Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Folder options or Ctrl+Alt+Del: think I'm infected!


  • This topic is locked This topic is locked
12 replies to this topic

#1 lonestranger

lonestranger

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 10 May 2010 - 07:40 PM

Hi and thanks for your help.

I have a lenovo laptop running win xp. I noticed I have no "Folder Options" under the Tools menu, plus when I try Ctrl+Alt+Del I get the message, "Task Manager has been disabled by your administrator". Same with regedit.

I thought I'd fixed this with someone's help here, but I am re-infected (if I ever came clean).

I got as far through the Preparation Guide as I could, but when I try to run gmer, I crash. So I stopped there.

Let me know if there's more I can tell you.

Whoa, sorry I didn't respond very quickly. For some reason I didn't get an email.

Here is DDS.txt:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Eric at 19:15:18.92 on Mon 05/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.177 [GMT -5:00]

AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\WINDOWS\system32\Msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Eric\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.lenovo.com/welcome/thinkpad
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [SYS1] c:\windows\system32\system.exe
mRun: [SYS2] c:\windows\system32\bad1.exe
mRun: [SYS3] c:\windows\system32\bad2.exe
mRun: [SYS4] c:\windows\system32\bad3.exe
mRun: [Msmsgs] c:\windows\system32\Msmsgs.exe
StartupFolder: c:\docume~1\eric\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-explorer: NoFind = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - psqlpwd.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
LSA: Notification Packages = psqlpwd scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\kvlg85hm.default\
FF - prefs.js: browser.search.selectedEngine - Scroogle
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-24 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-21 207792]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-4-21 233136]
R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2010-4-21 21904]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1285864]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-4-21 88040]
R2 PCTAVSvc;PC Tools AntiVirus Engine;c:\program files\pc tools antivirus\PCTAVSvc.exe [2010-4-21 933720]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2010-4-21 818432]
R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]
R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2010-4-21 28560]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-4-21 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2010-4-21 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-4-21 115216]

