TechSpot

Malware enables Proxy

By Juniormint
Dec 6, 2010
  1. Got a file not found pop up for csrss.exe after rebooting following the Malwarebytes scan. Posting the various logs from the 8-step thread.

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5254

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    06/12/2010 6:42:16 AM
    mbam-log-2010-12-06 (06-42-16).txt

    Scan type: Quick scan
    Objects scanned: 165330
    Time elapsed: 4 minute(s), 16 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    c:\documents and settings\admin\application data\microsoft\conhost.exe (Spyware.Passwords.XGen) -> 2988 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Spyware.Passwords.XGen) -> Value: svchost -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\admin\application data\microsoft\conhost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\documents and settings\admin\application data\microsoft\svchost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\documents and settings\admin\application data\microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\admin\local settings\Temp\csrss.exe (Trojan.Agent) -> Delete on reboot.

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-06 06:55:27
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.PS11
    Running: z34qoytk.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\uwldrpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA227ECF0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA227EBAC]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA227F160]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA227F08A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA227E782]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA227EC86]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA227E6C2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA227E726]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA227EDA6]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA227F22E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA227ED66]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA227EEE6]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA228BBAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA228B9D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA228BB0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A228BB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A228B9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A22875D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A2288FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A228BBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    ? fhdql.sys The system cannot find the file specified. !
    .vmp2 C:\WINDOWS\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x9A9F269D]

    ---- User code sections - GMER 1.0.15 ----

    .text D:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1536] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003A0002
    IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003A0000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \FileSystem\Ntfs \Ntfs tvtfilter.sys (Rescue and Recovery filter driver/Lenovo)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\Fastfat \Fat 97907D20

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

    ---- EOF - GMER 1.0.15 ----
     
  2. Juniormint

    Juniormint TS Rookie Topic Starter

    --- Attach.txt ---

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-05.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 16/09/2010 3:58:48 PM
    System Uptime: 06/12/2010 6:43:59 AM (1 hours ago)

    Motherboard: LENOVO | |
    Processor: Intel Pentium III Xeon processor | None | 2394/266mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 57 GiB total, 26.551 GiB free.
    D: is FIXED (NTFS) - 170 GiB total, 143.982 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {5B31D1B0-17B6-4917-A896-338F5E9BE07B}
    Description: ThinkPad Docking USB Host Controller - 2939
    Device ID: PCI\VEN_8086&DEV_2939&SUBSYS_20F017AA&REV_03\3&B1BFB68&0&D2
    Manufacturer: Lenovo
    Name: ThinkPad Docking USB Host Controller - 2939
    PNP Device ID: PCI\VEN_8086&DEV_2939&SUBSYS_20F017AA&REV_03\3&B1BFB68&0&D2
    Service: usbuhci

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================


    Access Help
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    AT&T Service Activation
    avast! Free Antivirus
    BitTorrent
    Client Security - Password Manager
    Conexant HD Audio
    Core FTP LE 2.1
    Disciples III
    Drag-to-Disc
    EMS SQL Manager 2010 for SQL Server
    eReg
    Help Center
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB949764)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB958655-v2)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970685)
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Interface
    Intel(R) Network Connections Drivers
    Intel(R) PROSet/Wireless WiFi Software
    IntelĀ® Active Management Technology
    IntelĀ® Trusted Platform Module
    InterVideo Register Manager
    InterVideo WinDVD
    Java(TM) 6 Update 14
    Junk Mail filter update
    Lenovo System Interface Driver
    Lenovo System Toolbox
    Logitech MouseWare 9.79.1
    Malwarebytes' Anti-Malware
    Message Center
    Message Center Plus
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
    Microsoft Choice Guard
    Microsoft Help Viewer 1.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Web Components
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft Search Enhancement Pack
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 R2
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Native Client
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server 2008 R2 RsFx Driver
    Microsoft SQL Server 2008 R2 Setup (English)
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Browser
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Runtime v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Sync Services for ADO.NET v2.0 (x86)
    Microsoft Visual Basic 2010 Express - ENU
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Web Developer 2010 Express - ENU
    Mobile Broadband Connect
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB925673)
    On Screen Display
    Online Data Backup
    Opera 10.63
    Presentation Director
    Productivity Center Supplement for ThinkPad
    ProtectDisc Driver, Version 11
    Rescue and Recovery
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
    RICOH R5U230 Media Driver ver.2.02.02.01
    Roxio Activation Module
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Creator Business Edition
    Roxio Express Labeler 3
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2124261)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2290570)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB970483)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Sonic CinePlayer Decoder Pack
    Sonic Icons for Lenovo
    SQL Server 2008 R2 BI Development Studio
    SQL Server 2008 R2 Common Files
    SQL Server 2008 R2 Database Engine Services
    SQL Server 2008 R2 Database Engine Shared
    SQL Server 2008 R2 Full text search
    SQL Server 2008 R2 Management Studio
    SQL Server 2008 R2 Reporting Services
    Sql Server Customer Experience Improvement Program
    System Update
    ThinkPad FullScreen Magnifier
    ThinkPad Hotkey Features Setup
    ThinkPad PC Card Power Policy
    ThinkPad Power Management Driver
    ThinkPad Power Manager
    ThinkPad UltraNav Driver
    ThinkPad UltraNav Utility
    ThinkVantage Access Connections
    ThinkVantage Active Protection System
    ThinkVantage Fingerprint Software
    ThinkVantage Productivity Center
    Uninstall AdeptSQL Diff
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973815)
    Verizon Wireless Mobile Broadband Self Activation
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    Wakfu
    Wallpapers
    Web Deployment Tool
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Connect
    Windows Media Format Runtime
    Windows PowerShell(TM) 1.0
    Windows Presentation Foundation
    WinRAR archiver
    XML Paper Specification Shared Components Pack 1.0
    XP Themes

