Can't access AV servers or do Win Restore

rjs483374 · Aug 10, 2010

I believe I have a very subtle virus. It won't allow any AV software to access it's virus database servers. Nor can I restore from a Windows backup. If it weren't for Windows Security Center alerting me to the fact that my AV software is out-of-date, I wouldn't know that anything is wrong. Initially, SBS&D found malware and cleaned it up. But, that didn't change any of the symptoms I have found. It now reports all-OK. Here's the DDS log you require.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Richard at 7:48:23.12 on Tue 08/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.439 [GMT -4:00]

============== Running Processes ===============

C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SMSC\SetIcon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digiportal Software\ChoiceMail\ChoiceMail.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Digiportal Software\ChoiceMail\ChoiceMail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Digiportal Software\ChoiceMail\IzyMail.exe
C:\Documents and Settings\Richard\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://webmail.nc.rr.com/do/logout?l=en-US&v=standard
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ChoiceMail] "c:\program files\digiportal software\choicemail\ChoiceMail.exe"
uRun: [QuickenBillminder] c:\program files\quicken\Billmind.exe
uRun: [Eraser] c:\program files\eraser\Eraser.exe -hide
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Cookienator] "c:\program files\pc world programs\cookienator\cookienator.exe" /auto
uRun: [\\USC-PC\EPSON Stylus Photo RX680 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticja.exe /fu "c:\docume~1\richard\locals~1\temp\E_S77.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [amsg] c:\progra~1\thinkv~2\amsg\amsg.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TP4EX] tp4ex.exe
mRun: [ControlCenter] "c:\program files\thinkvantage fingerprint software\ctlcntr.exe" /startup
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [AMSG] c:\progra~1\thinkv~2\amsg\amsg.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [cssauth] "c:\program files\ibm thinkvantage\client security solution\cssauth.exe" silent
mRun: [PDService.exe] "c:\program files\ibm thinkvantage\safeguard privatedisk\pdservice.exe"
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [SetIcon] \Program Files\SMSC\SetIcon.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [<NO NAME>]
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [amsg] c:\progra~1\thinkv~2\amsg\amsg.exe
StartupFolder: c:\docume~1\richard\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\docume~1\richard\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\richard\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: Send To &Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psfus.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Notification Packages = scecli ACGina csspwntfy
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.15.135 USCMobile

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\richard\applic~1\mozilla\firefox\profiles\5m8omcu1.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\richard\application data\mozilla\firefox\profiles\5m8omcu1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\documents and settings\richard\application data\mozilla\firefox\profiles\5m8omcu1.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\richard\application data\mozilla\firefox\profiles\5m8omcu1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [2006-8-21 6912]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-9-28 19504]
R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-11-15 46142]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-8-2 3968]
R2 SmiHlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2005-7-12 3328]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?]

=============== Created Last 30 ================

2010-08-06 12:10:31 0 dc----w- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-08-06 02:31:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-04 17:55:58 0 d-----w- c:\docume~1\richard\applic~1\SafeReturner
2010-08-04 17:55:52 0 d-----w- c:\program files\Safe Returner
2010-08-04 14:28:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-21 14:49:00 0 d-----w- c:\program files\Sophos
2010-07-19 21:17:50 69 ----a-w- c:\windows\system32\32414875.bat

==================== Find3M ====================

2010-08-08 04:00:01 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-01-03 19:19:08 5031168 ----a-w- c:\program files\common files\lpuninstall.exe
2008-12-30 22:51:01 32768 -csh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008123020081231\index.dat

============= FINISH: 7:50:02.43 ===============

Blade81 · Aug 14, 2010

Hi,

Please post attach.txt contents too.

rjs483374 · Aug 14, 2010

Here's the file you requested. Thanks.

Blade81 · Aug 15, 2010

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

rjs483374 · Aug 15, 2010

I ran combofix per your and bleepingcomputer.com's instructions. Here are the two output files you requested. I'm just going to attach rather than paste them in the forum. If that is not OK, please let me know. FYI, combofix may have done the job; I was able to update one of the AV packages after it did it's work. The true test will come after this post when I try to install and update AVAST.

Blade81 · Aug 15, 2010

Hi again,

I prefer log contents posted instead of attaching. Don't have to repost now but post the next requested logs contents

Open notepad and copy/paste the text in the quotebox below into it:

Code:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
FileLook::
c:\windows\system32\32414875.bat

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Get updates 9.3.2 & 9.3.3 for Adobe Reader here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

rjs483374 · Aug 17, 2010

Hi, phew! I think I got everything you requested. And, as you requested, I'm going to post three log files: combofix.txt, kasperskylog.txt, and dds.txt. Kaspersky found more viruses; now all I need is help getting rid of them!

BTW, stribune.org does not exist anymore, I had to go to bleepingcomputer.com to get my copy of ATF Cleaner.

ComboFix 10-08-15.04 - Richard 08/16/2010 9:44.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.487 [GMT -4:00]
Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Richard\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.