=============== Created Last 30 ================

2010-05-09 12:20:08 272800 --sha-r- c:\windows\system32\msmsgs.exe
2010-05-09 12:20:07 131 --sha-r- c:\windows\autorun.inf
2010-05-07 01:46:04 0 d-sh--w- c:\documents and settings\eric\UserData
2010-05-04 14:02:36 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-04 14:02:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-03 14:18:07 0 d-----w- c:\program files\Ask.com
2010-05-03 14:17:39 0 d-----w- c:\program files\Foxit Software
2010-05-02 16:03:38 0 d-sha-w- C:\autorun.inf
2010-05-02 02:10:44 0 d-----w- c:\docume~1\alluse~1\applic~1\PCDr
2010-05-02 02:09:11 0 d-----w- c:\program files\PC-Doctor
2010-05-01 22:26:42 0 d-sh--w- c:\documents and settings\eric\PrivacIE
2010-05-01 22:13:16 0 d-sh--w- c:\documents and settings\eric\IETldCache
2010-05-01 21:09:37 0 d-----w- c:\windows\ie8updates
2010-05-01 21:07:26 0 dc-h--w- c:\windows\ie8
2010-05-01 21:04:30 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-01 21:04:30 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-01 21:04:29 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-01 21:04:29 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-05-01 21:04:29 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-05-01 21:03:42 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-05-01 17:08:05 0 d-----w- C:\_OTL
2010-04-30 21:42:26 0 d-----w- c:\program files\ESET
2010-04-30 18:10:07 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2010-04-30 18:10:07 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-04-28 23:05:45 0 d-----w- c:\docume~1\eric\applic~1\OpenOffice.org
2010-04-27 15:27:42 44 ----a-w- c:\windows\SMWizard.INI
2010-04-27 00:48:47 0 d-----w- c:\docume~1\eric\applic~1\Malwarebytes
2010-04-27 00:48:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 00:48:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-27 00:48:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 00:48:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-25 19:27:06 0 ----a-w- c:\documents and settings\eric\defogger_reenable
2010-04-25 18:21:42 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-04-25 18:21:41 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-04-25 18:21:41 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-04-25 18:21:40 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-04-25 02:34:27 0 d-sha-r- C:\cmdcons
2010-04-24 23:30:42 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-24 20:54:18 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-24 20:54:04 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-24 19:58:11 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-24 19:57:25 0 d-----w- c:\program files\Lavasoft
2010-04-24 15:10:33 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2010-04-23 19:15:30 0 d-----w- c:\windows\system32\scripting
2010-04-23 19:15:29 0 d-----w- c:\windows\l2schemas
2010-04-23 19:15:28 0 d-----w- c:\windows\system32\en
2010-04-23 19:15:28 0 d-----w- c:\windows\system32\bits
2010-04-23 19:10:30 0 d-----w- c:\windows\network diagnostic
2010-04-23 19:07:59 86528 ----a-w- c:\windows\system32\wbem\stdprov.dll
2010-04-23 19:02:32 622 --sha-r- c:\documents and settings\eric\ntuser.pol
2010-04-23 18:43:34 0 d--h--w- c:\windows\system32\GroupPolicy
2010-04-23 18:24:10 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-04-23 14:55:06 0 d-----w- c:\windows\system32\XPSViewer
2010-04-23 14:54:21 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-23 14:54:21 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-23 14:54:20 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-23 14:54:20 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-23 14:54:20 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-23 14:54:20 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-23 14:54:20 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-23 14:54:19 0 d-----w- C:\d4d2f68c11fbd98146b4e056b0
2010-04-23 14:50:08 0 d-----w- c:\program files\MSXML 6.0
2010-04-23 03:45:53 0 d-----w- c:\program files\JRE
2010-04-23 03:45:40 0 d-----w- c:\program files\OpenOffice.org 3
2010-04-22 14:43:17 0 d-----w- c:\windows\ServicePackFiles
2010-04-22 14:42:14 0 d-----w- c:\program files\MSXML 4.0
2010-04-22 14:31:52 0 d-----w- c:\docume~1\eric\applic~1\Downloaded Installations
2010-04-22 14:29:53 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2010-04-22 14:08:13 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-04-22 13:38:48 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-04-22 13:36:49 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-22 13:36:39 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-04-22 13:30:59 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-22 13:28:23 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-04-22 13:24:06 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2010-04-22 13:23:25 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-04-22 13:23:18 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-04-22 13:23:10 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-04-22 13:22:31 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-04-22 13:18:16 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-04-22 13:18:03 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-04-22 13:17:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-04-22 13:17:24 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-22 13:17:24 1206508 ------w- c:\windows\system32\dllcache\sysmain.sdb
2010-04-22 13:17:23 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-04-22 13:09:18 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-04-22 13:09:13 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-04-22 03:42:17 0 d-----w- c:\windows\system32\PreInstall
2010-04-21 23:47:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-21 23:47:37 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-21 22:15:44 0 d-----w- c:\docume~1\eric\applic~1\PC Tools
2010-04-21 21:59:32 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2010-04-21 21:59:32 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2010-04-21 21:59:31 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2010-04-21 21:59:21 0 d-----w- c:\program files\PC Tools AntiVirus
2010-04-21 21:59:21 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-04-21 21:55:29 0 d-----w- c:\windows\system32\LogFiles
2010-04-21 19:41:12 0 d-----w- c:\program files\common files\PC Tools
2010-04-21 19:41:08 0 d-----w- c:\program files\PC Tools Firewall Plus
2010-04-21 19:31:14 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-04-21 19:30:33 0 d-----w- c:\docume~1\eric\applic~1\Intel
2010-04-21 19:22:53 0 d-----w- c:\windows\pss
2010-04-21 19:21:11 0 d-----w- c:\docume~1\eric\applic~1\ThinkVantage
2010-04-21 19:21:11 0 d-----w- c:\docume~1\eric\applic~1\Symantec
2010-04-21 19:21:11 0 d-----w- c:\docume~1\eric\applic~1\Lenovo
2010-04-21 19:04:25 61 ----a-w- c:\windows\smscfg.ini
2010-04-21 19:04:08 115880 ----a-w- c:\windows\system32\pxinsi64.exe
2010-04-21 19:04:08 114856 ----a-w- c:\windows\system32\pxcpyi64.exe
2010-04-21 19:01:48 0 d-----w- c:\docume~1\eric\applic~1\PCToolsFirewallPlus
2010-04-21 18:59:26 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-04-21 18:59:26 5427 ----a-w- c:\windows\EGATHDRV.TMP
2010-04-21 18:59:19 0 d-----w- c:\program files\SMI2
2010-04-21 18:59:16 0 d-----w- c:\program files\TVT SMBus
2010-04-21 18:59:11 0 d-----w- C:\SWSHARE
2010-04-21 18:59:07 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2010-04-21 18:59:07 23552 ----a-w- c:\windows\system32\drivers\psasrv.exe
2010-04-21 18:58:42 0 d-----w- c:\program files\Picasa2
2010-04-21 18:58:34 577536 ----a-w- c:\windows\system32\tvt_gina.dll
2010-04-21 18:58:34 282624 ----a-w- c:\windows\system32\tvt_gina_api.dll
2010-04-21 18:58:33 6016 ----a-w- c:\windows\system32\drivers\IBMBLDID.sys
2010-04-21 18:58:33 11520 ----a-w- c:\windows\system32\drivers\ANC.sys
2010-04-21 18:58:32 0 ----a-w- c:\windows\system32\AccConnAdvanced.html
2010-04-21 18:58:17 0 d-----w- c:\program files\Diskeeper Corporation
2010-04-21 18:58:09 0 d-----w- c:\windows\Downloaded Installations
2010-04-21 18:57:50 5292056 ----a-w- c:\windows\1680_1050 Think Americas Map.bmp
2010-04-21 18:57:50 1920056 ----a-w- c:\windows\800_600 Think Americas Map.bmp
2010-04-21 18:57:50 114688 ----a-w- c:\windows\desktopset.exe
2010-04-21 18:57:48 7680056 ----a-w- c:\windows\1600_1200 Think Americas Map.bmp
2010-04-21 18:57:48 5880056 ----a-w- c:\windows\1400_1050 Think Americas Map.bmp
2010-04-21 18:57:47 5242936 ----a-w- c:\windows\1280_1024 Think Americas Map.bmp
2010-04-21 18:57:47 3145784 ----a-w- c:\windows\1024_768 Think Americas Map.bmp
2010-04-21 18:57:47 3072056 ----a-w- c:\windows\1280_800 Think Americas Map.bmp
2010-04-21 18:57:47 2949176 ----a-w- c:\windows\1280_768 Think Americas Map.bmp
2010-04-21 18:53:50 40 ----a-w- c:\windows\system32\profile.dat
2010-04-21 18:53:25 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-04-21 18:52:43 0 d-----w- c:\program files\Symantec Client Security
2010-04-21 18:52:43 0 d-----w- c:\program files\common files\Symantec Shared
2010-04-21 18:52:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-04-21 18:51:32 0 d-----w- c:\program files\Sonic Icons for Lenovo
2010-04-21 18:51:28 0 d-----w- c:\program files\Sonic
2010-04-21 18:51:28 0 d-----w- c:\program files\common files\SureThing Shared
2010-04-21 18:51:25 94263 ----a-w- c:\windows\DLA.EXE
2010-04-21 18:51:25 89472 ----a-w- c:\windows\system32\drivers\DRVMCDB.SYS
2010-04-21 18:51:25 61500 ----a-w- c:\windows\system32\DLAAPI_W.DLL
2010-04-21 18:51:25 5660 ----a-w- c:\windows\system32\drivers\DLACDBHM.SYS
2010-04-21 18:51:25 40544 ----a-w- c:\windows\system32\drivers\DRVNDDM.SYS
2010-04-21 18:51:25 22684 ----a-w- c:\windows\system32\drivers\DLARTL_N.SYS
2010-04-21 18:51:25 156 ----a-w- c:\windows\wininit.ini
2010-04-21 18:51:25 0 d-----w- c:\windows\system32\DLA
2010-04-21 18:51:25 0 d-----w- c:\program files\Multimedia Center for Think Offerings
2010-04-21 18:50:57 0 d-----w- c:\program files\common files\Sonic Shared
2010-04-21 18:50:12 21060 ----a-w- c:\windows\system32\drivers\iviaspi.sys
2010-04-21 18:49:40 0 d-----w- c:\program files\common files\InterVideo
2010-04-21 18:49:23 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-04-21 18:49:23 20480 ----a-w- c:\windows\system32\IVIresize.dll
2010-04-21 18:49:23 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-04-21 18:49:23 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-04-21 18:49:23 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-04-21 18:49:23 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-04-21 18:49:16 0 d-----w- c:\program files\InterVideo
2010-04-21 18:48:52 9679 ----a-w- c:\windows\system32\msxml4r.cat
2010-04-21 18:48:52 9675 ----a-w- c:\windows\system32\msxml4.cat
2010-04-21 18:48:52 500 ----a-w- c:\windows\system32\msxml4r.Manifest
2010-04-21 18:48:52 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-04-21 18:48:52 3489 ----a-w- c:\windows\system32\msxml4.Manifest
2010-04-21 18:48:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Lenovo
2010-04-21 18:47:36 0 d-----w- c:\program files\common files\Lenovo
2010-04-21 18:47:14 917504 ----a-w- c:\windows\system32\ahlprun.exe
2010-04-21 18:47:14 0 d-----w- C:\Icons
2010-04-21 18:46:53 0 d-----w- c:\program files\ThinkVantage
2010-04-21 18:44:42 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-04-21 18:43:03 333 ----a-w- c:\windows\system32\$ncsp$.inf
2010-04-21 18:42:38 0 d-----w- c:\program files\Digital Line Detect
2010-04-21 18:42:36 0 d-----w- c:\program files\NetWaiting
2010-04-21 18:42:31 0 d-----w- c:\program files\CONEXANT
2010-04-21 18:41:54 8177 ----a-w- c:\windows\system32\TP4EX.HLP
2010-04-21 18:41:54 65536 ----a-w- c:\windows\system32\TP4EX.exe
2010-04-21 18:41:54 5928 ----a-w- c:\windows\system32\TP4LATCH.WAV
2010-04-21 18:41:54 49152 ----a-w- c:\windows\system32\tp4ex.cpl
2010-04-21 18:41:54 45056 ----a-w- c:\windows\system32\FPCALL.dll
2010-04-21 18:41:54 4458 ----a-w- c:\windows\system32\TP4CLICK.WAV
2010-04-21 18:41:54 40960 ----a-w- c:\windows\system32\TP4HOOK.dll
2010-04-21 18:41:54 40960 ----a-w- c:\windows\system32\tp4cross.exe
2010-04-21 18:41:39 7168 ----a-w- c:\windows\system32\drivers\TSMAPIP.SYS
2010-04-21 18:41:34 0 d-----w- c:\program files\Lenovo
2010-04-21 18:41:27 0 d-----w- c:\program files\common files\ThinkVantage Fingerprint Software
2010-04-21 18:41:25 0 d-----w- c:\program files\ThinkVantage Fingerprint Software
2010-04-21 18:41:23 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-21 18:41:15 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-21 18:40:12 0 d-----w- c:\program files\Synaptics
2010-04-21 18:39:55 9343 ----a-w- c:\windows\system32\drivers\TDSMAPI.SYS
2010-04-21 18:39:55 55296 ----a-w- c:\windows\system32\TP98.CPL
2010-04-21 18:39:54 14848 ----a-w- c:\windows\system32\drivers\SMAPINT.SYS
2010-04-21 18:39:54 0 d-----w- c:\program files\ThinkPad
2010-04-21 18:37:52 0 d-----w- c:\program files\Windows Media Connect 2
2010-04-21 18:37:27 138 ----a-w- c:\windows\system32\Softkbd.exe.config
2010-04-21 18:34:52 0 d-----w- c:\windows\RegisteredPackages
2010-04-21 18:33:44 0 d-----w- c:\program files\Analog Devices
2010-04-21 18:32:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-04-21 18:26:15 0 d-----w- C:\SWTOOLS
2010-04-21 18:22:10 0 d---a-w- C:\I386
2010-04-21 17:46:21 0 d-----w- c:\windows\system32\appmgmt