    ==== Event Viewer Messages From Past Week ========

    29/11/2010 1:28:38 AM, error: Schannel [36882] - The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
    06/12/2010 6:44:38 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Pcmcia
    06/12/2010 6:32:30 AM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 89593020, parameter3 89593194, parameter4 8060577e.
    06/12/2010 6:14:28 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD ANC aswSP aswTdi Fips IBMTPCHK intelppm IPSec lenovo.smi MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tcpip6 TPHKDRV TPPWRIF TSMAPIP
    06/12/2010 6:14:28 AM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
    06/12/2010 6:14:28 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    06/12/2010 6:14:28 AM, error: Service Control Manager [7001] - The Simple TCP/IP Services service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    06/12/2010 6:14:28 AM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    06/12/2010 6:14:28 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    06/12/2010 6:14:28 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    06/12/2010 6:14:28 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    06/12/2010 6:13:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    06/12/2010 6:13:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    06/12/2010 6:06:46 AM, error: Service Control Manager [7034] - The System Update service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:46 AM, error: Service Control Manager [7034] - The Power Manager DBC Service service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:46 AM, error: Service Control Manager [7034] - The Intel(R) Active Management Technology User Notification Service service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:46 AM, error: Service Control Manager [7031] - The Access Connections Main Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    06/12/2010 6:06:45 AM, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:45 AM, error: Service Control Manager [7034] - The TVT Backup Service service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:44 AM, error: Service Control Manager [7034] - The TVT Backup Protection Service service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:44 AM, error: Service Control Manager [7034] - The ThinkPad HDD APS Logging Service service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:43 AM, error: Service Control Manager [7034] - The ThinkVantage Registry Monitor Service service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:43 AM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:43 AM, error: Service Control Manager [7034] - The Simple TCP/IP Services service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:43 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:43 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:42 AM, error: Service Control Manager [7034] - The Intel(R) Active Management Technology Local Management Service service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:41 AM, error: Service Control Manager [7034] - The World Wide Web Publishing service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:41 AM, error: Service Control Manager [7034] - The Lenovo Microphone Mute service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:41 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:41 AM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:41 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:41 AM, error: Service Control Manager [7031] - The IIS Admin service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1 milliseconds: Run the configured recovery program.
    06/12/2010 6:06:40 AM, error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:40 AM, error: Service Control Manager [7034] - The On Screen Display service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:40 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless WiFi Service service terminated unexpectedly. It has done this 1 time(s).
    06/12/2010 6:06:40 AM, error: Service Control Manager [7031] - The Ac Profile Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    05/12/2010 9:42:41 PM, error: SideBySide [59] - Generate Activation Context failed for D:\Program Files\Deep Silver\Sacred 2 - Gold\system\s2gs.exe. Reference error message: The operation completed successfully. .
    05/12/2010 9:23:56 PM, error: SideBySide [59] - Generate Activation Context failed for D:\Program Files\Deep Silver\Sacred 2 - Gold\system\s2render.dll. Reference error message: The operation completed successfully. .
    05/12/2010 9:19:47 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
    05/12/2010 9:19:47 PM, error: SideBySide [59] - Generate Activation Context failed for D:\Program Files\Deep Silver\Sacred 2 - Gold\system\sacred2.exe. Reference error message: The operation completed successfully. .
    05/12/2010 9:19:47 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    05/12/2010 12:49:06 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3 00000000, parameter4 8050c653.

    ==== End Of File ===========================

    --- dds.txt ---

    DDS (Ver_10-12-05.01) - NTFSx86
    Run by admin at 7:01:31.12 on 06/12/2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2358 [GMT -5:00]

    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    D:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\admin\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    mDefault_Page_URL = hxxp://lenovo.msn.com
    uInternet Settings,ProxyServer = http=127.0.0.1:49758
    uWindows: Load=c:\docume~1\admin\locals~1\temp\csrss.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
    mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
    mRun: [<NO NAME>]
    mRun: [TpShocks] TpShocks.exe
    mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
    mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
    mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
    mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
    mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"
    mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
    mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
    mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast5] "d:\program files\alwil software\avast5\avastUI.exe" /nogui
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289871982729
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    TCP: {8D2A77B2-899C-40C2-A2DA-6D120A92C1AE} = 169.254.11.203
    Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - d:\program files\coreftp\pftpns.dll
    Notify: ACNotify - ACNotify.dll
    Notify: igfxcui - igfxdev.dll
    Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
    Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
    LSA: Notification Packages = scecli ACGina c:\program files\thinkvantage fingerprint software\psqlpwd.dll

    ============= SERVICES / DRIVERS ===============

    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-1-28 20520]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-19 165584]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-10-23 13480]
    R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-19 17744]
    R2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast5\AvastSvc.exe [2010-11-19 40384]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-11-15 10448]
    R2 Lenovo.micmute;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-10-5 45424]
    R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-9-16 53248]
    R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
    R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-10-5 62320]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]
    R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-9-16 2058776]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2010-9-16 243856]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
    S3 avast! Mail Scanner;avast! Mail Scanner;d:\program files\alwil software\avast5\AvastSvc.exe [2010-11-19 40384]
    S3 avast! Web Scanner;avast! Web Scanner;d:\program files\alwil software\avast5\AvastSvc.exe [2010-11-19 40384]
    S3 MSSQL$SECTOR70;SQL Server (SECTOR70);d:\sector70\mssql10_50.sector70\mssql\binn\sqlservr.exe [2010-4-3 42884448]
    S3 MSSQLFDLauncher$SECTOR70;SQL Full-text Filter Daemon Launcher (SECTOR70);d:\sector70\mssql10_50.sector70\mssql\binn\fdlauncher.exe [2010-4-3 28512]
    S3 ReportServer$SECTOR70;SQL Server Reporting Services (SECTOR70);d:\sector70\msrs10_50.sector70\reporting services\reportserver\bin\ReportingServicesService.exe [2010-4-3 1177952]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
    S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
    S4 SQLAgent$SECTOR70;SQL Server Agent (SECTOR70);d:\sector70\mssql10_50.sector70\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]