2010-08-16 12:33 . 2010-08-16 12:33 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\PCHealth
2010-08-15 22:45 . 2010-08-15 22:45 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-08-15 20:43 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-15 20:43 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-15 20:43 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-15 20:43 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-15 20:43 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-15 20:43 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-15 20:43 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-15 20:42 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-15 20:42 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-15 19:59 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-14 17:51 . 2010-08-14 17:51 -------- d-----w- c:\documents and settings\Richard\Application Data\Registry Mechanic
2010-08-14 17:46 . 2010-08-14 17:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-11 13:32 . 2010-08-16 02:07 63488 ----a-w- c:\documents and settings\Richard\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-11 13:32 . 2010-08-11 13:32 52224 ----a-w- c:\documents and settings\Richard\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-11 13:32 . 2010-08-16 02:07 117760 ----a-w- c:\documents and settings\Richard\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-11 13:31 . 2010-08-11 13:31 -------- d-----w- c:\documents and settings\Richard\Application Data\SUPERAntiSpyware.com
2010-08-11 13:31 . 2010-08-11 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-11 13:31 . 2010-08-11 13:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-10 11:46 . 2010-08-10 11:47 -------- d-----w- c:\program files\ERUNT
2010-08-06 12:20 . 2010-08-06 12:20 -------- d-----w- c:\program files\Alwil Software
2010-08-06 12:10 . 2010-08-06 12:10 -------- dc----w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-08-05 20:46 . 2010-08-05 20:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-08-05 20:46 . 2010-08-06 11:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\liitcmopr
2010-08-04 17:55 . 2010-08-05 20:41 -------- d-----w- c:\documents and settings\Richard\Application Data\SafeReturner
2010-08-04 17:55 . 2010-08-05 20:41 -------- d-----w- c:\program files\Safe Returner
2010-08-04 14:28 . 2010-08-04 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-21 14:49 . 2010-07-21 14:49 -------- d-----w- c:\program files\Sophos
2010-07-19 21:17 . 2010-07-19 21:17 69 ----a-w- c:\windows\system32\32414875.bat
2010-07-19 15:21 . 2010-07-12 15:32 822784 ----a-w- c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\5m8omcu1.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 23:13 . 2008-08-16 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-15 04:00 . 2006-08-09 16:10 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-08-08 20:06 . 2006-08-20 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-08 18:48 . 2006-08-20 08:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-07 17:40 . 2010-06-26 16:21 -------- d-----w- c:\documents and settings\Richard\Application Data\QuickScan
2010-08-05 20:46 . 2009-07-12 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-05 20:46 . 2006-08-20 08:42 -------- d-----w- c:\program files\Lavasoft
2010-08-04 15:41 . 2007-12-01 16:19 -------- d-----w- c:\program files\PCDR5
2010-07-14 21:02 . 2010-07-14 21:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\IBM
2010-07-11 23:28 . 2010-07-11 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-11 22:50 . 2008-06-03 17:59 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-11 22:31 . 2010-07-11 22:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-11 22:31 . 2010-07-11 22:31 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-06-30 12:31 . 1980-01-01 07:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-26 16:29 . 2010-06-26 16:29 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-06-26 16:29 . 2010-06-26 16:29 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-06-26 16:29 . 2010-06-26 16:29 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-06-26 16:29 . 2010-06-26 16:29 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-06-24 12:22 . 1980-01-01 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 1980-01-01 07:00 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-22 03:46 . 2010-06-22 03:46 -------- d-----w- c:\documents and settings\NetworkService\Application Data\IBM
2010-06-21 15:27 . 1980-01-01 07:00 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-18 20:39 . 2010-06-18 20:38 -------- d-----w- c:\documents and settings\Richard\Application Data\U3
2010-06-17 14:03 . 1980-01-01 07:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-09 17:52 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 1980-01-01 07:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-04 12:49 . 2009-07-15 00:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-01 06:53 . 2010-06-01 06:53 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-31 20:34 . 2010-06-26 16:21 702120 ----a-w- c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\5m8omcu1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-05-31 20:34 . 2010-06-26 16:21 868456 ----a-w- c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\5m8omcu1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-01-03 19:19 . 2010-01-03 19:19 5031168 ----a-w- c:\program files\Common Files\lpuninstall.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\32414875.bat ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 69
Created time: 2010-07-19 21:17
Modified time: 2010-07-19 21:17
MD5: 604802586163BDC9EDA42F6A471E01AD
SHA1: FC255017A78E3EC103F73C8C8651EFFE08089C81

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"ChoiceMail"="c:\program files\Digiportal Software\ChoiceMail\ChoiceMail.exe" [2005-04-26 3518464]
"QuickenBillminder"="c:\program files\Quicken\Billmind.exe" [2006-10-27 17408]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2009-06-10 334224]
"Cookienator"="c:\program files\PC World Programs\Cookienator\cookienator.exe" [2009-10-19 1333472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 512000]
"TpShocks"="TpShocks.exe" [2007-09-28 181544]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"ControlCenter"="c:\program files\ThinkVantage Fingerprint Software\ctlcntr.exe" [2005-07-12 125026]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-29 344064]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-04-27 120368]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2006-08-21 1997568]
"PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-21 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-21 208896]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-10 868352]
"SetIcon"="\Program Files\SMSC\SetIcon.exe" [2004-04-28 42496]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-05 461584]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-08-01 540672]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-08 91688]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2010-1-3 5031168]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2010-1-3 5031168]

c:\documents and settings\Richard\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-9-2 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-4-9 221247]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2005-7-21 577597]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-1 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-07-12 16:45 109664 ------w- c:\program files\ThinkVantage Fingerprint Software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 07:45 28672 ------w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-12-01 04:16 24576 ------w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChoiceMail]
2005-04-26 02:10 3518464 ------w- c:\program files\Digiportal Software\ChoiceMail\ChoiceMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"= c:\\WINDOWS\\System32\\mmc.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\java.exe"=
"c:\\Program Files\\DigiPortal Software\\ChoiceMail\\ChoiceMail.exe"=
"c:\\Program Files\\DigiPortal Software\\ChoiceMail\\IzyMail.exe"=
"c:\\Program Files\\DigiPortal Software\\ChoiceMail\\WebMailSetupWizard.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [8/21/2006 5:04 AM 6912]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [9/28/2007 8:28 PM 19504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/15/2010 4:43 PM 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/15/2010 4:43 PM 17744]
R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [11/15/2005 5:11 PM 46142]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [8/2/2005 8:47 PM 3968]
R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [7/12/2005 12:37 PM 3328]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-15 c:\windows\Tasks\Billminder.job
- c:\program files\Quicken\billmind.exe [2004-07-17 02:21]