==================== Find3M ====================

2010-04-21 19:21:19 50 ----a-w- c:\windows\system32\drivers\LENOVO_1951_C2U.MRK
2010-04-21 18:42:03 0 ---ha-r- c:\windows\system32\drivers\IBM_1951_C2U_TP.MRK
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-10 04:33:41 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2010-03-10 04:33:38 1025024 ------w- c:\windows\system32\dllcache\browseui.dll
2010-02-25 16:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 06:24:37 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-02-25 06:24:37 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-02-25 06:24:37 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-02-25 06:24:37 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-02-25 06:24:36 5944832 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-02-25 06:24:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-02-25 06:24:35 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-25 06:24:34 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 14:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2008-04-23 07:28:58 272800 --sha-r- c:\windows\system32\msmsgs.exe

============= FINISH: 19:15:29.67 ===============

And here is Attach.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/21/2010 2:17:47 PM
System Uptime: 5/10/2010 12:43:43 PM (7 hours ago)

Motherboard: LENOVO | | 1951C2U
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | None | 1662/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 51 GiB total, 40.325 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP28: 5/1/2010 3:48:58 PM - AfterMalWare
RP29: 5/1/2010 3:59:31 PM - Software Distribution Service 3.0
RP30: 5/1/2010 4:07:43 PM - Installed Windows Internet Explorer 8.
RP31: 5/1/2010 4:08:45 PM - Software Distribution Service 3.0
RP32: 5/2/2010 10:57:32 AM - Software Distribution Service 3.0
RP33: 5/3/2010 11:40:02 AM - System Checkpoint
RP34: 5/4/2010 12:33:10 PM - System Checkpoint
RP35: 5/5/2010 4:08:50 PM - System Checkpoint
RP36: 5/6/2010 6:33:32 PM - System Checkpoint
RP37: 5/7/2010 7:11:12 PM - System Checkpoint
RP38: 5/8/2010 7:50:02 PM - System Checkpoint
RP39: 5/10/2010 11:51:21 AM - System Checkpoint

==== Installed Programs ======================

7-Zip 4.65
Access Help
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 Plugin
Ask Toolbar
Client Security Solution
Diskeeper Lite
Foxit Reader
Google Toolbar for Internet Explorer
Help Center
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD
InterVideo WinDVD Creator 3
Java Auto Updater
Java™ 6 Update 20
Lenovo ThinkVantage Toolbox
Malwarebytes' Anti-Malware
mCore
mDriver
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mMHouse
Mozilla Firefox (3.6.3)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mXML
OpenOffice.org 3.2
PC Tools AntiVirus 6.1
PC Tools Firewall Plus 6.0
Picasa 2
Productivity Center Supplement for ThinkPad
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
System Migration Assistant
System Update
ThinkPad Configuration
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad Presentation Director
ThinkPad UltraNav Driver
ThinkPad UltraNav Wizard
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Away Manager
ThinkVantage Fingerprint Software 5.5
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
TrackPoint Accessibility Features
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wallpapers
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
XP Themes

==== Event Viewer Messages From Past Week ========

5/9/2010 9:45:25 AM, error: Dhcp [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 0019D2061F8C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
5/9/2010 10:57:34 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.2 with the system having network hardware address 00:1E:C2:3D:0F:DF. Network operations on this system may be disrupted as a result.
5/7/2010 7:07:34 AM, error: System Error [1003] - Error code 10000050, parameter1 fed80008, parameter2 00000000, parameter3 9d95553e, parameter4 00000000.
5/7/2010 10:40:51 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0019D2061F8C. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/5/2010 2:36:26 PM, error: Dhcp [1002] - The IP address lease 192.168.0.10 for the Network Card with network address 0019D2061F8C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Thanks!

Merged posts. ~ OB

Edited by Orange Blossom, 13 May 2010 - 09:29 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 14 May 2010 - 06:07 PM

My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.
  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Please give me a little time to look over your log and I'll reply back.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 14 May 2010 - 06:13 PM

Hello, lonestranger.
Please don't miss my post above. Let's get started.






Ask Toolbar Warning"

I see you have the Ask.Com toolbar installed. This often comes bundled with spyware and is recommended you remove.

Please see here for more information:
http://www.bleepingcomputer.com/uninstall/...sk-Toolbar.html

If you would like to remove it, please go to add/Remove Programs and uninstall it.






Step 1

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as lonestrangerCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on lonestrangerCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 lonestranger

lonestranger
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 15 May 2010 - 08:29 PM

Hello etavares!

Thank you for helping me. I'll do my best to promptly respond to your advice.

First, when I go to "Add or remove programs" I do NOT see ask.com toolbar. Does it go by another name?