    =============== Created Last 30 ================

    2010-12-06 11:36:32 -------- d-----w- c:\docume~1\admin\applic~1\Malwarebytes
    2010-12-06 11:36:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-06 11:36:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-12-06 11:36:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-06 11:36:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-06 06:19:49 138752 ----a-w- c:\docume~1\admin\applic~1\dwm.exe
    2010-12-06 01:53:29 413696 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-12-06 01:53:29 110592 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-12-06 01:53:29 -------- d-----w- c:\windows\Logs
    2010-11-28 01:32:53 -------- d-----w- c:\documents and settings\admin\save
    2010-11-27 05:47:55 -------- d-----w- c:\program files\ProtectDisc Driver Installer
    2010-11-27 05:47:40 -------- d-----w- c:\docume~1\admin\applic~1\ProtectDISC
    2010-11-24 02:51:28 -------- d-----w- c:\program files\BitTorrent
    2010-11-24 02:50:46 -------- d-----w- c:\docume~1\admin\applic~1\BitTorrent
    2010-11-19 21:24:30 -------- d-----w- c:\windows\system32\appmgmt
    2010-11-19 18:18:58 38848 ----a-w- c:\windows\avastSS.scr
    2010-11-19 18:18:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-11-17 05:14:57 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-11-17 05:14:57 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2010-11-16 20:42:35 -------- d-----w- c:\docume~1\admin\applic~1\Microsoft Corporation
    2010-11-16 18:12:33 -------- d-----w- c:\program files\Microsoft ASP.NET
    2010-11-16 18:12:28 -------- d-----w- c:\program files\IIS
    2010-11-16 18:12:22 617152 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vwdexpress\10.0\1033\ResourceCache.dll
    2010-11-16 18:08:36 226688 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vbexpress\10.0\1033\ResourceCache.dll
    2010-11-16 18:06:25 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
    2010-11-16 18:06:25 -------- d-----w- c:\program files\Microsoft Help Viewer
    2010-11-16 15:10:02 57410 ----a-w- c:\windows\system32\axscphst.DLL
    2010-11-16 15:10:01 528960 ----a-w- c:\windows\system32\dtspump.DLL
    2010-11-16 15:10:00 1905216 ----a-w- c:\windows\system32\dtspkg.DLL
    2010-11-16 15:09:59 65536 ----a-w- c:\windows\system32\custtask.RLL
    2010-11-16 15:09:59 315968 ----a-w- c:\windows\system32\custtask.DLL
    2010-11-16 15:09:59 29248 ----a-w- c:\windows\system32\sqlresld.DLL
    2010-11-16 15:09:59 119360 ----a-w- c:\windows\system32\dtsffile.DLL
    2010-11-16 15:09:59 -------- d-----w- c:\windows\system32\Resources
    2010-11-16 15:01:27 47968 ----a-w- c:\windows\system32\perf-ReportServer$SECTOR70-rsctr.dll
    2010-11-16 15:01:24 47456 ----a-w- c:\windows\system32\perf-MSSQL10_50.SECTOR70-sqlagtctr.dll
    2010-11-16 15:01:11 73568 ----a-w- c:\windows\system32\perf-MSSQL$SECTOR70-sqlctr10.50.1600.1.dll
    2010-11-16 04:45:32 -------- d-----w- c:\docume~1\admin\applic~1\Avaya
    2010-11-16 03:47:24 -------- d-----w- c:\docume~1\admin\applic~1\CoreFTP
    2010-11-16 03:46:19 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Microsoft_Corporation
    2010-11-16 03:38:36 438496 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vstahost\ssis_scriptcomponent\9.0\1033\ResourceCache.dll
    2010-11-16 03:38:30 438496 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vstahost\ssis_scripttask\9.0\1033\ResourceCache.dll
    2010-11-16 03:36:48 -------- d-----w- c:\windows\system32\RsFx
    2010-11-16 03:33:04 -------- d-----w- c:\program files\Microsoft Analysis Services
    2010-11-16 03:31:31 20128 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vsa\9.0\1033\ResourceCache.dll
    2010-11-16 03:31:29 139872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\visualstudio\9.0\1033\ResourceCache.dll
    2010-11-16 03:29:26 -------- d-----w- c:\program files\common files\Merge Modules
    2010-11-16 03:29:01 416 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\msdn\9.0\1033\ResourceCache.dll
    2010-11-16 03:28:57 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Microsoft Help
    2010-11-16 03:27:38 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2010-11-16 03:02:28 -------- d-----w- c:\program files\Microsoft SQL Server
    2010-11-16 01:11:12 53248 ----a-r- c:\docume~1\admin\applic~1\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
    2010-11-16 01:10:57 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2010-11-16 01:10:48 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
    2010-11-16 01:10:21 -------- d-----w- c:\docume~1\admin\applic~1\Logishrd
    2010-11-16 00:57:25 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Conexant
    2010-11-15 22:14:57 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Opera
    2010-11-15 22:10:10 -------- d-----w- c:\windows\IIS Temporary Compressed Files
    2010-11-15 22:10:01 -------- d-----w- c:\windows\system32\Cache
    2010-11-15 21:35:28 2560 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\usmt\iconlib.dll
    2010-11-15 21:23:15 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2010-11-15 21:23:15 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2010-11-15 21:23:13 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
    2010-11-15 21:23:13 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2010-11-15 16:08:42 -------- d-----w- c:\program files\MSXML 4.0
    2010-11-14 01:35:39 -------- d-----w- c:\windows\system32\Client Security Solution
    2010-11-13 17:04:01 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-11-13 17:04:01 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2010-11-13 17:03:35 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-11-13 17:03:35 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
    2010-11-13 17:03:35 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-11-13 17:03:05 357248 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-11-13 17:01:05 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-11-13 17:00:48 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-11-13 17:00:39 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-11-13 17:00:26 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2010-11-13 17:00:26 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2010-11-13 17:00:24 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-11-13 16:59:43 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-11-13 16:59:43 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-11-13 16:59:42 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2010-11-13 16:59:42 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-11-13 16:59:27 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2010-11-13 16:59:24 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2010-11-13 16:58:03 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-11-13 16:55:31 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2010-11-13 16:55:31 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2010-11-13 16:55:31 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2010-11-13 16:55:31 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2010-11-13 16:55:31 35328 -c----w- c:\windows\system32\dllcache\sc.exe
    2010-11-13 16:55:31 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2010-11-13 16:55:31 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2010-11-13 16:55:31 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2010-11-13 16:55:30 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2010-11-13 16:46:55 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-11-13 16:43:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2010-11-13 16:43:47 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
    2010-11-13 16:43:46 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-11-13 16:43:02 -------- d-----w- c:\windows\system32\PreInstall
    2010-11-12 21:01:22 -------- d-----w- c:\windows\system32\SoftwareDistribution

    ==================== Find3M ====================

    2010-09-18 20:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-16 16:16:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-16 16:16:31 410984 ----a-w- c:\windows\system32\deploytk.dll
    2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec

    ============= FINISH: 7:02:02.76 ===============
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I am going to have you run 2 more scans. But I would appreciate it if you could describe the problem you're having a bit more clearly. I understand 'enables proxy', but how? When? Where does it take you?