2010-08-03 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-08-09 09:19]

2006-08-19 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-08-09 00:32]
.
.
------- Supplementary Scan -------
.
uStart Page = https://webmail.nc.rr.com/do/logout?l=en-US&v=standard
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: intuit.com\ttlc
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\5m8omcu1.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\5m8omcu1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\5m8omcu1.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\5m8omcu1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 09:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\18.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\vrlogon.dll
c:\program files\ThinkVantage Fingerprint Software\ExtVapi.dll
c:\program files\Common Files\Virtual Token\psutil.dll
c:\program files\Common Files\Virtual Token\resmgr.dll
c:\program files\Common Files\Virtual Token\Remote.dll
c:\program files\Common Files\Virtual Token\passport.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\ThinkVantage Fingerprint Software\psfus.dll
c:\windows\system32\tphklock.dll
c:\program files\Common Files\Virtual Token\psdlg.dll
c:\program files\Common Files\Virtual Token\config.dll
c:\program files\Common Files\Virtual Token\LocPass.dll
c:\program files\Common Files\Virtual Token\SBioPass.dll

- - - - - - - > 'Explorer.exe'(3668)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-16 09:52:37
ComboFix-quarantined-files.txt 2010-08-16 13:52

Pre-Run: 122,486,464,512 bytes free
Post-Run: 122,490,916,864 bytes free

- - End Of File - - 53A2EB7505BF6DD1007181AA5D72F9B3

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, August 17, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, August 16, 2010 14:06:36
Records in database: 4133591
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 123982
Threats found: 10
Infected objects found: 13
Suspicious objects found: 0
Scan duration: 11:23:37

File name / Threat / Threats count
C:\Documents and Settings\LocalService\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\jar\des.jar-7fcabe2b-5a71a85a.zip Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\LocalService\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\jar\des.jar-7fcabe2b-5a71a85a.zip Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\LocalService\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\jar\des.jar-7fcabe2b-5a71a85a.zip Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\risdptsk.sys.vir Infected: Virus.Win32.TDSS.b 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP691\A0062688.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.br 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP724\A0069438.exe Infected: Trojan.Win32.FraudPack.bbsu 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP724\A0069511.exe Infected: Trojan.Win32.FraudPack.bbsu 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP737\A0071755.sys Infected: Virus.Win32.TDSS.b 1
E:\Richard's Documents\Downloads\freeripmp3.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.br 1
E:\Richard's Documents\Downloads\My Old Downloads\InboxScreensaver.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bv 1
E:\Richard's Documents\Downloads\My Old Downloads\Other Apps\tightvnc-1.2.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
E:\Richard's Documents\Downloads\My Old Downloads\Other Apps\tightvnc-1.2.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
E:\Richard's Documents\Downloads\My Old Downloads\Security Apps\cain_and_abel_password_cracker_setup.exe Infected: not-a-virus

SWTool.Win32.Cain.284 1

Selected area has been scanned.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Richard at 14:17:16.00 on Tue 08/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.562 [GMT -4:00]

============== Running Processes ===============

C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SMSC\SetIcon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Richard\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://webmail.nc.rr.com/do/logout?l=en-US&v=standard
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [ChoiceMail] "c:\program files\digiportal software\choicemail\ChoiceMail.exe"
uRun: [QuickenBillminder] c:\program files\quicken\Billmind.exe
uRun: [Eraser] c:\program files\eraser\Eraser.exe -hide
uRun: [Cookienator] "c:\program files\pc world programs\cookienator\cookienator.exe" /auto
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TP4EX] tp4ex.exe
mRun: [ControlCenter] "c:\program files\thinkvantage fingerprint software\ctlcntr.exe" /startup
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [cssauth] "c:\program files\ibm thinkvantage\client security solution\cssauth.exe" silent
mRun: [PDService.exe] "c:\program files\ibm thinkvantage\safeguard privatedisk\pdservice.exe"
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [SetIcon] \Program Files\SMSC\SetIcon.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\richard\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\docume~1\richard\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\richard\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: Send To &Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psfus.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\richard\applic~1\mozilla\firefox\profiles\5m8omcu1.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\richard\application data\mozilla\firefox\profiles\5m8omcu1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\documents and settings\richard\application data\mozilla\firefox\profiles\5m8omcu1.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\richard\application data\mozilla\firefox\profiles\5m8omcu1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [2006-8-21 6912]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-9-28 19504]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-11-15 46142]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-8-2 3968]
R2 SmiHlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2005-7-12 3328]
RUnknown aswFsBlk;aswFsBlk; [x]
RUnknown aswSP;aswSP; [x]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?]