Thanks.
lonestranger

#5 lonestranger

lonestranger
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 15 May 2010 - 09:01 PM

Here is the combofix log:

ComboFix 10-05-15.01 - Eric 05/15/2010 20:47:15.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.121 [GMT -5:00]
Running from: c:\documents and settings\Eric\Desktop\lonestrangerCF.exe
AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\autorun.inf
c:\windows\system32\msmsgs.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-16 to 2010-05-16 )))))))))))))))))))))))))))))))
.

2010-05-15 22:50 . 2010-05-15 22:51 -------- d-----w- c:\documents and settings\Guest\Application Data\PCToolsFirewallPlus
2010-05-15 22:50 . 2010-05-15 22:50 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2010-05-07 01:46 . 2010-05-07 01:46 -------- d-sh--w- c:\documents and settings\Eric\UserData
2010-05-04 15:52 . 2010-05-08 03:27 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\AskToolbar
2010-05-04 14:02 . 2010-05-04 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-04 14:02 . 2010-05-04 14:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-03 14:18 . 2010-05-03 14:18 -------- d-----w- c:\program files\Ask.com
2010-05-03 14:17 . 2010-05-03 14:17 -------- d-----w- c:\program files\Foxit Software
2010-05-02 20:30 . 2010-05-02 20:30 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Identities
2010-05-02 02:10 . 2010-05-02 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2010-05-02 02:09 . 2010-05-02 02:11 -------- d-----w- c:\program files\PC-Doctor
2010-05-01 22:26 . 2010-05-01 22:26 -------- d-sh--w- c:\documents and settings\Eric\PrivacIE
2010-05-01 22:26 . 2010-05-01 22:26 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-01 22:13 . 2010-05-01 22:13 -------- d-sh--w- c:\documents and settings\Eric\IETldCache
2010-05-01 21:09 . 2010-05-02 15:58 -------- d-----w- c:\windows\ie8updates
2010-05-01 21:07 . 2010-05-01 21:08 -------- dc-h--w- c:\windows\ie8
2010-05-01 21:04 . 2010-02-25 06:24 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-01 21:04 . 2010-02-25 06:24 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-01 21:04 . 2010-02-25 06:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-05-01 21:04 . 2010-02-25 06:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-01 21:04 . 2010-02-25 06:24 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-05-01 21:03 . 2010-02-16 04:50 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-05-01 17:08 . 2010-05-01 17:08 -------- d-----w- C:\_OTL
2010-04-30 21:42 . 2010-05-09 12:20 -------- d-----w- c:\program files\ESET
2010-04-30 18:10 . 2001-08-17 18:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2010-04-30 18:10 . 2001-08-17 18:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-04-30 17:42 . 2010-04-30 17:42 -------- d-----w- c:\program files\7-Zip
2010-04-29 21:56 . 2010-04-29 21:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-04-29 21:52 . 2010-04-29 21:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-04-28 23:05 . 2010-04-28 23:05 1 ----a-w- c:\documents and settings\Eric\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-28 23:05 . 2010-04-28 23:05 -------- d-----w- c:\documents and settings\Eric\Application Data\OpenOffice.org
2010-04-28 21:39 . 2010-04-28 21:39 -------- d-----w- c:\windows\Sun
2010-04-27 15:31 . 2010-04-27 15:31 -------- d-----w- c:\documents and settings\Eric\Application Data\Sonic
2010-04-27 15:30 . 2010-04-27 15:30 -------- d-----w- c:\documents and settings\Eric\Application Data\Leadertech
2010-04-27 00:48 . 2010-04-27 00:48 -------- d-----w- c:\documents and settings\Eric\Application Data\Malwarebytes
2010-04-27 00:48 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 00:48 . 2010-04-27 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-27 00:48 . 2010-04-30 21:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-27 00:48 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 16:44 . 2010-04-26 16:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-04-25 18:21 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-04-25 18:21 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-04-25 18:21 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-04-25 18:21 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-04-24 23:30 . 2010-04-24 20:53 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-24 20:54 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-24 20:54 . 2010-04-24 20:54 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-24 19:58 . 2010-04-24 19:58 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-24 19:58 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-04-24 19:57 . 2010-04-24 19:58 -------- d-----w- c:\program files\Lavasoft
2010-04-24 19:57 . 2010-04-24 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-24 15:10 . 2009-12-09 05:53 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2010-04-23 19:15 . 2010-04-24 00:18 -------- d-----w- c:\windows\system32\scripting
2010-04-23 19:15 . 2010-04-24 00:18 -------- d-----w- c:\windows\l2schemas
2010-04-23 19:15 . 2010-04-24 00:18 -------- d-----w- c:\windows\system32\en
2010-04-23 19:15 . 2010-04-24 00:18 -------- d-----w- c:\windows\system32\bits
2010-04-23 19:07 . 2009-02-09 12:10 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-04-23 18:43 . 2010-04-23 18:43 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-04-23 14:55 . 2010-04-23 14:55 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-23 14:55 . 2010-04-23 14:55 -------- d-----w- c:\program files\MSBuild
2010-04-23 14:54 . 2010-04-23 14:54 -------- d-----w- c:\program files\Reference Assemblies
2010-04-23 14:54 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-23 14:54 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-23 14:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-23 14:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-23 14:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-23 14:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-23 14:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-23 14:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-23 14:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-23 14:54 . 2010-04-23 14:54 -------- d-----w- C:\d4d2f68c11fbd98146b4e056b0
2010-04-23 14:50 . 2010-04-23 14:50 -------- d-----w- c:\program files\MSXML 6.0
2010-04-23 03:45 . 2010-04-23 03:45 -------- d-----w- c:\program files\JRE
2010-04-23 03:45 . 2010-04-23 03:45 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-22 15:16 . 2009-12-17 19:37 14912 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW\LTTCheck.exe
2010-04-22 15:16 . 2010-02-01 16:52 15424 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT2\LTTCheck.exe
2010-04-22 15:16 . 2009-12-17 13:44 560624 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT2\appupdater.exe
2010-04-22 15:16 . 2009-12-17 13:44 560624 ----a-w- c:\documents and settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW\appupdater.exe
2010-04-22 14:43 . 2010-04-24 00:15 -------- d-----w- c:\windows\ServicePackFiles
2010-04-22 14:42 . 2010-04-22 14:42 -------- d-----w- c:\program files\MSXML 4.0
2010-04-22 14:31 . 2010-04-22 14:31 -------- d-----w- c:\documents and settings\Eric\Application Data\Downloaded Installations
2010-04-22 14:29 . 2010-04-22 14:31 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2010-04-22 14:08 . 2004-08-04 03:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-04-22 13:38 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-04-22 13:36 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-22 13:36 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-04-22 13:30 . 2010-02-16 13:25 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-22 13:28 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-04-22 13:23 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-04-22 13:23 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-04-22 13:23 . 2010-01-29 15:01 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-04-22 13:22 . 2009-07-31 04:35 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-04-22 13:18 . 2010-01-29 15:01 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-04-22 13:18 . 2009-06-10 14:19 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-04-22 13:17 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-04-22 13:17 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-22 13:17 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-04-22 13:09 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-04-22 13:09 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-04-21 23:47 . 2010-04-21 23:47 503808 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43f80f87-n\msvcp71.dll
2010-04-21 23:47 . 2010-04-21 23:47 499712 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43f80f87-n\jmc.dll
2010-04-21 23:47 . 2010-04-21 23:47 348160 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43f80f87-n\msvcr71.dll
2010-04-21 23:47 . 2010-04-21 23:47 61440 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7138b524-n\decora-sse.dll
2010-04-21 23:47 . 2010-04-21 23:47 12800 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7138b524-n\decora-d3d.dll
2010-04-21 23:47 . 2010-04-21 23:47 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-21 22:27 . 2010-04-21 22:27 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-04-21 22:26 . 2010-04-22 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-21 22:15 . 2010-04-21 22:15 -------- d-----w- c:\documents and settings\Eric\Application Data\PC Tools
2010-04-21 22:14 . 2010-04-21 22:14 0 ----a-w- c:\windows\nsreg.dat
2010-04-21 22:13 . 2010-04-21 22:13 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Mozilla
2010-04-21 21:59 . 2009-02-10 17:13 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2010-04-21 21:59 . 2009-02-10 17:13 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2010-04-21 21:59 . 2009-02-10 17:13 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2010-04-21 21:59 . 2010-05-16 01:13 -------- d-----w- c:\program files\PC Tools AntiVirus
2010-04-21 21:59 . 2010-04-21 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-21 21:55 . 2010-04-21 21:55 -------- d-----w- c:\windows\system32\LogFiles
2010-04-21 21:55 . 2010-04-21 21:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Lenovo
2010-04-21 19:41 . 2009-11-23 20:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-21 19:41 . 2009-11-09 18:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-21 19:41 . 2010-01-07 19:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-21 19:41 . 2010-05-16 01:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-21 19:41 . 2010-04-21 21:59 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-21 19:41 . 2010-01-12 16:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-04-21 19:41 . 2010-01-07 18:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-04-21 19:41 . 2010-01-07 18:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 22:49 . 2010-05-15 22:49 -------- d-----w- c:\documents and settings\Guest\Application Data\PC Tools
2010-04-24 00:21 . 2006-04-30 07:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-23 21:40 . 2010-04-21 18:40 -------- d-----w- c:\program files\Intel
2010-04-21 19:21 . 2010-04-21 19:21 50 ----a-w- c:\windows\system32\drivers\LENOVO_1951_C2U.MRK
2010-04-21 19:04 . 2010-05-15 22:49 -------- d-----w- c:\documents and settings\Guest\Application Data\ThinkVantage
2010-04-21 19:04 . 2010-04-21 19:21 -------- d-----w- c:\documents and settings\Eric\Application Data\ThinkVantage
2010-04-21 19:04 . 2010-05-15 22:49 -------- d-----w- c:\documents and settings\Guest\Application Data\Lenovo
2010-04-21 19:04 . 2010-04-21 19:21 -------- d-----w- c:\documents and settings\Eric\Application Data\Lenovo
2010-04-21 18:59 . 2010-04-21 18:59 5427 ----a-w- c:\windows\EGATHDRV.TMP
2010-04-21 18:53 . 2010-05-15 22:49 -------- d-----w- c:\documents and settings\Guest\Application Data\Symantec
2010-04-21 18:53 . 2010-04-21 19:21 -------- d-----w- c:\documents and settings\Eric\Application Data\Symantec
2010-04-21 18:51 . 2010-04-21 18:51 -------- d-----w- c:\program files\Sonic Icons for Lenovo
2010-04-21 18:51 . 2010-04-21 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-04-21 18:51 . 2010-04-21 18:51 -------- d-----w- c:\program files\Multimedia Center for Think Offerings
2010-04-21 18:51 . 2010-04-21 18:51 -------- d-----w- c:\program files\Sonic
2010-04-21 18:51 . 2010-04-21 18:51 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-04-21 18:51 . 2010-04-21 18:50 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-21 18:42 . 2010-04-21 18:42 -------- d-----w- c:\program files\Digital Line Detect
2010-04-21 18:42 . 2010-04-21 18:42 -------- d-----w- c:\program files\NetWaiting
2010-04-21 18:42 . 2010-04-21 18:42 -------- d-----w- c:\program files\CONEXANT
2010-04-21 18:42 . 2010-04-21 18:42 0 ---ha-r- c:\windows\system32\drivers\IBM_1951_C2U_TP.MRK
2010-04-21 18:40 . 2010-04-21 18:40 -------- d-----w- c:\program files\Synaptics
2010-03-10 06:15 . 2010-04-23 19:07 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2010-04-23 19:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2010-04-23 19:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2010-04-23 19:07 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2010-04-23 19:07 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 21:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TpShocks"="TpShocks.exe" [2006-03-16 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-25 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-25 118784]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-08-26 409600]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-08-26 110592]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-04-16 1505168]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]