    There are a lot of problems with the Services. Have you been making changes there?
    ============================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =========================================
    Download Combofix and save to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ======================================
    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please disable BitTorrent and do not use it or any other file sharing program while I am helping you.

    P2P or 'file sharing' Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall Bit Torrent for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.
     
  5. Juniormint

    Juniormint TS Rookie Topic Starter

    Not sure where the redirect was pointed too, the addresses never resovled, pages would mostly stay in the 'connecting to' state. Proxy was 127.0.0.1 Port 50370 and would turn itself back on every time the browser would restart. Have had my browser hang on me and XP has blue screened on me a few times since the infection. Ran TFC and combofix in safe mode because they've both blue screened on me as well. The port did change on the proxy after running malwarebytes,butit does stay unchecked now. Looks like the infection is still floating around tho, here's the 2 log's you've asked for. Thanks.

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)
    # OnlineScanner.ocx=1.0.0.6415
    # api_version=3.0.2
    # EOSSerial=a6e17599ed571e4dbf4a3927c6107776
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-12-07 02:49:15
    # local_time=2010-12-06 09:49:15 (-0500, Eastern Standard Time)
    # country="Canada"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=770 16774141 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=102379
    # found=1
    # cleaned=0
    # scan_time=1590
    C:\Documents and Settings\admin\Application Data\dwm.exe a variant of Win32/Kryptik.IRC trojan (unable to clean) 00000000000000000000000000000000 I


    ComboFix 10-12-06.01 - Administrator 06/12/2010 22:08:07.2.2 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2635 [GMT -5:00]
    Running from: c:\documents and settings\admin\Desktop\slacker.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\documents and settings\admin\Application Data\dwm.exe
    c:\windows\system32\Cache
    c:\windows\system32\Thumbs.db

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-07 to 2010-12-07 )))))))))))))))))))))))))))))))
    .