=============== Created Last 30 ================

2010-08-16 19:41:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-16 19:41:11 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-15 19:59:58 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-15 17:13:37 0 d-sha-r- C:\cmdcons
2010-08-15 17:11:11 77312 ----a-w- c:\windows\MBR.exe
2010-08-15 17:11:11 256512 ----a-w- c:\windows\PEV.exe
2010-08-15 17:11:10 98816 ----a-w- c:\windows\sed.exe
2010-08-15 17:11:10 161792 ----a-w- c:\windows\SWREG.exe
2010-08-14 17:51:02 0 d-----w- c:\docume~1\richard\applic~1\Registry Mechanic
2010-08-11 13:31:33 0 d-----w- c:\docume~1\richard\applic~1\SUPERAntiSpyware.com
2010-08-11 13:31:33 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-11 13:31:23 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-06 12:10:31 0 dc----w- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-08-04 17:55:58 0 d-----w- c:\docume~1\richard\applic~1\SafeReturner
2010-08-04 17:55:52 0 d-----w- c:\program files\Safe Returner
2010-08-04 14:28:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-21 14:49:00 0 d-----w- c:\program files\Sophos
2010-07-19 21:17:50 69 ----a-w- c:\windows\system32\32414875.bat

==================== Find3M ====================

2010-08-15 04:00:00 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-07-27 06:30:35 8462336 ----a-w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 21:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:55 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-23 12:08:09 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\dllcache\srv.sys
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-18 13:36:12 3558912 ----a-w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ----a-w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\dllcache\msxml3.dll
2010-01-03 19:19:08 5031168 ----a-w- c:\program files\common files\lpuninstall.exe
2008-12-30 22:51:01 32768 -csh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008123020081231\index.dat

============= FINISH: 14:18:22.78 ===============

Blade81 · Aug 17, 2010

Hi,

Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Delete these files:
c:\windows\system32\32414875.bat
C:\Documents and Settings\LocalService\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\jar\des.jar-7fcabe2b-5a71a85a.zip
E:\Richard's Documents\Downloads\freeripmp3.exe
E:\Richard's Documents\Downloads\My Old Downloads\InboxScreensaver.exe
E:\Richard's Documents\Downloads\My Old Downloads\Security Apps\cain_and_abel_password_cracker_setup.exe

How's the system running?

rjs483374 · Aug 18, 2010

Deleted all the files you requested. I was hopeful until I installed AVAST 5 again. It is still being blocked from accessing it's virus database servers! I was able to access the database servers for Spybot and SUPERAntiSspyware. Both found additional viruses. Spybot found: Fraud.AVSecuritySuite (2 registry entries) and Win32.IRCBot.auf (1 browser setting). SUPERAntiSpyware found a bunch of infected files in C:\IBMWORK directories. Both apps deleted the infected files, which didn't change the blocked virus database servers problem. So, I think that I'm still infected.

Blade81 · Aug 18, 2010

Hi,

I was hopeful until I installed AVAST 5 again. It is still being blocked from accessing it's virus database servers!

Any error message?

Post fresh dds logs contents, please.

rjs483374 · Aug 18, 2010

Message just says "unable to connect to server." All of the other PCs on my network can connect to the same server OK. So I believe it's the virus blocking it. All of the things you've asked me to do seemed to discover and remove stuff, but apparently they aren't to the root of the infection.

Blade81 · Aug 19, 2010

Post fresh dds logs as requested, please.

rjs483374 · Aug 19, 2010

Sorry, I totally overlooked this request. Here they are:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Richard at 7:35:50.93 on Thu 08/19/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.435 [GMT -4:00]

============== Running Processes ===============

C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SMSC\SetIcon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Digiportal Software\ChoiceMail\ChoiceMail.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Digiportal Software\ChoiceMail\ChoiceMail.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Digiportal Software\ChoiceMail\IzyMail.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Documents and Settings\Richard\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://webmail.nc.rr.com/do/logout?l=en-US&v=standard
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
uRun: [ChoiceMail] "c:\program files\digiportal software\choicemail\ChoiceMail.exe"
uRun: [QuickenBillminder] c:\program files\quicken\Billmind.exe
uRun: [Eraser] c:\program files\eraser\Eraser.exe -hide
uRun: [Cookienator] "c:\program files\pc world programs\cookienator\cookienator.exe" /auto
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TP4EX] tp4ex.exe
mRun: [ControlCenter] "c:\program files\thinkvantage fingerprint software\ctlcntr.exe" /startup
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [cssauth] "c:\program files\ibm thinkvantage\client security solution\cssauth.exe" silent
mRun: [PDService.exe] "c:\program files\ibm thinkvantage\safeguard privatedisk\pdservice.exe"
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [SetIcon] \Program Files\SMSC\SetIcon.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\richard\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\docume~1\richard\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\richard\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: Send To &Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psfus.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\richard\applic~1\mozilla\firefox\profiles\5m8omcu1.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\richard\application data\mozilla\firefox\profiles\5m8omcu1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\documents and settings\richard\application data\mozilla\firefox\profiles\5m8omcu1.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\richard\application data\mozilla\firefox\profiles\5m8omcu1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [2006-8-21 6912]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-9-28 19504]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-11-15 46142]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-8-2 3968]
R2 SmiHlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2005-7-12 3328]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?]

