Inactive Laptop infected with PC perf & stability report; logs posted

[nytechguy]

When I boot my pc I instantly receive the warnings from the PC Performance & Stability Report. I am unable to see my desktop icons, and my C drive appears blank, although I'm pretty sure the data is still there just looking at total drive size. I've pasted several logs for assistance, thanks in advance for your help.

Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.org

Database version: 7962

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

10/16/2011 11:35:50 PM
mbam-log-2011-10-16 (23-35-50).txt

Scan type: Quick scan
Objects scanned: 196279
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 10
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpqlemcfMxPg.exe (Trojan.FakeAlert) -> Value: UpqlemcfMxPg.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\2600 (Trojan.Agent) -> Value: 2600 -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\upqlemcfmxpg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\local settings\Temp\7102fb5e.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\6dss92c31apgjk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\local settings\Temp\0006fb65.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\local settings\Temp\04adfb61.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\local settings\Temp\0d4efb63.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\local settings\Temp\54acfb62.com (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\local settings\Temp\5501fb64.com (Trojan.Agent) -> Quarantined and deleted successfully.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-17 04:55:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST910082 rev.3.CM
Running: rt60ln90.exe; Driver: C:\DOCUME~1\qu439141\LOCALS~1\Temp\kgliqfob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwAllocateVirtualMemory [0xF7810750]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xF7810880]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwWriteVirtualMemory [0xF78109B0]

---- Kernel code sections - GMER 1.0.15 ----

? cmeb.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by qu439141 at 4:58:14 on 2011-10-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.998.635 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Memeo AutoSync] c:\program files\memeo\autosync\MemeoLauncher2.exe --silent
mRun: [Memeo Send] c:\program files\memeo\memeo send\MemeoLauncher.exe --silent
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\qu439141\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://169.226.53.130/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 169.226.194.115
TCP: Interfaces\{B106C060-3271-4A3F-84B0-7E4453E644DE} : DhcpNameServer = 169.226.194.115
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli psqlpwd
Hosts: 10.10.2.20 dcs.cnse.albany.edu
Hosts: 10.10.2.30 hasd.cnse.albany.edu
Hosts: 10.10.2.33 sms.cnse.albany.edu
Hosts: 10.10.2.181 rmedb.cnse.albany.edu
.
============= SERVICES / DRIVERS ===============
.
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-12-1 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-12-1 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-12-1 2477304]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-2 136176]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-15 11152]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-5-5 583360]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-12-1 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-16 105592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-2 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111015.005\NAVENG.SYS [2011-10-16 86136]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111015.005\NAVEX15.SYS [2011-10-16 1576312]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-4-30 14336]
.
=============== Created Last 30 ================
.
2011-10-17 03:28:49 -------- d-----w- c:\documents and settings\qu439141\application data\Malwarebytes
2011-10-17 03:19:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-17 03:19:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-17 03:19:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-17 02:41:25 528224 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-16 05:24:36 -------- d--h--w- c:\program files\KLayout
2011-10-09 21:02:31 -------- d--h--w- c:\documents and settings\qu439141\local settings\application data\Help
2011-09-23 06:34:35 -------- d--h--w- c:\documents and settings\all users\application data\MemeoCommon
2011-09-23 05:44:49 -------- d--h--w- c:\documents and settings\qu439141\application data\Memeo
2011-09-23 05:44:35 -------- d--h--w- c:\documents and settings\qu439141\application data\Seagate
2011-09-23 05:43:11 -------- d--h--w- c:\program files\common files\Memeo
2011-09-23 05:43:04 -------- d--h--w- c:\program files\Memeo
2011-09-23 05:42:00 -------- d--h--w- c:\program files\Seagate
.
==================== Find3M ====================
.
2011-10-15 21:04:56 167936 ---ha-w- c:\windows\system32\drivers\wpshelper.sys
2011-09-29 21:58:27 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 15:41:20 611328 ---ha-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ---ha-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ---ha-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ---ha-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ---ha-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ---ha-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ---h--w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ---h--w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ---ha-w- c:\windows\system32\drivers\afd.sys
2011-07-20 20:21:26 60808 ---ha-w- c:\windows\system32\S32EVNT1.DLL
2011-07-20 20:21:26 124976 ---ha-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-20 17:19:08 33536 ---ha-w- c:\windows\system32\drivers\tvtfilter.sys
2011-07-20 17:18:58 129784 ---ha-w- c:\windows\system32\pxafs.dll
2011-07-20 17:18:58 118520 ---ha-w- c:\windows\system32\pxinsi64.exe
2011-07-20 17:18:57 36624 ---ha-w- c:\windows\system32\drivers\pxhelp20.sys
2011-07-20 17:18:57 115960 ---ha-w- c:\windows\system32\pxcpyi64.exe
2011-07-20 17:18:17 7012 ---ha-w- c:\windows\system32\drivers\pmemnt.sys
2011-07-20 17:01:18 21393 ---ha-w- c:\windows\system32\drivers\AegisP.sys
2011-07-20 17:01:18 21393 ---ha-w- c:\windows\AegisP.sys
.
============= FINISH: 5:04:00.14 ===============