    2010-12-06 11:36 . 2010-12-06 11:36 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
    2010-12-06 11:36 . 2010-12-06 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-06 11:36 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-06 11:36 . 2010-12-06 11:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-06 11:36 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-06 11:26 . 2010-12-06 11:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
    2010-12-06 01:53 . 2010-12-06 01:53 413696 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-12-06 01:53 . 2010-12-06 01:53 110592 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-12-06 01:53 . 2010-12-06 01:53 -------- d-----w- c:\windows\Logs
    2010-11-28 01:32 . 2010-11-28 01:32 -------- d-----w- c:\documents and settings\admin\save
    2010-11-27 05:47 . 2010-11-27 05:47 -------- d-----w- c:\program files\ProtectDisc Driver Installer
    2010-11-27 05:47 . 2010-11-27 05:47 -------- d-----w- c:\documents and settings\admin\Application Data\ProtectDISC
    2010-11-22 16:24 . 2010-11-22 16:24 -------- d-----w- c:\windows\Sun
    2010-11-19 18:19 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-11-19 18:19 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-11-19 18:19 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-11-19 18:19 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-11-19 18:19 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-11-19 18:19 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-11-19 18:19 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-11-19 18:18 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-11-19 18:18 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-11-19 18:18 . 2010-11-19 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-11-17 05:14 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-11-16 20:42 . 2010-11-16 20:42 -------- d-----w- c:\documents and settings\admin\Application Data\Microsoft Corporation
    2010-11-16 19:22 . 2010-11-16 19:22 -------- d-----w- c:\documents and settings\AL-T400S
    2010-11-16 18:13 . 2010-11-26 01:23 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-11-16 18:12 . 2010-11-16 18:12 -------- d-----w- c:\program files\Microsoft ASP.NET
    2010-11-16 18:12 . 2010-11-16 18:12 -------- d-----w- c:\program files\IIS
    2010-11-16 18:12 . 2010-11-16 18:13 617152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
    2010-11-16 18:08 . 2010-11-16 18:09 226688 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
    2010-11-16 18:06 . 2010-11-16 18:11 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
    2010-11-16 18:06 . 2010-11-16 18:06 -------- d-----w- c:\program files\Microsoft Help Viewer
    2010-11-16 15:10 . 2000-08-05 19:50 57410 ----a-w- c:\windows\system32\axscphst.DLL
    2010-11-16 15:10 . 2002-12-17 11:23 528960 ----a-w- c:\windows\system32\dtspump.DLL
    2010-11-16 15:10 . 2002-12-17 11:23 1905216 ----a-w- c:\windows\system32\dtspkg.DLL
    2010-11-16 15:09 . 2010-11-16 15:09 -------- d-----w- c:\windows\system32\Resources
    2010-11-16 15:09 . 2002-12-17 11:25 29248 ----a-w- c:\windows\system32\sqlresld.DLL
    2010-11-16 15:09 . 2002-12-17 11:23 119360 ----a-w- c:\windows\system32\dtsffile.DLL
    2010-11-16 15:09 . 2002-12-17 11:23 315968 ----a-w- c:\windows\system32\custtask.DLL
    2010-11-16 15:09 . 2001-04-17 17:21 65536 ----a-w- c:\windows\system32\custtask.RLL
    2010-11-16 15:01 . 2010-04-03 16:51 47968 ----a-w- c:\windows\system32\perf-ReportServer$SECTOR70-rsctr.dll
    2010-11-16 15:01 . 2010-04-03 16:51 47456 ----a-w- c:\windows\system32\perf-MSSQL10_50.SECTOR70-sqlagtctr.dll
    2010-11-16 15:01 . 2010-04-03 16:51 73568 ----a-w- c:\windows\system32\perf-MSSQL$SECTOR70-sqlctr10.50.1600.1.dll
    2010-11-16 08:41 . 2010-11-16 08:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-11-16 05:40 . 2010-11-16 16:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-11-16 04:45 . 2010-11-16 04:45 -------- d-----w- c:\documents and settings\admin\Application Data\Avaya
    2010-11-16 03:47 . 2010-12-04 20:47 -------- d-----w- c:\documents and settings\admin\Application Data\CoreFTP
    2010-11-16 03:46 . 2010-11-16 03:46 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Microsoft_Corporation
    2010-11-16 03:38 . 2010-11-16 03:38 438496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll
    2010-11-16 03:38 . 2010-11-16 03:38 438496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll
    2010-11-16 03:36 . 2010-11-16 03:36 -------- d-----w- c:\windows\system32\RsFx
    2010-11-16 03:33 . 2010-11-16 03:33 -------- d-----w- c:\program files\Microsoft Analysis Services
    2010-11-16 03:31 . 2010-11-19 18:27 20128 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
    2010-11-16 03:31 . 2010-11-19 18:27 139872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
    2010-11-16 03:29 . 2010-11-16 03:29 -------- d-----w- c:\program files\Common Files\Merge Modules
    2010-11-16 03:29 . 2010-11-16 03:29 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
    2010-11-16 03:28 . 2010-11-16 03:28 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Microsoft Help
    2010-11-16 03:27 . 2010-11-19 21:24 -------- d-----w- c:\program files\Microsoft SDKs
    2010-11-16 03:27 . 2010-11-16 03:29 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
    2010-11-16 03:27 . 2010-11-19 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-11-16 03:27 . 2010-11-16 03:27 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2010-11-16 03:27 . 2010-11-16 17:57 -------- d-----w- c:\program files\Microsoft.NET
    2010-11-16 03:02 . 2010-11-16 15:21 -------- d-----w- c:\program files\Microsoft SQL Server
    2010-11-16 02:50 . 2010-11-16 02:50 -------- d-----w- c:\program files\Common Files\Adobe
    2010-11-16 01:11 . 2010-11-16 01:11 53248 ----a-r- c:\documents and settings\admin\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2010-11-16 01:10 . 2010-11-16 01:10 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2010-11-16 01:10 . 2010-03-18 09:01 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
    2010-11-16 01:10 . 2010-11-16 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
    2010-11-16 01:10 . 2010-11-16 02:09 -------- d-----w- c:\program files\Common Files\LogiShrd
    2010-11-16 01:10 . 2010-11-16 01:11 -------- d-----w- c:\documents and settings\admin\Application Data\Logitech
    2010-11-16 01:10 . 2010-11-16 01:10 -------- d-----w- c:\documents and settings\admin\Application Data\Logishrd
    2010-11-16 00:57 . 2010-11-16 00:57 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Conexant
    2010-11-15 22:14 . 2010-11-15 22:14 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Opera
    2010-11-15 22:10 . 2010-11-15 22:10 -------- d-----w- c:\windows\IIS Temporary Compressed Files
    2010-11-15 21:35 . 2008-04-14 12:00 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
    2010-11-15 21:23 . 2001-08-17 21:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2010-11-15 21:23 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2010-11-15 21:23 . 2008-04-14 08:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
    2010-11-15 21:23 . 2008-04-14 08:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2010-11-15 16:08 . 2010-11-15 16:08 -------- d-----w- c:\program files\MSXML 4.0
    2010-11-14 01:35 . 2010-11-14 01:35 -------- d-----w- c:\windows\system32\Client Security Solution
    2010-11-13 17:04 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-11-13 17:04 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2010-11-13 17:03 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-11-13 17:03 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
    2010-11-13 17:03 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-11-13 17:03 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-11-13 17:01 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-11-13 17:00 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-11-13 17:00 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-11-13 17:00 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2010-11-13 17:00 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2010-11-13 17:00 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-11-13 16:59 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-11-13 16:59 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-11-13 16:59 . 2010-04-27 13:05 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2010-11-13 16:59 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-11-13 16:59 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2010-11-13 16:59 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2010-11-13 16:58 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-11-13 16:55 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2010-11-13 16:55 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2010-11-13 16:55 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2010-11-13 16:55 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2010-11-13 16:55 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2010-11-13 16:55 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2010-11-13 16:55 . 2009-02-06 10:39 35328 -c----w- c:\windows\system32\dllcache\sc.exe
    2010-11-13 16:55 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2010-11-13 16:55 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2010-11-13 16:46 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-11-13 16:43 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2010-11-13 16:43 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
    2010-11-13 16:43 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 20:23 . 2008-07-21 22:49 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2008-07-21 22:49 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2008-07-21 22:49 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2008-07-21 22:49 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-16 16:22 . 2010-09-16 16:22 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
    2010-09-16 16:22 . 2010-09-16 16:22 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
    2010-09-16 16:16 . 2010-09-16 16:10 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
    2010-09-16 16:16 . 2010-09-16 16:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-16 16:16 . 2010-09-16 16:16 410984 ----a-w- c:\windows\system32\deploytk.dll
    2010-09-09 13:38 . 2008-07-21 22:50 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-09-09 13:38 . 2008-07-21 22:49 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-09 13:38 . 2008-07-21 22:49 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-09 13:38 . 2008-07-21 22:49 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-09-08 15:57 . 2008-07-21 22:49 389120 ----a-w- c:\windows\system32\html.iec
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-02-12 357400]
    "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-05-28 61728]
    "TpShocks"="TpShocks.exe" [2009-02-03 181536]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
    "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
    "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
    "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-09-16 148888]
    "Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-10-22 421888]
    "CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-12-04 40960]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]
    "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
    2009-07-29 17:35 32768 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2009-04-09 03:23 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "d:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\NetMeeting\\conf.exe"=
    "c:\\Program Files\\ThinkPad\\ConnectUtilities\\Access Connections.exe"=
    "d:\\Program Files\\CoreFTP\\coreftp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28/01/2009 7:57 PM 20520]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/11/2010 1:19 PM 165584]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [23/10/2008 3:15 AM 13480]
    R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24/02/2010 5:22 AM 185472]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/11/2010 1:19 PM 17744]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [15/11/2010 8:10 PM 10448]
    R2 Lenovo.micmute;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [05/10/2009 9:21 PM 45424]
    R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [16/09/2010 11:19 AM 53248]
    R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13/03/2009 4:47 PM 12560]
    R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [05/10/2009 9:21 PM 62320]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [24/11/2008 5:34 PM 520192]
    R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [16/09/2010 11:04 AM 2058776]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [16/09/2010 10:51 AM 243856]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/02/2008 5:54 PM 37312]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
    S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [09/05/2008 7:50 PM 360448]
    S3 MSSQL$SECTOR70;SQL Server (SECTOR70);d:\sector70\MSSQL10_50.SECTOR70\MSSQL\Binn\sqlservr.exe [03/04/2010 11:56 AM 42884448]
    S3 MSSQLFDLauncher$SECTOR70;SQL Full-text Filter Daemon Launcher (SECTOR70);d:\sector70\MSSQL10_50.SECTOR70\MSSQL\Binn\fdlauncher.exe [03/04/2010 11:56 AM 28512]
    S3 ReportServer$SECTOR70;SQL Server Reporting Services (SECTOR70);d:\sector70\MSRS10_50.SECTOR70\Reporting Services\ReportServer\bin\ReportingServicesService.exe [03/04/2010 11:56 AM 1177952]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25/04/2008 10:15 AM 1120752]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [03/04/2010 2:56 PM 44896]
    S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [03/04/2010 2:02 PM 240608]
    S4 SQLAgent$SECTOR70;SQL Server Agent (SECTOR70);d:\sector70\MSSQL10_50.SECTOR70\MSSQL\Binn\SQLAGENT.EXE [03/04/2010 11:56 AM 367456]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\PCDR5\pcdr5cuiw32.exe [2009-10-06 21:55]