=============== Created Last 30 ================

2010-08-16 19:41:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-16 19:41:11 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-15 19:59:58 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-15 17:13:37 0 d-sha-r- C:\cmdcons
2010-08-15 17:11:11 77312 ----a-w- c:\windows\MBR.exe
2010-08-15 17:11:11 256512 ----a-w- c:\windows\PEV.exe
2010-08-15 17:11:10 98816 ----a-w- c:\windows\sed.exe
2010-08-15 17:11:10 161792 ----a-w- c:\windows\SWREG.exe
2010-08-14 17:51:02 0 d-----w- c:\docume~1\richard\applic~1\Registry Mechanic
2010-08-11 13:31:33 0 d-----w- c:\docume~1\richard\applic~1\SUPERAntiSpyware.com
2010-08-11 13:31:33 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-11 13:31:23 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-06 12:10:31 0 dc----w- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-08-04 17:55:58 0 d-----w- c:\docume~1\richard\applic~1\SafeReturner
2010-08-04 17:55:52 0 d-----w- c:\program files\Safe Returner
2010-08-04 14:28:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-21 14:49:00 0 d-----w- c:\program files\Sophos

==================== Find3M ====================

2010-08-15 04:00:00 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-07-27 06:30:35 8462336 ----a-w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 21:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:55 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-23 12:08:09 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\dllcache\srv.sys
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-18 13:36:12 3558912 ----a-w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ----a-w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\dllcache\msxml3.dll
2010-01-03 19:19:08 5031168 ----a-w- c:\program files\common files\lpuninstall.exe
2008-12-30 22:51:01 32768 -csh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008123020081231\index.dat

============= FINISH: 7:36:38.51 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/19/2006 4:33:37 AM
System Uptime: 8/18/2010 1:27:40 PM (18 hours ago)

Motherboard: IBM | | 2531MTU
Processor: Intel(R) Pentium(R) M processor 2.00GHz | None | 1995/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 196 GiB total, 113.972 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 97 GiB total, 90.707 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP654: 5/21/2010 10:51:05 AM - System Checkpoint
RP655: 5/22/2010 11:28:35 AM - System Checkpoint
RP656: 5/23/2010 11:29:55 AM - System Checkpoint
RP657: 5/24/2010 12:29:55 PM - System Checkpoint
RP658: 5/25/2010 1:29:56 PM - System Checkpoint
RP659: 5/26/2010 3:00:22 AM - Software Distribution Service 3.0
RP660: 5/27/2010 3:29:57 AM - System Checkpoint
RP661: 5/28/2010 3:30:20 AM - System Checkpoint
RP662: 5/29/2010 4:30:18 AM - System Checkpoint
RP663: 5/30/2010 5:30:17 AM - System Checkpoint
RP664: 5/31/2010 6:30:17 AM - System Checkpoint
RP665: 6/1/2010 6:42:18 AM - System Checkpoint
RP666: 6/1/2010 10:06:57 PM - Restore Operation
RP667: 6/1/2010 10:11:27 PM - Restore Operation
RP668: 6/2/2010 10:19:40 PM - System Checkpoint
RP669: 6/3/2010 10:52:45 PM - System Checkpoint
RP670: 6/4/2010 11:24:15 PM - System Checkpoint
RP671: 6/5/2010 11:48:59 PM - System Checkpoint
RP672: 6/7/2010 12:48:57 AM - System Checkpoint
RP673: 6/8/2010 1:48:57 AM - System Checkpoint
RP674: 6/9/2010 2:44:22 AM - System Checkpoint
RP675: 6/10/2010 3:44:26 AM - System Checkpoint
RP676: 6/11/2010 4:44:26 AM - System Checkpoint
RP677: 6/12/2010 5:44:28 AM - System Checkpoint
RP678: 6/16/2010 9:42:44 PM - System Checkpoint
RP679: 6/17/2010 9:46:19 PM - System Checkpoint
RP680: 6/18/2010 10:46:20 PM - System Checkpoint
RP681: 6/19/2010 11:47:25 PM - System Checkpoint
RP682: 6/21/2010 12:11:45 AM - System Checkpoint
RP683: 6/22/2010 12:23:29 AM - System Checkpoint
RP684: 6/23/2010 1:23:31 AM - System Checkpoint
RP685: 6/25/2010 10:20:54 PM - System Checkpoint
RP686: 6/26/2010 3:40:56 PM - Spybot-S&D Spyware removal
RP687: 6/27/2010 4:31:30 PM - System Checkpoint
RP688: 6/28/2010 11:07:05 AM - Spybot-S&D Spyware removal
RP689: 6/29/2010 11:23:19 AM - System Checkpoint
RP690: 6/29/2010 4:18:52 PM - Spybot-S&D Spyware removal
RP691: 7/1/2010 4:59:31 PM - Spybot-S&D Spyware removal
RP692: 7/2/2010 9:04:33 PM - System Checkpoint
RP693: 7/3/2010 11:06:37 PM - System Checkpoint
RP694: 7/4/2010 11:38:26 PM - System Checkpoint
RP695: 7/6/2010 12:01:21 AM - System Checkpoint
RP696: 7/7/2010 1:01:23 AM - System Checkpoint
RP697: 7/8/2010 2:01:20 AM - System Checkpoint
RP698: 7/9/2010 3:01:22 AM - System Checkpoint
RP699: 7/10/2010 3:07:29 AM - System Checkpoint
RP700: 7/11/2010 4:07:30 AM - System Checkpoint
RP701: 7/12/2010 4:30:32 AM - System Checkpoint
RP702: 7/13/2010 5:01:04 AM - System Checkpoint
RP703: 7/14/2010 12:25:53 PM - System Checkpoint
RP704: 7/16/2010 5:25:55 PM - System Checkpoint
RP705: 7/17/2010 5:35:23 PM - System Checkpoint
RP706: 7/18/2010 6:00:45 PM - System Checkpoint
RP707: 7/20/2010 2:03:52 PM - System Checkpoint
RP708: 7/21/2010 10:01:21 PM - System Checkpoint
RP709: 7/22/2010 10:32:01 PM - System Checkpoint
RP710: 7/23/2010 11:30:55 PM - System Checkpoint
RP711: 7/26/2010 2:34:27 PM - System Checkpoint
RP712: 7/27/2010 2:45:43 PM - System Checkpoint
RP713: 7/28/2010 3:04:31 PM - System Checkpoint
RP714: 7/29/2010 4:18:54 PM - System Checkpoint
RP715: 7/30/2010 5:14:07 PM - System Checkpoint
RP716: 7/31/2010 6:16:38 PM - System Checkpoint
RP717: 8/1/2010 6:49:36 PM - System Checkpoint
RP718: 8/2/2010 7:50:37 PM - System Checkpoint
RP719: 8/3/2010 7:50:53 PM - System Checkpoint
RP720: 8/4/2010 10:28:23 AM - avast! Free Antivirus Setup
RP721: 8/4/2010 1:28:34 PM - avast! Free Antivirus Setup
RP722: 8/5/2010 4:03:14 PM - Restore Operation
RP723: 8/5/2010 4:07:44 PM - Restore Operation
RP724: 8/5/2010 6:49:28 PM - Restore Operation
RP725: 8/6/2010 8:20:30 AM - avast! Free Antivirus Setup
RP726: 8/7/2010 12:34:55 PM - System Checkpoint
RP727: 8/7/2010 1:24:08 PM - avast! Free Antivirus Setup
RP728: 8/8/2010 2:01:28 PM - System Checkpoint
RP729: 8/8/2010 6:59:53 PM - avast! Free Antivirus Setup
RP730: 8/8/2010 8:08:30 PM - avast! Free Antivirus Setup
RP731: 8/9/2010 4:18:25 PM - avast! Free Antivirus Setup
RP732: 8/10/2010 7:34:34 AM - avast! Free Antivirus Setup
RP733: 8/11/2010 7:45:49 AM - System Checkpoint
RP734: 8/12/2010 8:24:31 AM - System Checkpoint
RP735: 8/13/2010 9:20:09 AM - System Checkpoint
RP736: 8/14/2010 10:20:49 AM - System Checkpoint
RP737: 8/15/2010 12:26:07 PM - System Checkpoint
RP738: 8/15/2010 4:42:35 PM - avast! Free Antivirus Setup
RP739: 8/15/2010 6:45:00 PM - Software Distribution Service 3.0
RP740: 8/16/2010 3:23:55 PM - Removed IBM 32-bit Runtime Environment for Java 2, v1.4.2
RP741: 8/16/2010 3:25:47 PM - Software Distribution Service 3.0
RP742: 8/16/2010 3:40:44 PM - Installed Java(TM) 6 Update 21
RP743: 8/16/2010 7:58:06 PM - avast! Free Antivirus Setup
RP744: 8/17/2010 8:40:44 PM - System Checkpoint
RP745: 8/17/2010 10:38:33 PM - avast! Free Antivirus Setup
RP746: 8/17/2010 10:43:27 PM - avast! Free Antivirus Setup
RP747: 8/18/2010 11:32:00 PM - System Checkpoint