c:\documents and settings\Eric\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-4-21 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ----a-w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 02:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ psqlpwd scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/24/2010 3:54 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/21/2010 2:41 PM 207792]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [4/21/2010 2:41 PM 233136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1291544]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [4/21/2010 2:41 PM 88040]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 6:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 5:55 PM 3968]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [4/25/2006 9:00 PM 3456]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [4/21/2010 2:41 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [4/21/2010 2:41 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [4/21/2010 2:41 PM 115216]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2010-05-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:55]

2010-05-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

2010-05-16 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-04-21 16:13]

2010-05-15 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 21:50]

2010-05-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-02-18 00:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lenovo.com/welcome/thinkpad
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\kvlg85hm.default\
FF - prefs.js: browser.search.selectedEngine - Scroogle
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 20:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1336)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'lsass.exe'(1392)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
Completion time: 2010-05-15 20:56:49
ComboFix-quarantined-files.txt 2010-05-16 01:56
ComboFix2.txt 2010-04-26 18:18

Pre-Run: 43,197,431,808 bytes free
Post-Run: 43,248,300,032 bytes free

- - End Of File - - 516E0D796319DAFFA3A21CF96C90F4E3


Regarding system behavior, everything seems good. Ctrl+Alt+Del invokes task manager, regedit works, Folder Options has reappeared.

What next?

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 16 May 2010 - 07:27 AM

Hello, lonestranger.

Hmm, it showed in your logs. The DDS uninstall list called it "Ask Toolbar" and the combofix log still shows it is present.

QUOTE
==== Installed Programs ======================

7-Zip 4.65
Access Help
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 Plugin
Ask Toolbar


It could also be called 'Foxit Toolbar" (don't confuse it with Foxit Reader). We can try another approach to remove it if you're not seeing it.

Let's get an online antivirus scan to confirm you're clean. After this, we'll clean up our mess and ensure you can't accidentally get reinfected from this infection.

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 lonestranger

lonestranger
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 16 May 2010 - 10:36 AM

I DID find a "Foxit toolbar", removed it.