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================================

All logs have to be pasted including Attach.txt log.

Any particular reason why all scans were run from safe mode?

 

[nytechguy]

Scans were run in safe mode bc the machine was unresponsive in protective mode. Do you suggest I re-run them in protected mode if possible. I can paste the attach.txt log as well, just read that it should be zipped, no problem.
Thanks for replying back so quickly

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/20/2011 3:58:50 PM
System Uptime: 10/16/2011 11:36:49 PM (6 hours ago)
.
Motherboard: LENOVO | | 7658RVU
Processor: Intel Pentium III Xeon processor | None | 2094/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 88 GiB total, 38.594 GiB free.
D: is CDROM ()
V: is NetworkDisk (NTFS) - 604 GiB total, 361.903 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP1: 7/20/2011 3:58:55 PM - System Checkpoint
RP2: 7/20/2011 4:07:10 PM - Removed Access Help
RP3: 7/20/2011 4:07:35 PM - Removed Help Center
RP4: 7/20/2011 4:08:12 PM - Removed Message Center
RP5: 7/20/2011 4:08:57 PM - Removed Productivity Center Supplement
RP6: 7/20/2011 4:11:34 PM - Removed System Migration Assistant
RP7: 7/20/2011 4:12:12 PM - Removed ThinkVantage Access Connections
RP8: 7/20/2011 4:12:40 PM - Removed ThinkVantage Active Protection System.
RP9: 7/20/2011 4:13:02 PM - Removed Productivity Center
RP10: 7/20/2011 4:20:18 PM - Installed Symantec Endpoint Protection.
RP11: 7/20/2011 4:34:39 PM - Installed Windows XP Service Pack 3.
RP12: 7/20/2011 4:52:10 PM - Installed Microsoft Office Professional Plus 2010
RP13: 7/20/2011 2:35:51 PM - Software Distribution Service 3.0
RP14: 7/20/2011 3:01:11 PM - Software Distribution Service 3.0
RP15: 7/20/2011 5:00:54 PM - Installed Windows XP WgaNotify.
RP16: 7/20/2011 5:03:18 PM - Software Distribution Service 3.0
RP17: 7/20/2011 5:50:02 PM - Software Distribution Service 3.0
RP18: 7/26/2011 9:32:36 PM - Software Distribution Service 3.0
RP19: 7/29/2011 1:09:42 AM - System Checkpoint
RP20: 8/2/2011 12:04:30 AM - System Checkpoint
RP21: 8/2/2011 2:11:01 AM - Installed Cisco AnyConnect VPN Client
RP22: 8/2/2011 2:42:01 AM - Installed IBM SiView Standard Material Manager R6.0
RP23: 8/2/2011 2:46:55 AM - Installed IBM SiView Standard Specification Manager R6.0
RP24: 8/6/2011 7:52:06 PM - System Checkpoint
RP25: 8/7/2011 11:42:46 PM - System Checkpoint
RP26: 8/9/2011 2:24:23 AM - System Checkpoint
RP27: 8/15/2011 1:48:48 AM - System Checkpoint
RP28: 8/15/2011 3:00:20 AM - Software Distribution Service 3.0
RP29: 8/16/2011 11:59:06 PM - System Checkpoint
RP30: 8/22/2011 9:05:23 PM - System Checkpoint
RP31: 8/25/2011 1:11:44 AM - System Checkpoint
RP32: 8/29/2011 4:47:59 PM - System Checkpoint
RP33: 8/31/2011 11:44:43 AM - System Checkpoint
RP34: 9/4/2011 9:29:21 PM - System Checkpoint
RP35: 9/7/2011 1:17:36 AM - System Checkpoint
RP36: 9/8/2011 2:27:35 PM - System Checkpoint
RP37: 9/10/2011 2:20:04 PM - System Checkpoint
RP38: 9/12/2011 12:16:57 PM - System Checkpoint
RP39: 9/13/2011 2:02:59 PM - Software Distribution Service 3.0
RP40: 9/14/2011 7:34:56 PM - System Checkpoint
RP41: 9/15/2011 8:52:36 AM - Software Distribution Service 3.0
RP42: 9/18/2011 12:58:56 AM - System Checkpoint
RP43: 9/19/2011 1:02:35 AM - System Checkpoint
RP44: 9/20/2011 2:00:09 AM - System Checkpoint
RP45: 9/21/2011 3:56:39 AM - System Checkpoint
RP46: 9/23/2011 12:30:03 AM - System Checkpoint
RP47: 9/23/2011 1:42:13 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP48: 9/25/2011 10:23:11 AM - System Checkpoint
RP49: 9/30/2011 3:00:20 AM - Software Distribution Service 3.0
RP50: 10/1/2011 8:53:29 PM - System Checkpoint
RP51: 10/3/2011 4:14:21 PM - System Checkpoint
RP52: 10/6/2011 3:31:39 AM - System Checkpoint