==== Installed Programs ======================

Access Help
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
APC PowerChute Personal Edition
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
Brother MFC-8890DW
Brother P-touch Editor 5.0
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-Branding
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
ChoiceMail One Single User 3.1
Click'N Design 3D
Cookienator
DING!
DropMyRights
Eraser 5.8.7
ERUNT 1.1j
Fingerprint Tutorial
Free Create-Burn ISO Image v2.0
FreeRIP v3.1
Help Center
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB922120-v6)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
InterVideo WinDVD
InterVideo WinDVD Creator 3
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 6 Update 21
LastPass (uninstall only)
Lenovo Battery Program
LiveUpdate 2.6 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Magic ISO Maker v5.5 (build 0276)
Maintenance Manager
mCore
mDriver
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 5.5
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Sounds
Microsoft Office Ultimate 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
mMHouse
Mozilla Firefox (3.6.8)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
Norton PartitionMagic
Norton PartitionMagic 8.0
OGA Notifier 2.0.0048.0
PC-Doctor 5 for Windows
Pretty Good Solitaire 2k
Productivity Center Supplement for ThinkPad
Quicken 2005
QuickTime
Readerware
RecordNow Audio
RecordNow Copy
RecordNow Data
Remote Control USB Driver
Remove Multimedia Center
Rescue and Recovery - Client Security Solution
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Safe Returner 1.22
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB982127)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skins
Software Installer
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
Sony Picture Utility
Sony USB Driver
Sophos Anti-Rootkit 1.5.4
SoundMAX
Spybot - Search & Destroy
SUPERAntiSpyware
System Migration Assistant
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad Configuration
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad Presentation Director
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkPad UltraNav Wizard
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 4.6.0
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
TrackPoint Accessibility Features
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnciper
TurboTax 2009 wrapper
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB 2.0 Multimedia Reader/Writer
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
vitalsource KEY 3
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
XP Themes
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== Event Viewer Messages From Past Week ========

8/15/2010 7:09:15 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524).
8/15/2010 6:47:54 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/15/2010 6:45:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
8/15/2010 6:45:44 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/15/2010 10:05:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/15/2010 10:04:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 ANC aswSP aswTdi Fips IBMTPCHK intelppm SASDIFSV SASKUTIL Smapint TDSMAPI TPHKDRV TPPWRIF TSMAPIP
8/15/2010 1:33:30 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
8/15/2010 1:20:59 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
8/15/2010 1:20:31 PM, error: ati2mtag [43034] - Unknown EDID version
8/15/2010 1:16:08 PM, error: Service Control Manager [7034] - The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s).
8/15/2010 1:16:08 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

==== End Of File ===========================

Blade81 · Aug 19, 2010

Hi,

Make sure firewall doesn't block Avast and try updating again.

rjs483374 · Aug 20, 2010

Hi,

The only firewall I have running is Windows Firewall. And all of the other computers on my network are configured the same way and they don't have a problem updating AVAST virus definitions.