Here is the ESET scan:

C:\Program Files\ESET\nod32.exe Win32/Autoit.DK worm cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\autorun.inf.vir Win32/AutoRun.Agent.FC worm cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\msmsgs.exe.vir Win32/Autoit.DK worm cleaned by deleting - quarantined

Do I need to run ESET scan with my memory sticks and external hard drive attached?
lonestranger

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 16 May 2010 - 10:51 AM

Hmm, ESET caught itself. That just seems odd.

C:\Program Files\ESET\nod32.exe

Can you please un-quarantine that file before we go any further? Please let me know if you need instructions.

Thanks!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 lonestranger

lonestranger
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 16 May 2010 - 02:59 PM

uh oh. I checked the box to delete quarantined files while I was shutting down ESET.

What now?

lonestranger

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 16 May 2010 - 03:53 PM

Actually, never mind. You didn't have it installed...might be a leftover, but you're using PC Tools for your firewall and antivirus. My mistake.

You can scan your flash drives and external hard drives if you want. But, this is important...hold down shift before you plug it in...keep holding it down...plug it in while holding it down, keep holding Shift for about 30 seconds after you plug it in until windows recognizes it and tells you it's ready to use. Then, let go. That will prevent it from autorunning in case there is malware in the autorun.inf file. Do that for all, then use your onboard PC Tools antivirus to scan. Make sure you have updated definitions.

Let me know how that goes and post the log. If you want to skip this step, just let me know.

Regardless, please post one final DDS log so I can verify everything looks good before we clean up.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 lonestranger

lonestranger
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 17 May 2010 - 08:27 AM

Okay, here is DDS.txt:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Eric at 21:39:40.73 on Sun 05/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.115 [GMT -5:00]

AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACMainGUI.exe
C:\Documents and Settings\Eric\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.lenovo.com/welcome/thinkpad
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
StartupFolder: c:\docume~1\eric\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - psqlpwd.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
LSA: Notification Packages = psqlpwd scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\kvlg85hm.default\
FF - prefs.js: browser.search.selectedEngine - Scroogle
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-24 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-21 207792]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-4-21 233136]
R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2010-4-21 21904]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1291544]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-4-21 88040]
R2 PCTAVSvc;PC Tools AntiVirus Engine;c:\program files\pc tools antivirus\PCTAVSvc.exe [2010-4-21 933720]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2010-4-21 818432]
R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]
R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2010-4-21 28560]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-4-21 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2010-4-21 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-4-21 115216]