    2010-12-07 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-09-16 16:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyServer = http=127.0.0.1:49758
    TCP: {8D2A77B2-899C-40C2-A2DA-6D120A92C1AE} = 169.254.11.203
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-06 22:13
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(756)
    c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infql2.dll
    c:\program files\ThinkVantage Fingerprint Software\homepass.dll
    c:\program files\ThinkVantage Fingerprint Software\bio.dll
    c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
    c:\program files\ThinkVantage Fingerprint Software\ps2css.dll

    - - - - - - - > 'lsass.exe'(812)
    c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infql2.dll

    - - - - - - - > 'explorer.exe'(4296)
    c:\windows\system32\WININET.dll
    c:\program files\Logitech\MouseWare\System\LgWndHk.dll
    c:\windows\system32\msi.dll
    c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    c:\windows\system32\ieframe.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ibmpmsvc.exe
    c:\program files\Intel\WiFi\bin\S24EvMon.exe
    d:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Intel\AMT\LMS.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\tcpsvcs.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    c:\windows\System32\TPHDEXLG.exe
    c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
    c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\lenovo\system update\suservice.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
    c:\windows\system32\TpShocks.exe
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Lenovo\Zoom\TpScrex.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Synaptics\SynTP\SynTPEnh.exe
    c:\program files\Logitech\MouseWare\system\em_exec.exe
    c:\program files\Synaptics\SynTP\SynTPLpr.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-06 22:16:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-07 03:16

    Pre-Run: 31,417,401,344 bytes free
    Post-Run: 28,063,219,712 bytes free

    - - End Of File - - 67D32B38E4F4E16B5867A56D41C74EE9
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Combofix removed the entry found in the Eset scan. I'm setting up script for you to run through Combofix, but need to know the following:

    Did you intentionally set these ports to open:
    If you did not, I can use script to close them.

    Question: Have you ever taken time to go through the processes that were preloaded by Lenova, ThinkPad, IBM to see if you're using them> IF you are not, they can be uninstalled to free up some resources.
     
  7. Juniormint

    Juniormint TS Rookie Topic Starter

    I think those ports may have been opened while I was transferring files between my old and new laptop. You can go ahead and close them in the script.

    Haven't really looked yet at the preinstalled lenovo services. Most of them handle installed hardware don't they? I think the fingerprint sensor is the only thing that jumps out at me as being unused.

    Thanks again for the help.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Some hardware, more software. Look aat the Services and the Startup menu.

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
    Code:
    File::
    
    Folder::
    
    DDS::
    uStart Page = about:blank
    mDefault_Page_URL = hxxp://lenovo.msn.com
    uInternet Settings,ProxyServer = http=127.0.0.1:49758
    uWindows: Load=c:\docume~1\admin\locals~1\temp\csrss.exe
    mRun: [<NO NAME>] 
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
    "3587:TCP"=-
    "3540:UDP"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
    "AllowInboundEchoRequest"=-
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  9. Juniormint

    Juniormint TS Rookie Topic Starter

    2 more logs

    ComboFix 10-12-08.04 - admin 09/12/2010 15:36:15.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2255 [GMT -5:00]
    Running from: c:\documents and settings\admin\Desktop\slacker.exe
    Command switches used :: c:\documents and settings\admin\Desktop\cfscript.txt
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
    .