The error is: connecting to servers.def.vpx...failed to connect to server. The final message says the server is download931.avast.com (74.54.24.242:80).

Did the logs not show any infections?

rjs483374 · Aug 20, 2010

Hi again,

I installed AVAST again and ran it with the virus defs it included in the installation package. It found several files infected with Win32:Alureon-FZ. I quarantined these files. I tried to download new file defs again, same error. I have to shut down the PC now, I will traveling the rest of the day. Check back with you tomorrow after I run some more scans and test downloading again. Thanks for sticking with me on this problem.

Blade81 · Aug 20, 2010

Hi,

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log in your reply.

rjs483374 · Aug 22, 2010

Hi, here's the report you requested:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 188):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7A90000 \WINDOWS\system32\KDCOM.DLL
0xF79A0000 \WINDOWS\system32\BOOTVID.dll
0xF7461000 ACPI.sys
0xF7A92000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7450000 pci.sys
0xF7590000 isapnp.sys
0xF79A4000 compbatt.sys
0xF79A8000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B58000 pciide.sys
0xF7810000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7432000 pcmcia.sys
0xF75A0000 MountMgr.sys
0xF7413000 ftdisk.sys
0xF7A94000 dmload.sys
0xF73ED000 dmio.sys
0xF7818000 PartMgr.sys
0xF79AC000 ACPIEC.sys
0xF7B59000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF75B0000 VolSnap.sys
0xF73D5000 atapi.sys
0xF75C0000 disk.sys
0xF75D0000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73B5000 fltmgr.sys
0xF73A3000 sr.sys
0xF738D000 DRVMCDB.SYS
0xF75E0000 PxHelp20.sys
0xF7376000 KSecDD.sys
0xF7363000 WudfPf.sys
0xF72D6000 Ntfs.sys
0xF7A96000 ANCSQ.sys
0xF72A9000 \WINDOWS\System32\drivers\NDIS.SYS
0xF728D000 Apsx86.sys
0xF7820000 ApsHM86.sys
0xF7828000 risdptsk.sys
0xF75F0000 ohci1394.sys
0xF7600000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7273000 Mup.sys
0xF7740000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7700000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6864000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6850000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6828000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF67FD000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF7908000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF67D9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7910000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF67C5000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF64A2000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF7710000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7918000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6476000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AD6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7920000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7928000 \SystemRoot\system32\DRIVERS\nscirda.sys
0xF7202000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF7930000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
0xF71FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF71F6000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xF7720000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7938000 \SystemRoot\system32\drivers\iviaspi.sys
0xF7AD8000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF7730000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7750000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6453000 \SystemRoot\system32\DRIVERS\ks.sys
0xF630F000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF7BB9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7940000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF7948000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7790000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6AC1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF62F8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7760000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7770000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF62E7000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7780000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7950000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7958000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF62B7000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF77A0000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7960000 \SystemRoot\system32\DRIVERS\psadd.sys
0xF7ADA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF61B9000 \SystemRoot\system32\DRIVERS\update.sys
0xF6AA9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77D0000 \SystemRoot\system32\DRIVERS\zumbus.sys
0xF77E0000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF6115000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF7800000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE0C3000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xEE09F000 \SystemRoot\system32\drivers\portcls.sys
0xF7650000 \SystemRoot\system32\drivers\drmk.sys
0xEE088000 \SystemRoot\system32\drivers\AEAudio.sys
0xEE054000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xEDF62000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xEDEAF000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7968000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7680000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF723A000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7AF2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C7C000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AF4000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7990000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF7840000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7848000 \SystemRoot\System32\drivers\vga.sys
0xF7AF6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AF8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7850000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7858000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF722E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEDD6F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEDD16000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF76D0000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xEDCC8000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEDCA0000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEDC7E000 \SystemRoot\System32\drivers\afd.sys
0xF76E0000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7860000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xF7868000 \SystemRoot\System32\drivers\Tppwrif.sys
0xF7870000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xF7878000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xF78A8000 \SystemRoot\System32\drivers\Smapint.sys
0xEDBEC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7880000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xEDBC1000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF7CA8000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xEDB51000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7AFC000 \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
0xF6297000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7888000 \SystemRoot\System32\Drivers\tcusb.sys
0xEDB2A000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF6287000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF61B1000 \SystemRoot\System32\drivers\ANC.SYS
0xF78B0000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF6277000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xED9E9000 \SystemRoot\System32\Drivers\Udfs.SYS
0xED9D1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B3C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEDA12000 \SystemRoot\System32\drivers\Dxapi.sys