=============== Created Last 30 ================

2010-05-16 01:39:19 98816 ----a-w- c:\windows\sed.exe
2010-05-16 01:39:19 77312 ----a-w- c:\windows\MBR.exe
2010-05-16 01:39:19 256512 ----a-w- c:\windows\PEV.exe
2010-05-16 01:39:19 161792 ----a-w- c:\windows\SWREG.exe
2010-05-07 01:46:04 0 d-sh--w- c:\documents and settings\eric\UserData
2010-05-04 14:02:36 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-04 14:02:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-03 14:17:39 0 d-----w- c:\program files\Foxit Software
2010-05-02 16:03:38 0 d---a-w- C:\autorun.inf
2010-05-02 02:10:44 0 d-----w- c:\docume~1\alluse~1\applic~1\PCDr
2010-05-02 02:09:11 0 d-----w- c:\program files\PC-Doctor
2010-05-01 22:26:42 0 d-sh--w- c:\documents and settings\eric\PrivacIE
2010-05-01 22:13:16 0 d-sh--w- c:\documents and settings\eric\IETldCache
2010-05-01 21:09:37 0 d-----w- c:\windows\ie8updates
2010-05-01 21:07:26 0 dc-h--w- c:\windows\ie8
2010-05-01 21:04:30 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-01 21:04:30 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-01 21:04:29 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-01 21:04:29 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-05-01 21:04:29 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-05-01 21:03:42 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-05-01 17:08:05 0 d-----w- C:\_OTL
2010-04-30 21:42:26 0 d-----w- c:\program files\ESET
2010-04-30 18:10:07 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2010-04-30 18:10:07 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-04-28 23:05:45 0 d-----w- c:\docume~1\eric\applic~1\OpenOffice.org
2010-04-27 15:27:42 44 ----a-w- c:\windows\SMWizard.INI
2010-04-27 00:48:47 0 d-----w- c:\docume~1\eric\applic~1\Malwarebytes
2010-04-27 00:48:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 00:48:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-27 00:48:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 00:48:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-25 19:27:06 0 ----a-w- c:\documents and settings\eric\defogger_reenable
2010-04-25 18:21:42 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-04-25 18:21:41 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-04-25 18:21:41 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-04-25 18:21:40 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-04-25 02:34:27 0 d-sha-r- C:\cmdcons
2010-04-24 23:30:42 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-24 20:54:18 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-24 20:54:04 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-24 19:58:11 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-24 19:57:25 0 d-----w- c:\program files\Lavasoft
2010-04-24 15:10:33 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2010-04-23 19:15:30 0 d-----w- c:\windows\system32\scripting
2010-04-23 19:15:29 0 d-----w- c:\windows\l2schemas
2010-04-23 19:15:28 0 d-----w- c:\windows\system32\en
2010-04-23 19:15:28 0 d-----w- c:\windows\system32\bits
2010-04-23 19:10:30 0 d-----w- c:\windows\network diagnostic
2010-04-23 19:07:59 86528 ----a-w- c:\windows\system32\wbem\stdprov.dll
2010-04-23 19:02:32 622 --sha-r- c:\documents and settings\eric\ntuser.pol
2010-04-23 18:43:34 0 d--h--w- c:\windows\system32\GroupPolicy
2010-04-23 18:24:10 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-04-23 14:55:06 0 d-----w- c:\windows\system32\XPSViewer
2010-04-23 14:54:21 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-23 14:54:21 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-23 14:54:20 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-23 14:54:20 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-23 14:54:20 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-23 14:54:20 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-23 14:54:20 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-23 14:54:19 0 d-----w- C:\d4d2f68c11fbd98146b4e056b0
2010-04-23 14:50:08 0 d-----w- c:\program files\MSXML 6.0
2010-04-23 03:45:53 0 d-----w- c:\program files\JRE
2010-04-23 03:45:40 0 d-----w- c:\program files\OpenOffice.org 3
2010-04-22 14:43:17 0 d-----w- c:\windows\ServicePackFiles
2010-04-22 14:42:14 0 d-----w- c:\program files\MSXML 4.0
2010-04-22 14:31:52 0 d-----w- c:\docume~1\eric\applic~1\Downloaded Installations
2010-04-22 14:29:53 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2010-04-22 14:08:13 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-04-22 13:38:48 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-04-22 13:36:49 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-22 13:36:39 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-04-22 13:30:59 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-22 13:28:23 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-04-22 13:24:06 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2010-04-22 13:23:25 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-04-22 13:23:18 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-04-22 13:23:10 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-04-22 13:22:31 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-04-22 13:18:16 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-04-22 13:18:03 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-04-22 13:17:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-04-22 13:17:24 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-22 13:17:24 1206508 ------w- c:\windows\system32\dllcache\sysmain.sdb
2010-04-22 13:17:23 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-04-22 13:09:18 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-04-22 13:09:13 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-04-22 03:42:17 0 d-----w- c:\windows\system32\PreInstall
2010-04-21 23:47:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-21 23:47:37 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-21 22:15:44 0 d-----w- c:\docume~1\eric\applic~1\PC Tools
2010-04-21 21:59:32 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2010-04-21 21:59:32 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2010-04-21 21:59:31 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2010-04-21 21:59:21 0 d-----w- c:\program files\PC Tools AntiVirus
2010-04-21 21:59:21 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-04-21 21:55:29 0 d-----w- c:\windows\system32\LogFiles
2010-04-21 19:41:12 0 d-----w- c:\program files\common files\PC Tools
2010-04-21 19:41:08 0 d-----w- c:\program files\PC Tools Firewall Plus
2010-04-21 19:31:14 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-04-21 19:30:33 0 d-----w- c:\docume~1\eric\applic~1\Intel
2010-04-21 19:22:53 0 d-----w- c:\windows\pss
2010-04-21 19:21:11 0 d-----w- c:\docume~1\eric\applic~1\ThinkVantage
2010-04-21 19:21:11 0 d-----w- c:\docume~1\eric\applic~1\Symantec
2010-04-21 19:21:11 0 d-----w- c:\docume~1\eric\applic~1\Lenovo
2010-04-21 19:04:25 61 ----a-w- c:\windows\smscfg.ini
2010-04-21 19:04:08 115880 ----a-w- c:\windows\system32\pxinsi64.exe
2010-04-21 19:04:08 114856 ----a-w- c:\windows\system32\pxcpyi64.exe
2010-04-21 19:01:48 0 d-----w- c:\docume~1\eric\applic~1\PCToolsFirewallPlus
2010-04-21 18:59:26 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-04-21 18:59:26 5427 ----a-w- c:\windows\EGATHDRV.TMP
2010-04-21 18:59:19 0 d-----w- c:\program files\SMI2
2010-04-21 18:59:16 0 d-----w- c:\program files\TVT SMBus
2010-04-21 18:59:11 0 d-----w- C:\SWSHARE
2010-04-21 18:59:07 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2010-04-21 18:59:07 23552 ----a-w- c:\windows\system32\drivers\psasrv.exe
2010-04-21 18:58:42 0 d-----w- c:\program files\Picasa2
2010-04-21 18:58:34 577536 ----a-w- c:\windows\system32\tvt_gina.dll
2010-04-21 18:58:34 282624 ----a-w- c:\windows\system32\tvt_gina_api.dll
2010-04-21 18:58:33 6016 ----a-w- c:\windows\system32\drivers\IBMBLDID.sys
2010-04-21 18:58:33 11520 ----a-w- c:\windows\system32\drivers\ANC.sys
2010-04-21 18:58:32 0 ----a-w- c:\windows\system32\AccConnAdvanced.html
2010-04-21 18:58:17 0 d-----w- c:\program files\Diskeeper Corporation
2010-04-21 18:58:09 0 d-----w- c:\windows\Downloaded Installations
2010-04-21 18:57:50 5292056 ----a-w- c:\windows\1680_1050 Think Americas Map.bmp
2010-04-21 18:57:50 1920056 ----a-w- c:\windows\800_600 Think Americas Map.bmp
2010-04-21 18:57:50 114688 ----a-w- c:\windows\desktopset.exe
2010-04-21 18:57:48 7680056 ----a-w- c:\windows\1600_1200 Think Americas Map.bmp
2010-04-21 18:57:48 5880056 ----a-w- c:\windows\1400_1050 Think Americas Map.bmp
2010-04-21 18:57:47 5242936 ----a-w- c:\windows\1280_1024 Think Americas Map.bmp
2010-04-21 18:57:47 3145784 ----a-w- c:\windows\1024_768 Think Americas Map.bmp
2010-04-21 18:57:47 3072056 ----a-w- c:\windows\1280_800 Think Americas Map.bmp
2010-04-21 18:57:47 2949176 ----a-w- c:\windows\1280_768 Think Americas Map.bmp
2010-04-21 18:53:50 40 ----a-w- c:\windows\system32\profile.dat
2010-04-21 18:53:25 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-04-21 18:52:43 0 d-----w- c:\program files\Symantec Client Security
2010-04-21 18:52:43 0 d-----w- c:\program files\common files\Symantec Shared
2010-04-21 18:52:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-04-21 18:51:32 0 d-----w- c:\program files\Sonic Icons for Lenovo
2010-04-21 18:51:28 0 d-----w- c:\program files\Sonic
2010-04-21 18:51:28 0 d-----w- c:\program files\common files\SureThing Shared
2010-04-21 18:51:25 94263 ----a-w- c:\windows\DLA.EXE
2010-04-21 18:51:25 89472 ----a-w- c:\windows\system32\drivers\DRVMCDB.SYS
2010-04-21 18:51:25 61500 ----a-w- c:\windows\system32\DLAAPI_W.DLL
2010-04-21 18:51:25 5660 ----a-w- c:\windows\system32\drivers\DLACDBHM.SYS
2010-04-21 18:51:25 40544 ----a-w- c:\windows\system32\drivers\DRVNDDM.SYS
2010-04-21 18:51:25 22684 ----a-w- c:\windows\system32\drivers\DLARTL_N.SYS
2010-04-21 18:51:25 156 ----a-w- c:\windows\wininit.ini
2010-04-21 18:51:25 0 d-----w- c:\windows\system32\DLA
2010-04-21 18:51:25 0 d-----w- c:\program files\Multimedia Center for Think Offerings
2010-04-21 18:50:57 0 d-----w- c:\program files\common files\Sonic Shared
2010-04-21 18:50:12 21060 ----a-w- c:\windows\system32\drivers\iviaspi.sys
2010-04-21 18:49:40 0 d-----w- c:\program files\common files\InterVideo
2010-04-21 18:49:23 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-04-21 18:49:23 20480 ----a-w- c:\windows\system32\IVIresize.dll
2010-04-21 18:49:23 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-04-21 18:49:23 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-04-21 18:49:23 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-04-21 18:49:23 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-04-21 18:49:16 0 d-----w- c:\program files\InterVideo
2010-04-21 18:48:52 9679 ----a-w- c:\windows\system32\msxml4r.cat
2010-04-21 18:48:52 9675 ----a-w- c:\windows\system32\msxml4.cat
2010-04-21 18:48:52 500 ----a-w- c:\windows\system32\msxml4r.Manifest
2010-04-21 18:48:52 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-04-21 18:48:52 3489 ----a-w- c:\windows\system32\msxml4.Manifest
2010-04-21 18:48:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Lenovo
2010-04-21 18:47:36 0 d-----w- c:\program files\common files\Lenovo
2010-04-21 18:47:14 917504 ----a-w- c:\windows\system32\ahlprun.exe
2010-04-21 18:47:14 0 d-----w- C:\Icons
2010-04-21 18:46:53 0 d-----w- c:\program files\ThinkVantage
2010-04-21 18:44:42 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-04-21 18:43:03 333 ----a-w- c:\windows\system32\$ncsp$.inf
2010-04-21 18:42:38 0 d-----w- c:\program files\Digital Line Detect
2010-04-21 18:42:36 0 d-----w- c:\program files\NetWaiting
2010-04-21 18:42:31 0 d-----w- c:\program files\CONEXANT
2010-04-21 18:41:54 8177 ----a-w- c:\windows\system32\TP4EX.HLP
2010-04-21 18:41:54 65536 ----a-w- c:\windows\system32\TP4EX.exe
2010-04-21 18:41:54 5928 ----a-w- c:\windows\system32\TP4LATCH.WAV
2010-04-21 18:41:54 49152 ----a-w- c:\windows\system32\tp4ex.cpl
2010-04-21 18:41:54 45056 ----a-w- c:\windows\system32\FPCALL.dll
2010-04-21 18:41:54 4458 ----a-w- c:\windows\system32\TP4CLICK.WAV
2010-04-21 18:41:54 40960 ----a-w- c:\windows\system32\TP4HOOK.dll
2010-04-21 18:41:54 40960 ----a-w- c:\windows\system32\tp4cross.exe
2010-04-21 18:41:39 7168 ----a-w- c:\windows\system32\drivers\TSMAPIP.SYS
2010-04-21 18:41:34 0 d-----w- c:\program files\Lenovo
2010-04-21 18:41:27 0 d-----w- c:\program files\common files\ThinkVantage Fingerprint Software
2010-04-21 18:41:25 0 d-----w- c:\program files\ThinkVantage Fingerprint Software
2010-04-21 18:41:23 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-21 18:41:15 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-21 18:40:12 0 d-----w- c:\program files\Synaptics
2010-04-21 18:39:55 9343 ----a-w- c:\windows\system32\drivers\TDSMAPI.SYS
2010-04-21 18:39:55 55296 ----a-w- c:\windows\system32\TP98.CPL
2010-04-21 18:39:54 14848 ----a-w- c:\windows\system32\drivers\SMAPINT.SYS
2010-04-21 18:39:54 0 d-----w- c:\program files\ThinkPad
2010-04-21 18:37:52 0 d-----w- c:\program files\Windows Media Connect 2
2010-04-21 18:37:27 138 ----a-w- c:\windows\system32\Softkbd.exe.config
2010-04-21 18:34:52 0 d-----w- c:\windows\RegisteredPackages
2010-04-21 18:33:44 0 d-----w- c:\program files\Analog Devices
2010-04-21 18:32:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-04-21 18:26:15 0 d-----w- C:\SWTOOLS
2010-04-21 18:22:10 0 d---a-w- C:\I386
2010-04-21 17:46:21 0 d-----w- c:\windows\system32\appmgmt