    2010-12-09 20:31 . 2010-12-09 20:31 -------- d-----w- C:\HijackThis
    2010-12-06 11:36 . 2010-12-06 11:36 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
    2010-12-06 11:36 . 2010-12-06 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-06 11:36 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-06 11:36 . 2010-12-06 11:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-06 11:36 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-06 11:26 . 2010-12-06 11:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
    2010-12-06 01:53 . 2010-12-06 01:53 413696 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-12-06 01:53 . 2010-12-06 01:53 110592 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-12-06 01:53 . 2010-12-06 01:53 -------- d-----w- c:\windows\Logs
    2010-11-28 01:32 . 2010-11-28 01:32 -------- d-----w- c:\documents and settings\admin\save
    2010-11-27 05:47 . 2010-11-27 05:47 -------- d-----w- c:\program files\ProtectDisc Driver Installer
    2010-11-27 05:47 . 2010-11-27 05:47 -------- d-----w- c:\documents and settings\admin\Application Data\ProtectDISC
    2010-11-22 16:24 . 2010-11-22 16:24 -------- d-----w- c:\windows\Sun
    2010-11-19 18:19 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-11-19 18:19 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-11-19 18:19 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-11-19 18:19 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-11-19 18:19 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-11-19 18:19 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-11-19 18:19 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-11-19 18:18 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-11-19 18:18 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-11-19 18:18 . 2010-11-19 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-11-17 05:14 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-11-16 20:42 . 2010-11-16 20:42 -------- d-----w- c:\documents and settings\admin\Application Data\Microsoft Corporation
    2010-11-16 19:22 . 2010-11-16 19:22 -------- d-----w- c:\documents and settings\AL-T400S
    2010-11-16 18:13 . 2010-11-26 01:23 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-11-16 18:12 . 2010-11-16 18:12 -------- d-----w- c:\program files\Microsoft ASP.NET
    2010-11-16 18:12 . 2010-11-16 18:12 -------- d-----w- c:\program files\IIS
    2010-11-16 18:12 . 2010-11-16 18:13 617152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
    2010-11-16 18:08 . 2010-11-16 18:09 226688 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
    2010-11-16 18:06 . 2010-11-16 18:11 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
    2010-11-16 18:06 . 2010-11-16 18:06 -------- d-----w- c:\program files\Microsoft Help Viewer
    2010-11-16 15:10 . 2000-08-05 19:50 57410 ----a-w- c:\windows\system32\axscphst.DLL
    2010-11-16 15:10 . 2002-12-17 11:23 528960 ----a-w- c:\windows\system32\dtspump.DLL
    2010-11-16 15:10 . 2002-12-17 11:23 1905216 ----a-w- c:\windows\system32\dtspkg.DLL
    2010-11-16 15:09 . 2010-11-16 15:09 -------- d-----w- c:\windows\system32\Resources
    2010-11-16 15:09 . 2002-12-17 11:25 29248 ----a-w- c:\windows\system32\sqlresld.DLL
    2010-11-16 15:09 . 2002-12-17 11:23 119360 ----a-w- c:\windows\system32\dtsffile.DLL
    2010-11-16 15:09 . 2002-12-17 11:23 315968 ----a-w- c:\windows\system32\custtask.DLL
    2010-11-16 15:09 . 2001-04-17 17:21 65536 ----a-w- c:\windows\system32\custtask.RLL
    2010-11-16 15:01 . 2010-04-03 16:51 47968 ----a-w- c:\windows\system32\perf-ReportServer$SECTOR70-rsctr.dll
    2010-11-16 15:01 . 2010-04-03 16:51 47456 ----a-w- c:\windows\system32\perf-MSSQL10_50.SECTOR70-sqlagtctr.dll
    2010-11-16 15:01 . 2010-04-03 16:51 73568 ----a-w- c:\windows\system32\perf-MSSQL$SECTOR70-sqlctr10.50.1600.1.dll
    2010-11-16 08:41 . 2010-11-16 08:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-11-16 05:40 . 2010-11-16 16:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-11-16 04:45 . 2010-11-16 04:45 -------- d-----w- c:\documents and settings\admin\Application Data\Avaya
    2010-11-16 03:47 . 2010-12-09 00:21 -------- d-----w- c:\documents and settings\admin\Application Data\CoreFTP
    2010-11-16 03:46 . 2010-11-16 03:46 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Microsoft_Corporation
    2010-11-16 03:38 . 2010-11-16 03:38 438496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll
    2010-11-16 03:38 . 2010-11-16 03:38 438496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll
    2010-11-16 03:36 . 2010-11-16 03:36 -------- d-----w- c:\windows\system32\RsFx
    2010-11-16 03:33 . 2010-11-16 03:33 -------- d-----w- c:\program files\Microsoft Analysis Services
    2010-11-16 03:31 . 2010-11-19 18:27 20128 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
    2010-11-16 03:31 . 2010-11-19 18:27 139872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
    2010-11-16 03:29 . 2010-11-16 03:29 -------- d-----w- c:\program files\Common Files\Merge Modules
    2010-11-16 03:29 . 2010-11-16 03:29 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
    2010-11-16 03:28 . 2010-11-16 03:28 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Microsoft Help
    2010-11-16 03:27 . 2010-11-19 21:24 -------- d-----w- c:\program files\Microsoft SDKs
    2010-11-16 03:27 . 2010-11-16 03:29 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
    2010-11-16 03:27 . 2010-11-19 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-11-16 03:27 . 2010-11-16 03:27 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2010-11-16 03:27 . 2010-11-16 17:57 -------- d-----w- c:\program files\Microsoft.NET
    2010-11-16 03:02 . 2010-11-16 15:21 -------- d-----w- c:\program files\Microsoft SQL Server
    2010-11-16 02:50 . 2010-11-16 02:50 -------- d-----w- c:\program files\Common Files\Adobe
    2010-11-16 01:11 . 2010-11-16 01:11 53248 ----a-r- c:\documents and settings\admin\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2010-11-16 01:10 . 2010-11-16 01:10 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2010-11-16 01:10 . 2010-03-18 09:01 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
    2010-11-16 01:10 . 2010-11-16 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
    2010-11-16 01:10 . 2010-11-16 02:09 -------- d-----w- c:\program files\Common Files\LogiShrd
    2010-11-16 01:10 . 2010-11-16 01:11 -------- d-----w- c:\documents and settings\admin\Application Data\Logitech
    2010-11-16 01:10 . 2010-11-16 01:10 -------- d-----w- c:\documents and settings\admin\Application Data\Logishrd
    2010-11-16 00:57 . 2010-11-16 00:57 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Conexant
    2010-11-15 22:14 . 2010-11-15 22:14 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Opera
    2010-11-15 22:10 . 2010-11-15 22:10 -------- d-----w- c:\windows\IIS Temporary Compressed Files
    2010-11-15 21:35 . 2008-04-14 12:00 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
    2010-11-15 21:23 . 2001-08-17 21:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2010-11-15 21:23 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2010-11-15 21:23 . 2008-04-14 08:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
    2010-11-15 21:23 . 2008-04-14 08:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2010-11-15 16:08 . 2010-11-15 16:08 -------- d-----w- c:\program files\MSXML 4.0
    2010-11-14 01:35 . 2010-11-14 01:35 -------- d-----w- c:\windows\system32\Client Security Solution
    2010-11-13 17:04 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-11-13 17:04 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2010-11-13 17:03 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-11-13 17:03 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
    2010-11-13 17:03 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-11-13 17:03 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-11-13 17:01 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-11-13 17:00 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-11-13 17:00 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-11-13 17:00 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2010-11-13 17:00 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2010-11-13 17:00 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-11-13 16:59 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-11-13 16:59 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-11-13 16:59 . 2010-04-27 13:05 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2010-11-13 16:59 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-11-13 16:59 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2010-11-13 16:59 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2010-11-13 16:58 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-11-13 16:55 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2010-11-13 16:55 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2010-11-13 16:55 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2010-11-13 16:55 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2010-11-13 16:55 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2010-11-13 16:55 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2010-11-13 16:55 . 2009-02-06 10:39 35328 -c----w- c:\windows\system32\dllcache\sc.exe
    2010-11-13 16:55 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2010-11-13 16:55 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2010-11-13 16:46 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-11-13 16:43 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2010-11-13 16:43 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
    2010-11-13 16:43 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 20:23 . 2008-07-21 22:49 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2008-07-21 22:49 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2008-07-21 22:49 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2008-07-21 22:49 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-16 16:22 . 2010-09-16 16:22 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
    2010-09-16 16:22 . 2010-09-16 16:22 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
    2010-09-16 16:16 . 2010-09-16 16:10 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
    2010-09-16 16:16 . 2010-09-16 16:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-16 16:16 . 2010-09-16 16:16 410984 ----a-w- c:\windows\system32\deploytk.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-12-07_03.13.36 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-12-09 00:44 . 2010-12-09 00:44 16384 c:\windows\temp\Perflib_Perfdata_5dc.dat
    + 2010-12-08 21:45 . 2010-12-08 21:45 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Web_zrdo1amo.dll
    + 2010-12-08 21:45 . 2010-12-08 21:45 15360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Web_ygbdfocp.dll
    + 2010-12-08 21:45 . 2010-12-08 21:45 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Web_xvs3ql43.dll
    + 2010-12-08 21:45 . 2010-12-08 21:45 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Web_lpufl6cu.dll
    + 2010-12-08 21:45 . 2010-12-08 21:45 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Web_geumdni0.dll
    + 2010-12-08 21:45 . 2010-12-08 21:45 45056 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Web_cl0gz47i.dll
    + 2010-12-08 21:45 . 2010-12-08 21:45 19968 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Web_cal6sl4y.dll
    + 2010-12-08 21:39 . 2010-12-08 21:39 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Theme_Light.gpxx3opa.dll
    + 2010-11-15 22:10 . 2010-12-09 00:45 215256 c:\windows\system32\inetsrv\MetaBase.bin
    + 2010-12-08 21:45 . 2010-12-08 21:45 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Web_vhvp2tfo.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-02-12 357400]
    "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-05-28 61728]
    "TpShocks"="TpShocks.exe" [2009-02-03 181536]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
    "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
    "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
    "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-09-16 148888]
    "Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-10-22 421888]
    "CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-12-04 40960]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]
    "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2009-04-09 03:23 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "d:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\NetMeeting\\conf.exe"=
    "c:\\Program Files\\ThinkPad\\ConnectUtilities\\Access Connections.exe"=
    "d:\\Program Files\\CoreFTP\\coreftp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28/01/2009 7:57 PM 20520]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/11/2010 1:19 PM 165584]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [23/10/2008 3:15 AM 13480]
    R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24/02/2010 5:22 AM 185472]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/11/2010 1:19 PM 17744]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [15/11/2010 8:10 PM 10448]
    R2 Lenovo.micmute;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [05/10/2009 9:21 PM 45424]
    R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [16/09/2010 11:19 AM 53248]
    R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13/03/2009 4:47 PM 12560]
    R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [05/10/2009 9:21 PM 62320]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [24/11/2008 5:34 PM 520192]
    R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [16/09/2010 11:04 AM 2058776]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [16/09/2010 10:51 AM 243856]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/02/2008 5:54 PM 37312]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
    S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [09/05/2008 7:50 PM 360448]
    S3 MSSQL$SECTOR70;SQL Server (SECTOR70);d:\sector70\MSSQL10_50.SECTOR70\MSSQL\Binn\sqlservr.exe [03/04/2010 11:56 AM 42884448]
    S3 MSSQLFDLauncher$SECTOR70;SQL Full-text Filter Daemon Launcher (SECTOR70);d:\sector70\MSSQL10_50.SECTOR70\MSSQL\Binn\fdlauncher.exe [03/04/2010 11:56 AM 28512]
    S3 ReportServer$SECTOR70;SQL Server Reporting Services (SECTOR70);d:\sector70\MSRS10_50.SECTOR70\Reporting Services\ReportServer\bin\ReportingServicesService.exe [03/04/2010 11:56 AM 1177952]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25/04/2008 10:15 AM 1120752]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [03/04/2010 2:56 PM 44896]
    S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [03/04/2010 2:02 PM 240608]
    S4 SQLAgent$SECTOR70;SQL Server Agent (SECTOR70);d:\sector70\MSSQL10_50.SECTOR70\MSSQL\Binn\SQLAGENT.EXE [03/04/2010 11:56 AM 367456]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\PCDR5\pcdr5cuiw32.exe [2009-10-06 21:55]