0xEDC6E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B91000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF057000 \SystemRoot\System32\ati2cqag.dll
0xBF0B1000 \SystemRoot\System32\atikvmag.dll
0xBF101000 \SystemRoot\System32\atiok3x2.dll
0xBF113000 \SystemRoot\System32\ati3duag.dll
0xBF3DD000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEB729000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xEDE74000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7CBF000 \SystemRoot\System32\DLA\DLADResN.SYS
0xEB6A3000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xEB71D000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7AB6000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF7CC4000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
0xF78B8000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xEB663000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xEB64D000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xEB55D000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xEB42F000 \SystemRoot\system32\DRIVERS\irda.sys
0xEB559000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xEB68B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEB4E5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xEB2D8000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF7970000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xEB1C5000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xEB048000 \SystemRoot\system32\drivers\wdmaud.sys
0xF6257000 \SystemRoot\system32\drivers\sysaudio.sys
0xF71C5000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF78A0000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
0xEDDA4000 \SystemRoot\System32\drivers\aspi32.sys
0xF7B06000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
0xF6F54000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7101000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
0xF6F40000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF6D1D000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7B1E000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
0xF706D000 \??\C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys
0xF7B8F000 \??\C:\Program Files\SMI2\smi2.sys
0xF7890000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF6BBD000 \SystemRoot\System32\Drivers\btwusb.sys
0xF78D0000 \SystemRoot\system32\DRIVERS\btport.sys
0xB998D000 \SystemRoot\system32\DRIVERS\btwdndis.sys
0xB992B000 \SystemRoot\system32\drivers\btaudio.sys
0xBA758000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 93):
0 System Idle Process
4 System
896 C:\WINDOWS\system32\smss.exe
948 csrss.exe
976 C:\WINDOWS\system32\winlogon.exe
1024 C:\WINDOWS\system32\services.exe
1036 C:\WINDOWS\system32\lsass.exe
1204 C:\Program Files\Common Files\Virtual Token\vtserver.exe
1220 C:\WINDOWS\system32\ibmpmsvc.exe
1252 C:\WINDOWS\system32\ati2evxx.exe
1268 C:\WINDOWS\system32\svchost.exe
1360 svchost.exe
1400 C:\WINDOWS\system32\svchost.exe
1432 C:\WINDOWS\system32\svchost.exe
1512 C:\WINDOWS\system32\ati2evxx.exe
1620 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1672 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1760 svchost.exe
1956 svchost.exe
508 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
924 C:\WINDOWS\system32\spoolsv.exe
384 C:\WINDOWS\explorer.exe
1292 svchost.exe
1788 C:\WINDOWS\system32\IPSSVC.EXE
1800 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
1832 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
1892 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1720 C:\WINDOWS\system32\TpShocks.exe
2076 C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
2128 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
2144 C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
2256 C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
2264 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
2288 svchost.exe
2296 C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.EXE
2344 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2368 C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
2456 C:\WINDOWS\system32\svchost.exe
2504 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
2532 C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
2544 C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
2576 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
2664 C:\WINDOWS\system32\rundll32.exe
2680 C:\Program Files\Java\jre6\bin\jqs.exe
2856 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2912 C:\Program Files\SMSC\SetIcon.exe
2920 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2932 C:\WINDOWS\system32\rundll32.exe
3008 C:\WINDOWS\system32\svchost.exe
3128 C:\Program Files\Lenovo\System Update\SUService.exe
3140 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
3240 C:\WINDOWS\system32\dla\DLACTRLW.EXE
3300 C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
3392 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3396 C:\Program Files\Analog Devices\Core\smax4pnp.exe
3480 C:\Program Files\Zune\ZuneLauncher.exe
3620 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3640 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
3732 C:\WINDOWS\system32\TPHDEXLG.exe
3764 C:\WINDOWS\system32\TpKmpSvc.exe
3860 ibmtcsd.exe
3964 C:\Program Files\Digiportal Software\ChoiceMail\ChoiceMail.exe
4004 C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
4068 C:\Program Files\Eraser\Eraser.exe
4080 C:\Program Files\Digiportal Software\ChoiceMail\ChoiceMail.exe
612 C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
672 C:\WINDOWS\system32\searchindexer.exe
604 C:\Program Files\Windows Media Player\wmpnscfg.exe
1608 wmiprvse.exe
2220 C:\WINDOWS\system32\ZuneBusEnum.exe
2596 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2608 C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
2640 C:\WINDOWS\system32\ctfmon.exe
2760 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
3092 wmpnetwk.exe
3692 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
3856 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3912 C:\WINDOWS\system32\wscntfy.exe
268 C:\Program Files\Digital Line Detect\DLG.exe
2712 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
3688 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4112 C:\Program Files\Southwest Airlines\Ding\Ding.exe
4296 C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
4564 C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
4624 alg.exe
4900 C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
5304 C:\Program Files\Digiportal Software\ChoiceMail\IzyMail.exe
5628 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
1508 C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
5564 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
2652 C:\WINDOWS\system32\searchprotocolhost.exe
2648 searchfilterhost.exe
5528 C:\Documents and Settings\Richard\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000032`452a4000 (NTFS)

PhysicalDrive0 Model Number: ST9320421AS, Rev: SD13

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 5187B93741D304E81260A9667239F6D3996602E7

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Blade81 · Aug 22, 2010

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format).

rjs483374 · Aug 22, 2010

Hi,

I ran tdsskiller as instructed. It didn't find any infections, but, being suspcious, I checked the log file and didn't see any indication that the boot record had been scanned. So I unchecked the drivers, leaving only the boot record checked. As I suspected, it did not scan the boot record at all; I guess that the virus blocked it from running! So, I didn't think that you wanted to see the log file; if you do, just let me know and I will post it. Might it run from safe mode?

Can't access AV servers or do Win Restore

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member