RP53: 10/7/2011 4:09:24 AM - System Checkpoint
RP54: 10/9/2011 12:21:09 AM - System Checkpoint
RP55: 10/10/2011 12:39:29 AM - System Checkpoint
RP56: 10/15/2011 2:35:07 PM - System Checkpoint
RP57: 10/16/2011 3:00:24 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
7-Zip 4.57
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.3.1
Cisco AnyConnect VPN Client
Client Security Solution
CNSE Production Application Manager
CNSE Production Material Manager
CNSE Production Specification Manager
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diskeeper Lite
FileZilla Client 3.5.0
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969084)
IBM SiView Standard Material Manager R6.0
IBM SiView Standard Specification Manager R6.0
Integrated Camera
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo Register Manager
InterVideo WinDVD
InterVideo WinDVD Creator 3
J2SE Runtime Environment 5.0 Update 6
Klayout - Layout Viewer And Editor
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
mCore
mDriver
Memeo AutoSync
Memeo Instant Backup
Memeo Send
Memeo Share
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft Visual C++ 2005 Redistributable
mMHouse
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
mWlsSafe
On Screen Display
Orbix3.3 for NT
Presentation Director
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Seagate Dashboard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
Symantec Endpoint Protection
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Fingerprint Software 5.6
ThinkVantage Technologies Welcome Message
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Toolbar
Windows Management Framework Core
Windows Media Connect
Windows Media Format Runtime
Windows XP Service Pack 3
XP Themes
.
==== Event Viewer Messages From Past Week ========
.
10/16/2011 2:59:35 PM, error: Service Control Manager [7022] - The Wireless Zero Configuration service hung on starting.
10/16/2011 11:38:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm ohci1394 SPBBCDrv SRTSP SRTSPX SYMTDI TPHKDRV TPPWRIF TSMAPIP
10/16/2011 11:37:22 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
10/16/2011 11:15:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm SPBBCDrv SRTSP SRTSPX SYMTDI TPHKDRV TPPWRIF TSMAPIP
10/16/2011 11:14:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/16/2011 10:38:31 PM, error: NETLOGON [5776] - Failed to create/open file \system32\config\netlogon.ftl with the following error: Access is denied.
10/16/2011 10:36:48 PM, error: Dhcp [1002] - The IP address lease 192.168.1.8 for the Network Card with network address 001DE0996B81 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
10/15/2011 6:10:18 PM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the SharedAccess service.
10/14/2011 8:12:05 PM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the RasMan service.
10/14/2011 8:10:05 PM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the wuauserv service.
10/14/2011 8:08:05 PM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the W32Time service.
10/14/2011 8:06:05 PM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the Schedule service.
10/14/2011 8:04:05 PM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the SENS service.
10/14/2011 12:10:16 AM, error: Service Control Manager [7011] - Timeout (120000 milliseconds) waiting for a transaction response from the Netman service.
10/12/2011 12:18:17 AM, error: NETLOGON [5719] - No Domain Controller is available for domain UALBANY due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
.
==== End Of File ===========================

 

[Broni]

Yes, see if you can re-run DDS and MBAM in normal mode.

 

[nytechguy]

Ok, should I do a full MBAM Scan or quik one?
Thanks

 

[Broni]

"Quick scan" will do.