    2010-12-09 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-09-16 16:04]
    .
    .
    ------- Supplementary Scan -------
    .
    TCP: {8D2A77B2-899C-40C2-A2DA-6D120A92C1AE} = 169.254.11.203
    .
    - - - - ORPHANS REMOVED - - - -

    Notify-ACNotify - ACNotify.dll



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-09 15:39
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(756)
    c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infql2.dll
    c:\program files\ThinkVantage Fingerprint Software\homepass.dll
    c:\program files\ThinkVantage Fingerprint Software\bio.dll
    c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
    c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
    c:\windows\system32\igfxdev.dll
    c:\program files\Lenovo\HOTKEY\notifyf2.dll

    - - - - - - - > 'lsass.exe'(812)
    c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infql2.dll

    - - - - - - - > 'explorer.exe'(3852)
    c:\windows\system32\WININET.dll
    c:\program files\Logitech\MouseWare\System\LgWndHk.dll
    c:\windows\system32\ieframe.dll
    c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    c:\windows\system32\msi.dll
    .
    Completion time: 2010-12-09 15:41:18
    ComboFix-quarantined-files.txt 2010-12-09 20:41
    ComboFix2.txt 2010-12-07 03:16

    Pre-Run: 27,962,916,864 bytes free
    Post-Run: 28,017,590,272 bytes free

    - - End Of File - - 93D0BDAC3135FB965292F8BFDE15CAB5


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:45:02 PM, on 09/12/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17091)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    D:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [CreateLMBCShortCut] "C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe"
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1289871982729
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8D2A77B2-899C-40C2-A2DA-6D120A92C1AE}: NameServer = 169.254.11.203
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lenovo Microphone Mute (Lenovo.micmute) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
    O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
    O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

    --
    End of file - 11432 bytes
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    These logs are clean! Has the proxy problem been resolved? I note the ports remain open, but I suspect that is through your work. If the proxy is solved and there is no new malware related problem:

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    I would still encourage you to check out the large number of ThinkPad/Lenova/ IBM processes. Additionally, you have many services running which most likely are set to Automatic Startup type.. Changing them to Manual Startup would free up those resources and allow the Service to start only when needed. 14 out of 26 Services are from the company.

    Have a Happy and Peaceful Holiday![​IMG]

    Let me know if you have any more questions.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...