:23:52 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC AvgLdx86 AvgMfx86 Fips IBMTPCHK intelppm SASDIFSV SASKUTIL ShockMgr Smapint TDSMAPI TPHKDRV TPPWRIF TSMAPIP
5/8/2010 8:23:37 AM, error: Dhcp [1002] - The IP address lease 192.168.1.116 for the Network Card with network address 0018DE19B307 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/8/2010 7:00:18 AM, error: Dhcp [1002] - The IP address lease 192.168.1.115 for the Network Card with network address 0018DE19B307 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/8/2010 6:50:28 PM, error: Print [19] - Sharing printer failed + 1722, Printer QuickBooks PDF Converter share name Printer.
5/8/2010 6:50:19 PM, error: Dhcp [1002] - The IP address lease 192.168.1.120 for the Network Card with network address 0018DE19B307 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/8/2010 6:44:14 PM, error: Dhcp [1002] - The IP address lease 192.168.1.119 for the Network Card with network address 0018DE19B307 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/8/2010 4:20:32 PM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 f734c196, parameter3 f7a34c20, parameter4 f7a3491c.
5/8/2010 4:18:51 PM, error: Dhcp [1002] - The IP address lease 192.168.1.118 for the Network Card with network address 0018DE19B307 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/8/2010 4:10:53 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f734c196, parameter3 a09bb9fc, parameter4 00000000.
5/8/2010 4:09:11 PM, error: Dhcp [1002] - The IP address lease 192.168.1.117 for the Network Card with network address 0018DE19B307 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/7/2010 8:38:52 PM, error: Dhcp [1002] - The IP address lease 192.168.1.113 for the Network Card with network address 0018DE19B307 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/7/2010 5:41:05 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
5/7/2010 10:48:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/7/2010 10:48:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/7/2010 10:46:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ANC AvgLdx86 AvgMfx86 AvgTdiX Fips IBMTPCHK intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ShockMgr Smapint Tcpip TDSMAPI TPHKDRV TPPWRIF TSMAPIP
5/7/2010 10:46:46 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2010 10:46:46 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2010 10:46:46 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2010 10:46:46 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/6/2010 9:25:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/6/2010 9:19:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 ANC aswSP Fips IBMTPCHK intelppm ShockMgr Smapint TDSMAPI TPHKDRV TPPWRIF TSMAPIP
5/6/2010 9:19:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
5/6/2010 8:18:16 PM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
5/6/2010 10:52:57 AM, error: Dhcp [1002] - The IP address lease 192.168.1.111 for the Network Card with network address 0018DE19B307 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/5/2010 9:11:39 PM, error: Dhcp [1002] - The IP address lease 192.168.1.108 for the Network Card with network address 0018DE19B307 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/5/2010 10:52:56 PM, error: Dhcp [1002] - The IP address lease 192.168.1.110 for the Network Card with network address 0018DE19B307 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/4/2010 7:04:52 PM, error: Dhcp [1002] - The IP address lease 192.168.1.107 for the Network Card with network address 0018DE19B307 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/4/2010 6:45:28 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/4/2010 1:35:26 PM, error: Dhcp [1002] - The IP address lease 192.168.1.106 for the Network Card with network address 0018DE19B307 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/4/2010 1:32:05 PM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 0018DE19B307 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/10/2010 4:40:41 PM, error: Dhcp [1002] - The IP address lease 192.168.1.122 for the Network Card with network address 0018DE19B307 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users