==================== Find3M ====================

2010-04-21 19:21:19 50 ----a-w- c:\windows\system32\drivers\LENOVO_1951_C2U.MRK
2010-04-21 18:42:03 0 ---ha-r- c:\windows\system32\drivers\IBM_1951_C2U_TP.MRK
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-10 04:33:41 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2010-03-10 04:33:38 1025024 ------w- c:\windows\system32\dllcache\browseui.dll
2010-02-25 16:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 06:24:37 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-02-25 06:24:37 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-02-25 06:24:37 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-02-25 06:24:37 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-02-25 06:24:36 5944832 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-02-25 06:24:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-02-25 06:24:35 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-25 06:24:34 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 14:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 21:40:06.04 ===============


And here is Attach.txt:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/21/2010 2:17:47 PM
System Uptime: 5/16/2010 10:14:33 AM (11 hours ago)

Motherboard: LENOVO | | 1951C2U
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | None | 1662/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 51 GiB total, 40.192 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP28: 5/1/2010 3:48:58 PM - AfterMalWare
RP29: 5/1/2010 3:59:31 PM - Software Distribution Service 3.0
RP30: 5/1/2010 4:07:43 PM - Installed Windows Internet Explorer 8.
RP31: 5/1/2010 4:08:45 PM - Software Distribution Service 3.0
RP32: 5/2/2010 10:57:32 AM - Software Distribution Service 3.0
RP33: 5/3/2010 11:40:02 AM - System Checkpoint
RP34: 5/4/2010 12:33:10 PM - System Checkpoint
RP35: 5/5/2010 4:08:50 PM - System Checkpoint
RP36: 5/6/2010 6:33:32 PM - System Checkpoint
RP37: 5/7/2010 7:11:12 PM - System Checkpoint
RP38: 5/8/2010 7:50:02 PM - System Checkpoint
RP39: 5/10/2010 11:51:21 AM - System Checkpoint
RP40: 5/11/2010 1:12:42 PM - System Checkpoint
RP41: 5/12/2010 1:27:30 PM - System Checkpoint
RP42: 5/13/2010 3:00:16 AM - Software Distribution Service 3.0
RP43: 5/14/2010 8:13:47 AM - System Checkpoint
RP44: 5/15/2010 9:04:01 AM - System Checkpoint
RP45: 5/16/2010 7:53:42 AM - Removed Ask Toolbar.

==== Installed Programs ======================

7-Zip 4.65
Access Help
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 Plugin
Client Security Solution
Diskeeper Lite
ESET Online Scanner v3
Foxit Reader
Google Toolbar for Internet Explorer
Help Center
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD
InterVideo WinDVD Creator 3
Java Auto Updater
Java™ 6 Update 20
Lenovo ThinkVantage Toolbox
Malwarebytes' Anti-Malware
mCore
mDriver
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mMHouse
Mozilla Firefox (3.6.3)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mXML
OpenOffice.org 3.2
PC Tools AntiVirus 6.1
PC Tools Firewall Plus 6.0
Picasa 2
Productivity Center Supplement for ThinkPad
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
System Migration Assistant
System Update
ThinkPad Configuration
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad Presentation Director
ThinkPad UltraNav Driver
ThinkPad UltraNav Wizard
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Away Manager
ThinkVantage Fingerprint Software 5.5
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
TrackPoint Accessibility Features
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wallpapers
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
XP Themes

==== Event Viewer Messages From Past Week ========

5/9/2010 9:45:25 AM, error: Dhcp [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 0019D2061F8C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
5/9/2010 10:57:34 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.2 with the system having network hardware address 00:1E:C2:3D:0F:DF. Network operations on this system may be disrupted as a result.
5/16/2010 7:40:35 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0019D2061F8C. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/15/2010 8:41:33 PM, error: Service Control Manager [7034] - The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s).
5/15/2010 8:41:33 PM, error: Service Control Manager [7031] - The Ac Profile Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================


That's it!

lonestranger

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 17 May 2010 - 06:00 PM

Hello, lonestranger.
OK, everything looks good to me. If it's running well on your end, please do step 1. I've also left some optional items that are up to you. Thanks!



Step 1

Uninstall ComboFix and Clean Up
Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:

Please advise if this step is missed for any reason as it performs some important actions.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites
Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
  4. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 24 May 2010 - 06:13 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you are the topic starter, and need this topic reopened, please contact me via PM with the address of this thread.

Everyone else please begin a new topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users